leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251678 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.251678"], ["2024", "CVE-2024-34206", "TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/setWebWlanIdx"], ["2024", "CVE-2024-28198", "OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1638", "The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read.", "No PoCs found on GitHub currently.", "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2"], ["2024", "CVE-2024-25350", "SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Edit_Ticket.md"], ["2024", "CVE-2024-21619", "A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information.When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.", "https://github.com/Ostorlab/KEV", "No PoCs from references."], ["2024", "CVE-2024-2511", "Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations to triggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option isbeing used (but not if early_data support is also configured and the defaultanti-replay protection is in use). In this case, under certain conditions, thesession cache can get into an incorrect state and it will fail to flush properlyas it fills. The session cache will continue to grow in an unbounded manner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normal operation.This issue only affects TLS servers supporting TLSv1.3. It does not affect TLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL1.0.2 is also not affected by this issue.", "https://github.com/GrigGM/05-virt-04-docker-hw
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2680", "A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257380.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27084", "** REJECT ** This CVE is a duplicate of CVE-2024-1631.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25210", "Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Simple%20Expense%20Tracker/Simple%20Expense%20Tacker%20-%20SQL%20Injection-1.md"], ["2024", "CVE-2024-0414", "A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29207", "An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products:UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier)UniFi Connect Display (Version 1.9.324 and earlier)UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation:Update UniFi Connect Application to Version 3.10.7 or later.Update UniFi Connect EV Station to Version 1.2.15 or later.Update UniFi Connect EV Station Pro to Version 1.2.15 or later.Update UniFi Connect Display to Version 1.11.348 or later.Update UniFi Connect Display Cast to Version 1.8.255 or later.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29196", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72"], ["2024", "CVE-2024-0886", "A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252037 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://fitoxs.com/vuldb/09-exploit-perl.txt"], ["2024", "CVE-2024-2983", "A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetClientState.md"], ["2024", "CVE-2024-1778", "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29316", "NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via \"isadmin\":true.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://nodebb.org/bounty/"], ["2024", "CVE-2024-1669", "Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "https://issues.chromium.org/issues/41495060"], ["2024", "CVE-2024-21499", "All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249863"], ["2024", "CVE-2024-2400", "Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27204", "In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27195", "Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34075", "kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the `MarkovData#getNext` method used in `Markov#generate` and `Markov#choose` allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a string contains a forbidden substring (i.e. `__proto__`) followed by a space character, the code will access a special property in `MarkovData#finalData` by removing the last character of the string, bypassing the dataset sanitization (as it is supposed to be already sanitized before this function is called). Any dataset can be contaminated with the substring making it unable to properly generate anything in some cases. This issue has been addressed in version 3.2.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/xiboon/kurwov/security/advisories/GHSA-hfrv-h3q8-9jpr"], ["2024", "CVE-2024-25301", "Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/RCE.md
https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39459"], ["2024", "CVE-2024-33856", "An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26028", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31650", "A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.", "No PoCs found on GitHub currently.", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31650.md"], ["2024", "CVE-2024-0841", "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29151", "Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2944", "A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. This issue affects some unknown processing of the file /adminpanel/admin/query/deleteCourseExe.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258035.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.258035"], ["2024", "CVE-2024-30938", "SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.", "No PoCs found on GitHub currently.", "https://github.com/lampSEC/semcms/blob/main/semcms.md"], ["2024", "CVE-2024-0742", "It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25146", "Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20860", "Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27103", "Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the \"query auto-suggestion\" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2496", "A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2707", "A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257458 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md"], ["2024", "CVE-2024-30878", "A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter.", "No PoCs found on GitHub currently.", "https://github.com/jianyan74/rageframe2/issues/111"], ["2024", "CVE-2024-33512", "There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.", "https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0901", "Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.", "https://github.com/lego-pirates/wolfssl
https://github.com/wolfSSL/Arduino-wolfSSL
https://github.com/wolfSSL/wolfssl", "No PoCs from references."], ["2024", "CVE-2024-20763", "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23889", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33792", "netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792"], ["2024", "CVE-2024-29291", "** DISPUTED ** An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/whiteman007/43bd7fa1fa0e47554b33f0cf93066784"], ["2024", "CVE-2024-29100", "Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31506", "Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the \"id\" parameter in admin/admin_cs.php.", "No PoCs found on GitHub currently.", "https://github.com/CveSecLook/cve/issues/4"], ["2024", "CVE-2024-20672", ".NET Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20971", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27012", "In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: restore set elements when delete set failsFrom abort path, nft_mapelem_activate() needs to restore refcounters tothe original state. Currently, it uses the set->ops->walk() to iterateover these set elements. The existing set iterator skips inactiveelements in the next generation, this does not work from the abort pathto restore the original state since it has to skip active elementsinstead (not inactive ones).This patch moves the check for inactive elements to the set iteratorcallback, then it reverses the logic for the .activate case whichneeds to skip active elements.Toggle next generation bit for elements when delete set command isinvoked and call nft_clear() from .activate (abort) path to restore thenext generation bit.The splat below shows an object in mappings memleak:[43929.457523] ------------[ cut here ]------------[43929.457532] WARNING: CPU: 0 PID: 1139 at include/net/netfilter/nf_tables.h:1237 nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables][...][43929.458014] RIP: 0010:nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables][43929.458076] Code: 83 f8 01 77 ab 49 8d 7c 24 08 e8 37 5e d0 de 49 8b 6c 24 08 48 8d 7d 50 e8 e9 5c d0 de 8b 45 50 8d 50 ff 89 55 50 85 c0 75 86 <0f> 0b eb 82 0f 0b eb b3 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90[43929.458081] RSP: 0018:ffff888140f9f4b0 EFLAGS: 00010246[43929.458086] RAX: 0000000000000000 RBX: ffff8881434f5288 RCX: dffffc0000000000[43929.458090] RDX: 00000000ffffffff RSI: ffffffffa26d28a7 RDI: ffff88810ecc9550[43929.458093] RBP: ffff88810ecc9500 R08: 0000000000000001 R09: ffffed10281f3e8f[43929.458096] R10: 0000000000000003 R11: ffff0000ffff0000 R12: ffff8881434f52a0[43929.458100] R13: ffff888140f9f5f4 R14: ffff888151c7a800 R15: 0000000000000002[43929.458103] FS: 00007f0c687c4740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000[43929.458107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[43929.458111] CR2: 00007f58dbe5b008 CR3: 0000000123602005 CR4: 00000000001706f0[43929.458114] Call Trace:[43929.458118] [43929.458121] ? __warn+0x9f/0x1a0[43929.458127] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables][43929.458188] ? report_bug+0x1b1/0x1e0[43929.458196] ? handle_bug+0x3c/0x70[43929.458200] ? exc_invalid_op+0x17/0x40[43929.458211] ? nft_setelem_data_deactivate+0xd7/0xf0 [nf_tables][43929.458271] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables][43929.458332] nft_mapelem_deactivate+0x24/0x30 [nf_tables][43929.458392] nft_rhash_walk+0xdd/0x180 [nf_tables][43929.458453] ? __pfx_nft_rhash_walk+0x10/0x10 [nf_tables][43929.458512] ? rb_insert_color+0x2e/0x280[43929.458520] nft_map_deactivate+0xdc/0x1e0 [nf_tables][43929.458582] ? __pfx_nft_map_deactivate+0x10/0x10 [nf_tables][43929.458642] ? __pfx_nft_mapelem_deactivate+0x10/0x10 [nf_tables][43929.458701] ? __rcu_read_unlock+0x46/0x70[43929.458709] nft_delset+0xff/0x110 [nf_tables][43929.458769] nft_flush_table+0x16f/0x460 [nf_tables][43929.458830] nf_tables_deltable+0x501/0x580 [nf_tables]", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2587", "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2616", "To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0713", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28871. Reason: This candidate is a reservation duplicate of CVE-2020-28871. Notes: All CVE users should reference CVE-2020-28871 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "https://github.com/Tropinene/Yscanner
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing"], ["2024", "CVE-2024-33891", "Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute.", "No PoCs found on GitHub currently.", "https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3"], ["2024", "CVE-2024-25117", "php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue.", "No PoCs found on GitHub currently.", "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273"], ["2024", "CVE-2024-20831", "Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2756", "Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host-\u00a0or __Secure-\u00a0cookie by PHP applications.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://www.openwall.com/lists/oss-security/2024/04/12/11
https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4"], ["2024", "CVE-2024-22637", "Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2.", "https://github.com/capture0x/My-CVE", "https://packetstormsecurity.com/files/176403/Form-Tools-3.1.1-Cross-Site-Scripting.html"], ["2024", "CVE-2024-2855", "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md"], ["2024", "CVE-2024-5136", "A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /admin/search-directory.php.. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265212.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%201.md"], ["2024", "CVE-2024-30699", "** DISPUTED ** A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30699", "No PoCs from references."], ["2024", "CVE-2024-30508", "Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2574", "A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The manipulation of the argument task_id leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257077 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20edit-task.php.md"], ["2024", "CVE-2024-20982", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31967", "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20681", "Windows Subsystem for Linux Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3618", "A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/zyairelai/CVE-submissions/blob/main/kortex-activate_case-sqli.md"], ["2024", "CVE-2024-3758", "in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24059", "springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.", "No PoCs found on GitHub currently.", "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#2-file-upload-vulnerability"], ["2024", "CVE-2024-27230", "In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0531", "A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md"], ["2024", "CVE-2024-23639", "Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are \"simple\" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4138", "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2525", "A vulnerability, which was classified as problematic, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/receipt.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20receipt.php.md"], ["2024", "CVE-2024-25224", "A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Simple%20Admin%20Panel%20App/Simple%20Admin%20Panel%20App%20-%20Cross-Site-Scripting%20-%202.md"], ["2024", "CVE-2024-0420", "The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/"], ["2024", "CVE-2024-4029", "A vulnerability was found in Wildfly\u2019s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24148", "A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.", "No PoCs found on GitHub currently.", "https://github.com/libming/libming/issues/308"], ["2024", "CVE-2024-29233", "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-33670", "Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page.", "https://github.com/Sharpe-nl/CVEs", "No PoCs from references."], ["2024", "CVE-2024-24399", "An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.", "https://github.com/capture0x/My-CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html"], ["2024", "CVE-2024-4169", "A vulnerability was found in Tenda 4G300 1.01.42. It has been declared as critical. This vulnerability affects the function sub_42775C/sub_4279CC. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-261988. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_42775C.md"], ["2024", "CVE-2024-2465", "Open redirection vulnerability in CDeX application\u00a0allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0560", "A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24389", "A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3488", "File Upload vulnerability in unauthenticatedsession found in OpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability could allow ant attacker to upload afile without authentication.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22514", "An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file.", "https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution
https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution"], ["2024", "CVE-2024-34391", "libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).", "No PoCs found on GitHub currently.", "https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988/"], ["2024", "CVE-2024-31866", "Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.The attackers can execute shell scripts or malicious code by overriding configuration like\u00a0ZEPPELIN_INTP_CLASSPATH_OVERRIDES.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30409", "An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.\u00a0This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2.Junos OS Evolved:\u00a0 * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23738", "** DISPUTED ** An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states \"we dispute the report's accuracy ... the configuration does not enable remote code execution..\"", "https://github.com/V3x0r/CVE-2024-23738
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/giovannipajeu1/CVE-2024-23738
https://github.com/giovannipajeu1/giovannipajeu1
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2535", "A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20users.php.md"], ["2024", "CVE-2024-3748", "The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/01427cfb-5c51-4524-9b9d-e09a603bc34c/"], ["2024", "CVE-2024-4128", "This vulnerability was a potential CSRF attack.\u00a0When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit\u00a0 068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0521", "Code Injection in paddlepaddle/paddle", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453"], ["2024", "CVE-2024-27220", "In lpm_req_handler of , there is a possible out of bounds memory access due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0461", "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20992", "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2564", "A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257063.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30518", "Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23769", "Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5095", "A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20691", "Windows Themes Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33771", "A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter \"webpage.\"", "No PoCs found on GitHub currently.", "https://github.com/YuboZhaoo/IoT/blob/main/D-Link/DIR-619L/20240424.md"], ["2024", "CVE-2024-29272", "Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.", "https://github.com/NaInSec/CVE-LIST
https://github.com/awjkjflkwlekfdjs/CVE-2024-29272
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/givanz/VvvebJs/issues/343"], ["2024", "CVE-2024-2746", "Incomplete fix for CVE-2024-1929The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed alocal root exploit by tricking the daemon into loading a user controlled \"plugin\". All of this happened before Polkit authentication was even started.The dnf5 library code does not check whether non-root users control the directory in question.\u00a0On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large filethat causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow.The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnosticsare accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though.Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specifya plethora of additional configuration options. This makes various\u00a0additional code paths in libdnf5 accessible to the attacker.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20821", "A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control TEE.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31456", "GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.", "https://github.com/PhDLeToanThang/itil-helpdesk
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22627", "Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20662", "Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-5066", "A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264925 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%204.md"], ["2024", "CVE-2024-0800", "A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2024-07"], ["2024", "CVE-2024-29110", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pauple Table & Contact Form 7 Database \u2013 Tablesome allows Reflected XSS.This issue affects Table & Contact Form 7 Database \u2013 Tablesome: from n/a through 1.0.27.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33782", "MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30979", "Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php.", "No PoCs found on GitHub currently.", "https://medium.com/@shanunirwan/cve-2024-30979-stored-cross-site-scripting-xss-in-cyber-cafe-management-system-project-ccms-1-44b10f50817b"], ["2024", "CVE-2024-34273", "njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.", "https://github.com/chrisandoryan/vuln-advisory
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2606", "Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2597", "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27002", "In the Linux kernel, the following vulnerability has been resolved:clk: mediatek: Do a runtime PM get on controllers during probemt8183-mfgcfg has a mutual dependency with genpd during the probingstage, which leads to a deadlock in the following call stack:CPU0: genpd_lock --> clk_prepare_lockgenpd_power_off_work_fn() genpd_lock() generic_pm_domain::power_off() clk_unprepare() clk_prepare_lock()CPU1: clk_prepare_lock --> genpd_lockclk_register() __clk_core_init() clk_prepare_lock() clk_pm_runtime_get() genpd_lock()Do a runtime PM get at the probe function to make sure clk_register()won't acquire the genpd lock. Instead of only modifying mt8183-mfgcfg,do this on all mediatek clock controller probings because we don'tbelieve this would cause any regression.Verified on MT8183 and MT8192 Chromebooks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20961", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25016", "IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0612", "The Content Views \u2013 Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2717", "A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257470 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27282", "An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.", "https://github.com/lifeparticle/Ruby-Cheatsheet", "No PoCs from references."], ["2024", "CVE-2024-20870", "Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2814", "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md"], ["2024", "CVE-2024-0911", "A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html"], ["2024", "CVE-2024-33693", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Smart Social Widget allows Stored XSS.This issue affects Meks Smart Social Widget: from n/a through 1.6.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30868", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30928", "SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-31547", "Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the \"id\" parameter of /admin/item/view_item.php.", "No PoCs found on GitHub currently.", "https://github.com/emirhanmtl/vuln-research/blob/main/SQLi-3-Computer-Laboratory-Management-System-PoC.md"], ["2024", "CVE-2024-2954", "The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "No PoCs found on GitHub currently.", "https://blog.sth.sh/wordpress-action-network-1-4-3-authenticated-sql-injection-0-day-01fcd6e89e96"], ["2024", "CVE-2024-29141", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34222", "Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.", "https://github.com/dovankha/CVE-2024-34222
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-25156", "A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0455", "The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL```http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance```which is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of who deployed it.The user would have to have pre-existing knowledge of the hosting infra which the target instance is deployed on, but if sent - would resolve if on EC2 and the proper `iptable` or firewall rule is not configured for their setup.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c"], ["2024", "CVE-2024-25251", "code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control.", "https://github.com/ASR511-OO7/CVE-2024-25251
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-26038", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26178", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29097", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins User profile allows Stored XSS.This issue affects User profile: from n/a through 2.0.20.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0684", "A flaw was found in the GNU coreutils \"split\" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.", "https://github.com/Valentin-Metz/writeup_split
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/jiayy/android_vuln_poc-exp
https://github.com/nomi-sec/PoC-in-GitHub", "https://www.openwall.com/lists/oss-security/2024/01/18/2"], ["2024", "CVE-2024-2410", "The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0795", "If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec"], ["2024", "CVE-2024-25200", "Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/espruino/Espruino/issues/2457"], ["2024", "CVE-2024-2690", "A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file /uupdate.php. The manipulation of the argument ima leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257388.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/wkeyi0x1/vul-report/issues/2"], ["2024", "CVE-2024-26069", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22460", "Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33485", "SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php component", "No PoCs found on GitHub currently.", "https://github.com/CveSecLook/cve/issues/17"], ["2024", "CVE-2024-29186", "Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the `Riverline/multipart-parser` library.The library, in the `StreamedPart::parseHeaderContent` function, performs slow multi-byte string operations on the header value.Precisely, the `mb_convert_encoding` function is used with the first (`$string`) and third (`$from_encoding`) parameters read from the header value.An attacker could send specifically crafted requests which would force the server into performing long operations with a consequent long billed duration.The attack has the following requirements and limitations: The Lambda should use the Event-Driven Function runtime and the `RequestHandlerInterface` handler and should implement at least an endpoint accepting POST requests; the attacker can send requests up to 6MB long (this is enough to cause a billed duration between 400ms and 500ms with the default 1024MB RAM Lambda image of Bref); and if the Lambda uses a PHP runtime <= php-82, the impact is higher as the billed duration in the default 1024MB RAM Lambda image of Bref could be brought to more than 900ms for each request. Notice that the vulnerability applies only to headers read from the request body as the request header has a limitation which allows a total maximum size of ~10KB.Version 2.1.17 contains a fix for this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/brefphp/bref/security/advisories/GHSA-j4hq-f63x-f39r"], ["2024", "CVE-2024-22520", "An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.", "https://github.com/Drone-Lab/Dronetag-vulnerability", "No PoCs from references."], ["2024", "CVE-2024-21749", "Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31852", "LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \"we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\"", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/llvm/llvm-project/issues/80287"], ["2024", "CVE-2024-2441", "The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/9647e273-5724-4a02-868d-9b79f4bb2b79/"], ["2024", "CVE-2024-22493", "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2723", "SQL injection vulnerability in the CIGESv2 system, through\u00a0/ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20844", "Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2820", "A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0925", "A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetVirtualSer.md"], ["2024", "CVE-2024-20656", "Visual Studio Elevation of Privilege Vulnerability", "https://github.com/GhostTroops/TOP
https://github.com/NaInSec/CVE-LIST
https://github.com/Wh04m1001/CVE-2024-20656
https://github.com/aneasystone/github-trending
https://github.com/grgmrtn255/Links
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/zengzzzzz/golang-trending-archive
https://github.com/zhaoxiaoha/github-trending", "No PoCs from references."], ["2024", "CVE-2024-29124", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33427", "Buffer Overflow vulnerability in Squid version before v.6.10 allows a local attacker cause a denial of service via a improper check of string in function ConfigParser::UnQuote.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0737", "A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html"], ["2024", "CVE-2024-2632", "A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP GET '/sitetest/english/dumpenv.jsp'.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28248", "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1989", "The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0677", "The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/"], ["2024", "CVE-2024-20815", "Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5112", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265102 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29064", "Windows Hyper-V Denial of Service Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3210", "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24680", "An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.", "https://github.com/ch4n3-yoon/ch4n3-yoon
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24511", "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/machisri/CVEs-and-Vulnerabilities", "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24511%20-%3E%20Stored%20XSS%20in%20input%20Title%20of%20the%20Component"], ["2024", "CVE-2024-32005", "NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/sunriseXu/sunriseXu", "No PoCs from references."], ["2024", "CVE-2024-32394", "An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request.", "No PoCs found on GitHub currently.", "https://gist.github.com/Swind1er/7aad5c28e5bdc91d73fa7489b7250c94"], ["2024", "CVE-2024-34449", "** DISPUTED ** Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28446", "Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21334", "Open Management Infrastructure (OMI) Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/bigbozzez/CVE-2024-21334-POC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-30040", "Windows MSHTML Platform Security Feature Bypass Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20058", "In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3241", "The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/a645daee-42ea-43f8-9480-ef3be69606e0/"], ["2024", "CVE-2024-26445", "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/xiaolanjing0/cms/blob/main/1.md"], ["2024", "CVE-2024-33338", "Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.", "No PoCs found on GitHub currently.", "https://github.com/7akahash1/POC/blob/main/1.md"], ["2024", "CVE-2024-28557", "SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.", "No PoCs found on GitHub currently.", "https://github.com/xuanluansec/vul/issues/2"], ["2024", "CVE-2024-23320", "Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.This issue affects Apache DolphinScheduler: until 3.2.1.Users are recommended to upgrade to version 3.2.1, which fixes the issue.", "https://github.com/Drun1baby/JavaSecurityLearning
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nbxiglk0/nbxiglk0", "No PoCs from references."], ["2024", "CVE-2024-28417", "Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24892", "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py.This issue affects migration-tools: from 1.0.0 through 1.0.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32114", "In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located).It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API).To mitigate, users can update the default conf/jetty.xml configuration file to add authentication requirement:\u00a0 \u00a0 Or we encourage users to upgrade to Apache ActiveMQ 6.1.2 where the default configuration has been updated with authentication by default.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-32285", "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/formaddUserName.md"], ["2024", "CVE-2024-30380", "An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV.The l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP, ERP, and LLDP.\u00a0 The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP, leading to a Denial of Service.\u00a0\u00a0Continued receipt and processing of this specific TLV will create a sustained Denial of Service (DoS) condition.This issue affects:Junos OS: all versions before 20.4R3-S9, from 21.2 before 21.2R3-S7, from 21.3 before 21.3R3-S5, from 21.4 before 21.4R3-S4, from 22.1 before 22.1R3-S4, from 22.2 before 22.2R3-S2, from 22.3 before 22.3R2-S2, 22.3R3-S1, from 22.4 before 22.4R2-S2, 22.4R3, from 23.2 before 23.2R1-S1, 23.2R2;Junos OS Evolved: all versions before 21.2R3-S7, from 21.3 before 21.3R3-S5-EVO, from 21.4 before 21.4R3-S5-EVO, from 22.1 before 22.1R3-S4-EVO, from 22.2 before 22.2R3-S2-EVO, from 22.3 before 22.3R2-S2-EVO, 22.3R3-S1-EVO, from 22.4 before 22.4R2-S2-EVO, 22.4R3-EVO, from 23.2 before 23.2R1-S1-EVO, 23.2R2-EVO.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4561", "In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0168", "Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20009", "In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3090", "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1195", "A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.252685"], ["2024", "CVE-2024-1204", "The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/03191b00-0b05-42db-9ce2-fc525981b6c9/"], ["2024", "CVE-2024-28635", "Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.", "https://github.com/NaInSec/CVE-LIST", "https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt"], ["2024", "CVE-2024-30233", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26727", "In the Linux kernel, the following vulnerability has been resolved:btrfs: do not ASSERT() if the newly created subvolume already got read[BUG]There is a syzbot crash, triggered by the ASSERT() during subvolumecreation: assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c:1319! invalid opcode: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60 btrfs_get_new_fs_root+0xd3/0xf0 create_subvol+0xd02/0x1650 btrfs_mksubvol+0xe95/0x12b0 __btrfs_ioctl_snap_create+0x2f9/0x4f0 btrfs_ioctl_snap_create+0x16b/0x200 btrfs_ioctl+0x35f0/0x5cf0 __x64_sys_ioctl+0x19d/0x210 do_syscall_64+0x3f/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace 0000000000000000 ]---[CAUSE]During create_subvol(), after inserting root item for the newly createdsubvolume, we would trigger btrfs_get_new_fs_root() to get thebtrfs_root of that subvolume.The idea here is, we have preallocated an anonymous device number forthe subvolume, thus we can assign it to the new subvolume.But there is really nothing preventing things like backref walk to readthe new subvolume.If that happens before we call btrfs_get_new_fs_root(), the subvolumewould be read out, with a new anonymous device number assigned already.In that case, we would trigger ASSERT(), as we really expect no one toread out that subvolume (which is not yet accessible from the fs).But things like backref walk is still possible to trigger the read onthe subvolume.Thus our assumption on the ASSERT() is not correct in the first place.[FIX]Fix it by removing the ASSERT(), and just free the @anon_dev, reset itto 0, and continue.If the subvolume tree is read out by something else, it should havealready get a new anon_dev assigned thus we only need to free thepreallocated one.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4840", "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24762", "`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/seal-community/patches", "https://github.com/Kludex/python-multipart/security/advisories/GHSA-2jv5-9r88-3w3p
https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238
https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389"], ["2024", "CVE-2024-29419", "There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29788", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24861", "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23293", "This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4592", "A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/23.md"], ["2024", "CVE-2024-4603", "Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a long timeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length for signatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command line applicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.", "https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21396", "Dynamics 365 Sales Spoofing Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21007", "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "https://github.com/tanjiti/sec_profile", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21116", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-30262", "Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable \"Allow auto login\" in the login module.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1077", "Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29448", "** DISPUTED ** A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29448", "No PoCs from references."], ["2024", "CVE-2024-24830", "OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the \"/api/{org_id}/users\" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v"], ["2024", "CVE-2024-4652", "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21056", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2059", "A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/service_crud.php%20Unauthenticated%20Arbitrary%20File%20Upload.md"], ["2024", "CVE-2024-35843", "In the Linux kernel, the following vulnerability has been resolved:iommu/vt-d: Use device rbtree in iopf reporting pathThe existing I/O page fault handler currently locates the PCI device bycalling pci_get_domain_bus_and_slot(). This function searches the listof all PCI devices until the desired device is found. To improve lookupefficiency, replace it with device_rbtree_find() to search the devicewithin the probed device rbtree.The I/O page fault is initiated by the device, which does not have anysynchronization mechanism with the software to ensure that the devicestays in the probed device tree. Theoretically, a device could be releasedby the IOMMU subsystem after device_rbtree_find() and beforeiopf_get_dev_fault_param(), which would cause a use-after-free problem.Add a mutex to synchronize the I/O page fault reporting path and the IOMMUrelease device path. This lock doesn't introduce any performance overhead,as the conflict between I/O page fault reporting and device releasing isvery rare.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21351", "Windows SmartScreen Security Feature Bypass Vulnerability", "https://github.com/GarethPullen/Powershell-Scripts
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22078", "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31209", "oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(s)`3.1.2` & `3.2.0-beta.3`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26471", "A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35591", "An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24574", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.", "No PoCs found on GitHub currently.", "https://github.com/thorsten/phpMyFAQ/pull/2827
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx"], ["2024", "CVE-2024-28563", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-25618", "Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3"], ["2024", "CVE-2024-21091", "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2008", "The Modal Popup Box \u2013 Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awl_modal_popup_box_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1261", "A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24525", "An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL.", "https://github.com/l3v3lFORall/EpointWebBuilder_v5.x_VULN", "No PoCs from references."], ["2024", "CVE-2024-2148", "A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255501 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/vanitashtml/CVE-Dumps/blob/main/RCE%20via%20Arbitrary%20File%20Upload%20in%20Mobile%20Management%20Store.md"], ["2024", "CVE-2024-25649", "In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4444", "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.", "https://github.com/JohnnyBradvo/CVE-2024-4444
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-26602", "In the Linux kernel, the following vulnerability has been resolved:sched/membarrier: reduce the ability to hammer on sys_membarrierOn some systems, sys_membarrier can be very expensive, causing overallslowdowns for everything. So put a lock on the path in order toserialize the accesses to prevent the ability for this to be called attoo high of a frequency and saturate the machine.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26593", "In the Linux kernel, the following vulnerability has been resolved:i2c: i801: Fix block process call transactionsAccording to the Intel datasheets, software must reset the blockbuffer index twice for block process call transactions: once beforewriting the outgoing data to the buffer, and once again beforereading the incoming data from the buffer.The driver is currently missing the second reset, causing the wrongportion of the block buffer to be read.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1292", "The wpb-show-core WordPress plugin before 2.6 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/56d4fc48-d0dc-4ac6-93cd-f64d4c3c5c07/"], ["2024", "CVE-2024-24707", "Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2.", "No PoCs found on GitHub currently.", "https://snicco.io/vulnerability-disclosure/cwicly/remote-code-execution-cwicly-1-4-0-2?_s_id=cve"], ["2024", "CVE-2024-24496", "An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/DailyHabitTracker-Broken_Access_Control.md"], ["2024", "CVE-2024-24804", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4666", "The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21062", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4726", "A vulnerability was found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/clients. The manipulation of the argument f_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263804.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_clients.md"], ["2024", "CVE-2024-4825", "A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in \u2018/media/api\u2019 parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3146", "A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/14.md"], ["2024", "CVE-2024-26653", "In the Linux kernel, the following vulnerability has been resolved:usb: misc: ljca: Fix double free in error handling pathWhen auxiliary_device_add() returns error and then callsauxiliary_device_uninit(), callback function ljca_auxdev_releasecalls kfree(auxdev->dev.platform_data) to free the parameter dataof the function ljca_new_client_device. The callers ofljca_new_client_device shouldn't call kfree() againin the error handling path to free the platform data.Fix this by cleaning up the redundant kfree() in all callers andadding kfree() the passed in platform_data on errors which happenbefore auxiliary_device_init() succeeds .", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24756", "Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5.", "No PoCs found on GitHub currently.", "https://github.com/crafatar/crafatar/security/advisories/GHSA-5cxq-25mp-q5f2"], ["2024", "CVE-2024-23136", "A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24855", "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28741", "Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.", "https://github.com/chebuya/CVE-2024-28741-northstar-agent-rce-poc
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://blog.chebuya.com/posts/discovering-cve-2024-28741-remote-code-execution-on-northstar-c2-agents-via-pre-auth-stored-xss/
https://packetstormsecurity.com/files/177542/NorthStar-C2-Agent-1.0-Cross-Site-Scripting-Remote-Command-Execution.html"], ["2024", "CVE-2024-21033", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-32302", "Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromWizardHandle.md"], ["2024", "CVE-2024-26713", "In the Linux kernel, the following vulnerability has been resolved:powerpc/pseries/iommu: Fix iommu initialisation during DLPAR addWhen a PCI device is dynamically added, the kernel oopses with a NULLpointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 Faulting instruction address: 0xc0000000006bbe5c Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66 Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries NIP: c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8 REGS: c00000009924f240 TRAP: 0300 Not tainted (6.7.0-203405+) MSR: 8000000000009033 CR: 24002220 XER: 20040006 CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0 ... NIP sysfs_add_link_to_group+0x34/0x94 LR iommu_device_link+0x5c/0x118 Call Trace: iommu_init_device+0x26c/0x318 (unreliable) iommu_device_link+0x5c/0x118 iommu_init_device+0xa8/0x318 iommu_probe_device+0xc0/0x134 iommu_bus_notifier+0x44/0x104 notifier_call_chain+0xb8/0x19c blocking_notifier_call_chain+0x64/0x98 bus_notify+0x50/0x7c device_add+0x640/0x918 pci_device_add+0x23c/0x298 of_create_pci_dev+0x400/0x884 of_scan_pci_dev+0x124/0x1b0 __of_scan_bus+0x78/0x18c pcibios_scan_phb+0x2a4/0x3b0 init_phb_dynamic+0xb8/0x110 dlpar_add_slot+0x170/0x3b8 [rpadlpar_io] add_slot_store.part.0+0xb4/0x130 [rpadlpar_io] kobj_attr_store+0x2c/0x48 sysfs_kf_write+0x64/0x78 kernfs_fop_write_iter+0x1b0/0x290 vfs_write+0x350/0x4a0 ksys_write+0x84/0x140 system_call_exception+0x124/0x330 system_call_vectored_common+0x15c/0x2ecCommit a940904443e4 (\"powerpc/iommu: Add iommu_ops to report capabilitiesand allow blocking domains\") broke DLPAR add of PCI devices.The above added iommu_device structure to pci_controller. Duringsystem boot, PCI devices are discovered and this newly added iommu_devicestructure is initialized by a call to iommu_device_register().During DLPAR add of a PCI device, a new pci_controller structure isallocated but there are no calls made to iommu_device_register()interface.Fix is to register the iommu device during DLPAR add as well.[mpe: Trim oops and tweak some change log wording]", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26482", "** DISPUTED ** An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned \"injecting malicious scripts\" would not occur.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3117", "A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\\Lib\\Action\\Admin\\ChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3286", "A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1012", "A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This issue affects some unknown processing of the file defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp. The manipulation of the argument recordId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252281 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4865", "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30187", "Anope before 2.0.15 does not prevent resetting the password of a suspended account.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32313", "Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWanParameterSetting.md"], ["2024", "CVE-2024-24904", "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28581", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-21022", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-23127", "A maliciously crafted MODEL, SLDPRT or SLDASM file in VCRUNTIME140.dll when parsed through Autodesk AutoCAD can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28853", "Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1.", "No PoCs found on GitHub currently.", "https://github.com/ampache/ampache/security/advisories/GHSA-prw2-7cr3-5mx8"], ["2024", "CVE-2024-1143", "Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24747", "MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4"], ["2024", "CVE-2024-26642", "In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: disallow anonymous set with timeout flagAnonymous sets are never used with timeout from userspace, reject this.Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4925", "A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /intrams_sams/manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264461 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3157", "Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30247", "NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32342", "A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter.", "https://github.com/adiapera/xss_create_boidcms_2.1.0", "https://github.com/adiapera/xss_create_boidcms_2.1.0"], ["2024", "CVE-2024-21073", "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-1112", "Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1283", "Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26582", "In the Linux kernel, the following vulnerability has been resolved:net: tls: fix use-after-free with partial reads and async decrypttls_decrypt_sg doesn't take a reference on the pages from clear_skb,so the put_page() in tls_decrypt_done releases them, and we triggera use-after-free in process_rx_list when we try to read from thepartially-read skb.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3386", "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2159", "The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/d7fa9849-c82a-4efd-84b6-9245053975ba/"], ["2024", "CVE-2024-23354", "Memory corruption when the IOCTL call is interrupted by a signal.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3235", "The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31309", "HTTP/2 CONTINUATION\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u00a0affected.Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.", "https://github.com/Ampferl/poc_http2-continuation-flood
https://github.com/DrewskyDev/H2Flood
https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/lockness-Ko/CVE-2024-27316", "No PoCs from references."], ["2024", "CVE-2024-21311", "Windows Cryptographic Services Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21080", "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4515", "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4795", "A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263894 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/sql_manage_user.md"], ["2024", "CVE-2024-28572", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-23305", "An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23094", "Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/TinkAnet/cve/blob/main/csrf3.md"], ["2024", "CVE-2024-25598", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31218", "Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP request to the database (Pocketbase) admin API to create an admin account. The Pocketbase admin API does not check for authentication/authorization when creating an admin account when no admin accounts have been added. In its default deployment, Webhood does not create a database admin account. Therefore, unless users have manually created an admin account in the database, an admin account will not exist in the deployment and the deployment is vulnerable. Versions starting from 0.9.1 are patched. The patch creates a randomly generated admin account if admin accounts have not already been created i.e. the vulnerability is exploitable in the deployment. As a workaround, users can disable access to URL path starting with `/api/admins` entirely. With this workaround, the vulnerability is not exploitable via network.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24565", "CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1.", "No PoCs found on GitHub currently.", "https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96"], ["2024", "CVE-2024-1361", "The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1221", "This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31358", "Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22129", "SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28432", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/itsqian797/cms/blob/main/4.md"], ["2024", "CVE-2024-35852", "In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash workThe rehash delayed work is rescheduled with a delay if the number ofcredits at end of the work is not negative as supposedly it means thatthe migration ended. Otherwise, it is rescheduled immediately.After \"mlxsw: spectrum_acl_tcam: Fix possible use-after-free duringrehash\" the above is no longer accurate as a non-negative number ofcredits is no longer indicative of the migration being done. It can alsohappen if the work encountered an error in which case the migration willresume the next time the work is scheduled.The significance of the above is that it is possible for the work to bepending and associated with hints that were allocated when the migrationstarted. This leads to the hints being leaked [1] when the work iscanceled while pending as part of ACL region dismantle.Fix by freeing the hints if hints are associated with a work that wascanceled while pending.Blame the original commit since the reliance on not having a pendingwork associated with hints is fragile.[1]unreferenced object 0xffff88810e7c3000 (size 256): comm \"kworker/0:16\", pid 176, jiffies 4295460353 hex dump (first 32 bytes): 00 30 95 11 81 88 ff ff 61 00 00 00 00 00 00 80 .0......a....... 00 00 61 00 40 00 00 00 00 00 00 00 04 00 00 00 ..a.@........... backtrace (crc 2544ddb9): [<00000000cf8cfab3>] kmalloc_trace+0x23f/0x2a0 [<000000004d9a1ad9>] objagg_hints_get+0x42/0x390 [<000000000b143cf3>] mlxsw_sp_acl_erp_rehash_hints_get+0xca/0x400 [<0000000059bdb60a>] mlxsw_sp_acl_tcam_vregion_rehash_work+0x868/0x1160 [<00000000e81fd734>] process_one_work+0x59c/0xf20 [<00000000ceee9e81>] worker_thread+0x799/0x12c0 [<00000000bda6fe39>] kthread+0x246/0x300 [<0000000070056d23>] ret_from_fork+0x34/0x70 [<00000000dea2b93e>] ret_from_fork_asm+0x1a/0x30", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21047", "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-26924", "In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_pipapo: do not free live elementPablo reports a crash with large batches of elements with aback-to-back add/remove pattern. Quoting Pablo: add_elem(\"00000000\") timeout 100 ms ... add_elem(\"0000000X\") timeout 100 ms del_elem(\"0000000X\") <---------------- delete one that was just added ... add_elem(\"00005000\") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat.Looking at the remove function there is a chance that we will drop arule that maps to a non-deactivated element.Removal happens in two steps, first we do a lookup for key k and return theto-be-removed element and mark it as inactive in the next generation.Then, in a second step, the element gets removed from the set/map.The _remove function does not work correctly if we have more than oneelement that share the same key.This can happen if we insert an element into a set when the set alreadyholds an element with same key, but the element mapping to the existingkey has timed out or is not active in the next generation.In such case its possible that removal will unmap the wrong element.If this happens, we will leak the non-deactivated element, it becomesunreachable.The element that got deactivated (and will be freed later) willremain reachable in the set data structure, this can result ina crash when such an element is retrieved during lookup (stalepointer).Add a check that the fully matching key does in fact map to the elementthat we have marked as inactive in the deactivation step.If not, we need to continue searching.Add a bug/warn trap at the end of the function as well, the removefunction must not ever be called with an invisible/unreachable/non-existentelement.v2: avoid uneeded temporary variable (Stefano)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32236", "An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28735", "Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html"], ["2024", "CVE-2024-24722", "An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26627", "In the Linux kernel, the following vulnerability has been resolved:scsi: core: Move scsi_host_busy() out of host lock for waking up EH handlerInside scsi_eh_wakeup(), scsi_host_busy() is called & checked with hostlock every time for deciding if error handler kthread needs to be waken up.This can be too heavy in case of recovery, such as: - N hardware queues - queue depth is M for each hardware queue - each scsi_host_busy() iterates over (N * M) tag/requestsIf recovery is triggered in case that all requests are in-flight, eachscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is calledfor the last in-flight request, scsi_host_busy() has been run for (N * M -1) times, and request has been iterated for (N*M - 1) * (N * M) times.If both N and M are big enough, hard lockup can be triggered on acquiringhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).Fix the issue by calling scsi_host_busy() outside the host lock. We don'tneed the host lock for getting busy count because host the lock nevercovers that.[mkp: Drop unnecessary 'busy' variables pointed out by Bart]", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1066", "An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4492", "A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). This issue affects the function formOfflineSet of the file /goform/setStaOffline. The manipulation of the argument GO/ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263081 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formOfflineSet.md"], ["2024", "CVE-2024-21107", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "https://github.com/Alaatk/CVE-2024-21107
https://github.com/nomi-sec/PoC-in-GitHub", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-28675", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/12.md"], ["2024", "CVE-2024-4583", "A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21387", "Microsoft Edge for Android Spoofing Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21016", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-24870", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23113", "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.", "https://github.com/cvedayprotech/CVE-2024-23113
https://github.com/cvedayprotech3s/cve-2024-23113
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/foxymoxxy/CVE-2024-23113-POC
https://github.com/labesterOct/CVE-2024-23113
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tr1pl3ight/CVE-2024-23113-POC", "No PoCs from references."], ["2024", "CVE-2024-28764", "IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1177", "The WP Club Manager \u2013 WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27988", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29799", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1037", "The All-In-One Security (AIOS) \u2013 Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30222", "Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24930", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20018", "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00348479; Issue ID: MSV-1019.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20389", "A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1184", "A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://fitoxs.com/vuldb/10-exploit-perl.txt"], ["2024", "CVE-2024-1215", "A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/PrecursorYork/crud-without-refresh-reload-Reflected_XSS-POC/blob/main/README.md"], ["2024", "CVE-2024-30391", "A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and\u00a0SRX Series\u00a0allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device.If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed.This issue affects Junos OS: * All versions before 20.4R3-S7, * 21.1 versions before 21.1R3,\u00a0 * 21.2 versions before 21.2R2-S1, 21.2R3,\u00a0 * 21.3 versions before 21.3R1-S2, 21.3R2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21374", "Microsoft Teams for Android Information Disclosure Vulnerability", "https://github.com/Ch0pin/related_work
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26986", "In the Linux kernel, the following vulnerability has been resolved:drm/amdkfd: Fix memory leak in create_process failureFix memory leak due to a leaked mmget reference on an error handlingcode path that is triggered when attempting to create KFD processeswhile a GPU reset is in progress.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32105", "Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24883", "Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Addons For Elementor.This issue affects Prime Slider \u2013 Addons For Elementor: from n/a through 3.11.10.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23331", "Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.", "https://github.com/seal-community/patches
https://github.com/vignesh7701/CodeEditor-Beta", "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw"], ["2024", "CVE-2024-3250", "It was discovered that Pebble's read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26454", "A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/OmRajpurkar/Healthcare-Chatbot/issues/4
https://medium.com/@0x0d0x0a/healthcare-chatbot-xss-cve-2024-26454-acf2607bf210"], ["2024", "CVE-2024-20049", "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21325", "Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4521", "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27769", "Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24691", "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1095", "The Build & Control Block Patterns \u2013 Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1304", "Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/guillermogm4/CVE-2024-1304---Badgermeter-moni-tool-Reflected-Cross-Site-Scripting-XSS
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-26794", "In the Linux kernel, the following vulnerability has been resolved:btrfs: fix race between ordered extent completion and fiemapFor fiemap we recently stopped locking the target extent range for thewhole duration of the fiemap call, in order to avoid a deadlock in ascenario where the fiemap buffer happens to be a memory mapped range ofthe same file. This use case is very unlikely to be useful in practice butit may be triggered by fuzz testing (syzbot, etc).However by not locking the target extent range for the whole duration ofthe fiemap call we can race with an ordered extent. This happens likethis:1) The fiemap task finishes processing a file extent item that covers the file range [512K, 1M[, and that file extent item is the last item in the leaf currently being processed;2) And ordered extent for the file range [768K, 2M[, in COW mode, completes (btrfs_finish_one_ordered()) and the file extent item covering the range [512K, 1M[ is trimmed to cover the range [512K, 768K[ and then a new file extent item for the range [768K, 2M[ is inserted in the inode's subvolume tree;3) The fiemap task calls fiemap_next_leaf_item(), which then calls btrfs_next_leaf() to find the next leaf / item. This finds that the the next key following the one we previously processed (its type is BTRFS_EXTENT_DATA_KEY and its offset is 512K), is the key corresponding to the new file extent item inserted by the ordered extent, which has a type of BTRFS_EXTENT_DATA_KEY and an offset of 768K;4) Later the fiemap code ends up at emit_fiemap_extent() and triggers the warning: if (cache->offset + cache->len > offset) { WARN_ON(1); return -EINVAL; } Since we get 1M > 768K, because the previously emitted entry for the old extent covering the file range [512K, 1M[ ends at an offset that is greater than the new extent's start offset (768K). This makes fiemap fail with -EINVAL besides triggering the warning that produces a stack trace like the following: [1621.677651] ------------[ cut here ]------------ [1621.677656] WARNING: CPU: 1 PID: 204366 at fs/btrfs/extent_io.c:2492 emit_fiemap_extent+0x84/0x90 [btrfs] [1621.677899] Modules linked in: btrfs blake2b_generic (...) [1621.677951] CPU: 1 PID: 204366 Comm: pool Not tainted 6.8.0-rc5-btrfs-next-151+ #1 [1621.677954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [1621.677956] RIP: 0010:emit_fiemap_extent+0x84/0x90 [btrfs] [1621.678033] Code: 2b 4c 89 63 (...) [1621.678035] RSP: 0018:ffffab16089ffd20 EFLAGS: 00010206 [1621.678037] RAX: 00000000004fa000 RBX: ffffab16089ffe08 RCX: 0000000000009000 [1621.678039] RDX: 00000000004f9000 RSI: 00000000004f1000 RDI: ffffab16089ffe90 [1621.678040] RBP: 00000000004f9000 R08: 0000000000001000 R09: 0000000000000000 [1621.678041] R10: 0000000000000000 R11: 0000000000001000 R12: 0000000041d78000 [1621.678043] R13: 0000000000001000 R14: 0000000000000000 R15: ffff9434f0b17850 [1621.678044] FS: 00007fa6e20006c0(0000) GS:ffff943bdfa40000(0000) knlGS:0000000000000000 [1621.678046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1621.678048] CR2: 00007fa6b0801000 CR3: 000000012d404002 CR4: 0000000000370ef0 [1621.678053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1621.678055] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1621.678056] Call Trace: [1621.678074] [1621.678076] ? __warn+0x80/0x130 [1621.678082] ? emit_fiemap_extent+0x84/0x90 [btrfs] [1621.678159] ? report_bug+0x1f4/0x200 [1621.678164] ? handle_bug+0x42/0x70 [1621.678167] ? exc_invalid_op+0x14/0x70 [1621.678170] ? asm_exc_invalid_op+0x16/0x20 [1621.678178] ? emit_fiemap_extent+0x84/0x90 [btrfs] [1621.678253] extent_fiemap+0x766---truncated---", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0965", "The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22593", "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save", "No PoCs found on GitHub currently.", "https://github.com/ysuzhangbin/cms2/blob/main/3.md"], ["2024", "CVE-2024-2860", "The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1998", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1795. Reason: This candidate is a reservation duplicate of CVE-2024-1795. Notes: All CVE users should reference CVE-2024-1795 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28319", "gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/gpac/gpac/issues/2763"], ["2024", "CVE-2024-28088", "LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)", "https://github.com/levpachmanov/cve-2024-28088-poc
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/seal-community/patches
https://github.com/tanjiti/sec_profile
https://github.com/zgimszhd61/llm-security-quickstart", "https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md"], ["2024", "CVE-2024-2763", "A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Affected by this issue is the function formSetCfm of the file goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetCfm.md"], ["2024", "CVE-2024-25062", "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "https://github.com/lucacome/lucacome", "No PoCs from references."], ["2024", "CVE-2024-22901", "Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.", "https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain
https://github.com/Chocapikk/My-CVEs
https://github.com/komodoooo/Some-things", "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"], ["2024", "CVE-2024-25122", "sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' \"admin\" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38"], ["2024", "CVE-2024-0726", "A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0825", "The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29135", "Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33436", "An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables", "https://github.com/randshell/CSS-Exfil-Protection-POC", "https://github.com/mlgualtieri/CSS-Exfil-Protection/issues/41
https://github.com/randshell/vulnerability-research/tree/main/CVE-2024-33436"], ["2024", "CVE-2024-33527", "A Stored Cross-site Scripting (XSS) vulnerability in the \"Import of Users and login name of user\" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.", "No PoCs found on GitHub currently.", "https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/"], ["2024", "CVE-2024-20756", "Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20855", "Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34347", "@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr"], ["2024", "CVE-2024-28199", "phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you render an `` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. If you splat user-provided attributes when rendering any HTML tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. Patches are available on RubyGems for all 1.x minor versions. Users are advised to upgrade. Users unable to upgrade should consider configuring a content security policy that does not allow `unsafe-inline`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2672", "A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257372.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34207", "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/setStaticDhcpConfig"], ["2024", "CVE-2024-34196", "Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The \"boa\" program allows attackers to modify the value of the \"vwlan_idx\" field via \"formMultiAP\". This can lead to a stack overflow through the \"formWlEncrypt\" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks.", "No PoCs found on GitHub currently.", "https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1"], ["2024", "CVE-2024-0874", "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31843", "An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.", "No PoCs found on GitHub currently.", "https://www.gruppotim.it/it/footer/red-team.html"], ["2024", "CVE-2024-25351", "SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Change_Image.md"], ["2024", "CVE-2024-33645", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eftakhairul Islam & Sirajus Salayhin Easy Set Favicon allows Reflected XSS.This issue affects Easy Set Favicon: from n/a through 1.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1779", "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0887", "A vulnerability, which was classified as problematic, has been found in Mafiatic Blue Server 1.1. Affected by this issue is some unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252038 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://fitoxs.com/vuldb/18-exploit-perl.txt"], ["2024", "CVE-2024-29197", "Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1.", "https://github.com/Schnaidr/CVE-2024-2856-Stack-overflow-EXP
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mansploit/CVE-2024-29197-exploit
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445"], ["2024", "CVE-2024-29206", "An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products:UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier)UniFi Access G2 Reader Pro (Version 1.2.172 and earlier)UniFi Access Reader Pro (Version 2.7.238 and earlier)UniFi Access Intercom (Version 1.0.66 and earlier)UniFi Access Intercom Viewer (Version 1.0.5 and earlier)UniFi Connect Display (Version 1.9.324 and earlier)UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation:Update UniFi Connect Application to Version 3.10.7 or later.Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later.Update UniFi Access G2 Reader Pro Version 1.3.37 or later.Update UniFi Access Reader Pro Version 2.8.19 or later.Update UniFi Access Intercom Version 1.1.32 or later.Update UniFi Access Intercom Viewer Version 1.1.6 or later.Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2982", "A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md
https://vuldb.com/?id.258151"], ["2024", "CVE-2024-27085", "Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2681", "A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/employee/index.php. The manipulation of the argument view leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257381 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0784", "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700.", "No PoCs found on GitHub currently.", "https://github.com/biantaibao/octopus_SQL/blob/main/report.md
https://vuldb.com/?id.251700"], ["2024", "CVE-2024-0415", "A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25180", "** DISPUTED ** An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers.", "No PoCs found on GitHub currently.", "https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md
https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-6347243"], ["2024", "CVE-2024-25211", "Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Simple%20Expense%20Tracker/Simple%20Expense%20Tracker%20-%20SQL%20Injection-2.md"], ["2024", "CVE-2024-21618", "An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.This issue affects:Junos OS: * from 21.4 before 21.4R3-S4,\u00a0 * from 22.1 before 22.1R3-S4,\u00a0 * from 22.2 before 22.2R3-S2,\u00a0 * from 22.3 before 22.3R2-S2, 22.3R3-S1,\u00a0 * from 22.4 before 22.4R3,\u00a0 * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO,\u00a0 * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0 * from 22.2-EVO before 22.2R3-S2-EVO,\u00a0 * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,\u00a0 * from 22.4-EVO before 22.4R3-EVO,\u00a0 * from 23.2-EVO before 23.2R2-EVO.This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27194", "Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27205", "there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0695", "A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251480. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html
https://vuldb.com/?id.251480
https://www.exploitalert.com/view-details.html?id=40072
https://www.youtube.com/watch?v=nGyS2Rp5aEo"], ["2024", "CVE-2024-25300", "A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/XSS.md"], ["2024", "CVE-2024-21498", "All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249862"], ["2024", "CVE-2024-26169", "Windows Error Reporting Service Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/ldpreload/werkernel", "No PoCs from references."], ["2024", "CVE-2024-1668", "The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's \"password\" field).", "No PoCs found on GitHub currently.", "https://gist.github.com/Xib3rR4dAr/91bd37338022b15379f393356d1056a1"], ["2024", "CVE-2024-31651", "A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.", "No PoCs found on GitHub currently.", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31651.md"], ["2024", "CVE-2024-33857", "An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22824", "An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0743", "An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30939", "An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.", "No PoCs found on GitHub currently.", "https://medium.com/@deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad"], ["2024", "CVE-2024-29150", "An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are used for debugging files. Given that the process of gathering debug logs is carried out with root privileges, any file referenced in the symlink is consequently written to the debug archive, thereby granting accessibility to the attacker.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-011.txt"], ["2024", "CVE-2024-22727", "Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://teltonika-networks.com/newsroom/critical-security-update-for-trb1-series-gateways"], ["2024", "CVE-2024-2945", "A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33513", "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22667", "Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt
https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47"], ["2024", "CVE-2024-20762", "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2805", "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md"], ["2024", "CVE-2024-30879", "Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.", "No PoCs found on GitHub currently.", "https://github.com/jianyan74/rageframe2/issues/114"], ["2024", "CVE-2024-2706", "A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49. This affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257457 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWifiWpsStart.md"], ["2024", "CVE-2024-2497", "A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27102", "Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory (sandbox root) is possible. In order to use this exploit, an attacker must have an existing \"server\" allocated and controlled by Wings. Details on the exploitation of this vulnerability are embargoed until March 27th, 2024 at 18:00 UTC. In order to mitigate this vulnerability, a full rewrite of the entire server filesystem was necessary. Because of this, the size of the patch is massive, however effort was made to reduce the amount of breaking changes. Users are advised to update to version 1.11.9. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20861", "Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.", "https://github.com/dlehgus1023/dlehgus1023
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25007", "Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.", "No PoCs found on GitHub currently.", "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024"], ["2024", "CVE-2024-0603", "A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250839.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.250839"], ["2024", "CVE-2024-2617", "A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If amalicious actor successfully exploits this vulnerability, theycould use it to update the RTU500 with unsigned firmware.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2586", "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27013", "In the Linux kernel, the following vulnerability has been resolved:tun: limit printing rate when illegal packet received by tun devvhost_worker will call tun call backs to receive packets. If too manyillegal packets arrives, tun_do_read will keep dumping packet contents.When console is enabled, it will costs much more cpu time to dumppacket and soft lockup will be detected.net_ratelimit mechanism can be used to limit the dumping rate.PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: \"vhost-32980\" #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253 #1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3 #2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e #3 [fffffe00003fced0] do_nmi at ffffffff8922660d #4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663 [exception RIP: io_serial_in+20] RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002 RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0 RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020 R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #5 [ffffa655314979e8] io_serial_in at ffffffff89792594 #6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470 #7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6 #8 [ffffa65531497a20] uart_console_write at ffffffff8978b605 #9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558 #10 [ffffa65531497ac8] console_unlock at ffffffff89316124 #11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07 #12 [ffffa65531497b68] printk at ffffffff89318306 #13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765 #14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun] #15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun] #16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net] #17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost] #18 [ffffa65531497f10] kthread at ffffffff892d2e72 #19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20970", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0712", "A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0811", "Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html"], ["2024", "CVE-2024-29101", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22776", "Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33793", "netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ymkyu/CVE/tree/main/CVE-2024-33793"], ["2024", "CVE-2024-20673", "Microsoft Office Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31507", "Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the \"request\" parameter in admin/fetch_gendercs.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CveSecLook/cve/issues/6"], ["2024", "CVE-2024-23888", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stocktransactionslist.php, in the itemidy parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0951", "The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/88b2e479-eb15-4213-9df8-3d353074974e/"], ["2024", "CVE-2024-22636", "PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.", "https://github.com/capture0x/My-CVE", "No PoCs from references."], ["2024", "CVE-2024-31447", "Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5137", "A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php of the component Searchbar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265213 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%202.md"], ["2024", "CVE-2024-2854", "A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md"], ["2024", "CVE-2024-2757", "In PHP 8.3.* before 8.3.5, function\u00a0mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://www.openwall.com/lists/oss-security/2024/04/12/11
https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq"], ["2024", "CVE-2024-20830", "Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0652", "A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251378 is the identifier assigned to this vulnerability.", "https://github.com/Agampreet-Singh/CVE-2024-0652
https://github.com/Agampreet-Singh/CVE-2024-25202
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3619", "A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /control/addcase_stage.php. The manipulation of the argument cname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260275.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/zyairelai/CVE-submissions/blob/main/kortex-addcase_stage-sqli.md"], ["2024", "CVE-2024-22414", "flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` contains the following code snippet to render comments made by a user: `

`. Use of the \"safe\" tag causes flask to _not_ escape the rendered content. To remediate this, simply remove the `|safe` tag from the HTML above. No fix is is available and users are advised to manually edit their installation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6"], ["2024", "CVE-2024-5084", "The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-20680", "Windows Message Queuing Client (MSMQC) Information Disclosure", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31966", "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify system configuration or execute arbitrary commands.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20983", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2575", "A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257078 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20task-details.php.md"], ["2024", "CVE-2024-25274", "An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23638", "Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.", "https://github.com/MegaManSec/Squid-Security-Audit", "No PoCs from references."], ["2024", "CVE-2024-4139", "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3759", "in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22445", "Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29232", "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-31634", "Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \\XunRuiCMS\\dayrui\\Fcms\\Library.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24149", "A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.", "No PoCs found on GitHub currently.", "https://github.com/libming/libming/issues/310"], ["2024", "CVE-2024-2524", "A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This issue affects some unknown processing of the file /admin/receipt.php. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20receipt.php.md"], ["2024", "CVE-2024-0421", "The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/"], ["2024", "CVE-2024-33832", "OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info.", "No PoCs found on GitHub currently.", "https://github.com/helloxz/onenav/issues/186"], ["2024", "CVE-2024-25225", "A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Simple%20Admin%20Panel%20App/Simple%20Admin%20Panel%20App%20-%20Cross-Site-Scripting%20-%201.md"], ["2024", "CVE-2024-27260", "IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2464", "This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0561", "The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/99b6aa8b-deb9-48f8-8896-f3c8118a4f70/"], ["2024", "CVE-2024-4168", "A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-261987. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_4260F0.md"], ["2024", "CVE-2024-24398", "Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/trustcves/CVE-2024-24398", "https://cves.at/posts/cve-2024-24398/writeup/"], ["2024", "CVE-2024-33671", "An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2474", "The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31867", "Improper Input Validation vulnerability in Apache Zeppelin.The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22515", "Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.", "https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution
https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability"], ["2024", "CVE-2024-24019", "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24388", "Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2534", "A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256971. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20users.php.md"], ["2024", "CVE-2024-23739", "An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.", "https://github.com/V3x0r/CVE-2024-23739
https://github.com/V3x0r/CVE-2024-23740
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/giovannipajeu1/CVE-2024-23739
https://github.com/giovannipajeu1/CVE-2024-23740
https://github.com/giovannipajeu1/giovannipajeu1
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27221", "In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30459", "Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3749", "The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0/"], ["2024", "CVE-2024-22544", "An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20690", "Windows Nearby Sharing Spoofing Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5094", "A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265073 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20SQL%20Injection%20-%202.md"], ["2024", "CVE-2024-29273", "There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/zyx0814/dzzoffice/issues/244"], ["2024", "CVE-2024-22795", "Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.", "https://github.com/Hagrid29/ForeScout-SecureConnector-EoP", "https://github.com/Hagrid29/ForeScout-SecureConnector-EoP"], ["2024", "CVE-2024-22404", "Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download \"view-only\" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30688", "** DISPUTED ** An arbitrary file upload vulnerability has been discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted payload to the file upload mechanism of the ROS2 system, including the server\u2019s functionality for handling file uploads and the associated validation processes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30688", "No PoCs from references."], ["2024", "CVE-2024-23768", "Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0460", "A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2565", "A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257064.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20993", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-31457", "gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem.", "No PoCs found on GitHub currently.", "https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4"], ["2024", "CVE-2024-20723", "Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/leonov-av/vulristics", "No PoCs from references."], ["2024", "CVE-2024-22626", "Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20820", "Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25297", "Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CpyRe/I-Find-CVE-2024/blob/main/BLUDIT%20Stored%20XSS.md"], ["2024", "CVE-2024-25106", "OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the \"/api/{org_id}/users/{email_id}\" endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with \"Admin\" and \"Root\" roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including \"Admins\" and \"Root\" users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by \"Admins\" or \"Root\" users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade.", "No PoCs found on GitHub currently.", "https://github.com/openobserve/openobserve/security/advisories/GHSA-3m5f-9m66-xgp7"], ["2024", "CVE-2024-20960", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27003", "In the Linux kernel, the following vulnerability has been resolved:clk: Get runtime PM before walking tree for clk_summarySimilar to the previous commit, we should make sure that all devices areruntime resumed before printing the clk_summary through debugfs. Failureto do so would result in a deadlock if the thread is resuming a deviceto print clk state and that device is also runtime resuming in anotherthread, e.g the screen is turning on and the display driver is startingup. We remove the calls to clk_pm_runtime_{get,put}() in this pathbecause they're superfluous now that we know the devices are runtimeresumed. This also squashes a bug where the return value ofclk_pm_runtime_get() wasn't checked, leading to an RPM count underflowon error paths.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2596", "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/mail/main/select_send.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2607", "Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23898", "Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/jenkinsci-cert/SECURITY-3314-3315
https://github.com/murataydemir/CVE-2024-23897
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-20663", "Windows Message Queuing Client (MSMQC) Information Disclosure", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33783", "MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29111", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webvitaly Sitekit allows Stored XSS.This issue affects Sitekit: from n/a through 1.6.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0801", "A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2024-07"], ["2024", "CVE-2024-2815", "A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md"], ["2024", "CVE-2024-33692", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0582", "A memory leak flaw was found in the Linux kernel\u2019s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "https://github.com/Forsaken0129/CVE-2024-0582
https://github.com/Forsaken0129/UltimateLinuxPrivilage
https://github.com/FoxyProxys/CVE-2024-0582
https://github.com/GhostTroops/TOP
https://github.com/aneasystone/github-trending
https://github.com/fireinrain/github-trending
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/xairy/linux-kernel-exploitation
https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582", "No PoCs from references."], ["2024", "CVE-2024-25386", "Directory Traversal vulnerability in DICOM\u00ae Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/Shulelk/15c9ba8d6b54dd4256a50a24ac7dd0a2
https://sec.1i6w31fen9.top/2024/02/02/dcf-operations-window-remote-command-execute/"], ["2024", "CVE-2024-20871", "Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27283", "A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2716", "A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument email leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257469 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0753", "In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34223", "Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.", "https://github.com/dovankha/CVE-2024-34223
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-20931", "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "https://github.com/ATonysan/CVE-2024-20931_weblogic
https://github.com/GhostTroops/TOP
https://github.com/GlassyAmadeus/CVE-2024-20931
https://github.com/Leocodefocus/CVE-2024-20931-Poc
https://github.com/Marco-zcl/POC
https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/dinosn/CVE-2024-20931
https://github.com/fireinrain/github-trending
https://github.com/gobysec/Goby
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/labesterOct/CVE-2024-20931
https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sampsonv/github-trending
https://github.com/tanjiti/sec_profile
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/zhaoxiaoha/github-trending", "No PoCs from references."], ["2024", "CVE-2024-2656", "The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31546", "Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the \"id\" parameter of /admin/damage/view_damage.php.", "No PoCs found on GitHub currently.", "https://github.com/emirhanmtl/vuln-research/blob/main/SQLi-2-Computer-Laboratory-Management-System-PoC.md"], ["2024", "CVE-2024-33443", "An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component.", "No PoCs found on GitHub currently.", "https://gist.github.com/LioTree/a81111fb0c598a920cb49aaf0bd64e58
https://github.com/liu21st/onethink/issues/40"], ["2024", "CVE-2024-29140", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic allows Stored XSS.This issue affects MJM Clinic: from n/a through 1.1.22.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30929", "Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-22430", "Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25250", "SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page.", "https://github.com/ASR511-OO7/CVE-2024-25250.
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-0454", "ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity.Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21488", "Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.", "No PoCs found on GitHub currently.", "https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c
https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371"], ["2024", "CVE-2024-25310", "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at \"School/delete.php?id=5.\"", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-3.md"], ["2024", "CVE-2024-25081", "Splinefont in FontForge through 20230101 allows command injection via crafted filenames.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34064", "Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0685", "The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2780", "A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257614 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27215", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1709. Reason: This candidate is a duplicate of CVE-2024-1709. Notes: All CVE users should reference CVE-2024-1709 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2883", "Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0986", "A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/gunzf0x/Issabel-PBX-4.0.0-RCE-Authenticated
https://github.com/nomi-sec/PoC-in-GitHub", "https://drive.google.com/file/d/10BYLQ7Rk4oag96afLZouSvDDPvsO7SoJ/view?usp=drive_link"], ["2024", "CVE-2024-29096", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic.This issue affects MJM Clinic: from n/a through 1.1.22.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22570", "A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.", "No PoCs found on GitHub currently.", "https://github.com/Num-Nine/CVE/issues/11"], ["2024", "CVE-2024-33604", "A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35099", "TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.", "No PoCs found on GitHub currently.", "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/V9.3.5u.6698_B20230810/README.md"], ["2024", "CVE-2024-31581", "FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.", "No PoCs found on GitHub currently.", "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/cbs_h266_syntax_template.c#L2048"], ["2024", "CVE-2024-31610", "File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.", "No PoCs found on GitHub currently.", "https://github.com/ss122-0ss/School/blob/main/readme.md"], ["2024", "CVE-2024-29216", "Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download"], ["2024", "CVE-2024-29187", "WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\\Windows\\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r"], ["2024", "CVE-2024-1769", "The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32479", "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw"], ["2024", "CVE-2024-25201", "Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/espruino/Espruino/issues/2456"], ["2024", "CVE-2024-2500", "The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26128", "baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31750", "SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.", "https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-5220", "The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34217", "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/addWlProfileClientMode"], ["2024", "CVE-2024-1899", "An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2024-05"], ["2024", "CVE-2024-28189", "Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1.", "No PoCs found on GitHub currently.", "https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg
https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf"], ["2024", "CVE-2024-2961", "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "https://github.com/mattaperkins/FIX-CVE-2024-2961
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tarlepp/links-of-the-week", "No PoCs from references."], ["2024", "CVE-2024-22492", "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0864", "Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.By default, Laragon is not vulnerable until a user decides to use the\u00a0aforementioned plugin.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2821", "A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://vuldb.com/?id.257708"], ["2024", "CVE-2024-20746", "Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0924", "A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetPPTPServer.md"], ["2024", "CVE-2024-29034", "CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32958", "Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20845", "Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2722", "SQL injection vulnerability in the CIGESv2 system, through\u00a0/ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-28249", "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0736", "A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559.", "No PoCs found on GitHub currently.", "https://0day.today/exploit/39249"], ["2024", "CVE-2024-22851", "Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851"], ["2024", "CVE-2024-34246", "wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function \"main\" in wasm3/platforms/app/main.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/wasm3/wasm3/issues/484"], ["2024", "CVE-2024-20954", "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2633", "A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sitetest/english/dumpenv.jsp' is vulnerable to XSS attack by 'lang' query, i.e. '/sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert(1)%3E¶ms'.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2930", "A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258001 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/xuanluansec/vul/blob/main/vul/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code.md"], ["2024", "CVE-2024-20657", "Windows Group Policy Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22752", "Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory.", "https://github.com/hacker625/CVE-2024-22752
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/hacker625/CVE-2024-22752"], ["2024", "CVE-2024-29125", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates allows Reflected XSS.This issue affects Coupon Affiliates: from n/a through 5.12.7.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-5113", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/student_profile1.php. The manipulation of the argument std_index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265103.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33566", "Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.", "https://github.com/absholi7ly/absholi7ly", "No PoCs from references."], ["2024", "CVE-2024-22911", "A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.", "No PoCs found on GitHub currently.", "https://github.com/matthiaskramm/swftools/issues/216"], ["2024", "CVE-2024-20814", "Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2773", "A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257607.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-32004", "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.", "https://github.com/Wadewfsssss/CVE-2024-32004
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1085", "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability.We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24681", "An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20059", "In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1254", "A vulnerability, which was classified as critical, was found in Byzoro Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/rockersiyuan/CVE/blob/main/Smart%20S20.md"], ["2024", "CVE-2024-28447", "Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28556", "SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php.", "No PoCs found on GitHub currently.", "https://github.com/xuanluansec/vul/issues/1"], ["2024", "CVE-2024-0029", "In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33339", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/balckgu1/Poc
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3240", "The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26504", "An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter.", "No PoCs found on GitHub currently.", "https://tomiodarim.io/posts/cve-2024-26504/"], ["2024", "CVE-2024-3091", "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1205", "The Management App for WooCommerce \u2013 Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvello_upload_csv_file function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1194", "A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24401", "SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.", "https://github.com/MAWK0235/CVE-2024-24401
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27668", "Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/LY102483/cms/blob/main/1.md"], ["2024", "CVE-2024-0169", "Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30381", "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices.The \"netrounds-probe-login\" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center.This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26996", "In the Linux kernel, the following vulnerability has been resolved:usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport errorWhen ncm function is working and then stop usb0 interface for link down,eth_stop() is called. At this piont, accidentally if usb transport errorshould happen in usb_ep_enable(), 'in_ep' and/or 'out_ep' may not be enabled.After that, ncm_disable() is called to disable for ncm unbindbut gether_disconnect() is never called since 'in_ep' is not enabled.As the result, ncm object is released in ncm unbindbut 'dev->port_usb' associated to 'ncm->port' is not NULL.And when ncm bind again to recover netdev, ncm object is reallocatedbut usb0 interface is already associated to previous released ncm object.Therefore, once usb0 interface is up and eth_start_xmit() is called,released ncm object is dereferrenced and it might cause use-after-free memory.[function unlink via configfs] usb0: eth_stop dev->port_usb=ffffff9b179c3200 --> error happens in usb_ep_enable(). NCM: ncm_disable: ncm=ffffff9b179c3200 --> no gether_disconnect() since ncm->port.in_ep->enabled is false. NCM: ncm_unbind: ncm unbind ncm=ffffff9b179c3200 NCM: ncm_free: ncm free ncm=ffffff9b179c3200 <-- released ncm[function link via configfs] NCM: ncm_alloc: ncm alloc ncm=ffffff9ac4f8a000 NCM: ncm_bind: ncm bind ncm=ffffff9ac4f8a000 NCM: ncm_set_alt: ncm=ffffff9ac4f8a000 alt=0 usb0: eth_open dev->port_usb=ffffff9b179c3200 <-- previous released ncm usb0: eth_start dev->port_usb=ffffff9b179c3200 <-- eth_start_xmit() --> dev->wrap() Unable to handle kernel paging request at virtual address dead00000000014fThis patch addresses the issue by checking if 'ncm->netdev' is not NULL atncm_disable() to call gether_disconnect() to deassociate 'dev->port_usb'.It's more reasonable to check 'ncm->netdev' to call gether_connect/disconnectrather than check 'ncm->port.in_ep->enabled' since it might not be enabledbut the gether connection might be established.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26726", "In the Linux kernel, the following vulnerability has been resolved:btrfs: don't drop extent_map for free space inode on write errorWhile running the CI for an unrelated change I hit the following panicwith generic/648 on btrfs_holes_spacecache.assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385------------[ cut here ]------------kernel BUG at fs/btrfs/extent_io.c:1385!invalid opcode: 0000 [#1] PREEMPT SMP NOPTICPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1RIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0Call Trace: extent_write_cache_pages+0x2ac/0x8f0 extent_writepages+0x87/0x110 do_writepages+0xd5/0x1f0 filemap_fdatawrite_wbc+0x63/0x90 __filemap_fdatawrite_range+0x5c/0x80 btrfs_fdatawrite_range+0x1f/0x50 btrfs_write_out_cache+0x507/0x560 btrfs_write_dirty_block_groups+0x32a/0x420 commit_cowonly_roots+0x21b/0x290 btrfs_commit_transaction+0x813/0x1360 btrfs_sync_file+0x51a/0x640 __x64_sys_fdatasync+0x52/0x90 do_syscall_64+0x9c/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76This happens because we fail to write out the free space cache in oneinstance, come back around and attempt to write it again. However onthe second pass through we go to call btrfs_get_extent() on the inode toget the extent mapping. Because this is a new block group, and with thefree space inode we always search the commit root to avoid deadlockingwith the tree, we find nothing and return a EXTENT_MAP_HOLE for therequested range.This happens because the first time we try to write the space cache outwe hit an error, and on an error we drop the extent mapping. This isnormal for normal files, but the free space cache inode is special. Wealways expect the extent map to be correct. Thus the second timethrough we end up with a bogus extent map.Since we're deprecating this feature, the most straightforward way tofix this is to simply skip dropping the extent map range for this failedrange.I shortened the test by using error injection to stress the area to makeit easier to reproduce. With this patch in place we no longer panicwith my error injection test.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32337", "A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.", "https://github.com/adiapera/xss_security_wondercms_3.4.3", "https://github.com/adiapera/xss_security_wondercms_3.4.3"], ["2024", "CVE-2024-23292", "This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24860", "A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21006", "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "https://github.com/momika233/CVE-2024-21006
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21397", "Microsoft Azure File Sync Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4593", "A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/24.md"], ["2024", "CVE-2024-29789", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27998", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24763", "JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-4810", "In register_device, the return value of ida_simple_get is unchecked,in witch ida_simple_get will use an invalid index value.To address this issue, index should be checked after ida_simple_get. Whenthe index value is abnormal, a warning message should be printed, the portshould be dropped, and the value should be recorded.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1076", "The SSL Zen WordPress plugin before 4.6.0 only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/9c3e9c72-3d6c-4e2c-bb8a-f4efce1371d5/"], ["2024", "CVE-2024-28665", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/1.md"], ["2024", "CVE-2024-30263", "macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21117", "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-24831", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21057", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4653", "A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263498 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hefei-Coffee/cve/blob/main/sql.md"], ["2024", "CVE-2024-26637", "In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: rely on mac80211 debugfs handling for vifmac80211 started to delete debugfs entries in certain cases, causing aath11k to crash when it tried to delete the entries later. Fix this byrelying on mac80211 to delete the entries when appropriate and addingthem from the vif_add_debugfs handler.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29449", "** DISPUTED ** An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via man-in-the-middle attacks due to cleartext transmission of data across the ROS2 nodes' communication channels. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29449", "No PoCs from references."], ["2024", "CVE-2024-1231", "The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/7d3968d9-61ed-4c00-8764-0360cf03255e/"], ["2024", "CVE-2024-35842", "In the Linux kernel, the following vulnerability has been resolved:ASoC: mediatek: sof-common: Add NULL check for normal_link stringIt's not granted that all entries of struct sof_conn_stream declarea `normal_link` (a non-SOF, direct link) string, and this is the casefor SoCs that support only SOF paths (hence do not support both directand SOF usecases).For example, in the case of MT8188 there is no normal_link string inany of the sof_conn_stream entries and there will be more driversdoing that in the future.To avoid possible NULL pointer KPs, add a NULL check for `normal_link`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2058", "A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md"], ["2024", "CVE-2024-2118", "The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/e9d53cb9-a5cb-49f5-bcba-295ae6fa44c3/"], ["2024", "CVE-2024-25619", "Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue listening to streaming after the application had been destroyed. Essentially this comes down to the fact that when Doorkeeper sets up the relationship between Applications and Access Tokens, it uses a `dependent: delete_all` configuration, which means the `after_commit` callback setup on `AccessTokenExtension` didn't actually fire, since `delete_all` doesn't trigger ActiveRecord callbacks. To mitigate, we need to add a `before_destroy` callback to `ApplicationExtension` which announces to streaming that all the Application's Access Tokens are being \"killed\". Impact should be negligible given the affected application had to be owned by the user. None the less this issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workaround for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x"], ["2024", "CVE-2024-28562", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-26470", "A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470"], ["2024", "CVE-2024-3274", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1371", "The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24575", "libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22079", "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31208", "Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1260", "A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2009", "A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21090", "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4445", "The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit plugin settings, including storing cross-site scripting, in multisite environments.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2149", "A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255502 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/JiaDongGao1/CVE_Hunter/blob/main/SQLi-2.md"], ["2024", "CVE-2024-25648", "A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1959
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1959"], ["2024", "CVE-2024-24524", "Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/harryrabbit5651/cms/blob/main/1.md"], ["2024", "CVE-2024-21063", "Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (component: Benefits Administration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise HCM Benefits Administration executes to compromise PeopleSoft Enterprise HCM Benefits Administration. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Benefits Administration accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Benefits Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Benefits Administration. CVSS 3.1 Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-26592", "In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix UAF issue in ksmbd_tcp_new_connection()The race is between the handling of a new TCP connection andits disconnection. It leads to UAF on `struct tcp_transport` inksmbd_tcp_new_connection() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26603", "In the Linux kernel, the following vulnerability has been resolved:x86/fpu: Stop relying on userspace for info to fault in xsave bufferBefore this change, the expected size of the user space buffer wastaken from fx_sw->xstate_size. fx_sw->xstate_size can be changedfrom user-space, so it is possible construct a sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible.In this case, xrstor tries to restore and accesses the unmapped areawhich results in a fault. But fault_in_readable succeeds because buf +fx_sw->xstate_size is within the still mapped area, so it goes back andtries xrstor again. It will spin in this loop forever.Instead, fault in the maximum size which can be touched by XRSTOR (takenfrom fpstate->user_size).[ dhansen: tweak subject / changelog ]", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24497", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1009. Reason: This candidate is a duplicate of CVE-2024-1009. Notes: All CVE users should reference CVE-2024-1009 instead of this candidate.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-SQL_Injection_Admin_Login.md"], ["2024", "CVE-2024-24706", "Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1102", "A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3147", "A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/15.md"], ["2024", "CVE-2024-4824", "Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24945", "A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php.", "No PoCs found on GitHub currently.", "https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md
https://portswigger.net/web-security/cross-site-scripting"], ["2024", "CVE-2024-30257", "1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts.", "No PoCs found on GitHub currently.", "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-6m9h-2pr2-9j8f"], ["2024", "CVE-2024-4727", "A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/court-type. The manipulation of the argument court_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263805 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_court-type.md"], ["2024", "CVE-2024-23137", "A maliciously crafted STP or SLDPRT file in ODXSW_DLL.dll when parsed through Autodesk AutoCAD can be used to uninitialized variable. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21032", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4636", "The Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018allow_meme_types\u2019 function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24757", "open-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4875", "The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3116", "pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.", "https://github.com/FoxyProxys/CVE-2024-3116
https://github.com/TechieNeurons/CVE-2024-3116_RCE_in_pgadmin_8.4
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-26483", "An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26712", "In the Linux kernel, the following vulnerability has been resolved:powerpc/kasan: Fix addr error caused by page alignmentIn kasan_init_region, when k_start is not page aligned, at the begin offor loop, k_cur = k_start & PAGE_MASK is less than k_start, and then`va = block + k_cur - k_start` is less than block, the addr va is invalid,because the memory address space from va to block is not alloced bymemblock_alloc, which will not be reserved by memblock_reserve later, itwill be used by other places.As a result, memory overwriting occurs.for example:int __init __weak kasan_init_region(void *start, size_t size){[...]\t/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */\tblock = memblock_alloc(k_end - k_start, PAGE_SIZE);\t[...]\tfor (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {\t\t/* at the begin of for loop\t\t * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)\t\t * va(dcd96c00) is less than block(dcd97000), va is invalid\t\t */\t\tvoid *va = block + k_cur - k_start;\t\t[...]\t}[...]}Therefore, page alignment is performed on k_start beforememblock_alloc() to ensure the validity of the VA address.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1013", "An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-32303", "Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromWizardHandle.md"], ["2024", "CVE-2024-26811", "In the Linux kernel, the following vulnerability has been resolved:ksmbd: validate payload size in ipc responseIf installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipcresponse to ksmbd kernel server. ksmbd should validate payload size ofipc response from ksmbd.mountd to avoid memory overrun orslab-out-of-bounds. This patch validate 3 ipc response that has payload.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28863", "node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.", "https://github.com/NaInSec/CVE-LIST
https://github.com/efrei-ADDA84/20200689", "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36"], ["2024", "CVE-2024-3076", "The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/617ec2e9-9058-4a93-8ad4-7ecb85107141/"], ["2024", "CVE-2024-4587", "A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263309 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/18.md"], ["2024", "CVE-2024-21012", "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21383", "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23286", "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.", "https://github.com/dlehgus1023/dlehgus1023
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30226", "Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23057", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md"], ["2024", "CVE-2024-1033", "A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3136", "The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.", "https://github.com/drdry2/CVE-2024-3136-Wordpress-RCE
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-4855", "Use after free issue in editcap could cause denial of service via crafted capture file", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.com/wireshark/wireshark/-/issues/19782
https://gitlab.com/wireshark/wireshark/-/issues/19783
https://gitlab.com/wireshark/wireshark/-/issues/19784"], ["2024", "CVE-2024-1122", "The Event Manager, Events Calendar, Events Tickets for WooCommerce \u2013 Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26623", "In the Linux kernel, the following vulnerability has been resolved:pds_core: Prevent race issues involving the adminqThere are multiple paths that can result in using the pdsc'sadminq.[1] pdsc_adminq_isr and the resulting work from queue_work(), i.e. pdsc_work_thread()->pdsc_process_adminq()[2] pdsc_adminq_post()When the device goes through reset via PCIe reset and/ora fw_down/fw_up cycle due to bad PCIe state or bad devicestate the adminq is destroyed and recreated.A NULL pointer dereference can happen if [1] or [2] happensafter the adminq is already destroyed.In order to fix this, add some further state checks andimplement reference counting for adminq uses. Referencecounting was used because multiple threads can attempt toaccess the adminq at the same time via [1] or [2]. Additionally,multiple clients (i.e. pds-vfio-pci) can be using [2]at the same time.The adminq_refcnt is initialized to 1 when the adminq has beenallocated and is ready to use. Users/clients of the adminq(i.e. [1] and [2]) will increment the refcnt when they are usingthe adminq. When the driver goes into a fw_down cycle it willset the PDSC_S_FW_DEAD bit and then wait for the adminq_refcntto hit 1. Setting the PDSC_S_FW_DEAD before waiting will preventany further adminq_refcnt increments. Waiting for theadminq_refcnt to hit 1 allows for any current users of the adminqto finish before the driver frees the adminq. Once theadminq_refcnt hits 1 the driver clears the refcnt to signify thatthe adminq is deleted and cannot be used. On the fw_up cycle thedriver will once again initialize the adminq_refcnt to 1 allowingthe adminq to be used again.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3027", "The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4647", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26920", "In the Linux kernel, the following vulnerability has been resolved:tracing/trigger: Fix to return error if failed to alloc snapshotFix register_snapshot_trigger() to return error code if it failed toallocate a snapshot instead of 0 (success). Unless that, it will registersnapshot trigger without an error.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21043", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21103", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-28671", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/7.md"], ["2024", "CVE-2024-1062", "A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4804", "A vulnerability was found in Kashipara College Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263924.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3167", "The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018twitter_username\u2019 parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4525", "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23224", "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data.", "https://github.com/eeenvik1/scripts_for_YouTrack", "No PoCs from references."], ["2024", "CVE-2024-25728", "ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.", "No PoCs found on GitHub currently.", "https://www.bleepingcomputer.com/news/security/expressvpn-bug-has-been-leaking-some-dns-requests-for-years/"], ["2024", "CVE-2024-22148", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24695", "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1300", "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3205", "A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?submit.304561"], ["2024", "CVE-2024-22008", "In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2169", "Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.", "https://github.com/NaInSec/CVE-LIST
https://github.com/douglasbuzatto/G3-Loop-DoS
https://github.com/nomi-sec/PoC-in-GitHub", "https://kb.cert.org/vuls/id/417980
https://www.kb.cert.org/vuls/id/417980"], ["2024", "CVE-2024-28682", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/13.md"], ["2024", "CVE-2024-30395", "An\u00a0Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.This issue affects:Junos OS: * all versions before 21.2R3-S7,\u00a0 * from 21.3 before 21.3R3-S5,\u00a0 * from 21.4 before 21.4R3-S5,\u00a0 * from 22.1 before 22.1R3-S5,\u00a0 * from 22.2 before 22.2R3-S3,\u00a0 * from 22.3 before 22.3R3-S2,\u00a0 * from 22.4 before 22.4R3,\u00a0 * from 23.2 before 23.2R1-S2, 23.2R2.Junos OS Evolved: * all versions before 21.2R3-S7-EVO,\u00a0 * from 21.3-EVO before 21.3R3-S5-EVO,\u00a0 * from 21.4-EVO before 21.4R3-S5-EVO,\u00a0 * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0 * from 22.3-EVO before 22.3R3-S2-EVO,\u00a0 * from 22.4-EVO before 22.4R3-EVO,\u00a0 * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.This is a related but separate issue than the one described in\u00a0JSA75739", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28402", "TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-32290", "Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromAddressNat_page.md"], ["2024", "CVE-2024-24784", "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28890", "Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.", "https://github.com/Ostorlab/KEV
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22119", "The cause of vulnerability is improper validation of form input field \u201cName\u201d on Graph page in Items section.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26450", "An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim's instance to connect back to a malicious listener.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23335", "MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability", "https://github.com/CP04042K/CVE", "No PoCs from references."], ["2024", "CVE-2024-30243", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23032", "Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.", "No PoCs found on GitHub currently.", "https://github.com/weng-xianhu/eyoucms/issues/57"], ["2024", "CVE-2024-29469", "A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1116", "A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252474 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24712", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS.This issue affects Heateor Social Login WordPress: from n/a through 1.1.30.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26586", "In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix stack corruptionWhen tc filters are first added to a net device, the corresponding localport gets bound to an ACL group in the device. The group contains a listof ACLs. In turn, each ACL points to a different TCAM region where thefilters are stored. During forwarding, the ACLs are sequentiallyevaluated until a match is found.One reason to place filters in different regions is when they are addedwith decreasing priorities and in an alternating order so that twoconsecutive filters can never fit in the same region because of theirkey usage.In Spectrum-2 and newer ASICs the firmware started to report that themaximum number of ACLs in a group is more than 16, but the layout of theregister that configures ACL groups (PAGT) was not updated to accountfor that. It is therefore possible to hit stack corruption [1] in therare case where more than 16 ACLs in a group are required.Fix by limiting the maximum ACL group size to the minimum between whatthe firmware reports and the maximum ACLs that fit in the PAGT register.Add a test case to make sure the machine does not crash when thiscondition is hit.[1]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120[...] dump_stack_lvl+0x36/0x50 panic+0x305/0x330 __stack_chk_fail+0x15/0x20 mlxsw_sp_acl_tcam_group_update+0x116/0x120 mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110 mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3382", "A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/stayfesch/Get-PANOS-Advisories", "No PoCs from references."], ["2024", "CVE-2024-3013", "A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21077", "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-32206", "A stored cross-site scripting (XSS) vulnerability in the component \\affiche\\admin\\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.", "No PoCs found on GitHub currently.", "https://github.com/majic-banana/vulnerability/blob/main/POC/WUZHICMS4.1.0%20Stored%20Xss%20In%20Affiche%20Model.md"], ["2024", "CVE-2024-24900", "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32317", "Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/formWanParameterSetting.md"], ["2024", "CVE-2024-24592", "Lack of authentication in all versions of the fileserver component of Allegro AI\u2019s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3293", "The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-1147", "Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24743", "SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26646", "In the Linux kernel, the following vulnerability has been resolved:thermal: intel: hfi: Add syscore callbacks for system-wide PMThe kernel allocates a memory buffer and provides its location to thehardware, which uses it to update the HFI table. This allocation occursduring boot and remains constant throughout runtime.When resuming from hibernation, the restore kernel allocates a secondmemory buffer and reprograms the HFI hardware with the new location aspart of a normal boot. The location of the second memory buffer maydiffer from the one allocated by the image kernel.When the restore kernel transfers control to the image kernel, its HFIbuffer becomes invalid, potentially leading to memory corruption if thehardware writes to it (the hardware continues to use the buffer from therestore kernel).It is also possible that the hardware \"forgets\" the address of the memorybuffer when resuming from \"deep\" suspend. Memory corruption may also occurin such a scenario.To prevent the described memory corruption, disable HFI when preparing tosuspend or hibernate. Enable it when resuming.Add syscore callbacks to handle the package of the boot CPU (packages ofnon-boot CPUs are handled via CPU offline). Syscore ops always run on theboot CPU. Additionally, HFI only needs to be disabled during \"deep\" suspendand hibernation. Syscore ops only run in these cases.[ rjw: Comment adjustment, subject and changelog edits ]", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4622", "If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21026", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-24840", "Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23123", "A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28754", "RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24561", "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.", "No PoCs found on GitHub currently.", "https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c"], ["2024", "CVE-2024-26464", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27499", "Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28576", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-23301", "Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/rear/rear/pull/3123"], ["2024", "CVE-2024-28436", "Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the session_login.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/securitycipher/daily-bugbounty-writeups", "No PoCs from references."], ["2024", "CVE-2024-35856", "In the Linux kernel, the following vulnerability has been resolved:Bluetooth: btusb: mediatek: Fix double free of skb in coredumphci_devcd_append() would free the skb on error so the caller don'thave to free it again otherwise it would cause the double free of skb.Reported-by : Dan Carpenter ", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29859", "In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20028", "In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541687.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33259", "Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/jerryscript-project/jerryscript/issues/5132"], ["2024", "CVE-2024-1225", "A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3231", "The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/81dbb5c0-ccdd-4af1-b2f2-71cb1b37fe93/"], ["2024", "CVE-2024-32024", "Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss"], ["2024", "CVE-2024-29948", "There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-0289", "A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29808", "The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27619", "Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot.", "https://github.com/ioprojecton/dir-3040_dos
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ioprojecton/dir-3040_dos
https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-21084", "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-23210", "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs.", "https://github.com/eeenvik1/scripts_for_YouTrack", "No PoCs from references."], ["2024", "CVE-2024-24470", "Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.", "No PoCs found on GitHub currently.", "https://github.com/tang-0717/cms/blob/main/1.md"], ["2024", "CVE-2024-1274", "The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/91dba45b-9930-4bfb-a7bf-903c46864e9f/"], ["2024", "CVE-2024-3371", "MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32869", "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.2.7, when using serveStatic with deno, it is possible to traverse the directory where `main.ts` is located. This can result in retrieval of unexpected files. Version 4.2.7 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/honojs/hono/security/advisories/GHSA-3mpf-rcc7-5347"], ["2024", "CVE-2024-29105", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0815", "Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350"], ["2024", "CVE-2024-20677", "A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.This change is effective as of the January 9, 2024 security update.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2613", "Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20974", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27017", "In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_pipapo: walk over current view on netlink dumpThe generation mask can be updated while netlink dump is in progress.The pipapo set backend walk iterator cannot rely on it to infer whatview of the datastructure is to be used. Add notation to specify if userwants to read/update the set.Based on patch from Florian Westphal.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22871", "An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fe1w0/fe1w0
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hinat0y/Dataset1
https://github.com/hinat0y/Dataset10
https://github.com/hinat0y/Dataset11
https://github.com/hinat0y/Dataset12
https://github.com/hinat0y/Dataset2
https://github.com/hinat0y/Dataset3
https://github.com/hinat0y/Dataset4
https://github.com/hinat0y/Dataset5
https://github.com/hinat0y/Dataset6
https://github.com/hinat0y/Dataset7
https://github.com/hinat0y/Dataset8
https://github.com/hinat0y/Dataset9", "https://hackmd.io/@fe1w0/rymmJGida"], ["2024", "CVE-2024-20834", "The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22632", "Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://tomiodarim.io/posts/cve-2024-22632-3/"], ["2024", "CVE-2024-31443", "Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3"], ["2024", "CVE-2024-2850", "A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md"], ["2024", "CVE-2024-0844", "The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with \"Form.php\" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.", "https://github.com/0x9567b/CVE-2024-0844
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-29154", "danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2941", "A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpanel/admin/query/loginExe.php. The manipulation of the argument pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258032.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0747", "When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2493", "Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2702", "Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27297", "Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as \"valid\" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mrdev023/nixos", "https://hackmd.io/03UGerewRcy3db44JQoWvw"], ["2024", "CVE-2024-20865", "Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25392", "An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-25003", "KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html
http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html
http://seclists.org/fulldisclosure/2024/Feb/14
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004"], ["2024", "CVE-2024-0607", "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0904", "The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/baf4afc9-c20e-47d6-a798-75e15652d1e3/"], ["2024", "CVE-2024-29385", "DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.", "https://github.com/NaInSec/CVE-LIST
https://github.com/yj94/Yj_learning", "https://github.com/songah119/Report/blob/main/CI-1.md
https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-22663", "TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg", "No PoCs found on GitHub currently.", "https://github.com/Covteam/iot_vuln/tree/main/setOpModeCfg2"], ["2024", "CVE-2024-33517", "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31783", "Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2801", "The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_slide' shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2520", "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookdate.php. The manipulation of the argument room_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20bookdate.php.md"], ["2024", "CVE-2024-0425", "A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.", "No PoCs found on GitHub currently.", "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md"], ["2024", "CVE-2024-25221", "A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20Cross-Site-Scripting%20-3.md"], ["2024", "CVE-2024-32459", "FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-21628", "PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1749", "A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254531. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/machisri/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-29236", "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-31873", "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2460", "The GamiPress \u2013 Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0565", "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2571", "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage-admin.php. The manipulation leads to execution after redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257074 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20manage-admin.php.md"], ["2024", "CVE-2024-0474", "A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22410", "Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don\u2019t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33764", "lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg"], ["2024", "CVE-2024-26019", "Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26159", "Microsoft ODBC Driver Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1658", "The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/9489925e-5a47-4608-90a2-0139c5e1c43c/"], ["2024", "CVE-2024-22550", "An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.", "https://github.com/capture0x/My-CVE", "https://packetstormsecurity.com/files/176312/ShopSite-14.0-Cross-Site-Scripting.html"], ["2024", "CVE-2024-27235", "In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0534", "A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md"], ["2024", "CVE-2024-27132", "Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.The vulnerability stems from lack of sanitization over template variables.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/"], ["2024", "CVE-2024-20851", "Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0930", "A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md
https://vuldb.com/?id.252135"], ["2024", "CVE-2024-20752", "Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2676", "A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257376.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34203", "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/setLanguageCfg"], ["2024", "CVE-2024-0773", "A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing"], ["2024", "CVE-2024-2767", "A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257603.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29071", "HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2864", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29131", "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.Users are recommended to upgrade to version 2.10.1, which fixes the issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5047", "A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264744.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/I-Schnee-I/cev/blob/main/SourceCodester%20Student%20Management%20System%201.0%20controller.php%20Unrestricted%20Upload.md"], ["2024", "CVE-2024-2627", "Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://issues.chromium.org/issues/41493290"], ["2024", "CVE-2024-34252", "wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function \"PreserveRegisterIfOccupied\" in wasm3/source/m3_compile.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/wasm3/wasm3/issues/483"], ["2024", "CVE-2024-25126", "Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack\u2019s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx"], ["2024", "CVE-2024-3769", "A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260616.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20Authentication%20Bypass.md"], ["2024", "CVE-2024-23608", "An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4298", "The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27201", "An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27190", "Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2405", "The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/c42ffa15-6ebe-4c70-9e51-b95bd05ea04d/"], ["2024", "CVE-2024-0500", "A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.250608"], ["2024", "CVE-2024-0691", "The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34070", "Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.", "No PoCs found on GitHub currently.", "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53"], ["2024", "CVE-2024-25304", "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at \"School/index.php.\"", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md"], ["2024", "CVE-2024-2545", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1730. Reason: This candidate is a duplicate of CVE-2024-1730. Notes: All CVE users should reference CVE-2024-1730 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0440", "Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f"], ["2024", "CVE-2024-3629", "The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/c1f6ed2c-0f84-4b13-b39e-5cb91443c2b1/"], ["2024", "CVE-2024-31744", "In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.", "No PoCs found on GitHub currently.", "https://github.com/jasper-software/jasper/issues/381"], ["2024", "CVE-2024-31847", "An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization.", "No PoCs found on GitHub currently.", "https://www.gruppotim.it/it/footer/red-team.html"], ["2024", "CVE-2024-0551", "Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack.It is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system.The endpoint for exporting should simply be patched to a higher privilege level.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78"], ["2024", "CVE-2024-23659", "SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30568", "Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Netgear-R6850%20V1.1.0.88%20Command%20Injection(ping_test).md"], ["2024", "CVE-2024-27081", "ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2p"], ["2024", "CVE-2024-2685", "A vulnerability, which was classified as problematic, was found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/applicants/index.php. The manipulation of the argument view leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257385 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0411", "A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0780", "The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/"], ["2024", "CVE-2024-25215", "Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%202.md"], ["2024", "CVE-2024-22475", "Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29202", "JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.", "https://github.com/enomothem/PenTestNote
https://github.com/tanjiti/sec_profile
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC", "No PoCs from references."], ["2024", "CVE-2024-29193", "gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API (`[0]`) in the client side. Then, it uses `Object.entries` to iterate over the result (`[1]`) whose first item (`name`) gets appended using `innerHTML` (`[2]`). In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc\u2019s origin. As of time of publication, no patch is available.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2023-205_GHSL-2023-207_go2rtc/"], ["2024", "CVE-2024-27300", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.", "No PoCs found on GitHub currently.", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx"], ["2024", "CVE-2024-4399", "The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302/"], ["2024", "CVE-2024-23709", "In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.", "No PoCs found on GitHub currently.", "https://android.googlesource.com/platform/external/sonivox/+/3f798575d2d39cd190797427d13471d6e7ceae4c"], ["2024", "CVE-2024-2996", "A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258198 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29183", "OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2023-253_openrasp"], ["2024", "CVE-2024-23649", "Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports.Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported:Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance.Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied.", "No PoCs found on GitHub currently.", "https://github.com/LemmyNet/lemmy/security/advisories/GHSA-r64r-5h43-26qv"], ["2024", "CVE-2024-2444", "The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/214e5fd7-8684-418a-b67d-60b1dcf11a48/"], ["2024", "CVE-2024-31857", "Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4059", "Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0450", "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2555", "A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257054 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-update-adminphp"], ["2024", "CVE-2024-27351", "In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.", "https://github.com/NaInSec/CVE-LIST
https://github.com/ch4n3-yoon/ch4n3-yoon
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mdisec/mdisec-twitch-yayinlari", "No PoCs from references."], ["2024", "CVE-2024-29243", "Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31705", "An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input.", "https://github.com/V3locidad/V3locidad", "https://github.com/V3locidad/GLPI_POC_Plugins_Shell
https://seclists.org/fulldisclosure/2024/Apr/23"], ["2024", "CVE-2024-2887", "Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29092", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29303", "The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html"], ["2024", "CVE-2024-33600", "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.", "https://github.com/GrigGM/05-virt-04-docker-hw", "No PoCs from references."], ["2024", "CVE-2024-25314", "Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-2.md"], ["2024", "CVE-2024-0510", "A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176547/HaoKeKeJi-YiQiNiu-Server-Side-Request-Forgery.html"], ["2024", "CVE-2024-27211", "In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30469", "Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4119", "A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindDel.md
https://vuldb.com/?id.261862"], ["2024", "CVE-2024-2934", "A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258013 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/To%20Do%20List%20App/To%20Do%20List%20App%20-%20SQL%20Injection.md"], ["2024", "CVE-2024-20653", "Microsoft Common Log File System Elevation of Privilege Vulnerability", "https://github.com/5angjun/5angjun
https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0831", "Vault and Vault Enterprise (\u201cVault\u201d) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29121", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firassaidi WooCommerce License Manager allows Reflected XSS.This issue affects WooCommerce License Manager: from n/a through 5.3.1.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0732", "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555.", "No PoCs found on GitHub currently.", "https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt"], ["2024", "CVE-2024-3889", "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes like 'accordion_title_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0672", "The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/eceb6585-5969-4aa6-9908-b6bfb578190a/"], ["2024", "CVE-2024-22915", "A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.", "No PoCs found on GitHub currently.", "https://github.com/matthiaskramm/swftools/issues/215"], ["2024", "CVE-2024-34093", "An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2777", "A vulnerability has been found in Campcodes Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257611.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-5117", "A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file portal.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265197 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20SQL%20Injection%20-%201.md"], ["2024", "CVE-2024-20713", "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29061", "Secure Boot Security Feature Bypass Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30808", "An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_SubStream::~AP4_SubStream at Ap4ByteStream.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.", "No PoCs found on GitHub currently.", "https://github.com/axiomatic-systems/Bento4/issues/937"], ["2024", "CVE-2024-31576", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22496", "Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.", "No PoCs found on GitHub currently.", "https://github.com/cui2shark/security/blob/main/(JFinalcms%20admin-login-username)%20.md"], ["2024", "CVE-2024-0763", "Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5"], ["2024", "CVE-2024-25167", "Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post.", "No PoCs found on GitHub currently.", "https://github.com/biantaibao/eblog_xss/blob/main/report.md"], ["2024", "CVE-2024-0623", "The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25027", "IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20841", "Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2726", "Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30859", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2825", "A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257715.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29030", "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/"], ["2024", "CVE-2024-0920", "A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1648", "electron-pdf version 20.0.0 allows an external attacker to remotely obtainarbitrary local files. This is possible because the application does notvalidate the HTML content entered by the user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26149", "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions.", "No PoCs found on GitHub currently.", "https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w"], ["2024", "CVE-2024-25320", "Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/cqliuke/cve/blob/main/sql.md"], ["2024", "CVE-2024-27225", "In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25260", "elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.", "https://github.com/fokypoky/places-list", "https://sourceware.org/bugzilla/show_bug.cgi?id=31058"], ["2024", "CVE-2024-0464", "A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.250569"], ["2024", "CVE-2024-2561", "A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060.", "https://github.com/NaInSec/CVE-LIST
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-20997", "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-1708", "ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.", "https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE
https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709
https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc", "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass"], ["2024", "CVE-2024-20694", "Windows CoreMessaging Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33774", "A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter \"webpage.\"", "No PoCs found on GitHub currently.", "https://github.com/YuboZhaoo/IoT/blob/main/D-Link/DIR-619L/20240424.md"], ["2024", "CVE-2024-1588", "The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/2772c921-d977-4150-b207-ae5ba5e2a6db/"], ["2024", "CVE-2024-26118", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31760", "An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component.", "No PoCs found on GitHub currently.", "https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158
https://github.com/menghaining/PoC/blob/main/gin-vue-admin/gin-vue-admin--PoC.md"], ["2024", "CVE-2024-29366", "A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/20Yiju/DLink/blob/master/DIR-845L/CI.md
https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-34394", "libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.", "No PoCs found on GitHub currently.", "https://github.com/marudor/libxmljs2/issues/205
https://research.jfrog.com/vulnerabilities/libxmljs2-namespaces-type-confusion-rce-jfsa-2024-001034098/"], ["2024", "CVE-2024-22983", "SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/keru6k/CVE-2024-22983
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/keru6k/CVE-2024-22983/blob/main/CVE-2024-22983.md"], ["2024", "CVE-2024-0575", "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.250791"], ["2024", "CVE-2024-34145", "A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2530", "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/update-rooms.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-rooms.php.md"], ["2024", "CVE-2024-0617", "The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0586", "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27287", "ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves unsanitized data with `Content-Type: text/html; charset=UTF-8`, allowing a remote authenticated user to inject arbitrary web script and exfiltrate session cookies via Cross-Site scripting. It is possible for a malicious authenticated user to inject arbitrary Javascript in configuration files using a POST request to the /edit endpoint, the configuration parameter allows to specify the file to write. To trigger the XSS vulnerability, the victim must visit the page` /edit?configuration=[xss file]`. Abusing this vulnerability a malicious actor could perform operations on the dashboard on the behalf of a logged user, access sensitive information, create, edit and delete configuration files and flash firmware on managed boards.In addition to this, cookies are not correctly secured, allowing the exfiltration of session cookie values. Version 2024.2.2 contains a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/esphome/esphome/security/advisories/GHSA-9p43-hj5j-96h5"], ["2024", "CVE-2024-2712", "A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2811", "A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md"], ["2024", "CVE-2024-33696", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet XPRESS WordPress Ad Widget allows Stored XSS.This issue affects WordPress Ad Widget: from n/a through 2.20.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0914", "A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21888", "A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.", "https://github.com/H4lo/awesome-IoT-security-article
https://github.com/farukokutan/Threat-Intelligence-Research-Reports
https://github.com/inguardians/ivanti-VPN-issues-2024-research
https://github.com/jamesfed/0DayMitigations
https://github.com/seajaysec/Ivanti-Connect-Around-Scan", "No PoCs from references."], ["2024", "CVE-2024-2951", "Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0854", "URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22830", "Anti-Cheat Expert's Windows kernel module \"ACE-BASE.sys\" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level.", "No PoCs found on GitHub currently.", "https://www.defencetech.it/wp-content/uploads/2024/04/Report-CVE-2024-22830.pdf"], ["2024", "CVE-2024-25153", "A directory traversal within the \u2018ftpservlet\u2019 of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended \u2018uploadtemp\u2019 directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal\u2019s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.", "https://github.com/GhostTroops/TOP
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nettitude/CVE-2024-25153
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rainbowhatrkn/CVE-2024-25153
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-20935", "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28228", "In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0646", "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://access.redhat.com/errata/RHSA-2024:0850"], ["2024", "CVE-2024-20824", "Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5123", "A vulnerability classified as problematic has been found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file /registrar/. The manipulation of the argument searchbar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265203.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20Cross-Site-Scripting%20-%201.md"], ["2024", "CVE-2024-31453", "PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for the issue.CVE-2024-31453 allows users to violate the integrity of a file bucket and upload new files there, while the vulnerability with the number CVE-2024-31454 allows users to violate the integrity of a single file that is uploaded by another user by writing data there and not allows you to upload new files to the bucket. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application\u2019s business logic.", "No PoCs found on GitHub currently.", "https://github.com/psi-4ward/psitransfer/security/advisories/GHSA-xg8v-m2mh-45m6"], ["2024", "CVE-2024-29055", "Microsoft Defender for IoT Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2900", "A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257943. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/saveParentControlInfo_deviceId.md"], ["2024", "CVE-2024-5063", "A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264922 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20Authentication%20Bypass.md"], ["2024", "CVE-2024-20667", "Azure DevOps Server Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33787", "Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29115", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-32879", "Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28279", "Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/unrealjbr/CVE-2024-28279", "No PoCs from references."], ["2024", "CVE-2024-0706", "** REJECT ** ***REJECT*** This was a false positive report.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25102", "This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system.Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25293", "mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/EQSTLab/PoC/tree/main/2024/LCE/CVE-2024-25293"], ["2024", "CVE-2024-27007", "In the Linux kernel, the following vulnerability has been resolved:userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVECommit d7a08838ab74 (\"mm: userfaultfd: fix unexpected change to src_foliowhen UFFDIO_MOVE fails\") moved the src_folio->{mapping, index} changing toafter clearing the page-table and ensuring that it's not pinned. Thisavoids failure of swapout+migration and possibly memory corruption.However, the commit missed fixing it in the huge-page case.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20964", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2603", "The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/b4186c03-99ee-4297-85c0-83b7053afc1c/"], ["2024", "CVE-2024-2592", "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4501", "A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. This issue affects some unknown processing of the file /view/bugSolve/captureData/commit.php. The manipulation of the argument tcpDump leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263105 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-21305", "Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tandasat/CVE-2024-21305", "No PoCs from references."], ["2024", "CVE-2024-21094", "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-0299", "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34478", "btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.", "No PoCs found on GitHub currently.", "https://delvingbitcoin.org/t/disclosure-btcd-consensus-bugs-due-to-usage-of-signed-transaction-version/455"], ["2024", "CVE-2024-33218", "An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.", "https://github.com/gmh5225/awesome-game-security", "No PoCs from references."], ["2024", "CVE-2024-1264", "A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24520", "An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/xF-9979/CVE-2024-24520", "No PoCs from references."], ["2024", "CVE-2024-34538", "Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28537", "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromNatStaticSetting.md"], ["2024", "CVE-2024-27658", "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35846", "In the Linux kernel, the following vulnerability has been resolved:mm: zswap: fix shrinker NULL crash with cgroup_disable=memoryChristian reports a NULL deref in zswap that he bisected down to the zswapshrinker. The issue also cropped up in the bug trackers of libguestfs [1]and the Red Hat bugzilla [2].The problem is that when memcg is disabled with the boot time flag, thezswap shrinker might get called with sc->memcg == NULL. This is okay inmany places, like the lruvec operations. But it crashes inmemcg_page_state() - which is only used due to the non-node accounting ofcgroup's the zswap memory to begin with.Nhat spotted that the memcg can be NULL in the memcg-disabled case, and Iwas then able to reproduce the crash locally as well.[1] https://github.com/libguestfs/libguestfs/issues/139[2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20038", "In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33309", "** DISPUTED ** An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24571", "facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation.", "No PoCs found on GitHub currently.", "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj"], ["2024", "CVE-2024-23080", "** DISPUTED ** Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.", "https://github.com/vin01/bogus-cves", "No PoCs from references."], ["2024", "CVE-2024-28566", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-27718", "SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.", "No PoCs found on GitHub currently.", "https://github.com/tldjgggg/cve/blob/main/sql.md"], ["2024", "CVE-2024-4931", "A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-system/admin/index.php?page=view_udet. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264467.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26656", "In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: fix use-after-free bugThe bug can be triggered by sending a single amdgpu_gem_userptr_ioctlto the AMDGPU DRM driver on any ASICs with an invalid address and size.The bug was reported by Joonkyo Jung .For example the following code:static void Syzkaller1(int fd){\tstruct drm_amdgpu_gem_userptr arg;\tint ret;\targ.addr = 0xffffffffffff0000;\targ.size = 0x80000000; /*2 Gb*/\targ.flags = 0x7;\tret = drmIoctl(fd, 0xc1186451/*amdgpu_gem_userptr_ioctl*/, &arg);}Due to the address and size are not valid there is a failure inamdgpu_hmm_register->mmu_interval_notifier_insert->__mmu_interval_notifier_insert->check_shl_overflow, but we even the amdgpu_hmm_register failure we still callamdgpu_hmm_unregister into amdgpu_gem_object_free which causes access to a bad address.The following stack is below when the issue is reproduced when Kazan is enabled:[ +0.000014] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020[ +0.000009] RIP: 0010:mmu_interval_notifier_remove+0x327/0x340[ +0.000017] Code: ff ff 49 89 44 24 08 48 b8 00 01 00 00 00 00 ad de 4c 89 f7 49 89 47 40 48 83 c0 22 49 89 47 48 e8 ce d1 2d 01 e9 32 ff ff ff <0f> 0b e9 16 ff ff ff 4c 89 ef e8 fa 14 b3 ff e9 36 ff ff ff e8 80[ +0.000014] RSP: 0018:ffffc90002657988 EFLAGS: 00010246[ +0.000013] RAX: 0000000000000000 RBX: 1ffff920004caf35 RCX: ffffffff8160565b[ +0.000011] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8881a9f78260[ +0.000010] RBP: ffffc90002657a70 R08: 0000000000000001 R09: fffff520004caf25[ +0.000010] R10: 0000000000000003 R11: ffffffff8161d1d6 R12: ffff88810e988c00[ +0.000010] R13: ffff888126fb5a00 R14: ffff88810e988c0c R15: ffff8881a9f78260[ +0.000011] FS: 00007ff9ec848540(0000) GS:ffff8883cc880000(0000) knlGS:0000000000000000[ +0.000012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ +0.000010] CR2: 000055b3f7e14328 CR3: 00000001b5770000 CR4: 0000000000350ef0[ +0.000010] Call Trace:[ +0.000006] [ +0.000007] ? show_regs+0x6a/0x80[ +0.000018] ? __warn+0xa5/0x1b0[ +0.000019] ? mmu_interval_notifier_remove+0x327/0x340[ +0.000018] ? report_bug+0x24a/0x290[ +0.000022] ? handle_bug+0x46/0x90[ +0.000015] ? exc_invalid_op+0x19/0x50[ +0.000016] ? asm_exc_invalid_op+0x1b/0x20[ +0.000017] ? kasan_save_stack+0x26/0x50[ +0.000017] ? mmu_interval_notifier_remove+0x23b/0x340[ +0.000019] ? mmu_interval_notifier_remove+0x327/0x340[ +0.000019] ? mmu_interval_notifier_remove+0x23b/0x340[ +0.000020] ? __pfx_mmu_interval_notifier_remove+0x10/0x10[ +0.000017] ? kasan_save_alloc_info+0x1e/0x30[ +0.000018] ? srso_return_thunk+0x5/0x5f[ +0.000014] ? __kasan_kmalloc+0xb1/0xc0[ +0.000018] ? srso_return_thunk+0x5/0x5f[ +0.000013] ? __kasan_check_read+0x11/0x20[ +0.000020] amdgpu_hmm_unregister+0x34/0x50 [amdgpu][ +0.004695] amdgpu_gem_object_free+0x66/0xa0 [amdgpu][ +0.004534] ? __pfx_amdgpu_gem_object_free+0x10/0x10 [amdgpu][ +0.004291] ? do_syscall_64+0x5f/0xe0[ +0.000023] ? srso_return_thunk+0x5/0x5f[ +0.000017] drm_gem_object_free+0x3b/0x50 [drm][ +0.000489] amdgpu_gem_userptr_ioctl+0x306/0x500 [amdgpu][ +0.004295] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu][ +0.004270] ? srso_return_thunk+0x5/0x5f[ +0.000014] ? __this_cpu_preempt_check+0x13/0x20[ +0.000015] ? srso_return_thunk+0x5/0x5f[ +0.000013] ? sysvec_apic_timer_interrupt+0x57/0xc0[ +0.000020] ? srso_return_thunk+0x5/0x5f[ +0.000014] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20[ +0.000022] ? drm_ioctl_kernel+0x17b/0x1f0 [drm][ +0.000496] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu][ +0.004272] ? drm_ioctl_kernel+0x190/0x1f0 [drm][ +0.000492] drm_ioctl_kernel+0x140/0x1f0 [drm][ +0.000497] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu][ +0.004297] ? __pfx_drm_ioctl_kernel+0x10/0x10 [d---truncated---", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24753", "Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple `Content-Security-Policy` headers, then Bref would just reflect the latest one. This vulnerability is patched in 2.1.13.", "No PoCs found on GitHub currently.", "https://github.com/brefphp/bref/security/advisories/GHSA-99f9-gv72-fw9r"], ["2024", "CVE-2024-28847", "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435"], ["2024", "CVE-2024-23133", "A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24850", "Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21036", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-28595", "SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-28595.md"], ["2024", "CVE-2024-32307", "Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromWizardHandle.md"], ["2024", "CVE-2024-30202", "In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4871", "A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses \"-o StrictHostKeyChecking=no\". This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3283", "A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling them to access the '/api/system/enable-multi-user' endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiable fields, leading to unauthorized modification of system settings and subsequent privilege escalation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26716", "In the Linux kernel, the following vulnerability has been resolved:usb: core: Prevent null pointer dereference in update_port_device_stateCurrently, the function update_port_device_state gets the usb_hub fromudev->parent by calling usb_hub_to_struct_hub.However, in case the actconfig or the maxchild is 0, the usb_hub wouldbe NULL and upon further accessing to get port_dev would result in nullpointer dereference.Fix this by introducing an if check after the usb_hub is populated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1017", "A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252287.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/176714/Gabriels-FTP-Server-1.2-Denial-Of-Service.html
https://www.youtube.com/watch?v=wwHuXfYS8yQ"], ["2024", "CVE-2024-3003", "A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258205 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%205.md"], ["2024", "CVE-2024-26596", "In the Linux kernel, the following vulnerability has been resolved:net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice eventsAfter the blamed commit, we started doing this dereference for everyNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev){\tstruct dsa_user_priv *p = netdev_priv(dev);\treturn p->dp;}Which is obviously bogus, because not all net_devices have a netdev_priv()of type struct dsa_user_priv. But struct dsa_user_priv is fairly small,and p->dp means dereferencing 8 bytes starting with offset 16. Mostdrivers allocate that much private memory anyway, making our access notfault, and we discard the bogus data quickly afterwards, so this wasn'tcaught.But the dummy interface is somewhat special in that it callsalloc_netdev() with a priv size of 0. So every netdev_priv() dereferenceis invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER eventwith a VLAN as its new upper:$ ip link add dummy1 type dummy$ ip link add link dummy1 name dummy1.100 type vlan id 100[ 43.309174] ==================================================================[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374[ 43.330058][ 43.342436] Call trace:[ 43.366542] dsa_user_prechangeupper+0x30/0xe8[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8[ 43.375768] notifier_call_chain+0xa4/0x210[ 43.379985] raw_notifier_call_chain+0x24/0x38[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8[ 43.389120] netdev_upper_dev_link+0x70/0xa8[ 43.393424] register_vlan_dev+0x1bc/0x310[ 43.397554] vlan_newlink+0x210/0x248[ 43.401247] rtnl_newlink+0x9fc/0xe30[ 43.404942] rtnetlink_rcv_msg+0x378/0x580Avoid the kernel oops by dereferencing after the type check, as customary.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1106", "The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/0672f8af-33e2-459c-ac8a-7351247a8a26/"], ["2024", "CVE-2024-28816", "Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/AaravRajSIngh/Chatbot/pull/10"], ["2024", "CVE-2024-28715", "Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.", "https://github.com/Lq0ne/CVE-2024-28715
https://github.com/NaInSec/CVE-LIST
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Lq0ne/CVE-2024-28715"], ["2024", "CVE-2024-24801", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel \u2013 WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel \u2013 WordPress Owl Carousel Slider: from n/a through 1.4.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21067", "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-24941", "In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4723", "A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0. This issue affects some unknown processing of the file /admin/case-status. The manipulation of the argument case_status leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263801 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_case-status.md"], ["2024", "CVE-2024-4820", "A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263941 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3244", "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's
'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22049", "httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/advisories/GHSA-5pq7-52mg-hr42
https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42"], ["2024", "CVE-2024-25629", "c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23325", "Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn\u2019t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24897", "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py.This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26992", "In the Linux kernel, the following vulnerability has been resolved:KVM: x86/pmu: Disable support for adaptive PEBSDrop support for virtualizing adaptive PEBS, as KVM's implementation isarchitecturally broken without an obvious/easy path forward, and becauseexposing adaptive PEBS can leak host LBRs to the guest, i.e. can leakhost kernel addresses to the guest.Bug #1 is that KVM doesn't account for the upper 32 bits ofIA32_FIXED_CTR_CTRL when (re)programming fixed counters, e.gfixed_ctrl_field() drops the upper bits, reprogram_fixed_counters()stores local variables as u8s and truncates the upper bits too, etc.Bug #2 is that, because KVM _always_ sets precise_ip to a non-zero valuefor PEBS events, perf will _always_ generate an adaptive record, even ifthe guest requested a basic record. Note, KVM will also enable adaptivePEBS in individual *counter*, even if adaptive PEBS isn't exposed to theguest, but this is benign as MSR_PEBS_DATA_CFG is guaranteed to be zero,i.e. the guest will only ever see Basic records.Bug #3 is in perf. intel_pmu_disable_fixed() doesn't clear the upperbits either, i.e. leaves ICL_FIXED_0_ADAPTIVE set, andintel_pmu_enable_fixed() effectively doesn't clear ICL_FIXED_0_ADAPTIVEeither. I.e. perf _always_ enables ADAPTIVE counters, regardless of whatKVM requests.Bug #4 is that adaptive PEBS *might* effectively bypass event filters setby the host, as \"Updated Memory Access Info Group\" records informationthat might be disallowed by userspace via KVM_SET_PMU_EVENT_FILTER.Bug #5 is that KVM doesn't ensure LBR MSRs hold guest values (or at leastzeros) when entering a vCPU with adaptive PEBS, which allows the guestto read host LBRs, i.e. host RIPs/addresses, by enabling \"LBR Entries\"records.Disable adaptive PEBS support as an immediate fix due to the severity ofthe LBR leak in particular, and because fixing all of the bugs will benon-trivial, e.g. not suitable for backporting to stable kernels.Note! This will break live migration, but trying to make KVM play nicewith live migration would be quite complicated, wouldn't be guaranteed towork (i.e. KVM might still kill/confuse the guest), and it's not clearthat there are any publicly available VMMs that support adaptive PEBS,let alone live migrate VMs that support adaptive PEBS, e.g. QEMU doesn'tsupport PEBS in any capacity.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2068", "A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/update-computer.php. The manipulation of the argument model leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255383.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20upadte-computer.php%20.md"], ["2024", "CVE-2024-1201", "Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24794", "A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1931"], ["2024", "CVE-2024-26780", "In the Linux kernel, the following vulnerability has been resolved:af_unix: Fix task hung while purging oob_skb in GC.syzbot reported a task hung; at the same time, GC was looping infinitelyin list_for_each_entry_safe() for OOB skb. [0]syzbot demonstrated that the list_for_each_entry_safe() was not actuallysafe in this case.A single skb could have references for multiple sockets. If we free sucha skb in the list_for_each_entry_safe(), the current and next sockets couldbe unlinked in a single iteration.unix_notinflight() uses list_del_init() to unlink the socket, so theprefetched next socket forms a loop itself and list_for_each_entry_safe()never stops.Here, we must use while() and make sure we always fetch the first socket.[0]:Sending NMI from CPU 0 to CPUs 1:NMI backtrace for cpu 1CPU: 1 PID: 5065 Comm: syz-executor236 Not tainted 6.8.0-rc3-syzkaller-00136-g1f719a2f3fa6 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline]RIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:207Code: cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 14 25 40 c2 03 00 <65> 8b 05 b4 7c 78 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74RSP: 0018:ffffc900033efa58 EFLAGS: 00000283RAX: ffff88807b077800 RBX: ffff88807b077800 RCX: 1ffffffff27b1189RDX: ffff88802a5a3b80 RSI: ffffffff8968488d RDI: ffff88807b077f70RBP: ffffc900033efbb0 R08: 0000000000000001 R09: fffffbfff27a900cR10: ffffffff93d48067 R11: ffffffff8ae000eb R12: ffff88807b077800R13: dffffc0000000000 R14: ffff88807b077e40 R15: 0000000000000001FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 0000564f4fc1e3a8 CR3: 000000000d57a000 CR4: 00000000003506f0DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400Call Trace: unix_gc+0x563/0x13b0 net/unix/garbage.c:319 unix_release_sock+0xa93/0xf80 net/unix/af_unix.c:683 unix_release+0x91/0xf0 net/unix/af_unix.c:1064 __sock_release+0xb0/0x270 net/socket.c:659 sock_close+0x1c/0x30 net/socket.c:1421 __fput+0x270/0xb80 fs/file_table.c:376 task_work_run+0x14f/0x250 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xa8a/0x2ad0 kernel/exit.c:871 do_group_exit+0xd4/0x2a0 kernel/exit.c:1020 __do_sys_exit_group kernel/exit.c:1031 [inline] __se_sys_exit_group kernel/exit.c:1029 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77RIP: 0033:0x7f9d6cbdac09Code: Unable to access opcode bytes at 0x7f9d6cbdabdf.RSP: 002b:00007fff5952feb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9d6cbdac09RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000RBP: 00007f9d6cc552b0 R08: ffffffffffffffb8 R09: 0000000000000006R10: 0000000000000006 R11: 0000000000000246 R12: 00007f9d6cc552b0R13: 0000000000000000 R14: 00007f9d6cc55d00 R15: 00007f9d6cbabe70 ", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1310", "The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/a7735feb-876e-461c-9a56-ea6067faf277/"], ["2024", "CVE-2024-32391", "Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload.", "No PoCs found on GitHub currently.", "https://github.com/magicblack/maccms10/issues/1133"], ["2024", "CVE-2024-25678", "In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.", "https://github.com/QUICTester/QUICTester
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1250", "An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21113", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4814", "A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Affected by this vulnerability is an unknown functionality of the file /view/networkConfig/RouteConfig/StaticRoute/static_route_edit_commit.php. The manipulation of the argument oldipmask/oldgateway leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25988", "In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26633", "In the Linux kernel, the following vulnerability has been resolved:ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken.Reading frag_off can only be done if we pulled enough bytesto skb->head. Currently we might access garbage.[1]BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432__netdev_start_xmit include/linux/netdevice.h:4940 [inline]netdev_start_xmit include/linux/netdevice.h:4954 [inline]xmit_one net/core/dev.c:3548 [inline]dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349dev_queue_xmit include/linux/netdevice.h:3134 [inline]neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592neigh_output include/net/neighbour.h:542 [inline]ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222NF_HOOK_COND include/linux/netfilter.h:303 [inline]ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243dst_output include/net/dst.h:451 [inline]ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155ip6_send_skb net/ipv6/ip6_output.c:1952 [inline]ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847sock_sendmsg_nosec net/socket.c:730 [inline]__sock_sendmsg net/socket.c:745 [inline]____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638__sys_sendmsg net/socket.c:2667 [inline]__do_sys_sendmsg net/socket.c:2676 [inline]__se_sys_sendmsg net/socket.c:2674 [inline]__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674do_syscall_x64 arch/x86/entry/common.c:52 [inline]do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83entry_SYSCALL_64_after_hwframe+0x63/0x6bUninit was created at:slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768slab_alloc_node mm/slub.c:3478 [inline]__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517__do_kmalloc_node mm/slab_common.c:1006 [inline]__kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098__pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655pskb_may_pull_reason include/linux/skbuff.h:2673 [inline]pskb_may_pull include/linux/skbuff.h:2681 [inline]ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline]ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432__netdev_start_xmit include/linux/netdevice.h:4940 [inline]netdev_start_xmit include/linux/netdevice.h:4954 [inline]xmit_one net/core/dev.c:3548 [inline]dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349dev_queue_xmit include/linux/netdevice.h:3134 [inline]neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592neigh_output include/net/neighbour.h:542 [inline]ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222NF_HOOK_COND include/linux/netfilter.h:303 [inline]ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243dst_output include/net/dst.h:451 [inline]ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155ip6_send_skb net/ipv6/ip6_output.c:1952 [inline]ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847sock_sendmsg_nosec net/socket.c:730 [inline]__sock_sendmsg net/socket.c:745 [inline]____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638__sys_sendmsg net/socket.c:2667 [inline]__do_sys_sendms---truncated---", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd"], ["2024", "CVE-2024-24736", "The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/176784/YahooPOPs-1.6-Denial-Of-Service.html"], ["2024", "CVE-2024-24835", "Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21053", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-30236", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26722", "In the Linux kernel, the following vulnerability has been resolved:ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutexis left locked forever. That may lead to deadlockwhen rt5645_jack_detect_work() is called for the second time.Found by Linux Verification Center (linuxtesting.org) with SVACE.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1023", "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24767", "CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x"], ["2024", "CVE-2024-1163", "Uncontrolled Resource Consumption in GitHub repository mbloch/mapshaper prior to 0.6.44.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5"], ["2024", "CVE-2024-23296", "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24864", "A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write()\u00a0function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21393", "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21002", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-23825", "TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.", "No PoCs found on GitHub currently.", "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg"], ["2024", "CVE-2024-24146", "A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.", "No PoCs found on GitHub currently.", "https://github.com/libming/libming/issues/307"], ["2024", "CVE-2024-1742", "Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21920", "A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26043", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21623", "OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.", "https://github.com/Sim4n6/Sim4n6
https://github.com/fkie-cad/nvd-json-data-feeds", "https://securitylab.github.com/research/github-actions-untrusted-input/"], ["2024", "CVE-2024-28151", "Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23726", "Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.", "https://github.com/actuator/cve
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4167", "A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md"], ["2024", "CVE-2024-28011", "Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24397", "Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/trustcves/CVE-2024-24397", "https://cves.at/posts/cve-2024-24397/writeup/"], ["2024", "CVE-2024-32980", "Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application's component handling the incoming request is configured with an `allow_outbound_hosts` list containing `\"self\"`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn't include the hostname/port. Spin 2.4.3 has been released to fix this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3707", "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26103", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21860", "in OpenHarmony v4.0.0 and prior versionsallow an adjacent attacker arbitrary code execution in any apps through use after free.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30885", "Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component .", "No PoCs found on GitHub currently.", "https://github.com/Hebing123/cve/issues/29"], ["2024", "CVE-2024-23874", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1713", "A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.", "No PoCs found on GitHub currently.", "https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4"], ["2024", "CVE-2024-3616", "A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. This vulnerability affects unknown code of the file pengguna.php. The manipulation of the argument admin_user/admin_nama/admin_alamat/admin_telepon leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260272.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22889", "Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9", "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9"], ["2024", "CVE-2024-30697", "** DISPUTED ** An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30697", "No PoCs from references."], ["2024", "CVE-2024-30506", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Stored XSS.This issue affects All In One Redirection: from n/a through 2.2.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21672", "This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server.Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of\u00a0CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher releaseSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives).", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/swagcrafted/CVE-2024-21672-POC", "No PoCs from references."], ["2024", "CVE-2024-1810", "The Archivist \u2013 Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21732", "FlyCms through abbaa5a allows XSS via the permission management feature.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Ghostfox2003/cms/blob/main/1.md"], ["2024", "CVE-2024-3855", "In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125.", "https://github.com/googleprojectzero/fuzzilli
https://github.com/zhangjiahui-buaa/MasterThesis", "No PoCs from references."], ["2024", "CVE-2024-28040", "SQL injection vulnerability exists in GetDIAE_astListParameters.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3756", "The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/"], ["2024", "CVE-2024-26152", "", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6xv9-957j-qfhg"], ["2024", "CVE-2024-4085", "The Tabellen von faustball.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32761", "Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25288", "SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.", "No PoCs found on GitHub currently.", "https://github.com/slims/slims9_bulian/issues/229"], ["2024", "CVE-2024-25119", "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2589", "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22779", "Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1471", "An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23887", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1531", "A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24335", "A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-22639", "iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface.", "https://github.com/capture0x/My-CVE", "https://packetstormsecurity.com/files/176411/iGalerie-3.0.22-Cross-Site-Scripting.html"], ["2024", "CVE-2024-2758", "Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.", "https://github.com/Ampferl/poc_http2-continuation-flood
https://github.com/DrewskyDev/H2Flood
https://github.com/Vos68/HTTP2-Continuation-Flood-PoC", "No PoCs from references."], ["2024", "CVE-2024-30724", "** DISPUTED ** An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30724", "No PoCs from references."], ["2024", "CVE-2024-21450", "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-28322", "SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request.", "No PoCs found on GitHub currently.", "https://github.com/Sospiro014/zday1/blob/main/event-managment.md
https://packetstormsecurity.com/files/177841/Event-Management-1.0-SQL-Injection.html"], ["2024", "CVE-2024-25148", "In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4345", "The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30635", "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/formSetCfm.md"], ["2024", "CVE-2024-1420", "** REJECT ** **REJECT** This is a duplicate of CVE-2024-1049. Please use CVE-2024-1049 instead.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3525", "A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. Affected is an unknown function of the file /views/index.php. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259896.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31419", "An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35010", "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Thirtypenny77/cms/blob/main/6.md"], ["2024", "CVE-2024-21893", "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.", "https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887
https://github.com/GhostTroops/TOP
https://github.com/H4lo/awesome-IoT-security-article
https://github.com/Ostorlab/KEV
https://github.com/afonsovitorio/cve_sandbox
https://github.com/farukokutan/Threat-Intelligence-Research-Reports
https://github.com/gobysec/Goby
https://github.com/h4x0r-dz/CVE-2024-21893.py
https://github.com/inguardians/ivanti-VPN-issues-2024-research
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/seajaysec/Ivanti-Connect-Around-Scan
https://github.com/tanjiti/sec_profile
https://github.com/toxyl/lscve", "No PoCs from references."], ["2024", "CVE-2024-26261", "The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25399", "Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2709", "A vulnerability was found in Tenda AC10U 15.03.06.49. It has been classified as critical. Affected is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257460. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/fromSetRouteStatic.md"], ["2024", "CVE-2024-21497", "All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser\u2019s back button, to trigger the redirection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861"], ["2024", "CVE-2024-4293", "A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss.md"], ["2024", "CVE-2024-26166", "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29089", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1727", "A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26026", "An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "https://github.com/GRTMALDET/Big-IP-Next-CVE-2024-26026
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/passwa11/CVE-2024-26026
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-21646", "Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1824", "A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The manipulation of the argument uname/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254612.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.254612"], ["2024", "CVE-2024-23743", "** DISPUTED ** Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states \"the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.\"", "https://github.com/V3x0r/CVE-2024-23743
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/giovannipajeu1/CVE-2024-23743
https://github.com/giovannipajeu1/giovannipajeu1
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-33858", "An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23652", "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.", "https://github.com/abian2/CVE-2024-23652
https://github.com/mightysai1997/leaky-vessels-dynamic-detector
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/snyk/leaky-vessels-dynamic-detector
https://github.com/snyk/leaky-vessels-static-detector", "No PoCs from references."], ["2024", "CVE-2024-1636", "Potential Cross-Site Scripting (XSS) in the page editing area.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1776", "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29209", "A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and integrity of the update server.The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application's update requests to a malicious server under their control.Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine.Impact:Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system.Affected Products:Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11Second Chance Client versions 2.0.0-2.0.9PIQ Client versions 1.0.0-1.0.15Remediation:Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks.Workarounds:Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing.Credits:This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33809", "PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3970", "Server Side Request Forgery vulnerability\u00a0has been discovered in OpenText\u2122 iManager 3.2.6.0200. Thiscould lead to senstive information disclosure by directory traversal.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1875", "A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. This issue affects some unknown processing of the file users/register-complaint.php of the component Lodge Complaint Section. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254723.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1554", "The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32947", "Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through 3.1.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33528", "A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload.", "No PoCs found on GitHub currently.", "https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/"], ["2024", "CVE-2024-0638", "Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27139", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED **Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.This issue affects Apache Archiva: from 2.0.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21435", "Windows OLE Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30601", "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_time.md"], ["2024", "CVE-2024-30590", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_end.md"], ["2024", "CVE-2024-28196", "your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as allowing signup of other users or deleting the current user account. Clickjacking works by opening the target application in an invisible iframe on an attacker-controlled site and luring a victim to visit the attacker page and interacting with it. By positioning elements over the invisible iframe, a victim can be tricked into triggering malicious or destructive actions in the invisible iframe, while they think they interact with a totally different site altogether. When a victim visits an attacker-controlled site while they are logged into YourSpotify, they can be tricked into performing actions on their YourSpotify instance without their knowledge. These actions include allowing signup of other users or deleting the current user account, resulting in a high impact to the integrity of YourSpotify. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-m5x2-6hjm-cggq"], ["2024", "CVE-2024-0778", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/dezhoutorizhao/cve/blob/main/rce.md
https://vuldb.com/?id.251696"], ["2024", "CVE-2024-1785", "The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajax_handler() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site's user with the edit_posts capability into performing an action such as clicking on a link.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24301", "Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yckuo-sdc/PoC"], ["2024", "CVE-2024-26204", "Outlook for Android Information Disclosure Vulnerability", "https://github.com/Ch0pin/related_work
https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3400", "A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.", "https://github.com/0x0d3ad/CVE-2024-3400
https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection
https://github.com/AdaniKamal/CVE-2024-3400
https://github.com/CONDITIONBLACK/CVE-2024-3400-POC
https://github.com/CerTusHack/CVE-2024-3400-PoC
https://github.com/Chocapikk/CVE-2024-3400
https://github.com/DrewskyDev/CVE-2024-3400
https://github.com/FoxyProxys/CVE-2024-3400
https://github.com/GhostTroops/TOP
https://github.com/H4lo/awesome-IoT-security-article
https://github.com/HackingLZ/panrapidcheck
https://github.com/Kr0ff/cve-2024-3400
https://github.com/LoanVitor/CVE-2024-3400-
https://github.com/MrR0b0t19/CVE-2024-3400
https://github.com/MurrayR0123/CVE-2024-3400-Compromise-Checker
https://github.com/Ostorlab/KEV
https://github.com/Ravaan21/CVE-2024-3400
https://github.com/T43cr0wl3r/Gorilla_Sessions
https://github.com/Tig3rHu/Awesome_IOT_Vul_lib
https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan
https://github.com/Yuvvi01/CVE-2024-3400
https://github.com/ZephrFish/CVE-2024-3400-Canary
https://github.com/ak1t4/CVE-2024-3400
https://github.com/andrelia-hacks/CVE-2024-3400
https://github.com/aneasystone/github-trending
https://github.com/codeblueprint/CVE-2024-3400
https://github.com/fatguru/dorks
https://github.com/fireinrain/github-trending
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/h4x0r-dz/CVE-2024-3400
https://github.com/hahasagined/CVE-2024-3400
https://github.com/ihebski/CVE-2024-3400
https://github.com/index2014/CVE-2024-3400-Checker
https://github.com/iwallarm/cve-2024-3400
https://github.com/jcaballero/cve-scanner
https://github.com/k4nfr3/nmap-scripts
https://github.com/kerberoshacker/CVE-2024-3400-POC
https://github.com/kerberoshacker2/CVE-2024-3400-POC
https://github.com/marconesler/CVE-2024-3400
https://github.com/momika233/CVE-2024-3400
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/phantomradar/cve-2024-3400-poc
https://github.com/pwnj0hn/CVE-2024-3400
https://github.com/retkoussa/CVE-2024-3400
https://github.com/schooldropout1337/CVE-2024-3400
https://github.com/schooldropout1337/gorilla
https://github.com/stronglier/CVE-2024-3400
https://github.com/swaybs/CVE-2024-3400
https://github.com/sxyrxyy/CVE-2024-3400-Check
https://github.com/tanjiti/sec_profile
https://github.com/terminalJunki3/CVE-2024-3400-Checker
https://github.com/tk-sawada/IPLineFinder
https://github.com/toxyl/lscve
https://github.com/vulsio/go-cve-dictionary
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/zam89/CVE-2024-3400-pot", "https://security.paloaltonetworks.com/CVE-2024-3400
https://unit42.paloaltonetworks.com/cve-2024-3400/"], ["2024", "CVE-2024-3892", "A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30710", "** DISPUTED ** An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30710", "No PoCs from references."], ["2024", "CVE-2024-28087", "In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0669", "A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30953", "A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module.", "No PoCs found on GitHub currently.", "https://github.com/CrownZTX/vulnerabilities/blob/main/htmly/stored_xss_in_Menueditor.md"], ["2024", "CVE-2024-3540", "A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259910 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22143", "Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20046", "In battery, there is a possible escalation of privilege due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08485622; Issue ID: ALPS08485622.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27626", "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.", "https://github.com/capture0x/My-CVE", "https://packetstormsecurity.com/files/177239/Dotclear-2.29-Cross-Site-Scripting.html"], ["2024", "CVE-2024-2022", "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-25723", "ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.", "https://github.com/david-botelho-mariano/exploit-CVE-2024-25723
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-28458", "Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c.", "No PoCs found on GitHub currently.", "https://github.com/keepinggg/poc/blob/main/poc_of_swfc"], ["2024", "CVE-2024-2162", "An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33266", "SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function.", "No PoCs found on GitHub currently.", "https://security.friendsofpresta.org/modules/2024/04/25/deliveryorderautoupdate.html"], ["2024", "CVE-2024-27974", "Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20017", "In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26989", "In the Linux kernel, the following vulnerability has been resolved:arm64: hibernate: Fix level3 translation fault in swsusp_save()On arm64 machines, swsusp_save() faults if it attempts to accessMEMBLOCK_NOMAP memory ranges. This can be reproduced in QEMU using UEFIwhen booting with rodata=off debug_pagealloc=off and CONFIG_KFENCE=n: Unable to handle kernel paging request at virtual address ffffff8000000000 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault Data abort info: ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000eeb0b000 [ffffff8000000000] pgd=180000217fff9803, p4d=180000217fff9803, pud=180000217fff9803, pmd=180000217fff8803, pte=0000000000000000 Internal error: Oops: 0000000096000007 [#1] SMP Internal error: Oops: 0000000096000007 [#1] SMP Modules linked in: xt_multiport ipt_REJECT nf_reject_ipv4 xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_filter bpfilter rfkill at803x snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg dwmac_generic stmmac_platform snd_hda_codec stmmac joydev pcs_xpcs snd_hda_core phylink ppdev lp parport ramoops reed_solomon ip_tables x_tables nls_iso8859_1 vfat multipath linear amdgpu amdxcp drm_exec gpu_sched drm_buddy hid_generic usbhid hid radeon video drm_suballoc_helper drm_ttm_helper ttm i2c_algo_bit drm_display_helper cec drm_kms_helper drm CPU: 0 PID: 3663 Comm: systemd-sleep Not tainted 6.6.2+ #76 Source Version: 4e22ed63a0a48e7a7cff9b98b7806d8d4add7dc0 Hardware name: Greatwall GW-XXXXXX-XXX/GW-XXXXXX-XXX, BIOS KunLun BIOS V4.0 01/19/2021 pstate: 600003c5 (nZCv DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : swsusp_save+0x280/0x538 lr : swsusp_save+0x280/0x538 sp : ffffffa034a3fa40 x29: ffffffa034a3fa40 x28: ffffff8000001000 x27: 0000000000000000 x26: ffffff8001400000 x25: ffffffc08113e248 x24: 0000000000000000 x23: 0000000000080000 x22: ffffffc08113e280 x21: 00000000000c69f2 x20: ffffff8000000000 x19: ffffffc081ae2500 x18: 0000000000000000 x17: 6666662074736420 x16: 3030303030303030 x15: 3038666666666666 x14: 0000000000000b69 x13: ffffff9f89088530 x12: 00000000ffffffea x11: 00000000ffff7fff x10: 00000000ffff7fff x9 : ffffffc08193f0d0 x8 : 00000000000bffe8 x7 : c0000000ffff7fff x6 : 0000000000000001 x5 : ffffffa0fff09dc8 x4 : 0000000000000000 x3 : 0000000000000027 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 000000000000004e Call trace: swsusp_save+0x280/0x538 swsusp_arch_suspend+0x148/0x190 hibernation_snapshot+0x240/0x39c hibernate+0xc4/0x378 state_store+0xf0/0x10c kobj_attr_store+0x14/0x24The reason is swsusp_save() -> copy_data_pages() -> page_is_saveable()-> kernel_page_present() assuming that a page is always present whencan_set_direct_map() is false (all of rodata_full,debug_pagealloc_enabled() and arm64_kfence_can_set_direct_map() false),irrespective of the MEMBLOCK_NOMAP ranges. Such MEMBLOCK_NOMAP regionsshould not be saved during hibernation.This problem was introduced by changes to the pfn_valid() logic incommit a7d9f306ba70 (\"arm64: drop pfn_valid_within() and simplifypfn_valid()\").Similar to other architectures, drop the !can_set_direct_map() check inkernel_page_present() so that page_is_savable() skips such pages.[catalin.marinas@arm.com: rework commit message]", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2073", "A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/vanitashtml/CVE-Dumps/blob/main/Block%20Inserter%20for%20Dynamic%20Content%20-%20Sql%20Injection.md"], ["2024", "CVE-2024-29866", "Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2133", "A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255495.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-0036", "In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25931", "Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2080", "The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27684", "A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-27515", "Osclass 5.1.2 is vulnerable to SQL Injection.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "https://github.com/mindstellar/Osclass/issues/495"], ["2024", "CVE-2024-25410", "flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/flusity/flusity-CMS/issues/9"], ["2024", "CVE-2024-29895", "Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.", "https://github.com/Rubioo02/CVE-2024-29895
https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/secunnix/CVE-2024-29895
https://github.com/ticofookfook/CVE-2024-29895.py", "https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m"], ["2024", "CVE-2024-0185", "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21019", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21388", "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/d0rb/CVE-2024-21388
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28868", "Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1178", "The SportsPress \u2013 Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29796", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31390", ": Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://patchstack.com/articles/unpatched-authenticated-rce-in-oxygen-and-breakdance-builder?_s_id=cve
https://snicco.io/vulnerability-disclosure/breakdance/client-mode-remote-code-execution-breakdance-1-7-0?_s_id=cve
https://www.youtube.com/watch?v=9glx54-LfRE"], ["2024", "CVE-2024-27455", "In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21048", "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-22221", "Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33155", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26628", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1069", "The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28979", "Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22361", "IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25993", "In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25501", "An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter.", "https://github.com/Drun1baby/Vul_List
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0305", "A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872.", "https://github.com/20142995/pocsuite3
https://github.com/Marco-zcl/POC
https://github.com/Tropinene/Yscanner
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/dddinmx/POC-Pocsuite3
https://github.com/jidle123/cve-2024-0305exp
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/xingchennb/POC-", "No PoCs from references."], ["2024", "CVE-2024-29984", "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21108", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-27703", "Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/b-hermes/vulnerability-research/blob/main/CVE-2024-27703/README.md"], ["2024", "CVE-2024-25597", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22126", "The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes\u00a0the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25845", "In the module \"CD Custom Fields 4 Orders\" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20023", "In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25746", "Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/add_white_node.md"], ["2024", "CVE-2024-27752", "Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function.", "No PoCs found on GitHub currently.", "https://github.com/flyhha/cms/blob/main/1.md"], ["2024", "CVE-2024-2156", "A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin_class.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255588.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29943", "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.", "https://github.com/NaInSec/CVE-LIST
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-25657", "An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34523", "** UNSUPPORTED WHEN ASSIGNED ** AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/piuppi/Proof-of-Concepts", "https://github.com/piuppi/Proof-of-Concepts/blob/main/AChecker/CVE-2024-34523.md"], ["2024", "CVE-2024-33343", "D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27612", "Numbas editor before 7.3 mishandles editing of themes and extensions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2387", "The Advanced Form Integration \u2013 Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the \u2018integration_id\u2019 parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries and subsequently inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29803", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0282", "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22355", "IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3158", "Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30248", "Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin page. This vulnerability was patched in version 1.3.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/piccolo-orm/piccolo_admin/security/advisories/GHSA-pmww-v6c9-7p83"], ["2024", "CVE-2024-4738", "A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument new_client leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263824.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_appointment.md"], ["2024", "CVE-2024-27570", "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/generate_conf_router.md"], ["2024", "CVE-2024-34490", "In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0271", "A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file addmaterial_edit.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249826 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24488", "An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/minj-ae/CVE-2024-24488
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-33161", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31064", "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.", "No PoCs found on GitHub currently.", "https://github.com/sahildari/cve/blob/master/CVE-2024-31064.md"], ["2024", "CVE-2024-3109", "A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22304", "Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This issue affects FreshMail For WordPress: from n/a through 2.3.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23128", "A maliciously crafted MODEL file in libodxdll.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27521", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the \"setOpModeCfg\" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user \"root\").", "No PoCs found on GitHub currently.", "https://github.com/SpikeReply/advisories/blob/main/cve/totolink/cve-2024-27521.md"], ["2024", "CVE-2024-0220", "B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24748", "Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0230", "A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.", "https://github.com/marcnewlin/hi_my_name_is_keyboard
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/shirin-ehtiram/hi_my_name_is_keyboard", "No PoCs from references."], ["2024", "CVE-2024-25434", "A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/machisri/CVEs-and-Vulnerabilities", "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25434%20-%3E%20Stored%20XSS%20in%20input%20public%20name%20of%20the%20Component"], ["2024", "CVE-2024-23138", "A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3059", "The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/e154096d-e9b7-43ba-9a34-81a6c431025c/"], ["2024", "CVE-2024-31025", "SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mortal-sec/CVE-2024-31025
https://github.com/no3586/CVE-2024-31025
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-22254", "VMware ESXi contains an out-of-bounds write vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.", "https://github.com/crackmapEZec/CVE-2024-22252-POC", "No PoCs from references."], ["2024", "CVE-2024-33120", "Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22085", "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3119", "A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0370", "The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25574", "SQL injection vulnerability exists in GetDIAE_usListParameters.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2275", "A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256044. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0261", "A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html
https://vuldb.com/?id.249817
https://www.youtube.com/watch?v=q-CVJfYdd-g"], ["2024", "CVE-2024-2364", "A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Musicshelf_Manifest_issue.md"], ["2024", "CVE-2024-22194", "cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.", "No PoCs found on GitHub currently.", "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d"], ["2024", "CVE-2024-29472", "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24498", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1008. Reason: This candidate is a duplicate of CVE-2024-1008. Notes: All CVE users should reference CVE-2024-1008 instead of this candidate.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-Unauthenticated_Unrestricted_File_Upload_To_RCE.md"], ["2024", "CVE-2024-3148", "A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing of the file dede/makehtml_archives_action.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258923. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-31134", "In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0321", "Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769"], ["2024", "CVE-2024-4728", "A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/court. The manipulation of the argument court_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263806 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_court.md"], ["2024", "CVE-2024-30258", "FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.", "No PoCs found on GitHub currently.", "https://drive.google.com/file/d/19W5UC52hPnAqVq_boZWO45d1TJ4WoCSh/view?usp=sharing
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh"], ["2024", "CVE-2024-4998", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-4566. Reason: This candidate is a reservation duplicate of CVE-2024-4566. Notes: All CVE users should reference CVE-2024-4566 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33213", "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34473", "An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components.", "No PoCs found on GitHub currently.", "https://jira.o-ran-sc.org/browse/RIC-1055"], ["2024", "CVE-2024-0292", "A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2397", "Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27593", "A stored cross-site scripting (XSS) vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name field. This vulnerability has been fixed in version 3.23.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.smarttecs.com/posts/2024-002-cve-2024-27593/"], ["2024", "CVE-2024-34533", "A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute.", "No PoCs found on GitHub currently.", "https://github.com/luvsn/OdZoo/tree/main/exploits/izi_data"], ["2024", "CVE-2024-2146", "A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255499.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/vanitashtml/CVE-Dumps/blob/main/Reflected%20XSS%20in%20Mobile%20Management%20Store.md"], ["2024", "CVE-2024-29650", "An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/tariqhawis/1bc340ca5ea6ae115c9ab9665cfd5921
https://learn.snyk.io/lesson/prototype-pollution/#a0a863a5-fd3a-539f-e1ed-a0769f6c6e3b"], ["2024", "CVE-2024-20033", "In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22136", "Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25756", "A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/formWifiBasicSet.md"], ["2024", "CVE-2024-2057", "A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl"], ["2024", "CVE-2024-2286", "The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31207", "Vite (French word for \"quick\", pronounced /vit/, like \"veet\") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22076", "MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25915", "Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33302", "SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via \"Middle Name\" under Add Users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-33302.md
https://portswigger.net/web-security/cross-site-scripting/stored"], ["2024", "CVE-2024-25983", "Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1079", "The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21118", "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-32369", "SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.", "https://github.com/chucrutis/CVE-2024-32369
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-25511", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#address_public_newaspx"], ["2024", "CVE-2024-2210", "The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25451", "Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/axiomatic-systems/Bento4/issues/872"], ["2024", "CVE-2024-21058", "Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-1139", "A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26638", "In the Linux kernel, the following vulnerability has been resolved:nbd: always initialize struct msghdr completelysyzbot complains that msg->msg_get_inq value can be uninitialized [1]struct msghdr got many new fields recently, we should always makesure their values is zero by default.[1] BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x12b/0x1e0 net/socket.c:1066 __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700 worker_thread+0xf45/0x1490 kernel/workqueue.c:2781 kthread+0x3ed/0x540 kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242Local variable msg created at: __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863CPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023Workqueue: nbd5-recv recv_work", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0344", "A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250112.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.250112"], ["2024", "CVE-2024-2241", "Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32338", "A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.", "https://github.com/adiapera/xss_current_page_wondercms_3.4.3", "https://github.com/adiapera/xss_current_page_wondercms_3.4.3"], ["2024", "CVE-2024-21009", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-0204", "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.", "https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/Ostorlab/KEV
https://github.com/Threekiii/CVE
https://github.com/adminlove520/CVE-2024-0204
https://github.com/cbeek-r7/CVE-2024-0204
https://github.com/gobysec/Goby
https://github.com/horizon3ai/CVE-2024-0204
https://github.com/lions2012/Penetration_Testing_POC
https://github.com/m-cetin/CVE-2024-0204
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/toxyl/lscve", "http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html
http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html"], ["2024", "CVE-2024-0195", "A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.", "https://github.com/Marco-zcl/POC
https://github.com/Tropinene/Yscanner
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/tanjiti/sec_profile
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/xingchennb/POC-", "No PoCs from references."], ["2024", "CVE-2024-25400", "Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27694", "FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/sms2056/cms/blob/main/1.md"], ["2024", "CVE-2024-27997", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.6.0.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31380", "Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.2.", "https://github.com/Chokopik/CVE-2024-31380-POC
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://patchstack.com/articles/unpatched-authenticated-rce-in-oxygen-and-breakdance-builder?_s_id=cve
https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1?_s_id=cve"], ["2024", "CVE-2024-25892", "ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter.", "No PoCs found on GitHub currently.", "https://github.com/ChurchCRM/CRM/issues/6858"], ["2024", "CVE-2024-29417", "Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28878", "IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28559", "SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31233", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1.", "https://github.com/JohnNetSouldRU/CVE-2024-31233-Exploit-POC
https://github.com/JohnNetSouldRU/CVE-2024-31233-POC", "No PoCs from references."], ["2024", "CVE-2024-25921", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20007", "In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27964", "Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29876", "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0166", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2063", "A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/profile_crud.php%20Unauthenticated%20STORED%20XSS.md"], ["2024", "CVE-2024-28699", "A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/flexpaper/pdf2json/issues/52"], ["2024", "CVE-2024-20287", "A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device.", "No PoCs found on GitHub currently.", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO"], ["2024", "CVE-2024-34995", "svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27935", "Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance optimization to limit allocations during these asynchronous read operations. This can lead to data intended for one session being received by another session, potentially resulting in data corruption and unexpected behavior. This affects all users of Deno that use the node.js compatibility layer for network communication or other streams, including packages that may require node.js libraries indirectly. Version 1.36.3 contains a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp"], ["2024", "CVE-2024-20056", "In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25830", "F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.", "https://github.com/0xNslabs/CVE-2024-25832-PoC
https://github.com/fkie-cad/nvd-json-data-feeds", "https://neroteam.com/blog/f-logic-datacube3-vulnerability-report"], ["2024", "CVE-2024-34447", "An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32745", "A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.", "https://github.com/adiapera/xss_current_page_wondercms_3.4.3", "https://github.com/adiapera/xss_current_page_wondercms_3.4.3"], ["2024", "CVE-2024-34249", "wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function \"DeallocateSlot\" in wasm3/source/m3_compile.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/wasm3/wasm3/issues/485"], ["2024", "CVE-2024-33429", "Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file.", "No PoCs found on GitHub currently.", "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc/
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2
https://github.com/stsaz/phiola/issues/30"], ["2024", "CVE-2024-20658", "Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1455", "A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3"], ["2024", "CVE-2024-3781", "Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26185", "Windows Compressed Folder Tampering Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24311", "Path Traversal vulnerability in Linea Grafica \"Multilingual and Multistore Sitemap Pro - SEO\" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0679", "The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.", "https://github.com/RandomRobbieBF/CVE-2024-0679
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28097", "Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1987", "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30491", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/truonghuuphuc/CVE-2024-30491-Poc", "No PoCs from references."], ["2024", "CVE-2024-34218", "TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/NTPSyncWithHost"], ["2024", "CVE-2024-3690", "A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/psudo-bugboy/CVE-2024", "https://github.com/psudo-bugboy/CVE-2024"], ["2024", "CVE-2024-26305", "There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.", "https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26094", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1404", "A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3441", "A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0628", "The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29188", "WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26067", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-35187", "Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user (not as root) to isolate an attacker with Arbitrary Code Execution to the current service. Therefore, other system services and the system itself remains protected in case of a successful attack. stalwart-mail runs as a separate user, but it can give itself full privileges again in a simple way, so this protection is practically ineffective. Server admins who handed out the admin credentials to the mail server, but didn't want to hand out complete root access to the system, as well as any attacked user when the attackers gained Arbitrary Code Execution using another vulnerability, may be vulnerable. Version 0.8.0 contains a patch for the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28175", "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in Argo CD versions v2.10.3 v2.9.8, and v2.8.12. There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4003", "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_team_members_image_rounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4392", "The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23642", "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525
https://osgeo-org.atlassian.net/browse/GEOS-11152"], ["2024", "CVE-2024-1925", "A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254860.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21747", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting: from n/a through 1.12.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24133", "** UNSUPPORTED WHEN ASSIGNED ** Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hebing123/cve/issues/16"], ["2024", "CVE-2024-23850", "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://lore.kernel.org/lkml/CALGdzuo6awWdau3X=8XK547x2vX_-VoFmH1aPsqosRTQ5WzJVA@mail.gmail.com/"], ["2024", "CVE-2024-1834", "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254625 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-Student-Attendance-System.md#2pageattendancexss"], ["2024", "CVE-2024-3931", "A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component Profile Handler. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/cisagov/vulnrichment
https://github.com/storbeck/vulnrichment-cli", "No PoCs from references."], ["2024", "CVE-2024-4112", "A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. This affects the function sub_42CB94 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/formSetVirtualSer.md"], ["2024", "CVE-2024-29099", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster allows Reflected XSS.This issue affects Evergreen Content Poster: from n/a through 1.4.1.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21815", "Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26176", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3772", "Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/seal-community/patches", "No PoCs from references."], ["2024", "CVE-2024-23910", "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3475", "The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/bf540242-5306-4c94-ad50-782d0d5b127f/"], ["2024", "CVE-2024-30866", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32963", "Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist, added song, posted arbitrary comment, set the playlist to be public, and put the admin as the owner of the playlist. The attacker must be able to intercept http traffic for this attack. Each known user is impacted. An attacker can obtain the ownerId from shared playlist information, meaning every user who has shared a playlist is also impacted, as they can be impersonated. This issue has been addressed in version 0.52.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/navidrome/navidrome/security/advisories/GHSA-4jrx-5w4h-3gpm"], ["2024", "CVE-2024-2719", "A vulnerability classified as problematic has been found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257472.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25389", "RT-Thread through 5.0.2 generates random numbers with a weak algorithm of \"seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;\" in calc_random in drivers/misc/rt_random.c.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-23514", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21780", "** UNSUPPPORTED WHEN ASSIGNED ** Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21411", "Skype for Consumer Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rkraper339/CVE-2024-21411-POC", "No PoCs from references."], ["2024", "CVE-2024-30625", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the entrys parameter from fromAddressNat function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_entrys.md"], ["2024", "CVE-2024-3535", "A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259905 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26331", "ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass the authentication mechanism by modifying the cookie to contain an expected value.", "https://github.com/Ostorlab/KEV", "No PoCs from references."], ["2024", "CVE-2024-30926", "Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component.", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-31458", "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x"], ["2024", "CVE-2024-3424", "A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24325", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/11/TOTOlink%20A3300R%20setParentalRules.md"], ["2024", "CVE-2024-21440", "Microsoft ODBC Driver Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4244", "A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/fromDhcpSetSer.md"], ["2024", "CVE-2024-2748", "A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2608", "`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2599", "File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25298", "An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CpyRe/I-Find-CVE-2024/blob/main/REDAXO%20RCE.md"], ["2024", "CVE-2024-21500", "All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application\u2019s full multistep 2FA process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/"], ["2024", "CVE-2024-30674", "** DISPUTED ** Unauthorized access vulnerability in ROS2 Iron Irwini in ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to gain control of multiple ROS2 nodes. Unauthorized information access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30674", "No PoCs from references."], ["2024", "CVE-2024-23897", "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.", "https://github.com/10T4/PoC-Fix-jenkins-rce_CVE-2024-23897
https://github.com/20142995/sectool
https://github.com/Abo5/CVE-2024-23897
https://github.com/AbraXa5/AbraXa5
https://github.com/AbraXa5/Jenkins-CVE-2024-23897
https://github.com/Anekant-Singhai/Exploits
https://github.com/Athulya666/CVE-2024-23897
https://github.com/B4CK4TT4CK/CVE-2024-23897
https://github.com/CKevens/CVE-2024-23897
https://github.com/GhostTroops/TOP
https://github.com/Maalfer/CVE-2024-23897
https://github.com/Marco-zcl/POC
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/Nebian/CVE-2024-23897
https://github.com/Ostorlab/KEV
https://github.com/Praison001/CVE-2024-23897-Jenkins-Arbitrary-Read-File-Vulnerability
https://github.com/ThatNotEasy/CVE-2024-23897
https://github.com/TheBeastofwar/JenkinsExploit-GUI
https://github.com/TheRedDevil1/CVE-2024-23897
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/Vozec/CVE-2024-23897
https://github.com/WLXQqwer/Jenkins-CVE-2024-23897-
https://github.com/Y4tacker/JavaSec
https://github.com/ZonghaoLi777/githubTrending
https://github.com/afonsovitorio/cve_sandbox
https://github.com/aneasystone/github-trending
https://github.com/binganao/CVE-2024-23897
https://github.com/brijne/CVE-2024-23897-RCE
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/dhsgud/jenkins
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/forsaken0127/CVE-2024-23897
https://github.com/gobysec/Goby
https://github.com/godylockz/CVE-2024-23897
https://github.com/gquere/pwn_jenkins
https://github.com/h4x0r-dz/CVE-2024-23897
https://github.com/ifconfig-me/CVE-2024-23897
https://github.com/iota4/PoC-Fix-jenkins-rce_CVE-2024-23897
https://github.com/iota4/PoC-jenkins-rce_CVE-2024-23897
https://github.com/jafshare/GithubTrending
https://github.com/jenkinsci-cert/SECURITY-3314-3315
https://github.com/johe123qwe/github-trending
https://github.com/jopraveen/CVE-2024-23897
https://github.com/kaanatmacaa/CVE-2024-23897
https://github.com/lions2012/Penetration_Testing_POC
https://github.com/mil4ne/CVE-2024-23897-Jenkins-4.441
https://github.com/murataydemir/CVE-2024-23897
https://github.com/nbalazs1337/poc-jenkins
https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/pulentoski/CVE-2024-23897-Arbitrary-file-read
https://github.com/quentin33980/ToolBox-qgt
https://github.com/raheel0x01/CVE-2024-23897
https://github.com/sampsonv/github-trending
https://github.com/securitycipher/daily-bugbounty-writeups
https://github.com/stevenvegar/Jenkins_scripts
https://github.com/tanjiti/sec_profile
https://github.com/toxyl/lscve
https://github.com/viszsec/CVE-2024-23897
https://github.com/vmtyan/poc-cve-2024-23897
https://github.com/wjlin0/CVE-2024-23897
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/xaitax/CVE-2024-23897
https://github.com/yoryio/CVE-2024-23897
https://github.com/zengzzzzz/golang-trending-archive
https://github.com/zhaoxiaoha/github-trending", "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html
http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"], ["2024", "CVE-2024-32872", "Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31839", "Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.", "https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc
https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/"], ["2024", "CVE-2024-3845", "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4126", "A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetSysTime.md"], ["2024", "CVE-2024-26142", "Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1703", "A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.254391"], ["2024", "CVE-2024-32881", "Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63.", "No PoCs found on GitHub currently.", "https://github.com/danswer-ai/danswer/security/advisories/GHSA-xr9w-3ggr-hr6j"], ["2024", "CVE-2024-23864", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1800", "In Progress\u00ae Telerik\u00ae Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28110", "Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4066", "A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/fromAdvSetMacMtuWan.md"], ["2024", "CVE-2024-3905", "A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been classified as critical. This affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/R7WebsSecurityHandler.md"], ["2024", "CVE-2024-30687", "** DISPUTED ** An insecure deserialization vulnerability has been identified in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30687", "No PoCs from references."], ["2024", "CVE-2024-21662", "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined with other vulnerabilities to attack the default admin account. This flaw undermines a patch for CVE-2020-8827 intended to protect against brute-force attacks. The application's brute force protection relies on a cache mechanism that tracks login attempts for each user. This cache is limited to a `defaultMaxCacheSize` of 1000 entries. An attacker can overflow this cache by bombarding it with login attempts for different users, thereby pushing out the admin account's failed attempts and effectively resetting the rate limit for that account. This is a severe vulnerability that enables attackers to perform brute force attacks at an accelerated rate, especially targeting the default admin account. Users should upgrade to version 2.8.13, 2.9.9, or 2.10.4 to receive a patch.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454"], ["2024", "CVE-2024-22899", "Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.", "https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain
https://github.com/Chocapikk/My-CVEs
https://github.com/nomi-sec/PoC-in-GitHub", "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"], ["2024", "CVE-2024-28390", "An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30407", "The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks\u00a0Juniper Cloud Native Router (JCNR)\u00a0and\u00a0containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.\u00a0This issue affects Juniper Networks JCNR: * All versions before 23.4.This issue affects Juniper Networks cRPD: * All versions before 23.4R1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31868", "Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.The attackers can modify helium.json and exposure XSS attacks to normal users.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22988", "An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47
https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies"], ["2024", "CVE-2024-26282", "Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3486", "XML External Entity injection vulnerability found\u00a0in OpenText\u2122 iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23975", "SQL injection vulnerability exists in GetDIAE_slogListParameters.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1752", "The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/7c87fcd2-6ffd-4285-bbf5-36efea70b620/"], ["2024", "CVE-2024-24156", "Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/gnuboard/g6/issues/316"], ["2024", "CVE-2024-23835", "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21633", "Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.", "https://github.com/0x33c0unt/CVE-2024-21633
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712
https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w"], ["2024", "CVE-2024-1632", "Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3737", "A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31848", "A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.", "https://github.com/Stuub/CVE-2024-31848-PoC
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "https://www.tenable.com/security/research/tra-2024-09"], ["2024", "CVE-2024-3834", "Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1931", "NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23656", "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0.", "No PoCs found on GitHub currently.", "https://github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r"], ["2024", "CVE-2024-28161", "In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1871", "A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254694 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/XSS%20Vulnerability%20in%20Project%20Assignment%20Report.md
https://vuldb.com/?id.254694"], ["2024", "CVE-2024-21910", "TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26073", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26162", "Microsoft ODBC Driver Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21493", "All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078"], ["2024", "CVE-2024-4297", "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28070", "A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31819", "An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.", "https://github.com/Chocapikk/CVE-2024-31819
https://github.com/Chocapikk/My-CVEs
https://github.com/nomi-sec/PoC-in-GitHub", "https://chocapikk.com/posts/2024/cve-2024-31819/
https://github.com/Chocapikk/CVE-2024-31819"], ["2024", "CVE-2024-1820", "A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254608.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28130", "An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23747", "The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.", "https://github.com/louiselalanne/CVE-2024-23747
https://github.com/louiselalanne/louiselalanne
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/louiselalanne/CVE-2024-23747"], ["2024", "CVE-2024-2768", "A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257604.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1501", "The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5048", "A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264745 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Budget%20Management%20App/Budget%20Management%20App%20-%20SQL%20Injection%20-%201.md"], ["2024", "CVE-2024-22749", "GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577", "No PoCs found on GitHub currently.", "https://github.com/gpac/gpac/issues/2713
https://github.com/hanxuer/crashes/blob/main/gapc/01/readme.md"], ["2024", "CVE-2024-1441", "An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.", "https://github.com/NaInSec/CVE-LIST
https://github.com/almkuznetsov/CVE-2024-1441
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3544", "Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4324", "The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28252", "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn't send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.2 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25129", "The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously modified CodeQL database, or a specially prepared set of QL query sources, the CLI can be made to make an outgoing HTTP request to an URL that contains material read from a local file chosen by the attacker. This may result in a loss of privacy of exfiltration of secrets. Security researchers and QL authors who receive databases or QL source files from untrusted sources may be impacted. A single untrusted `.ql` or `.qll` file cannot be affected, but a zip archive or tarball containing QL sources may unpack auxiliary files that will trigger an attack when CodeQL sees them in the file system. Those using CodeQL for routine analysis of source trees with a preselected set of trusted queries are not affected. In particular, extracting XML files from a source tree into the CodeQL database does not make one vulnerable. The problem is fixed in release 2.16.3 of the CodeQL CLI. Other than upgrading, workarounds include not accepting CodeQL databases or queries from untrusted sources, or only processing such material on a machine without an Internet connection. Customers who use older releases of CodeQL for security scanning in an automated CI system and cannot upgrade for compliance reasons can continue using that version. That use case is safe. If such customers have a private query pack and use the `codeql pack create` command to precompile them before using them in the CI system, they should be using the production CodeQL release to run `codeql pack create`. That command is safe as long as the QL source it precompiled is trusted. All other development of the query pack should use an upgraded CLI.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2628", "Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4235", "A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21431", "Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2739", "The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/5b84145b-f94e-4ea7-84d5-56cf776817a2/"], ["2024", "CVE-2024-1550", "A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3455", "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1781", "A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Icycu123/CVE-2024-1781
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Icycu123/X6000R-AX3000-Wifi-6-Giga/blob/main/2/X6000R%20AX3000%20WiFi%206%20Giga%E7%84%A1%E7%B7%9A%E8%B7%AF%E7%94%B1%E5%99%A8%E6%9C%AA%E6%8E%88%E6%9D%83rce.md"], ["2024", "CVE-2024-26080", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3515", "Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2679", "A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vacancy/index.php. The manipulation of the argument view leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257379.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30594", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceMac.md"], ["2024", "CVE-2024-1882", "This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28192", "your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This vulnerability allows an attacker to fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-c8wf-wcjc-2pvm"], ["2024", "CVE-2024-30502", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23773", "An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\\SYSTEM privileges.", "https://github.com/Verrideo/CVE-2024-23773
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-23870", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30990", "SQL Injection vulnerability in the \"Invoices\" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via \"searchdata\" parameter.", "No PoCs found on GitHub currently.", "https://medium.com/@shanunirwan/cve-2024-30990-sql-injection-vulnerability-in-invoices-page-of-client-management-system-using-php-58baa94a1761"], ["2024", "CVE-2024-1657", "A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3752", "The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/e738540a-2006-4b92-8db1-2476374d35bd/"], ["2024", "CVE-2024-1954", "The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for unauthenticated attackers to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23633", "Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image.`data_import/uploader.py` lines 125C5 through 146 showed that if a URL passed the server side request forgery verification checks, the contents of the file would be downloaded using the filename in the URL. The downloaded file path could then be retrieved by sending a request to `/api/projects/{project_id}/file-uploads?ids=[{download_id}]` where `{project_id}` was the ID of the project and `{download_id}` was the ID of the downloaded file. Once the downloaded file path was retrieved by the previous API endpoint, `data_import/api.py`lines 595C1 through 616C62 demonstrated that the `Content-Type` of the response was determined by the file extension, since `mimetypes.guess_type` guesses the `Content-Type` based on the file extension. Since the `Content-Type` was determined by the file extension of the downloaded file, an attacker could import in a `.html` file that would execute JavaScript when visited.Version 1.10.1 contains a patch for this issue. Other remediation strategies are also available. For all user provided files that are downloaded by Label Studio, set the `Content-Security-Policy: sandbox;` response header when viewed on the site. The `sandbox` directive restricts a page's actions to prevent popups, execution of plugins and scripts and enforces a `same-origin` policy. Alternatively, restrict the allowed file extensions that may be downloaded.", "No PoCs found on GitHub currently.", "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-fq23-g58m-799r"], ["2024", "CVE-2024-21627", "PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3940", "The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/bb0245e5-8e94-4f11-9003-d6208945056c/"], ["2024", "CVE-2024-28155", "Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23722", "In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.", "https://github.com/alexcote1/CVE-2024-23722-poc
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://medium.com/@adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00"], ["2024", "CVE-2024-24142", "Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.", "https://github.com/BurakSevben/CVE-2024-24142
https://github.com/BurakSevben/CVEs
https://github.com/SentinelXResearch/Fatality
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/securitycipher/daily-bugbounty-writeups", "https://github.com/BurakSevben/School-Task-Manager-SQL-Injection-2"], ["2024", "CVE-2024-23821", "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1746", "The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/5f35572a-4129-4fe0-a465-d25f4c3b4419/"], ["2024", "CVE-2024-3643", "The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/698277e6-56f9-4688-9a84-c2fa3ea9f7dc/"], ["2024", "CVE-2024-29239", "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-24002", "jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.", "No PoCs found on GitHub currently.", "https://github.com/jishenghua/jshERP/issues/99"], ["2024", "CVE-2024-1597", "pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1606", "Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for\u00a0manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker.Fix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.200.", "https://github.com/DojoSecurity/DojoSecurity
https://github.com/NaInSec/CVE-LIST
https://github.com/afine-com/research", "No PoCs from references."], ["2024", "CVE-2024-3703", "The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/3242b820-1da0-41ba-9f35-7be5dbc6d4b0/"], ["2024", "CVE-2024-26296", "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.", "https://github.com/kaje11/CVEs", "No PoCs from references."], ["2024", "CVE-2024-26107", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4163", "The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28015", "Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1905", "The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/b9a448d2-4bc2-4933-8743-58c8768a619f/"], ["2024", "CVE-2024-23662", "An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3521", "A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/garboa/cve_3/blob/main/Upload2.md"], ["2024", "CVE-2024-30631", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_start.md"], ["2024", "CVE-2024-23440", "Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability.\u00a0The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28237", "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the \"Test\" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c"], ["2024", "CVE-2024-0599", "A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\\main\\java\\com\\jspxcms\\core\\web\\back\\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.250837"], ["2024", "CVE-2024-27298", "parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21405", "Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23500", "Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32674", "Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1564", "The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/ecb1e36f-9c6e-4754-8878-03c97194644d/"], ["2024", "CVE-2024-32977", "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.", "No PoCs found on GitHub currently.", "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7"], ["2024", "CVE-2024-26265", "The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30872", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3461", "KioWare for Windows (versions all through 8.35)\u00a0allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.", "https://github.com/DojoSecurity/DojoSecurity
https://github.com/afine-com/research", "No PoCs from references."], ["2024", "CVE-2024-33689", "Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33518", "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32866", "Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to `parseWith...` functions. Applications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability. Version 1.1.1 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/edmundhung/conform/security/advisories/GHSA-624g-8qjg-8qxf"], ["2024", "CVE-2024-23883", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuremodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3570", "A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to perform actions on behalf of the user, such as creating a new admin account or changing the user's password, leading to a complete takeover of the AnythingLLM application. The vulnerability stems from the improper sanitization of user and ChatBot input, specifically through the use of `dangerouslySetInnerHTML`. Successful exploitation requires convincing an admin to add a malicious LocalAI ChatBot to their AnythingLLM instance.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0719", "The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/6e67bf7f-07e6-432b-a8f4-aa69299aecaf/"], ["2024", "CVE-2024-27018", "In the Linux kernel, the following vulnerability has been resolved:netfilter: br_netfilter: skip conntrack input hook for promisc packetsFor historical reasons, when bridge device is in promisc mode, packetsthat are directed to the taps follow bridge input hook path. This patchadds a workaround to reset conntrack for these packets.Jianbo Liu reports warning splats in their test infrastructure wherecloned packets reach the br_netfilter input hook to confirm theconntrack object.Scratch one bit from BR_INPUT_SKB_CB to annotate that this packet hasreached the input hook because it is passed up to the bridge device toreach the taps.[ 57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter][ 57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core[ 57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19[ 57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014[ 57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter][ 57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 <0f> 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1[ 57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202[ 57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000[ 57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000[ 57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003[ 57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000[ 57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800[ 57.582313] FS: 0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000[ 57.583040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ 57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0[ 57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000[ 57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400[ 57.585440] Call Trace:[ 57.585721] [ 57.585976] ? __warn+0x7d/0x130[ 57.586323] ? br_nf_local_in+0x157/0x180 [br_netfilter][ 57.586811] ? report_bug+0xf1/0x1c0[ 57.587177] ? handle_bug+0x3f/0x70[ 57.587539] ? exc_invalid_op+0x13/0x60[ 57.587929] ? asm_exc_invalid_op+0x16/0x20[ 57.588336] ? br_nf_local_in+0x157/0x180 [br_netfilter][ 57.588825] nf_hook_slow+0x3d/0xd0[ 57.589188] ? br_handle_vlan+0x4b/0x110[ 57.589579] br_pass_frame_up+0xfc/0x150[ 57.589970] ? br_port_flags_change+0x40/0x40[ 57.590396] br_handle_frame_finish+0x346/0x5e0[ 57.590837] ? ipt_do_table+0x32e/0x430[ 57.591221] ? br_handle_local_finish+0x20/0x20[ 57.591656] br_nf_hook_thresh+0x4b/0xf0 [br_netfilter][ 57.592286] ? br_handle_local_finish+0x20/0x20[ 57.592802] br_nf_pre_routing_finish+0x178/0x480 [br_netfilter][ 57.593348] ? br_handle_local_finish+0x20/0x20[ 57.593782] ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat][ 57.594279] br_nf_pre_routing+0x24c/0x550 [br_netfilter][ 57.594780] ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter][ 57.595280] br_handle_frame+0x1f3/0x3d0[ 57.595676] ? br_handle_local_finish+0x20/0x20[ 57.596118] ? br_handle_frame_finish+0x5e0/0x5e0[ 57.596566] __netif_receive_skb_core+0x25b/0xfc0[ 57.597017] ? __napi_build_skb+0x37/0x40[ 57.597418] __netif_receive_skb_list_core+0xfb/0x220", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4250", "A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formwrlSSIDset.md"], ["2024", "CVE-2024-21454", "Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28326", "Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface.", "https://github.com/ShravanSinghRathore/ShravanSinghRathore", "https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Privilege-Escalation-CVE%E2%80%902024%E2%80%9028326"], ["2024", "CVE-2024-0659", "The Easy Digital Downloads \u2013 Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20738", "Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24331", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/13/TOTOlink%20A3300R%20setWiFiScheduleCfg.md"], ["2024", "CVE-2024-27756", "GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2152", "A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manage_product.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255584.", "https://github.com/RNBBarrett/CrewAI-examples", "https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20Mobile%20Management%20Store.md"], ["2024", "CVE-2024-0057", "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29947", "There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-25653", "Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653"], ["2024", "CVE-2024-0286", "A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29807", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25713", "yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh"], ["2024", "CVE-2024-34467", "ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cookie because think_exception.tpl (aka the debug error output source code) provides this in an error message for a crafted URI in a GET request.", "No PoCs found on GitHub currently.", "https://github.com/top-think/framework/issues/2996"], ["2024", "CVE-2024-31302", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31213", "InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on the ICMS2 application. They could then host a website stating \"To update your profile, please enter your password,\" upon which the user may type their password and send it to the attacker. As of time of publication, a patched version is not available.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/instantsoft/icms2/security/advisories/GHSA-6v3c-p92q-prfq"], ["2024", "CVE-2024-27804", "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.", "https://github.com/GhostTroops/TOP
https://github.com/R00tkitSMM/CVE-2024-27804
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27707", "Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-27707"], ["2024", "CVE-2024-2103", "Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29916", "The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the \"Unsaflok\" issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series.", "https://github.com/NaInSec/CVE-LIST", "https://unsaflok.com"], ["2024", "CVE-2024-25593", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms \u2013 Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms \u2013 Ultimate Form Builder: from n/a through 8.5.5.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28579", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-35859", "In the Linux kernel, the following vulnerability has been resolved:block: fix module reference leakage from bdev_open_by_dev error pathAt the time bdev_may_open() is called, module reference is grabbedalready, hence module reference should be released if bdev_may_open()failed.This problem is found by code review.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25742", "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.", "No PoCs found on GitHub currently.", "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9"], ["2024", "CVE-2024-20027", "In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541633.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31353", "Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32318", "Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromSetVlanInfo_vlan.md"], ["2024", "CVE-2024-26709", "In the Linux kernel, the following vulnerability has been resolved:powerpc/iommu: Fix the missing iommu_group_put() during platform domain attachThe function spapr_tce_platform_iommu_attach_dev() is missing to calliommu_group_put() when the domain is already set. This refcount leakshows up with BUG_ON() during DLPAR remove operation as: KernelBug: Kernel bug in state 'None': kernel BUG at arch/powerpc/platforms/pseries/iommu.c:100! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=8192 NUMA pSeries Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_016) hv:phyp pSeries NIP: c0000000000ff4d4 LR: c0000000000ff4cc CTR: 0000000000000000 REGS: c0000013aed5f840 TRAP: 0700 Tainted: G I (6.8.0-rc3-autotest-g99bd3cb0d12e) MSR: 8000000000029033 CR: 44002402 XER: 20040000 CFAR: c000000000a0d170 IRQMASK: 0 ... NIP iommu_reconfig_notifier+0x94/0x200 LR iommu_reconfig_notifier+0x8c/0x200 Call Trace: iommu_reconfig_notifier+0x8c/0x200 (unreliable) notifier_call_chain+0xb8/0x19c blocking_notifier_call_chain+0x64/0x98 of_reconfig_notify+0x44/0xdc of_detach_node+0x78/0xb0 ofdt_write.part.0+0x86c/0xbb8 proc_reg_write+0xf4/0x150 vfs_write+0xf8/0x488 ksys_write+0x84/0x140 system_call_exception+0x138/0x330 system_call_vectored_common+0x15c/0x2ecThe patch adds the missing iommu_group_put() call.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1008", "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252277 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.252277"], ["2024", "CVE-2024-26649", "In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: Fix the null pointer when load rlc firmwareIf the RLC firmware is invalid because of wrong header size,the pointer to the rlc firmware is released in functionamdgpu_ucode_request. There will be a null pointer errorin subsequent use. So skip validation to fix it.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1148", "Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22240", "Aria Operations for Networks contains a local file read vulnerability.\u00a0A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31031", "An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20345", "A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0224", "Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32258", "The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/liyansong2018/CVE-2024-32258
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/TASEmulators/fceux/issues/727
https://github.com/liyansong2018/CVE-2024-32258"], ["2024", "CVE-2024-21029", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-25531", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#searchcondictionaspx"], ["2024", "CVE-2024-1059", "Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20254", "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.

Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22211", "FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59"], ["2024", "CVE-2024-26589", "In the Linux kernel, the following vulnerability has been resolved:bpf: Reject variable offset alu on PTR_TO_FLOW_KEYSFor PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed offfor validation. However, variable offset ptr alu is not prohibitedfor this ptr kind. So the variable offset is not checked.The following prog is accepted: func#0 @0 0: R1=ctx() R10=fp0 0: (bf) r6 = r1 ; R1=ctx() R6_w=ctx() 1: (79) r7 = *(u64 *)(r6 +144) ; R6_w=ctx() R7_w=flow_keys() 2: (b7) r8 = 1024 ; R8_w=1024 3: (37) r8 /= 1 ; R8_w=scalar() 4: (57) r8 &= 1024 ; R8_w=scalar(smin=smin32=0, smax=umax=smax32=umax32=1024,var_off=(0x0; 0x400)) 5: (0f) r7 += r8 mark_precise: frame0: last_idx 5 first_idx 0 subseq_idx -1 mark_precise: frame0: regs=r8 stack= before 4: (57) r8 &= 1024 mark_precise: frame0: regs=r8 stack= before 3: (37) r8 /= 1 mark_precise: frame0: regs=r8 stack= before 2: (b7) r8 = 1024 6: R7_w=flow_keys(smin=smin32=0,smax=umax=smax32=umax32=1024,var_off =(0x0; 0x400)) R8_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=1024, var_off=(0x0; 0x400)) 6: (79) r0 = *(u64 *)(r7 +0) ; R0_w=scalar() 7: (95) exitThis prog loads flow_keys to r7, and adds the variable offset r8to r7, and finally causes out-of-bounds access: BUG: unable to handle page fault for address: ffffc90014c80038 [...] Call Trace: bpf_dispatcher_nop_func include/linux/bpf.h:1231 [inline] __bpf_prog_run include/linux/filter.h:651 [inline] bpf_prog_run include/linux/filter.h:658 [inline] bpf_prog_run_pin_on_cpu include/linux/filter.h:675 [inline] bpf_flow_dissect+0x15f/0x350 net/core/flow_dissector.c:991 bpf_prog_test_run_flow_dissector+0x39d/0x620 net/bpf/test_run.c:1359 bpf_prog_test_run kernel/bpf/syscall.c:4107 [inline] __sys_bpf+0xf8f/0x4560 kernel/bpf/syscall.c:5475 __do_sys_bpf kernel/bpf/syscall.c:5561 [inline] __se_sys_bpf kernel/bpf/syscall.c:5559 [inline] __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:5559 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bFix this by rejecting ptr alu with variable offset on flow_keys.Applying the patch rejects the program with \"R7 pointer arithmeticon flow_keys prohibited\".", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1119", "The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21078", "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2370", "** REJECT ** DO NOT USE THIS CVE ID NUMBER. Consult IDs: CVE-2018-5341. Reason: This CVE Record is a duplicate of CVE-2018-5341. Notes: All CVE users should reference CVE-2018-5341 instead of this record.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27574", "SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters.", "https://github.com/7WaySecurity/vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-0275", "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file item_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249830 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27673", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/Alaatk/CVE-2024-27673
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2077", "A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255393 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/yethu123/vulns-finding/blob/main/Simple%20Online%20Bidding%20System.md"], ["2024", "CVE-2024-29862", "The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25875", "A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-undertitel-v0.13.1.md"], ["2024", "CVE-2024-22287", "Cross-Site Request Forgery (CSRF) vulnerability in Lud\u011bk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20013", "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.", "https://github.com/Resery/Resery
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27970", "Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25935", "Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27733", "File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Sadw11v/cve/blob/main/upload.md"], ["2024", "CVE-2024-2137", "The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0032", "In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27622", "A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.", "https://github.com/capture0x/My-CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29833", "The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27921", "Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc"], ["2024", "CVE-2024-20042", "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID: ALPS08541780.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22007", "In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25964", "Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22396", "An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29452", "** DISPUTED ** An insecure deserialization vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29452", "No PoCs from references."], ["2024", "CVE-2024-22225", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2344", "The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "No PoCs found on GitHub currently.", "https://gist.github.com/Xib3rR4dAr/05a32f63d75082ab05de27e313e70fa3"], ["2024", "CVE-2024-25445", "Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://bugs.launchpad.net/hugin/+bug/2025038"], ["2024", "CVE-2024-4648", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0301", "A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22365", "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "https://github.com/GrigGM/05-virt-04-docker-hw
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fokypoky/places-list", "No PoCs from references."], ["2024", "CVE-2024-29792", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.93.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31005", "An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment", "No PoCs found on GitHub currently.", "https://github.com/axiomatic-systems/Bento4/issues/941"], ["2024", "CVE-2024-27983", "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.", "https://github.com/Ampferl/poc_http2-continuation-flood
https://github.com/DrewskyDev/H2Flood
https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
https://github.com/hex0punk/cont-flood-poc
https://github.com/lirantal/CVE-2024-27983-nodejs-http2
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-23289", "A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4588", "A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263310 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/19.md"], ["2024", "CVE-2024-27680", "Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the \"Contact form.\"", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/xiaolanjing0/cms/blob/main/4.md"], ["2024", "CVE-2024-34760", "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25414", "An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.", "https://github.com/capture0x/My-CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/capture0x/CSZ_CMS
https://packetstormsecurity.com/files/175889/CSZ-CMS-1.3.0-Shell-Upload.html"], ["2024", "CVE-2024-0210", "Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file", "No PoCs found on GitHub currently.", "https://gitlab.com/wireshark/wireshark/-/issues/19504"], ["2024", "CVE-2024-0181", "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.249433"], ["2024", "CVE-2024-29891", "ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in the browser, where a session in ZITADEL needs to be active for this exploit to work. The exploit could only be reproduced if the victim was using Firefox. Chrome, Safari as well as Edge did not execute the code. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2255", "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.5.2 due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0350", "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-23058", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md"], ["2024", "CVE-2024-30229", "Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3139", "A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Sospiro014/zday1/blob/main/Laboratory_Management_System.md"], ["2024", "CVE-2024-30239", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27441", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3129", "A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258873 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Sospiro014/zday1/blob/main/Image_Accordion_Gallery.md"], ["2024", "CVE-2024-24768", "1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.", "https://github.com/seyrenus/trace-release", "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h"], ["2024", "CVE-2024-27993", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33110", "D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yj94/Yj_learning", "https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md"], ["2024", "CVE-2024-25896", "ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter.", "No PoCs found on GitHub currently.", "https://github.com/ChurchCRM/CRM/issues/6854"], ["2024", "CVE-2024-22264", "VMware Avi Load Balancer contains a privilege escalation vulnerability.\u00a0A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29413", "Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function.", "No PoCs found on GitHub currently.", "https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2024-29413"], ["2024", "CVE-2024-29881", "TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0191", "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-4609", "A vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23108", "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via\u00a0crafted API requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0311", "A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code.", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10418"], ["2024", "CVE-2024-29990", "Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2214", "In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-25987", "In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22235", "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with administrative access to the local system can escalate privileges to 'root'.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29442", "** DISPUTED ** An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29442", "No PoCs from references."], ["2024", "CVE-2024-24739", "SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2354", "A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29660", "Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22386", "A race condition was found in the Linux kernel's drm/exynos device driver in\u00a0exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25974", "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.", "No PoCs found on GitHub currently.", "http://seclists.org/fulldisclosure/2024/Feb/23
https://r.sec-consult.com/openolat"], ["2024", "CVE-2024-22017", "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25677", "In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2176", "Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27772", "Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 -CWE-78: 'OS Command Injection' may allow RCE", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27632", "An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.", "https://github.com/ally-petitt/CVE-2024-27632
https://github.com/nomi-sec/PoC-in-GitHub", "https://medium.com/@allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3"], ["2024", "CVE-2024-20052", "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33332", "An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.", "No PoCs found on GitHub currently.", "https://github.com/wy876/cve/issues/3"], ["2024", "CVE-2024-25925", "Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29872", "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0/sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2067", "A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255382 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/SQL%20Injection%20delete-computer.php%20.md"], ["2024", "CVE-2024-27960", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20003", "In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).", "https://github.com/Shangzewen/U-Fuzz
https://github.com/asset-group/5ghoul-5g-nr-attacks
https://github.com/asset-group/U-Fuzz
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33272", "SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts() components.", "No PoCs found on GitHub currently.", "https://security.friendsofpresta.org/modules/2024/04/25/autosuggest.html"], ["2024", "CVE-2024-1109", "The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26599", "In the Linux kernel, the following vulnerability has been resolved:pwm: Fix out-of-bounds access in of_pwm_single_xlate()With args->args_count == 2 args->args[2] is not defined. Actually theflags are contained in args->args[1].", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22190", "GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.", "https://github.com/PBorocz/manage
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/gitpython-developers/GitPython/pull/1792
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx"], ["2024", "CVE-2024-0265", "A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE", "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py"], ["2024", "CVE-2024-34484", "OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/faucetsdn/ryu/issues/194"], ["2024", "CVE-2024-27564", "A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.", "https://github.com/tanjiti/sec_profile", "https://github.com/dirk1983/chatgpt/issues/114"], ["2024", "CVE-2024-21068", "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-32359", "An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster.", "No PoCs found on GitHub currently.", "https://github.com/HouqiyuA/k8s-rbac-poc"], ["2024", "CVE-2024-25521", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#get_companyaspx"], ["2024", "CVE-2024-2220", "The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/fe8c001e-8880-4570-b010-a41fc8ee0c58/"], ["2024", "CVE-2024-1049", "The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33124", "Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function..", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28848", "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `\u200eCompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/policies/validation/condition/` endpoint passes user-controlled data `CompiledRule::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and therefore any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-236`. This issue may lead to Remote Code Execution and has been resolved in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/tequilasunsh1ne/OpenMetadata_policies_spel
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r"], ["2024", "CVE-2024-21039", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2331", "A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2271", "A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256041 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Shop/Blind%20SQL%20Injection%20Shop.php%20.md"], ["2024", "CVE-2024-26719", "In the Linux kernel, the following vulnerability has been resolved:nouveau: offload fence uevents work to workqueueThis should break the deadlock between the fctx lock and the irq lock.This offloads the processing off the work from the irq into a workqueue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22081", "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0156", "Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Overflow vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2053", "The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the \"www-data\" user. This issue was demonstrated on version 4.50 of the\u00a0The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the \"www-data\" user.", "No PoCs found on GitHub currently.", "http://seclists.org/fulldisclosure/2024/Mar/11
https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt"], ["2024", "CVE-2024-27657", "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28429", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/itsqian797/cms/blob/main/2.md"], ["2024", "CVE-2024-35849", "In the Linux kernel, the following vulnerability has been resolved:btrfs: fix information leak in btrfs_ioctl_logical_to_ino()Syzbot reported the following information leak for inbtrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x110 lib/usercopy.c:40 copy_to_user include/linux/uaccess.h:191 [inline] btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: __kmalloc_large_node+0x231/0x370 mm/slub.c:3921 __do_kmalloc_node mm/slub.c:3954 [inline] __kmalloc_node+0xb07/0x1060 mm/slub.c:3973 kmalloc_node include/linux/slab.h:648 [inline] kvmalloc_node+0xc0/0x2d0 mm/util.c:634 kvmalloc include/linux/slab.h:766 [inline] init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779 btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Bytes 40-65535 of 65536 are uninitialized Memory access of size 65536 starts at ffff888045a40000This happens, because we're copying a 'struct btrfs_data_container' backto user-space. This btrfs_data_container is allocated in'init_data_container()' via kvmalloc(), which does not zero-fill thememory.Fix this by using kvzalloc() which zeroes out the memory on allocation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20037", "In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27954", "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.", "https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC", "No PoCs from references."], ["2024", "CVE-2024-31343", "Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29745", "there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/toxyl/lscve", "No PoCs from references."], ["2024", "CVE-2024-22132", "SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25851", "Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/no1rr/Vulnerability/blob/master/netis/igd_wps_set_wps_ap_ssid5g.md
https://github.com/no1rr/Vulnerability/blob/master/netis/other_para_config_sequence.md"], ["2024", "CVE-2024-33306", "SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via \"First Name\" parameter in Create User.", "No PoCs found on GitHub currently.", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-33306.md"], ["2024", "CVE-2024-28569", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-2282", "A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20Login.md
https://vuldb.com/?id.256049"], ["2024", "CVE-2024-0296", "A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2002", "A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt"], ["2024", "CVE-2024-2393", "A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27905", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora.An endpoint exposing internals to unauthenticated users can be used as a \"padding oracle\" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31083", "A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22163", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shield Security Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security: from n/a through 18.5.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33217", "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25940", "`bhyveload -h ` may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to.\u00a0In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25643", "The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27746", "SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.", "No PoCs found on GitHub currently.", "https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27746.md"], ["2024", "CVE-2024-0649", "A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function download_network_image of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251375.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21444", "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30730", "** DISPUTED ** An insecure logging vulnerability has been identified within ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows attackers to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30730", "No PoCs from references."], ["2024", "CVE-2024-4240", "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. This affects the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_auto.md"], ["2024", "CVE-2024-24321", "An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.", "No PoCs found on GitHub currently.", "https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md
https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-1525", "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33559", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.", "https://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-33788", "Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.", "https://github.com/H4lo/awesome-IoT-security-article
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ymkyu/CVE/tree/main/CVE-2024-33788"], ["2024", "CVE-2024-30973", "An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc.", "https://github.com/Athos-Zago/CVE-2024-30973
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Athos-Zago/CVE-2024-30973/tree/main"], ["2024", "CVE-2024-32876", "NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in Arbitrary Code Execution. This is because backups are serialized/deserialized using Java's Object Serialization Stream Protocol, which can allow constructing any class in the app, unless properly restricted.To exploit this vulnerability, an attacker would need to build a backup file containing the exploit, and then persuade a user into importing it. During the import process, the malicious code would be executed, possibly crashing the app, stealing user data from the NewPipe app, performing nasty actions through Android APIs, and attempting Android JVM/Sandbox escapes through vulnerabilities in the Android OS.The attack can take place only if the user imports a malicious backup file, so an attacker would need to trick a user into importing a backup file from a source they can control. The implementation details of the malicious backup file can be independent of the attacked user or the device they are being run on, and do not require additional privileges.All NewPipe versions from 0.13.4 to 0.26.1 are vulnerable. NewPipe version 0.27.0 fixes the issue by doing the following: Restrict the classes that can be deserialized when calling Java's Object Serialization Stream Protocol, by adding a whitelist with only innocuous data-only classes that can't lead to Arbitrary Code Execution; deprecate backups serialized with Java's Object Serialization Stream Protocol; use JSON serialization for all newly created backups (but still include an alternative file serialized with Java's Object Serialization Stream Protocol in the backup zip for backwards compatibility); show a warning to the user when attempting to import a backup where the only available serialization mode is Java's Object Serialization Stream Protocol (note that in the future this serialization mode will be removed completely).", "No PoCs found on GitHub currently.", "https://github.com/TeamNewPipe/NewPipe/security/advisories/GHSA-wxrm-jhpf-vp6v"], ["2024", "CVE-2024-23893", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid\u00a0parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28276", "Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/unrealjbr/CVE-2024-28276", "No PoCs from references."], ["2024", "CVE-2024-21504", "Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://security.snyk.io/vuln/SNYK-PHP-LIVEWIRELIVEWIRE-6446222"], ["2024", "CVE-2024-4300", "E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and database host IP address. With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27399", "In the Linux kernel, the following vulnerability has been resolved:Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeoutThere is a race condition between l2cap_chan_timeout() andl2cap_chan_del(). When we use l2cap_chan_del() to delete thechannel, the chan->conn will be set to null. But the conn couldbe dereferenced again in the mutex_lock() of l2cap_chan_timeout().As a result the null pointer dereference bug will happen. TheKASAN report triggered by POC is shown below:[ 472.074580] ==================================================================[ 472.075284] BUG: KASAN: null-ptr-deref in mutex_lock+0x68/0xc0[ 472.075308] Write of size 8 at addr 0000000000000158 by task kworker/0:0/7[ 472.075308][ 472.075308] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.9.0-rc5-00356-g78c0094a146b #36[ 472.075308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4[ 472.075308] Workqueue: events l2cap_chan_timeout[ 472.075308] Call Trace:[ 472.075308] [ 472.075308] dump_stack_lvl+0x137/0x1a0[ 472.075308] print_report+0x101/0x250[ 472.075308] ? __virt_addr_valid+0x77/0x160[ 472.075308] ? mutex_lock+0x68/0xc0[ 472.075308] kasan_report+0x139/0x170[ 472.075308] ? mutex_lock+0x68/0xc0[ 472.075308] kasan_check_range+0x2c3/0x2e0[ 472.075308] mutex_lock+0x68/0xc0[ 472.075308] l2cap_chan_timeout+0x181/0x300[ 472.075308] process_one_work+0x5d2/0xe00[ 472.075308] worker_thread+0xe1d/0x1660[ 472.075308] ? pr_cont_work+0x5e0/0x5e0[ 472.075308] kthread+0x2b7/0x350[ 472.075308] ? pr_cont_work+0x5e0/0x5e0[ 472.075308] ? kthread_blkcg+0xd0/0xd0[ 472.075308] ret_from_fork+0x4d/0x80[ 472.075308] ? kthread_blkcg+0xd0/0xd0[ 472.075308] ret_from_fork_asm+0x11/0x20[ 472.075308] [ 472.075308] ==================================================================[ 472.094860] Disabling lock debugging due to kernel taint[ 472.096136] BUG: kernel NULL pointer dereference, address: 0000000000000158[ 472.096136] #PF: supervisor write access in kernel mode[ 472.096136] #PF: error_code(0x0002) - not-present page[ 472.096136] PGD 0 P4D 0[ 472.096136] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI[ 472.096136] CPU: 0 PID: 7 Comm: kworker/0:0 Tainted: G B 6.9.0-rc5-00356-g78c0094a146b #36[ 472.096136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4[ 472.096136] Workqueue: events l2cap_chan_timeout[ 472.096136] RIP: 0010:mutex_lock+0x88/0xc0[ 472.096136] Code: be 08 00 00 00 e8 f8 23 1f fd 4c 89 f7 be 08 00 00 00 e8 eb 23 1f fd 42 80 3c 23 00 74 08 48 88[ 472.096136] RSP: 0018:ffff88800744fc78 EFLAGS: 00000246[ 472.096136] RAX: 0000000000000000 RBX: 1ffff11000e89f8f RCX: ffffffff8457c865[ 472.096136] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88800744fc78[ 472.096136] RBP: 0000000000000158 R08: ffff88800744fc7f R09: 1ffff11000e89f8f[ 472.096136] R10: dffffc0000000000 R11: ffffed1000e89f90 R12: dffffc0000000000[ 472.096136] R13: 0000000000000158 R14: ffff88800744fc78 R15: ffff888007405a00[ 472.096136] FS: 0000000000000000(0000) GS:ffff88806d200000(0000) knlGS:0000000000000000[ 472.096136] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ 472.096136] CR2: 0000000000000158 CR3: 000000000da32000 CR4: 00000000000006f0[ 472.096136] Call Trace:[ 472.096136] [ 472.096136] ? __die_body+0x8d/0xe0[ 472.096136] ? page_fault_oops+0x6b8/0x9a0[ 472.096136] ? kernelmode_fixup_or_oops+0x20c/0x2a0[ 472.096136] ? do_user_addr_fault+0x1027/0x1340[ 472.096136] ? _printk+0x7a/0xa0[ 472.096136] ? mutex_lock+0x68/0xc0[ 472.096136] ? add_taint+0x42/0xd0[ 472.096136] ? exc_page_fault+0x6a/0x1b0[ 472.096136] ? asm_exc_page_fault+0x26/0x30[ 472.096136] ? mutex_lock+0x75/0xc0[ 472.096136] ? mutex_lock+0x88/0xc0[ 472.096136] ? mutex_lock+0x75/0xc0[ 472.096136] l2cap_chan_timeo---truncated---", "No PoCs found on GitHub currently.", "https://git.kernel.org/stable/c/06acb75e7ed600d0bbf7bff5628aa8f24a97978c
https://git.kernel.org/stable/c/6466ee65e5b27161c846c73ef407f49dfa1bd1d9
https://git.kernel.org/stable/c/8960ff650aec70485b40771cd8e6e8c4cb467d33
https://git.kernel.org/stable/c/955b5b6c54d95b5e7444dfc81c95c8e013f27ac0
https://git.kernel.org/stable/c/adf0398cee86643b8eacde95f17d073d022f782c
https://git.kernel.org/stable/c/e137e2ba96e51902dc2878131823a96bf8e638ae
https://git.kernel.org/stable/c/e97e16433eb4533083b096a3824b93a5ca3aee79
https://git.kernel.org/stable/c/eb86f955488c39526534211f2610e48a5cf8ead4"], ["2024", "CVE-2024-23681", "Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.", "No PoCs found on GitHub currently.", "https://github.com/advisories/GHSA-98hq-4wmw-98w9
https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9"], ["2024", "CVE-2024-32664", "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27288", "1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds.", "https://github.com/seyrenus/trace-release
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-0589", "Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3471", "The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/a3c282fb-81b8-48bf-8c18-8366ea8ad9af/"], ["2024", "CVE-2024-21887", "A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.", "https://github.com/20142995/sectool
https://github.com/Chocapikk/CVE-2024-21887
https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887
https://github.com/GhostTroops/TOP
https://github.com/H4lo/awesome-IoT-security-article
https://github.com/HiS3/Ivanti-ICT-Snapshot-decryption
https://github.com/Marco-zcl/POC
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/Ostorlab/KEV
https://github.com/TheRedDevil1/Check-Vulns-Script
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887
https://github.com/emo-crab/attackerkb-api-rs
https://github.com/farukokutan/Threat-Intelligence-Research-Reports
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/gobysec/Goby
https://github.com/imhunterand/CVE-2024-21887
https://github.com/inguardians/ivanti-VPN-issues-2024-research
https://github.com/jake-44/Research
https://github.com/jamesfed/0DayMitigations
https://github.com/jaredfolkins/5min-cyber-notes
https://github.com/lions2012/Penetration_Testing_POC
https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/oways/ivanti-CVE-2024-21887
https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887
https://github.com/rxwx/pulse-meter
https://github.com/seajaysec/Ivanti-Connect-Around-Scan
https://github.com/stephen-murcott/Ivanti-ICT-Snapshot-decryption
https://github.com/tanjiti/sec_profile
https://github.com/toxyl/lscve
https://github.com/tucommenceapousser/CVE-2024-21887
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/xingchennb/POC-
https://github.com/yoryio/CVE-2023-46805", "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html"], ["2024", "CVE-2024-30862", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-index.md"], ["2024", "CVE-2024-35395", "TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3531", "A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file courses_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259901 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30922", "SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-26335", "swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/matthiaskramm/swftools/issues/222"], ["2024", "CVE-2024-24230", "Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23450", "A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.", "No PoCs found on GitHub currently.", "https://www.elastic.co/community/security"], ["2024", "CVE-2024-30621", "Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serverName_parameter_in_the_function_fromAdvSetMacMtuWan.md"], ["2024", "CVE-2024-30891", "A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.", "No PoCs found on GitHub currently.", "https://github.com/Lantern-r/IoT-vuln/blob/main/Tenda/AC18/formexeCommand.md"], ["2024", "CVE-2024-23672", "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1915", "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28005", "Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker who has obtained high privileges can execute arbitrary scripts.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28394", "An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30403", "A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps,\u00a0an\u00a0Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.This issue affects Juniper Networks Junos OS Evolved\u00a023.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23732", "The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4033", "The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33829", "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/xyaly163/cms/blob/main/1.md"], ["2024", "CVE-2024-29229", "Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-1756", "The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/0baedd8d-2bbe-4091-bec4-f99e25d7290d/"], ["2024", "CVE-2024-29338", "Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/PWwwww123/cms/blob/main/1.md"], ["2024", "CVE-2024-21825", "A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26146", "Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1647", "Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtainarbitrary local files. This is possible because the application does notvalidate the HTML content entered by the user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24043", "Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-28054", "Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4122", "A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetDebugCfg.md"], ["2024", "CVE-2024-3841", "Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20998", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-23763", "SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://herolab.usd.de/security-advisories/usd-2023-0047/"], ["2024", "CVE-2024-21666", "The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-c38c-c8mh-vq68"], ["2024", "CVE-2024-30683", "** DISPUTED ** A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30683", "No PoCs from references."], ["2024", "CVE-2024-30980", "SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page.", "No PoCs found on GitHub currently.", "https://medium.com/@shanunirwan/cve-2024-30980-sql-injection-vulnerability-in-cyber-cafe-management-system-using-php-mysql-v1-0-30bffd26dab7"], ["2024", "CVE-2024-1707", "A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254397 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/strik3r0x1/Vulns/blob/main/GARO_GLBDCMB-T274WO_Stored_XSS.md"], ["2024", "CVE-2024-23860", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29278", "funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in \"create a message .\"", "https://github.com/QDming/cve
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1791", "The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28182", "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.", "https://github.com/Ampferl/poc_http2-continuation-flood
https://github.com/DrewskyDev/H2Flood
https://github.com/TimoTielens/TwT.Docker.Aspnet
https://github.com/TimoTielens/httpd-security
https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/lockness-Ko/CVE-2024-27316", "No PoCs from references."], ["2024", "CVE-2024-28213", "nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.", "https://github.com/0x1x02/CVE-2024-28213
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1892", "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b"], ["2024", "CVE-2024-32481", "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. Any contract having a `range(start, start + N)` where `start` is a signed integer with the possibility for `start` to be negative is affected. If a call goes through the loop while supplying a negative `start` the execution will revert. Version 0.4.0b1 fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj"], ["2024", "CVE-2024-30584", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security.md"], ["2024", "CVE-2024-2669", "A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/employee/controller.php of the component GET Parameter Handler. The manipulation of the argument EMPLOYEEID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257369 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25168", "SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/biantaibao/snow_SQL/blob/main/report.md"], ["2024", "CVE-2024-2729", "The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/5014f886-020e-49d1-96a5-2159eed8ba14/"], ["2024", "CVE-2024-32650", "Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.", "No PoCs found on GitHub currently.", "https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj"], ["2024", "CVE-2024-21421", "Azure SDK Spoofing Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3445", "A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1540", "A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to unauthorized modification of the base repository or secrets exfiltration. The issue arises from the unsafe handling of GitHub context information within a `run` operation, where expressions inside `${{ }}` are evaluated and substituted before script execution. Remediation involves setting untrusted input values to intermediate environment variables to prevent direct influence on script generation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26350", "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25139", "In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/microsoft/Microsoft-TP-Link-Research-Team", "No PoCs from references."], ["2024", "CVE-2024-28242", "Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4334", "The Supreme Modules Lite \u2013 Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the \u2018typing_cursor\u2019 parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1983", "The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/bf3a31de-a227-4db1-bd18-ce6a78dc96fb/"], ["2024", "CVE-2024-28093", "The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account.", "https://github.com/actuator/cve", "No PoCs from references."], ["2024", "CVE-2024-21470", "Memory corruption while allocating memory for graphics.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30704", "** DISPUTED ** An insecure deserialization vulnerability has been identified in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30704", "No PoCs from references."], ["2024", "CVE-2024-2778", "A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257612.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25079", "A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22588", "Kwik commit 745fd4e2 does not discard unused encryption keys.", "https://github.com/QUICTester/QUICTester
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5118", "A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265198 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20SQL%20Injection%20-%201.md"], ["2024", "CVE-2024-3785", "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26181", "Windows Kernel Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30807", "An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4_UnknownAtom::~AP4_UnknownAtom at Ap4Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42ts.", "No PoCs found on GitHub currently.", "https://github.com/axiomatic-systems/Bento4/issues/937"], ["2024", "CVE-2024-28120", "codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Exafunction/codeium-chrome/security/advisories/GHSA-8c7j-2h97-q63p
https://securitylab.github.com/advisories/GHSL-2024-027_GHSL-2024-028_codeium-chrome"], ["2024", "CVE-2024-1830", "A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254618 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/jxp98/VulResearch/blob/main/2024/02/3.5Library%20System%20In%20PHP%20-%20SQL%20Injection-student_lostpass.md"], ["2024", "CVE-2024-21652", "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This is a critical security vulnerability that allows attackers to bypass the brute force login protection mechanism. Not only can they crash the service affecting all users, but they can also make unlimited login attempts, increasing the risk of account compromise. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv"], ["2024", "CVE-2024-26032", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1733", "The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3776", "The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1673", "Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1970", "A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255126 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/OnlineLearningSystemV2-XSS.md"], ["2024", "CVE-2024-3875", "A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260909 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromNatlimit.md"], ["2024", "CVE-2024-4116", "A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelDhcpRule.md"], ["2024", "CVE-2024-21483", "A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process.

An attacker with physical access to the device could read out the data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32472", "excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as iframe's `srcdoc` without properly sanitizing against HTML injection. Second by improperly sanitizing against attribute HTML injection. This in conjunction with allowing `allow-same-origin` sandbox flag (necessary for several embeds) resulted in the XSS. This vulnerability is fixed in 0.17.6 and 0.16.4.", "No PoCs found on GitHub currently.", "https://github.com/excalidraw/excalidraw/security/advisories/GHSA-m64q-4jqh-f72f"], ["2024", "CVE-2024-1861", "The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28171", "It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26063", "Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information, potentially bypassing security measures. Exploitation of this issue does not require user interaction.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21900", "An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 build 20231110 and laterQuTS hero h5.1.3.2578 build 20231110 and laterQuTScloud c5.1.5.2651 and later", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2999", "A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258201 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1622", "Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23646", "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.", "No PoCs found on GitHub currently.", "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv"], ["2024", "CVE-2024-1921", "A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254856.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3824", "The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/749ae334-b1d1-421e-a04c-35464c961a4a/"], ["2024", "CVE-2024-4156", "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018eael_event_text_color\u2019 parameter in versions up to, and including, 5.9.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32523", "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EverPress Mailster allows PHP Local File Inclusion.This issue affects Mailster: from n/a through 4.0.6.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/truonghuuphuc/CVE-2024-32523-Poc", "No PoCs from references."], ["2024", "CVE-2024-1930", "No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via\u00a0No Limit on Number of Open Sessions.There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method.\u00a0For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.openwall.com/lists/oss-security/2024/03/04/2"], ["2024", "CVE-2024-31849", "A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.", "https://github.com/Ostorlab/KEV
https://github.com/Stuub/CVE-2024-31848-PoC", "https://www.tenable.com/security/research/tra-2024-09"], ["2024", "CVE-2024-1633", "During the secure boot, bl2 (the second stage ofthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.For each image, the bl2 reads the image length and destination from the image\u2019scertificate.\u00a0Because of the way of reading from the image, which base on\u00a032-bit unsigned integer value, it can result to\u00a0an integer overflow.\u00a0An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from\u00a0c2f286820471ed276c57e603762bd831873e5a17 until (not", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21851", "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26132", "Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported=\"false\"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21911", "TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23717", "In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "No PoCs found on GitHub currently.", "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c5c528beb6e1cfed3ec93a3a264084df32ce83c2"], ["2024", "CVE-2024-28160", "Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31818", "Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.", "https://github.com/Chocapikk/My-CVEs", "No PoCs from references."], ["2024", "CVE-2024-4296", "The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21492", "All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the \"Sign Out\" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/"], ["2024", "CVE-2024-30477", "Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23606", "An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26163", "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3767", "A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260614 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%203.md"], ["2024", "CVE-2024-2899", "A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257942 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWirelessRepeat.md"], ["2024", "CVE-2024-23746", "Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents).", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/louiselalanne/CVE-2024-23746
https://github.com/louiselalanne/louiselalanne
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/louiselalanne/CVE-2024-23746"], ["2024", "CVE-2024-1821", "A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file police_add.php. The manipulation of the argument police_name/police_id/police_spec/password leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254609 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/jxp98/VulResearch/blob/main/2024/02/2Crime%20Reporting%20System%20-%20SQL%20Injection-police_add.md"], ["2024", "CVE-2024-24095", "Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.", "https://github.com/ASR511-OO7/CVE-2024-24095
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-24304", "In the module \"Mailjet\" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1500", "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3405", "The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/6968d43c-16ff-43a9-8451-71aabbe69014/"], ["2024", "CVE-2024-26190", "Microsoft QUIC Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26201", "Microsoft Intune Linux Agent Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30715", "** DISPUTED ** A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30715", "No PoCs from references."], ["2024", "CVE-2024-3897", "The Popup Box \u2013 Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4265", "The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1992", "** REJECT ** Rejected as duplicate of CVE-2024-2306", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2769", "A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257605 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25128", "Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability.", "https://github.com/securitycipher/daily-bugbounty-writeups", "No PoCs from references."], ["2024", "CVE-2024-2629", "Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28253", "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/tanjiti/sec_profile
https://github.com/tequilasunsh1ne/OpenMetadata_policies_rce
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-7vf4-x5m2-r6gr"], ["2024", "CVE-2024-5049", "A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264746 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/polaris0x1/CVE/issues/2"], ["2024", "CVE-2024-1551", "Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2738", "The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the \u2018s\u2019 parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "No PoCs found on GitHub currently.", "https://gist.github.com/Xib3rR4dAr/561ac3c17b92cb55d3032504a076fa4b
https://gist.github.com/Xib3rR4dAr/b1eec00e844932c6f2f30a63024b404e"], ["2024", "CVE-2024-21430", "Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4234", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayful Islam Filterable Portfolio allows Stored XSS.This issue affects Filterable Portfolio: from n/a through 1.6.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30604", "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md"], ["2024", "CVE-2024-30595", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceId.md"], ["2024", "CVE-2024-4374", "The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28193", "your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify API access and refresh tokens to guest users. Attackers with access to a public token for guest access to YourSpotify can therefore obtain access to Spotify API tokens of YourSpotify users. As a consequence, attackers may extract profile information, information about listening habits, playlists and other information from the corresponding Spotify profile. In addition, the attacker can pause and resume playback in the Spotify app at will. This issue has been resolved in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-3782-758f-mj85"], ["2024", "CVE-2024-1883", "This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2678", "A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257378 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3514", "** REJECT ** **DUPLICATE** Please use CVE-2024-1846 instead.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1487", "The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/c028cd73-f30a-4c8b-870f-3071055f0496/"], ["2024", "CVE-2024-24112", "xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-23871", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3582", "The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/5a348b5d-13aa-40c3-9d21-0554683f8019/"], ["2024", "CVE-2024-29269", "An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.", "https://github.com/Ostorlab/KEV
https://github.com/YongYe-Security/CVE-2024-29269
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/wjlin0/poc-doc
https://github.com/wutalent/CVE-2024-29269
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-20989", "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony POS). Supported versions that are affected are 19.1.0-19.5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-3910", "A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_page.md"], ["2024", "CVE-2024-30692", "** DISPUTED ** A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) in the ROS2 nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30692", "No PoCs from references."], ["2024", "CVE-2024-21677", "This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version.If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.htmlYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was reported via our Bug Bounty program.", "https://github.com/NaInSec/CVE-LIST
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-32406", "Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/178251/Relate-Learning-And-Teaching-System-SSTI-Remote-Code-Execution.html"], ["2024", "CVE-2024-23772", "An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\\SYSTEM privileges.", "https://github.com/Verrideo/CVE-2024-23772
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28105", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.", "No PoCs found on GitHub currently.", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf"], ["2024", "CVE-2024-28294", "Limbas up to v5.2.14 was discovered to contain a SQL injection vulnerability via the ftid parameter.", "No PoCs found on GitHub currently.", "https://gist.github.com/lx39214/248dc58c6d05455d4bd06c4d3df8e2d0"], ["2024", "CVE-2024-4133", "The ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirect_to parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28045", "Improper neutralization of input within the affected product could lead to cross-site scripting.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29238", "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-3642", "The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/dc44d85f-afe8-4824-95b0-11b9abfb04d8/"], ["2024", "CVE-2024-3941", "The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/6e09e922-983c-4406-8053-747d839995d1/"], ["2024", "CVE-2024-21626", "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue.", "https://github.com/20142995/sectool
https://github.com/EGI-Federation/SVG-advisories
https://github.com/GhostTroops/TOP
https://github.com/KubernetesBachelor/CVE-2024-21626
https://github.com/NitroCao/CVE-2024-21626
https://github.com/R3DRUN3/R3DRUN3
https://github.com/Sk3pper/CVE-2024-21626
https://github.com/SrcVme50/Runner
https://github.com/Threekiii/CVE
https://github.com/V0WKeep3r/CVE-2024-21626-runcPOC
https://github.com/Wall1e/CVE-2024-21626-POC
https://github.com/abian2/CVE-2024-21626
https://github.com/alban/runc-vuln-detector
https://github.com/alban/runc-vuln-gadget
https://github.com/aneasystone/github-trending
https://github.com/bfengj/Cloud-Security
https://github.com/cdxiaodong/CVE-2024-21626
https://github.com/dorser/cve-2024-21626
https://github.com/fireinrain/github-trending
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/jafshare/GithubTrending
https://github.com/jiayy/android_vuln_poc-exp
https://github.com/k8sstormcenter/honeycluster
https://github.com/laysakura/CVE-2024-21626-demo
https://github.com/laysakura/resume-jp
https://github.com/mightysai1997/leaky-vessels-dynamic-detector
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/opencontainers-sec/go-containersec
https://github.com/samokat-oss/pisc
https://github.com/securitycipher/daily-bugbounty-writeups
https://github.com/snyk/leaky-vessels-dynamic-detector
https://github.com/snyk/leaky-vessels-static-detector
https://github.com/ssst0n3/c-listener
https://github.com/ssst0n3/fd-listener
https://github.com/tanjiti/sec_profile
https://github.com/tarihub/offlinepost
https://github.com/zhangguanzhang/CVE-2024-21626
https://github.com/zhaoolee/garss
https://github.com/zpxlz/CVE-2024-21626-POC", "http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html"], ["2024", "CVE-2024-1844", "The RevivePress \u2013 Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-28154", "Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4162", "A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28014", "Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command via the internet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24003", "jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.", "No PoCs found on GitHub currently.", "https://github.com/jishenghua/jshERP/issues/99"], ["2024", "CVE-2024-26106", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21865", "HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26297", "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.", "https://github.com/kaje11/CVEs", "No PoCs from references."], ["2024", "CVE-2024-30880", "Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function.", "No PoCs found on GitHub currently.", "https://github.com/jianyan74/rageframe2/issues/114"], ["2024", "CVE-2024-0749", "A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30630", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_time.md"], ["2024", "CVE-2024-4340", "Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/advisories/GHSA-2m57-hf25-phgg
https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/"], ["2024", "CVE-2024-32735", "An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\u00a0An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2024-14"], ["2024", "CVE-2024-20768", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33688", "Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3460", "In KioWare for Windows (versions all through 8.34)\u00a0it is possible to exit this software\u00a0and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs.\u00a0In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know\u00a0the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window.", "https://github.com/DojoSecurity/DojoSecurity
https://github.com/afine-com/research", "No PoCs from references."], ["2024", "CVE-2024-26264", "EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21896", "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21404", ".NET Denial of Service Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21795", "A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4200", "In Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27299", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the \"Add News\" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.", "No PoCs found on GitHub currently.", "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw"], ["2024", "CVE-2024-30661", "** DISPUTED ** An unauthorized access vulnerability has been discovered in ROS Melodic Morenia versions where ROS_VERSION is 1 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized information access to multiple ROS nodes remotely. Unauthorized information access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30661", "No PoCs from references."], ["2024", "CVE-2024-32764", "A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.We have already fixed the vulnerability in the following version:myQNAPcloud Link 2.4.51 and later", "https://github.com/Ostorlab/KEV
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27019", "In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()nft_unregister_obj() can concurrent with __nft_obj_type_get(),and there is not any protection when iterate over nf_tables_objectslist in __nft_obj_type_get(). Therefore, there is potential data-raceof nf_tables_objects list entry.Use list_for_each_entry_rcu() to iterate over nf_tables_objectslist in __nft_obj_type_get(), and use rcu_read_lock() in the callernft_obj_type_get() to protect the entire type query process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23882", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32867", "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1474", "In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24330", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md"], ["2024", "CVE-2024-30721", "** DISPUTED ** An arbitrary file upload vulnerability has been discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via a crafted payload to the file upload mechanism of the ROS2 system, including the server\u2019s functionality for handling file uploads and the associated validation processes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30721", "No PoCs from references."], ["2024", "CVE-2024-4251", "A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSe. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/fromDhcpSetSer.md"], ["2024", "CVE-2024-28327", "Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Insecure-Credential-Storage-CVE%E2%80%902024%E2%80%9028327"], ["2024", "CVE-2024-23550", "HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2153", "A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255585 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20View%20Order%20-%20Mobile%20Management%20Store.md"], ["2024", "CVE-2024-27757", "flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product \"ceased its development as of February 2024.\"", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/jubilianite/flusity-CMS/security/advisories/GHSA-5843-5m74-7fqh"], ["2024", "CVE-2024-25652", "In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"], ["2024", "CVE-2024-29946", "In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0056", "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25951", "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25811", "An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information.", "No PoCs found on GitHub currently.", "https://github.com/Fei123-design/vuln/blob/master/Dreamer%20CMS%20Unauthorized%20access%20vulnerability.md"], ["2024", "CVE-2024-27914", "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34466", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-34467. Reason: This candidate is a reservation duplicate of CVE-2024-34467. Notes: All CVE users should reference CVE-2024-34467 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25712", "http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://cosmosofcyberspace.github.io/improper_http_method_leads_to_xss/poc.html"], ["2024", "CVE-2024-29806", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0287", "A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28578", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-2102", "The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Bookings' page and the malicious script is executed in the admin context.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/3d15f589-956c-4c71-98b1-3ba89d22262c/"], ["2024", "CVE-2024-2293", "The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27706", "Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues.", "No PoCs found on GitHub currently.", "https://github.com/b-hermes/vulnerability-research/blob/main/CVE-2024-27706/README.md"], ["2024", "CVE-2024-27497", "Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.", "https://github.com/Ostorlab/KEV
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25603", "Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25592", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31212", "InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receives an input from user and passes it unsanitized to the core model `filterFunc` function that further embeds this data in an SQL statement. This allows attackers to inject unwanted SQL code into the statement. The `period` should be escaped before inserting it in the query. As of time of publication, a patched version is not available.", "No PoCs found on GitHub currently.", "https://github.com/instantsoft/icms2/security/advisories/GHSA-qx95-w566-73fw"], ["2024", "CVE-2024-20026", "In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541632.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2042", "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25743", "In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.", "https://github.com/ahoi-attacks/heckler", "No PoCs from references."], ["2024", "CVE-2024-35858", "In the Linux kernel, the following vulnerability has been resolved:net: bcmasp: fix memory leak when bringing down interfaceWhen bringing down the TX rings we flush the rings but forget toreclaimed the flushed packets. This leads to a memory leak since wedo not free the dma mapped buffers. This also leads to tx controlblock corruption when bringing down the interface for powermanagement.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26708", "In the Linux kernel, the following vulnerability has been resolved:mptcp: really cope with fastopen raceFastopen and PM-trigger subflow shutdown can race, as reported bysyzkaller.In my first attempt to close such race, I missed the fact thatthe subflow status can change again before the subflow_state_changecallback is invoked.Address the issue additionally copying with all the states directlyreachable from TCP_FIN_WAIT1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1398", "The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018heading_title_tag\u2019 and \u2019heading_sub_title_tag\u2019 parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1009", "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn"], ["2024", "CVE-2024-22301", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0365", "The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators.", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/4b8b9638-d52a-40bc-b298-ae1c74788c18/"], ["2024", "CVE-2024-21028", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-0225", "Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22241", "Aria Operations for Networks contains a cross site scripting vulnerability.\u00a0A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26648", "In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()In edp_setup_replay(), 'struct dc *dc' & 'struct dmub_replay *replay'was dereferenced before the pointer 'link' & 'replay' NULL check.Fixes the below:drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28859", "Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. This vulnerability present no direct threat but is a vector that will enable remote code execution if a developper deserialize user untrusted data. Symfony 1 depends on Swift Mailer which is bundled by default in vendor directory in the default installation since 1.3.0. Swift Mailer classes implement some `__destruct()` methods. These methods are called when php destroys the object in memory. However, it is possible to include any object type in `$this->_keys` to make PHP access to another array/object properties than intended by the developer. In particular, it is possible to abuse the array access which is triggered on foreach($this->_keys ...) for any class implementing ArrayAccess interface. This may allow an attacker to execute any PHP command which leads to remote code execution. This issue has been addressed in version 1.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-wjv8-pxr6-5f4r"], ["2024", "CVE-2024-20255", "A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25530", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#get_find_condictionaspx"], ["2024", "CVE-2024-27575", "INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0274", "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument item_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249829 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21079", "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-26588", "In the Linux kernel, the following vulnerability has been resolved:LoongArch: BPF: Prevent out-of-bounds memory accessThe test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c, ra == 9000000003139e70 [ 130.640501] Oops[#3]: [ 130.640553] CPU: 0 PID: 1326 Comm: test_tag Tainted: G D O 6.7.0-rc4-loong-devel-gb62ab1a397cf #47 61985c1d94084daa2432f771daa45b56b10d8d2a [ 130.640764] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 [ 130.640874] pc 9000000003137f7c ra 9000000003139e70 tp 9000000104cb4000 sp 9000000104cb7a40 [ 130.641001] a0 ffff80001b894000 a1 ffff80001b897ff8 a2 000000006ba210be a3 0000000000000000 [ 130.641128] a4 000000006ba210be a5 00000000000000f1 a6 00000000000000b3 a7 0000000000000000 [ 130.641256] t0 0000000000000000 t1 00000000000007f6 t2 0000000000000000 t3 9000000004091b70 [ 130.641387] t4 000000006ba210be t5 0000000000000004 t6 fffffffffffffff0 t7 90000000040913e0 [ 130.641512] t8 0000000000000005 u0 0000000000000dc0 s9 0000000000000009 s0 9000000104cb7ae0 [ 130.641641] s1 00000000000007f6 s2 0000000000000009 s3 0000000000000095 s4 0000000000000000 [ 130.641771] s5 ffff80001b894000 s6 ffff80001b897fb0 s7 9000000004090c50 s8 0000000000000000 [ 130.641900] ra: 9000000003139e70 build_body+0x1fcc/0x4988 [ 130.642007] ERA: 9000000003137f7c build_body+0xd8/0x4988 [ 130.642112] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 130.642261] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 130.642353] EUEN: 00000003 (+FPE +SXE -ASXE -BTE) [ 130.642458] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 130.642554] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 130.642658] BADV: ffff80001b898004 [ 130.642719] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 130.642815] Modules linked in: [last unloaded: bpf_testmod(O)] [ 130.642924] Process test_tag (pid: 1326, threadinfo=00000000f7f4015f, task=000000006499f9fd) [ 130.643062] Stack : 0000000000000000 9000000003380724 0000000000000000 0000000104cb7be8 [ 130.643213] 0000000000000000 25af8d9b6e600558 9000000106250ea0 9000000104cb7ae0 [ 130.643378] 0000000000000000 0000000000000000 9000000104cb7be8 90000000049f6000 [ 130.643538] 0000000000000090 9000000106250ea0 ffff80001b894000 ffff80001b894000 [ 130.643685] 00007ffffb917790 900000000313ca94 0000000000000000 0000000000000000 [ 130.643831] ffff80001b894000 0000000000000ff7 0000000000000000 9000000100468000 [ 130.643983] 0000000000000000 0000000000000000 0000000000000040 25af8d9b6e600558 [ 130.644131] 0000000000000bb7 ffff80001b894048 0000000000000000 0000000000000000 [ 130.644276] 9000000104cb7be8 90000000049f6000 0000000000000090 9000000104cb7bdc [ 130.644423] ffff80001b894000 0000000000000000 00007ffffb917790 90000000032acfb0 [ 130.644572] ... [ 130.644629] Call Trace: [ 130.644641] [<9000000003137f7c>] build_body+0xd8/0x4988 [ 130.644785] [<900000000313ca94>] bpf_int_jit_compile+0x228/0x4ec [ 130.644891] [<90000000032acfb0>] bpf_prog_select_runtime+0x158/0x1b0 [ 130.645003] [<90000000032b3504>] bpf_prog_load+0x760/0xb44 [ 130.645089] [<90000000032b6744>] __sys_bpf+0xbb8/0x2588 [ 130.645175] [<90000000032b8388>] sys_bpf+0x20/0x2c [ 130.645259] [<9000000003f6ab38>] do_syscall+0x7c/0x94 [ 130.645369] [<9000000003121c5c>] handle_syscall+0xbc/0x158 [ 130.645507] [ 130.645539] Code: 380839f6 380831f9 28412bae <24000ca6> 004081ad 0014cb50 004083e8 02bff34c 58008e91 [ 130.645729] [ 130.646418] ---[ end trace 0000000000000000 ]---On my machine, which has CONFIG_PAGE_SIZE_16KB=y, the test failed atloading a BPF prog with 2039 instructions: prog = (struct bpf_prog *)ffff80001b894000 insn = (struct bpf_insn *)(prog->insnsi)fff---truncated---", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1118", "The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33164", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31061", "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field.", "No PoCs found on GitHub currently.", "https://github.com/sahildari/cve/blob/master/CVE-2024-31061.md
https://portswigger.net/web-security/cross-site-scripting/stored"], ["2024", "CVE-2024-33263", "QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.", "No PoCs found on GitHub currently.", "https://github.com/bellard/quickjs/issues/277"], ["2024", "CVE-2024-25874", "A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/dd3x3r/enhavo/blob/main/xss-create-tag-v0.13.1.md"], ["2024", "CVE-2024-27971", "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/truonghuuphuc/CVE-2024-27971-Note", "No PoCs from references."], ["2024", "CVE-2024-20012", "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24889", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2136", "The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0033", "In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25934", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31226", "Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\\Program.exe`, `C:\\Program.bat`, or `C:\\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20043", "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS08541781.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27920", "projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This advisory outlines the impacted users, provides details on the security patch, and suggests mitigation strategies. The vulnerability is addressed in Nuclei v3.2.0. Users are strongly recommended to update to this version to mitigate the security risk. Users should refrain from using custom workflows if unable to upgrade immediately. Only trusted, verified workflows should be executed.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27623", "CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.", "https://github.com/capture0x/My-CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29832", "The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue.Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22397", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22006", "OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4649", "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0240", "A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22224", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29513", "An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates.", "https://github.com/dru1d-foofus/briscKernelDriver", "https://github.com/dru1d-foofus/briscKernelDriver"], ["2024", "CVE-2024-0300", "A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/20142995/sectool
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tolkent/cve/blob/main/upload.md"], ["2024", "CVE-2024-29981", "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2314", "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29890", "DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem was fixed in the datalens-ui version `0.1449.0`. Restricting access to the API for creating or modifying charts (`/charts/api/charts/v1/`) would mitigate the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25415", "A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.", "https://github.com/capture0x/My-CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/capture0x/Phoenix
https://packetstormsecurity.com/files/175913/CE-Phoenix-1.0.8.20-Remote-Command-Execution.html"], ["2024", "CVE-2024-23288", "This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to elevate privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4618", "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4589", "A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/mytag_edit.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263311. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/20.md"], ["2024", "CVE-2024-33101", "A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.", "No PoCs found on GitHub currently.", "https://github.com/thinksaas/ThinkSAAS/issues/34"], ["2024", "CVE-2024-29793", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29402", "cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity.", "No PoCs found on GitHub currently.", "https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158"], ["2024", "CVE-2024-31004", "An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment.", "No PoCs found on GitHub currently.", "https://github.com/axiomatic-systems/Bento4/issues/941"], ["2024", "CVE-2024-22335", "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23059", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md"], ["2024", "CVE-2024-30228", "Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0351", "A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250119.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-3128", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android. This issue affects some unknown processing of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-258869 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The vendor was contacted early and responded very quickly. He does not intend to maintain the app anymore and will revoke the availability in the Google Play Store.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ctflearner/Android_Findings/blob/main/Replify-Messenger/Backup.md
https://vuldb.com/?submit.307761"], ["2024", "CVE-2024-0341", "A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2244", "REST service authentication anomaly with \u201cvalid username/no password\u201d credential combination for batch job processing resulting in successful service invocation. The anomaly doesn\u2019t exist with other credential combinations.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30238", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23049", "An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30378", "A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition.\u00a0 The process crashes and restarts automatically.When specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash.\u00a0 This process manages and controls the configuration of broadband subscriber sessions and services.\u00a0 While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.This issue only occurs if\u00a0Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.This issue affects Junos OS: * All versions before 20.4R3-S5, * from 21.1 before 21.1R3-S4, * from 21.2 before 21.2R3-S3, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3, * from 22.2 before 22.2R3, * from 22.3 before 22.3R2;", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4599", "Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23298", "A logic issue was addressed with improved state management.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23109", "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via\u00a0crafted API requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34771", "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0201", "The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0190", "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/codeb0ss/CVE-2024-0190-PoC", "No PoCs from references."], ["2024", "CVE-2024-2304", "The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27992", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25897", "ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.", "No PoCs found on GitHub currently.", "https://github.com/ChurchCRM/CRM/issues/6856"], ["2024", "CVE-2024-33111", "D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md"], ["2024", "CVE-2024-25986", "In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30269", "DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25514", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_template_child_field_listaspx"], ["2024", "CVE-2024-0310", "A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration.", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10417"], ["2024", "CVE-2024-0081", "NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.", "https://github.com/Sim4n6/Sim4n6", "No PoCs from references."], ["2024", "CVE-2024-2215", "A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2184", "Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25454", "Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/axiomatic-systems/Bento4/issues/875"], ["2024", "CVE-2024-0250", "The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/321b07d1-692f-48e9-a8e5-a15b38efa979/"], ["2024", "CVE-2024-2355", "A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.256315"], ["2024", "CVE-2024-29443", "** DISPUTED ** A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29443", "No PoCs from references."], ["2024", "CVE-2024-22234", "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly. * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-25676", "An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.", "No PoCs found on GitHub currently.", "https://excellium-services.com/cert-xlm-advisory/cve-2024-25676"], ["2024", "CVE-2024-27773", "Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 -CWE-348: Use of Less Trusted Source may allow RCE", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24988", "Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send\u00a0multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.", "https://github.com/c0rydoras/cves", "No PoCs from references."], ["2024", "CVE-2024-27930", "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20053", "In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22156", "Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25736", "An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/177083"], ["2024", "CVE-2024-0023", "In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "No PoCs found on GitHub currently.", "https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268"], ["2024", "CVE-2024-25627", "Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an XSS payload. This issue has been addressed in version 2.0-M4-2402. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/alfio-event/alf.io/security/advisories/GHSA-gpmg-8f92-37cf"], ["2024", "CVE-2024-22047", "A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20002", "In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27961", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codekraft AntiSpam for Contact Form 7 allows Reflected XSS.This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.0.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33273", "SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22107", "An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.", "No PoCs found on GitHub currently.", "https://adepts.of0x.cc/gtbcc-pwned/
https://x-c3ll.github.io/cves.html"], ["2024", "CVE-2024-29873", "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0/sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25767", "nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27662", "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2066", "A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-computer.php. The manipulation of the argument model leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255381 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20add-computer.php%20.md"], ["2024", "CVE-2024-24899", "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py.This issue affects aops-zeus: from 1.2.0 through 1.4.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21069", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-34714", "The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit d4e8e4830326f46ba17acd1307977ecd32a85b58, a critical check for the origin list was missed and allowed for messages to be sent to the extension which the extension gladly processed and responded back with the results of, while this wasn't supposed to happen and be blocked by the origin not being present in the origin list.This vulnerability exposes Hoppscotch Extension users to sites which call into Hoppscotch Extension APIs internally. This fundamentally allows any site running on the browser with the extension installed to bypass CORS restrictions if the user is running extensions with the given version. This security hole was patched in the commit 7e364b928ab722dc682d0fcad713a96cc38477d6 which was released along with the extension version `0.35`. As a workaround, Chrome users can use the Extensions Settings to disable the extension access to only the origins that you want. Firefox doesn't have an alternative to upgrading to a fixed version.", "No PoCs found on GitHub currently.", "https://github.com/hoppscotch/hoppscotch-extension/security/advisories/GHSA-jjh5-pvqx-gg5v"], ["2024", "CVE-2024-0264", "A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE", "https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py"], ["2024", "CVE-2024-27565", "A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests.", "No PoCs found on GitHub currently.", "https://github.com/dirk1983/chatgpt-wechat-personal/issues/4"], ["2024", "CVE-2024-22191", "Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability could be used to steal sensitive information from victims that could be used to hijack victims' accounts or redirect them to malicious websites. Avo 3.2.4 and 2.47.0 include a fix for this issue. Users are advised to upgrade.", "No PoCs found on GitHub currently.", "https://github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h"], ["2024", "CVE-2024-1108", "The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26598", "In the Linux kernel, the following vulnerability has been resolved:KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cacheThere is a potential UAF scenario in the case of an LPI translationcache hit racing with an operation that invalidates the cache, suchas a DISCARD ITS command. The root of the problem is thatvgic_its_check_cache() does not elevate the refcount on the vgic_irqbefore dropping the lock that serializes refcount changes.Have vgic_its_check_cache() raise the refcount on the returned vgic_irqand add the corresponding decrement after queueing the interrupt.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1048", "A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34957", "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25520", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#sys_blogtemplate_newaspx"], ["2024", "CVE-2024-32358", "An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0235", "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/"], ["2024", "CVE-2024-2330", "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "https://github.com/jikedaodao/cve/blob/main/NS-ASG-sql-addmacbind.md"], ["2024", "CVE-2024-21038", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-28849", "follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"], ["2024", "CVE-2024-22080", "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1019", "ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/leveryd/crs-dev", "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30"], ["2024", "CVE-2024-26718", "In the Linux kernel, the following vulnerability has been resolved:dm-crypt, dm-verity: disable taskletsTasklets have an inherent problem with memory corruption. The functiontasklet_action_common calls tasklet_trylock, then it calls the taskletcallback and then it calls tasklet_unlock. If the tasklet callback freesthe structure that contains the tasklet or if it calls some code that mayfree it, tasklet_unlock will write into free memory.The commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, butit is not a sufficient fix and the data corruption can still happen [1].There is no fix for dm-verity and dm-verity will write into free memorywith every tasklet-processed bio.There will be atomic workqueues implemented in the kernel 6.9 [2]. Theywill have better interface and they will not suffer from the memorycorruption problem.But we need something that stops the memory corruption now and that can bebackported to the stable kernels. So, I'm proposing this commit thatdisables tasklets in both dm-crypt and dm-verity. This commit doesn'tremove the tasklet support, because the tasklet code will be reused whenatomic workqueues will be implemented.[1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/[2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26489", "A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/2111715623/cms/blob/main/3.md"], ["2024", "CVE-2024-2270", "A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256040. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/StoredXSS%20Signup/Stored%20XSS%20signup.php%20.md"], ["2024", "CVE-2024-27474", "Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.", "https://github.com/dead1nfluence/Leantime-POC
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md"], ["2024", "CVE-2024-31342", "Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20036", "In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33247", "Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php.", "No PoCs found on GitHub currently.", "https://github.com/CveSecLook/cve/issues/11"], ["2024", "CVE-2024-25850", "Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "https://github.com/no1rr/Vulnerability/blob/master/netis/igd_wps_set_wps_ap_ssid5g.md"], ["2024", "CVE-2024-22133", "SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on\u00a0Availability of the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35848", "In the Linux kernel, the following vulnerability has been resolved:eeprom: at24: fix memory corruption race conditionIf the eeprom is not accessible, an nvmem device will be registered, theread will fail, and the device will be torn down. If another driveraccesses the nvmem device after the teardown, it will referenceinvalid memory.Move the failure point before registering the nvmem device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25753", "Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function.", "https://github.com/codeb0ss/CVE-2024-25735-PoC
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/formSetDeviceName.md"], ["2024", "CVE-2024-27656", "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2052", "CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allowunauthenticated files and logs exfiltration and download of files when an attacker modifies theURL to download to a different location.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34567", "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29.", "https://github.com/runwuf/clickhouse-test", "No PoCs from references."], ["2024", "CVE-2024-2283", "A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20member-view.php%20.md"], ["2024", "CVE-2024-28568", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-25910", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33307", "SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via \"Last Name\" parameter in Create User.", "No PoCs found on GitHub currently.", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-33307.md"], ["2024", "CVE-2024-31082", "A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22162", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25801", "SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0297", "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2392", "The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25642", "Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27747", "File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.", "No PoCs found on GitHub currently.", "https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27747.md"], ["2024", "CVE-2024-25941", "The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by \"pstat -t\" may be leaked.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22022", "Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20729", "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "No PoCs found on GitHub currently.", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1890"], ["2024", "CVE-2024-4241", "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This vulnerability affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-262132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_user.md"], ["2024", "CVE-2024-21445", "Windows USB Print Driver Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0648", "A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251374 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27009", "In the Linux kernel, the following vulnerability has been resolved:s390/cio: fix race condition during online processingA race condition exists in ccw_device_set_online() that can cause theonline process to fail, leaving the affected device in an inconsistentstate. As a result, subsequent attempts to set that device online failwith return code ENODEV.The problem occurs when a path verification request arrives aftera wait for final device state completed, but before the result stateis evaluated.Fix this by ensuring that the CCW-device lock is held betweendetermining final state and checking result state.Note that since:commit 2297791c92d0 (\"s390/cio: dont unregister subchannel from child-drivers\")path verification requests are much more likely to occur during boot,resulting in an increased chance of this race condition occurring.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27398", "In the Linux kernel, the following vulnerability has been resolved:Bluetooth: Fix use-after-free bugs caused by sco_sock_timeoutWhen the sco connection is established and then, the sco socketis releasing, timeout_work will be scheduled to judge whetherthe sco disconnection is timeout. The sock will be deallocatedlater, but it is dereferenced again in sco_sock_timeout. As aresult, the use-after-free bugs will happen. The root cause isshown below: Cleanup Thread | Worker Threadsco_sock_release | sco_sock_close | __sco_sock_close | sco_sock_set_timer | schedule_delayed_work | sco_sock_kill | (wait a time) sock_put(sk) //FREE | sco_sock_timeout | sock_hold(sk) //USEThe KASAN report triggered by POC is shown below:[ 95.890016] ==================================================================[ 95.890496] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x5e/0x1c0[ 95.890755] Write of size 4 at addr ffff88800c388080 by task kworker/0:0/7...[ 95.890755] Workqueue: events sco_sock_timeout[ 95.890755] Call Trace:[ 95.890755] [ 95.890755] dump_stack_lvl+0x45/0x110[ 95.890755] print_address_description+0x78/0x390[ 95.890755] print_report+0x11b/0x250[ 95.890755] ? __virt_addr_valid+0xbe/0xf0[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0[ 95.890755] kasan_report+0x139/0x170[ 95.890755] ? update_load_avg+0xe5/0x9f0[ 95.890755] ? sco_sock_timeout+0x5e/0x1c0[ 95.890755] kasan_check_range+0x2c3/0x2e0[ 95.890755] sco_sock_timeout+0x5e/0x1c0[ 95.890755] process_one_work+0x561/0xc50[ 95.890755] worker_thread+0xab2/0x13c0[ 95.890755] ? pr_cont_work+0x490/0x490[ 95.890755] kthread+0x279/0x300[ 95.890755] ? pr_cont_work+0x490/0x490[ 95.890755] ? kthread_blkcg+0xa0/0xa0[ 95.890755] ret_from_fork+0x34/0x60[ 95.890755] ? kthread_blkcg+0xa0/0xa0[ 95.890755] ret_from_fork_asm+0x11/0x20[ 95.890755] [ 95.890755][ 95.890755] Allocated by task 506:[ 95.890755] kasan_save_track+0x3f/0x70[ 95.890755] __kasan_kmalloc+0x86/0x90[ 95.890755] __kmalloc+0x17f/0x360[ 95.890755] sk_prot_alloc+0xe1/0x1a0[ 95.890755] sk_alloc+0x31/0x4e0[ 95.890755] bt_sock_alloc+0x2b/0x2a0[ 95.890755] sco_sock_create+0xad/0x320[ 95.890755] bt_sock_create+0x145/0x320[ 95.890755] __sock_create+0x2e1/0x650[ 95.890755] __sys_socket+0xd0/0x280[ 95.890755] __x64_sys_socket+0x75/0x80[ 95.890755] do_syscall_64+0xc4/0x1b0[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f[ 95.890755][ 95.890755] Freed by task 506:[ 95.890755] kasan_save_track+0x3f/0x70[ 95.890755] kasan_save_free_info+0x40/0x50[ 95.890755] poison_slab_object+0x118/0x180[ 95.890755] __kasan_slab_free+0x12/0x30[ 95.890755] kfree+0xb2/0x240[ 95.890755] __sk_destruct+0x317/0x410[ 95.890755] sco_sock_release+0x232/0x280[ 95.890755] sock_close+0xb2/0x210[ 95.890755] __fput+0x37f/0x770[ 95.890755] task_work_run+0x1ae/0x210[ 95.890755] get_signal+0xe17/0xf70[ 95.890755] arch_do_signal_or_restart+0x3f/0x520[ 95.890755] syscall_exit_to_user_mode+0x55/0x120[ 95.890755] do_syscall_64+0xd1/0x1b0[ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f[ 95.890755][ 95.890755] The buggy address belongs to the object at ffff88800c388000[ 95.890755] which belongs to the cache kmalloc-1k of size 1024[ 95.890755] The buggy address is located 128 bytes inside of[ 95.890755] freed 1024-byte region [ffff88800c388000, ffff88800c388400)[ 95.890755][ 95.890755] The buggy address belongs to the physical page:[ 95.890755] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800 pfn:0xc388[ 95.890755] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0[ 95.890755] ano---truncated---", "No PoCs found on GitHub currently.", "https://git.kernel.org/stable/c/012363cb1bec5f33a7b94629ab2c1086f30280f2
https://git.kernel.org/stable/c/1b33d55fb7355e27f8c82cd4ecd560f162469249
https://git.kernel.org/stable/c/3212afd00e3cda790fd0583cb3eaef8f9575a014
https://git.kernel.org/stable/c/33a6e92161a78c1073d90e27abe28d746feb0a53
https://git.kernel.org/stable/c/483bc08181827fc475643272ffb69c533007e546
https://git.kernel.org/stable/c/50c2037fc28df870ef29d9728c770c8955d32178
https://git.kernel.org/stable/c/6a18eeb1b3bbc67c20d9609c31dca6a69b4bcde5
https://git.kernel.org/stable/c/bfab2c1f7940a232cd519e82fff137e308abfd93"], ["2024", "CVE-2024-28277", "In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/unrealjbr/CVE-2024-28277", "No PoCs from references."], ["2024", "CVE-2024-4301", "N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21505", "Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge.
An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337"], ["2024", "CVE-2024-23892", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33789", "Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ymkyu/CVE/tree/main/CVE-2024-33789"], ["2024", "CVE-2024-30863", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21886", "A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30620", "Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serviceName_parameter_in_the_function_fromAdvSetMacMtuWan.md"], ["2024", "CVE-2024-0759", "Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM.This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced.There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26334", "swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/matthiaskramm/swftools/issues/221"], ["2024", "CVE-2024-30923", "SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-3530", "A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file Marks_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259900.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28395", "SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28004", "Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23673", "Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system.If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script.\u00a0Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30402", "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon\u00a0(l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).When telemetry requests are sent to the device,\u00a0and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition.This issue affects:Junos OS: * All versions earlier than\u00a020.4R3-S10; * 21.2 versions earlier than\u00a021.2R3-S7; * 21.4 versions earlier than\u00a021.4R3-S5; * 22.1 versions earlier than\u00a022.1R3-S4; * 22.2 versions earlier than\u00a022.2R3-S3; * 22.3 versions earlier than\u00a022.3R3-S1; * 22.4 versions earlier than\u00a022.4R3; * 23.2 versions earlier than\u00a023.2R1-S2, 23.2R2.Junos OS Evolved: * All versions earlier than\u00a021.4R3-S5-EVO; * 22.1-EVO versions earlier than\u00a022.1R3-S4-EVO; * 22.2-EVO versions earlier than\u00a022.2R3-S3-EVO; * 22.3-EVO versions earlier than\u00a022.3R3-S1-EVO; * 22.4-EVO versions earlier than\u00a022.4R3-EVO; * 23.2-EVO versions earlier than\u00a023.2R2-EVO.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4172", "A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/bigbigbigbaby/cms2/blob/main/1.md"], ["2024", "CVE-2024-29368", "An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content.", "https://github.com/becpn/mozilocms
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/becpn/mozilocms"], ["2024", "CVE-2024-3483", "Remote CodeExecution has been discovered inOpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability cantrigger command injection and insecure deserialization issues.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26287", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30890", "Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3652", "The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26056", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23830", "MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.", "https://github.com/Kerkroups/Kerkroups", "No PoCs from references."], ["2024", "CVE-2024-29228", "Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-3951", "PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3840", "Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4123", "A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetPortMapping.md"], ["2024", "CVE-2024-21824", "Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24042", "Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1646", "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.", "https://github.com/timothee-chauvin/eyeballvul", "No PoCs from references."], ["2024", "CVE-2024-30981", "SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application URL.", "No PoCs found on GitHub currently.", "https://medium.com/@shanunirwan/cve-2024-30981-sql-injection-vulnerability-in-cyber-cafe-management-system-using-php-mysql-v1-0-534676f9bdeb"], ["2024", "CVE-2024-32884", "gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Byron/gitoxide/security/advisories/GHSA-98p4-xjmm-8mfh
https://rustsec.org/advisories/RUSTSEC-2024-0335.html"], ["2024", "CVE-2024-23861", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementcreate.php, in the unitofmeasurementid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28115", "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23762", "Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://herolab.usd.de/security-advisories/usd-2023-0049/"], ["2024", "CVE-2024-30513", "Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21667", "pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-g273-wppx-82w4"], ["2024", "CVE-2024-20999", "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2668", "A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/vacancy/controller.php. The manipulation of the argument id/CATEGORY leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257368.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25169", "An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.", "https://github.com/AppThreat/vulnerability-db
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0", "https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0"], ["2024", "CVE-2024-32480", "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.", "No PoCs found on GitHub currently.", "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438"], ["2024", "CVE-2024-28212", "nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28183", "ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1.", "https://github.com/elttam/publications
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30585", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_deviceId.md"], ["2024", "CVE-2024-30614", "An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-26300", "A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.", "https://github.com/kaje11/CVEs", "No PoCs from references."], ["2024", "CVE-2024-3695", "A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.260482"], ["2024", "CVE-2024-1401", "The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/91064ba5-cf65-46e6-88df-0e4d96a3ef9f/"], ["2024", "CVE-2024-3444", "A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32651", "changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).", "No PoCs found on GitHub currently.", "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3"], ["2024", "CVE-2024-23525", "The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes
https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html"], ["2024", "CVE-2024-2728", "Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30645", "Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/setUsbUnload.md"], ["2024", "CVE-2024-2639", "A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26351", "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30946", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php.", "No PoCs found on GitHub currently.", "https://github.com/testgo1safe/cms/blob/main/1.md"], ["2024", "CVE-2024-3784", "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1510", "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5119", "A vulnerability was found in SourceCodester Event Registration System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=load_registration. The manipulation of the argument last_id/event_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265199.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20SQL%20Injection%20-%202.md"], ["2024", "CVE-2024-2779", "A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257613 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25078", "A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28303", "Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28092", "UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Time Server 1, Time Server 2, Time Server 3, Target, Add Keyword, Add Domain, and Add Allowed Domain.", "https://github.com/NaInSec/CVE-LIST
https://github.com/actuator/cve", "No PoCs from references."], ["2024", "CVE-2024-1982", "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.", "No PoCs found on GitHub currently.", "https://research.hisolutions.com/2024/01/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration/"], ["2024", "CVE-2024-3637", "The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/33f6fea6-c784-40ae-a548-55d41618752d/"], ["2024", "CVE-2024-26033", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24136", "The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.", "https://github.com/BurakSevben/CVE-2024-24136
https://github.com/BurakSevben/CVEs
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/BurakSevben/2024_Math_Game_XSS"], ["2024", "CVE-2024-23855", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23756", "The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756"], ["2024", "CVE-2024-1971", "A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument password with the input nochizplz'+or+1%3d1+limit+1%23 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255127.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SQL%20Injection%20Auth.md"], ["2024", "CVE-2024-4117", "A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelPortMapping.md"], ["2024", "CVE-2024-3874", "A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W20E/formSetRemoteWebManage.md"], ["2024", "CVE-2024-3777", "The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26173", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1672", "Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://issues.chromium.org/issues/41485789"], ["2024", "CVE-2024-2998", "A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258200. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21901", "A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.We have already fixed the vulnerability in the following versions:myQNAPcloud 1.0.52 ( 2023/11/24 ) and laterQTS 4.5.4.2627 build 20231225 and later", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26062", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1860", "The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23496", "A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4006", "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1920", "A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key
. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21742", "Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.This can be exploited by an attacker to add unintended headers to MIME messages.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1623", "Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23727", "The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.", "https://github.com/actuator/cve
https://github.com/actuator/yi
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28150", "Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1743", "The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/3cb1f707-6093-42a7-a778-2b296bdf1735/"], ["2024", "CVE-2024-24147", "A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.", "No PoCs found on GitHub currently.", "https://github.com/libming/libming/issues/311"], ["2024", "CVE-2024-23824", "mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.", "No PoCs found on GitHub currently.", "https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack
https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7"], ["2024", "CVE-2024-26042", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1603", "paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-35373", "Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.", "No PoCs found on GitHub currently.", "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/"], ["2024", "CVE-2024-24396", "Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/trustcves/CVE-2024-24396", "https://cves.at/posts/cve-2024-24396/writeup/"], ["2024", "CVE-2024-30884", "Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component.", "No PoCs found on GitHub currently.", "https://github.com/Hebing123/cve/issues/28"], ["2024", "CVE-2024-26102", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3706", "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4166", "A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Affected by this vulnerability is the function sub_41E858. The manipulation of the argument GO/page leads to stack-based buffer overflow. The attack can be launched remotely. The identifier VDB-261985 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md"], ["2024", "CVE-2024-21762", "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests", "https://github.com/AlexLondan/CVE-2024-21762-Fortinet-RCE-ALLWORK
https://github.com/BetterCzz/CVE-2024-20291-POC
https://github.com/BishopFox/cve-2024-21762-check
https://github.com/Codeb3af/Cve-2024-21762-
https://github.com/Gh71m/CVE-2024-21762-POC
https://github.com/GhostTroops/TOP
https://github.com/Instructor-Team8/CVE-2024-20291-POC
https://github.com/JohnHormond/CVE-2024-21762-Fortinet-RCE-WORK
https://github.com/KaitaoQiu/security_llm
https://github.com/MrCyberSec/CVE-2024-21762-Fortinet-RCE-ALLWORK
https://github.com/Ostorlab/KEV
https://github.com/RequestXss/CVE-2024-21762-Exploit-POC
https://github.com/S0SkiPlosK1/CVE-2024-21762-POC
https://github.com/TheRedDevil1/CVE-2024-21762
https://github.com/c0d3b3af/CVE-2024-21762-Exploit
https://github.com/c0d3b3af/CVE-2024-21762-POC
https://github.com/c0d3b3af/CVE-2024-21762-RCE-exploit
https://github.com/cleverg0d/CVE-2024-21762-Checker
https://github.com/cvefeed/cvefeed.io
https://github.com/d0rb/CVE-2024-21762
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/greandfather/CVE-2024-20291-POC
https://github.com/h4x0r-dz/CVE-2024-21762
https://github.com/lolminerxmrig/multicheck_CVE-2024-21762
https://github.com/lore-is-already-taken/multicheck_CVE-2024-21762
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/r4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check
https://github.com/redCode001/CVE-2024-21762-POC
https://github.com/t4ril/CVE-2024-21762-PoC
https://github.com/tanjiti/sec_profile
https://github.com/tr1pl3ight/CVE-2024-21762-POC
https://github.com/vorotilovaawex/CVE-2024-21762_POC
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/zzcentury/FortiGate-CVE-2024-21762", "No PoCs from references."], ["2024", "CVE-2024-28010", "Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31879", "IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3914", "Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21673", "This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server.Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of\u00a0CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction.Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher releaseSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30507", "Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30696", "** DISPUTED ** OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2, including External Command Execution Modules, System Call Handlers, and Interface Scripts. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30696", "No PoCs from references."], ["2024", "CVE-2024-32793", "Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1811", "A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1712", "The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/23805a61-9fcd-4744-a60d-05c8cb43ee01/"], ["2024", "CVE-2024-23875", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32890", "librespeed/speedtest is an open source, self-hosted speed test for HTML5. In affected versions missing neutralization of the ISP information in a speedtest result leads to stored Cross-site scripting in the JSON API. The `processedString` field in the `ispinfo` parameter is missing neutralization. It is stored when a user submits a speedtest result to the telemetry API (`results/telemetry.php`) and returned in the JSON API (`results/json.php`). This vulnerability has been introduced in commit 3937b94. This vulnerability affects LibreSpeed speedtest instances running version 5.2.5 or higher which have telemetry enabled and has been addressed in version 5.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/librespeed/speedtest/security/advisories/GHSA-3954-xrwh-fq4q"], ["2024", "CVE-2024-3617", "A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/zyairelai/CVE-submissions/blob/main/kortex-deactivate_case-sqli.md"], ["2024", "CVE-2024-3757", "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3854", "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.", "https://github.com/googleprojectzero/fuzzilli
https://github.com/zhangjiahui-buaa/MasterThesis", "No PoCs from references."], ["2024", "CVE-2024-21733", "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.", "https://github.com/1N3/1N3
https://github.com/Marco-zcl/POC
https://github.com/Ostorlab/KEV
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC", "http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html"], ["2024", "CVE-2024-28041", "HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23886", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemmodify.php, in the bincardinfo parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22778", "HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25118", "TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2588", "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id'\u00a0parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30665", "** DISPUTED ** An OS command injection vulnerability has been discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability primarily affects the command processing or system call components in ROS, making them susceptible to manipulation by malicious entities. Through this, unauthorized commands can be executed, leading to remote code execution (RCE), data theft, and malicious activities. The affected components include External Command Execution Modules, System Call Handlers, and Interface Scripts. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30665", "No PoCs from references."], ["2024", "CVE-2024-21511", "Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046"], ["2024", "CVE-2024-21451", "Microsoft ODBC Driver Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4255", "A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240419. This issue affects some unknown processing of the file /view/network Config/GRE/gre_edit_commit.php. The manipulation of the argument name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262145 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28323", "The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. The script retrieves user-provided date inputs without proper validation, making it susceptible to SQL injection attacks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/177168/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection.html
https://sospiro014.github.io/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection"], ["2024", "CVE-2024-2759", "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22638", "liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.", "https://github.com/capture0x/My-CVE", "https://packetstormsecurity.com/files/176420/liveSite-2019.1-Remote-Code-Execution.html
https://www.exploit-db.com/exploits/51936"], ["2024", "CVE-2024-24334", "A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-3435", "A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an attacker to manipulate the application's configuration by sending specially crafted JSON payloads. This could lead to remote code execution (RCE) by bypassing existing patches designed to mitigate such vulnerabilities.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-22729", "NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.", "No PoCs found on GitHub currently.", "https://github.com/adhikara13/CVE/blob/main/netis_MW5360/blind%20command%20injection%20in%20password%20parameter%20in%20initial%20settings.md"], ["2024", "CVE-2024-3524", "A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. This issue affects some unknown processing of the file /views/process.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259895.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30634", "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_mitInterface.md"], ["2024", "CVE-2024-28232", "Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package manager.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-hcw2-2r9c-gc6p"], ["2024", "CVE-2024-25398", "In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Nivedita-22/SRELAY-exploit-writeup/blob/main/Srelay.md"], ["2024", "CVE-2024-2708", "A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257459. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formexeCommand.md"], ["2024", "CVE-2024-21400", "Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability", "https://github.com/MegaCorp001/CVE-2024-21400-POC
https://github.com/NaInSec/CVE-LIST
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-35011", "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Thirtypenny77/cms/blob/main/8.md"], ["2024", "CVE-2024-32972", "go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1561", "An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.", "https://github.com/DiabloHTB/CVE-2024-1561
https://github.com/DiabloHTB/Nuclei-Template-CVE-2024-1561
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC", "No PoCs from references."], ["2024", "CVE-2024-26260", "The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21892", "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.This allows unprivileged users to inject code that inherits the process's elevated privileges.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0998", "A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.252267"], ["2024", "CVE-2024-24062", "springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role.", "No PoCs found on GitHub currently.", "https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#12-stored-cross-site-scripting-sysrole"], ["2024", "CVE-2024-26167", "Microsoft Edge for Android Spoofing Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21496", "All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], [\"], [']), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target user\u2019s browser, compromising user sessions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249860"], ["2024", "CVE-2024-1965", "Server-Side Request Forgery vulnerability in Haivision's Aviwest Manager and Aviwest Steamhub. This vulnerability could allow an attacker to enumerate internal network configuration without the need for credentials. An attacker could compromise an internal server and retrieve requests sent by other users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33859", "An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the \"Interesting Field\" Web UI, leading to XSS.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3920", "The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/2fb28c77-3c35-4a2f-91ed-823d0d011048/"], ["2024", "CVE-2024-21647", "Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23742", "** DISPUTED ** An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine.", "https://github.com/V3x0r/CVE-2024-23742
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/giovannipajeu1/CVE-2024-23742
https://github.com/giovannipajeu1/giovannipajeu1
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1825", "A vulnerability, which was classified as problematic, was found in CodeAstro House Rental Management System 1.0. This affects an unknown part of the component User Registration Page. The manipulation of the argument address with the input

leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254613 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1726", "A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21756", "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23653", "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources.", "https://github.com/mightysai1997/leaky-vessels-dynamic-detector
https://github.com/snyk/leaky-vessels-dynamic-detector
https://github.com/snyk/leaky-vessels-static-detector", "No PoCs from references."], ["2024", "CVE-2024-23482", "The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32467", "MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.", "https://github.com/L1NG0v0/L1NG0v0
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp"], ["2024", "CVE-2024-1874", "In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/michalsvoboda76/batbadbut
https://github.com/nomi-sec/PoC-in-GitHub", "http://www.openwall.com/lists/oss-security/2024/04/12/11
https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7"], ["2024", "CVE-2024-29199", "Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29208", "An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products:UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier)UniFi Connect Display (Version 1.9.324 and earlier)UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation:Update UniFi Connect Application to Version 3.10.7 or later.Update UniFi Connect EV Station to Version 1.2.15 or later.Update UniFi Connect EV Station Pro to Version 1.2.15 or later.Update UniFi Connect Display to Version 1.11.348 or later.Update UniFi Connect Display Cast to Version 1.8.255 or later.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0889", "A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html"], ["2024", "CVE-2024-1777", "The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21434", "Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-32645", "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.", "No PoCs found on GitHub currently.", "https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3"], ["2024", "CVE-2024-27138", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva.Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33529", "ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types.", "No PoCs found on GitHub currently.", "https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/"], ["2024", "CVE-2024-1555", "When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32806", "Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1784", "A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file main_admin.php. The manipulation of the argument tab_group leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/liyako/vulnerability/blob/main/POC/Limbas-Blind-SQL-injection.md
https://vuldb.com/?id.254575"], ["2024", "CVE-2024-34209", "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/setIpPortFilterRules"], ["2024", "CVE-2024-0779", "The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/"], ["2024", "CVE-2024-30591", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_time.md"], ["2024", "CVE-2024-30600", "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_end.md"], ["2024", "CVE-2024-4370", "The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28197", "Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent (browser) and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and provide a malicious link hosted on the subdomain to the user to gain access to the victim\u2019s account in certain scenarios. A possible victim would need to login through the malicious link for this exploit to work. If the possible victim already had the cookie present, the attack would not succeed. The attack would further only be possible if there was an initial vulnerability on the subdomain. This could either be the attacker being able to control DNS or a XSS vulnerability in an application hosted on a subdomain. Versions 2.46.0, 2.45.1, and 2.44.3 have been patched. Zitadel recommends upgrading to the latest versions available in due course. Note that applying the patch will invalidate the current cookie and thus users will need to start a new session and existing sessions (user selection) will be empty. For self-hosted environments unable to upgrade to a patched version, prevent setting the following cookie name on subdomains of your Zitadel instance (e.g. within your WAF): `__Secure-zitadel-useragent`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34089", "An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0668", "The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30711", "** DISPUTED ** An issue was discovered in the default configurations of ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30711", "No PoCs from references."], ["2024", "CVE-2024-24300", "4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yckuo-sdc/PoC"], ["2024", "CVE-2024-20709", "Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33438", "File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.", "https://github.com/julio-cfa/CVE-2024-33438
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/julio-cfa/CVE-2024-33438"], ["2024", "CVE-2024-3541", "A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/admin_user.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259911.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30952", "A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action.", "No PoCs found on GitHub currently.", "https://github.com/CrownZTX/vulnerabilities/blob/main/pescms/stored_xss.md"], ["2024", "CVE-2024-27627", "A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page.", "https://github.com/capture0x/My-CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/177254/SuperCali-1.1.0-Cross-Site-Scripting.html"], ["2024", "CVE-2024-29735", "Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3.Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group\u00a0of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem.If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable.This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) - those images require to have group write permission set anyway.You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users.Also you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems.Recommendation for users using Airflow outside of the containers: * if you are using root to run Airflow, change your Airflow user to use non-root * upgrade Apache Airflow to 2.8.4 or above * If you prefer not to upgrade, you can change the https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions \u00a0to 0o755 (original value 0o775). * if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs\u00a0in all your components and all parent directories of this directory and remove group write access for all the parent directories", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20047", "In battery, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587865; Issue ID: ALPS08486807.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22393", "Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user\u00a0can cause such an attack by uploading an image when posting content.Users are recommended to upgrade to version [1.2.5], which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/omranisecurity/CVE-2024-22393", "No PoCs from references."], ["2024", "CVE-2024-27767", "CWE-287: Improper Authentication may allow Authentication Bypass", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28519", "A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2072", "A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of the argument question/answer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255387.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22113", "Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33267", "SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20016", "In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25930", "Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0037", "In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33294", "An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CveSecLook/cve/issues/16"], ["2024", "CVE-2024-29797", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31391", "Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator.This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0.When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the \"solr\" and \"admin\" accounts for use by end-users, and a \"k8s-oper\" account which the operator uses for its own requests to Solr.One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr's health and ability to receive traffic.By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but\u00a0users may specifically request that authentication be required on probe endpoints as well.Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes \"event\" containing the username and password of the \"k8s-oper\" account.Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`.Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests.\u00a0 Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27986", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.This issue affects Elementor Addons by Livemesh: from n/a through 8.3.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26678", "In the Linux kernel, the following vulnerability has been resolved:x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat sectionThe .compat section is a dummy PE section that contains the address ofthe 32-bit entrypoint of the 64-bit kernel image if it is bootable from32-bit firmware (i.e., CONFIG_EFI_MIXED=y)This section is only 8 bytes in size and is only referenced from theloader, and so it is placed at the end of the memory view of the image,to avoid the need for padding it to 4k, which is required for sectionsappearing in the middle of the image.Unfortunately, this violates the PE/COFF spec, and even if most EFIloaders will work correctly (including the Tianocore referenceimplementation), PE loaders do exist that reject such images, on thebasis that both the file and memory views of the file contents should bedescribed by the section headers in a monotonically increasing mannerwithout leaving any gaps.So reorganize the sections to avoid this issue. This results in a slightpadding overhead (< 4k) which can be avoided if desired by disablingCONFIG_EFI_MIXED (which is only needed in rare cases these days)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1179", "TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420.", "https://github.com/tanjiti/sec_profile
https://github.com/z1r00/z1r00", "No PoCs from references."], ["2024", "CVE-2024-21389", "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21018", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2310", "The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/7a2c173c-19e3-4f48-b3af-14790b5b8e94/"], ["2024", "CVE-2024-0184", "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27454", "orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0355", "A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8"], ["2024", "CVE-2024-1039", "Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31140", "In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26629", "In the Linux kernel, the following vulnerability has been resolved:nfsd: fix RELEASE_LOCKOWNERThe test on so_count in nfsd4_release_lockowner() is nonsense andharmful. Revert to using check_for_locks(), changing that to not sleep.First: harmful.As is documented in the kdoc comment for nfsd4_release_lockowner(), thetest on so_count can transiently return a false positive resulting in areturn of NFS4ERR_LOCKS_HELD when in fact no locks are held. This isclearly a protocol violation and with the Linux NFS client it can causeincorrect behaviour.If RELEASE_LOCKOWNER is sent while some other thread is stillprocessing a LOCK request which failed because, at the time that requestwas received, the given owner held a conflicting lock, then the nfsdthread processing that LOCK request can hold a reference (conflock) tothe lock owner that causes nfsd4_release_lockowner() to return anincorrect error.The Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because itnever sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, soit knows that the error is impossible. It assumes the lock owner was infact released so it feels free to use the same lock owner identifier insome later locking request.When it does reuse a lock owner identifier for which a previous RELEASEfailed, it will naturally use a lock_seqid of zero. However the server,which didn't release the lock owner, will expect a larger lock_seqid andso will respond with NFS4ERR_BAD_SEQID.So clearly it is harmful to allow a false positive, which testingso_count allows.The test is nonsense because ... well... it doesn't mean anything.so_count is the sum of three different counts.1/ the set of states listed on so_stateids2/ the set of active vfs locks owned by any of those states3/ various transient counts such as for conflicting locks.When it is tested against '2' it is clear that one of these is thetransient reference obtained by find_lockowner_str_locked(). It is notclear what the other one is expected to be.In practice, the count is often 2 because there is precisely one stateon so_stateids. If there were more, this would fail.In my testing I see two circumstances when RELEASE_LOCKOWNER is called.In one case, CLOSE is called before RELEASE_LOCKOWNER. That results inall the lock states being removed, and so the lockowner being discarded(it is removed when there are no more references which usually happenswhen the lock state is discarded). When nfsd4_release_lockowner() findsthat the lock owner doesn't exist, it returns success.The other case shows an so_count of '2' and precisely one state listedin so_stateid. It appears that the Linux client uses a separate lockowner for each file resulting in one lock state per lock owner, so thistest on '2' is safe. For another client it might not be safe.So this patch changes check_for_locks() to use the (newish)find_any_file_locked() so that it doesn't take a reference on thenfs4_file and so never calls nfsd_file_put(), and so never sleeps. Withthis check is it safe to restore the use of check_for_locks() ratherthan testing so_count against the mysterious '2'.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22220", "An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32238", "H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.", "https://github.com/FuBoLuSec/CVE-2024-32238
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-21049", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21109", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-29985", "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0304", "A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25992", "In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29686", "** DISPUTED ** Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.", "https://github.com/capture0x/My-CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.exploit-db.com/exploits/51893"], ["2024", "CVE-2024-28978", "Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1068", "The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/"], ["2024", "CVE-2024-31216", "The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to version 1.2.5, when source-controller was configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to the Azure Blob Storage until the token expires. This vulnerability was fixed in source-controller v1.2.5. There is no workaround for this vulnerability except for using a different auth mechanism such as Azure Workload Identity.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25596", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.This issue affects Doofinder for WooCommerce: from n/a through 2.1.8.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22127", "SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files\u00a0which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20022", "In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31356", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33342", "D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25656", "Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and, ultimately, affect the entire product.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27613", "Numbas editor before 7.3 mishandles reading of themes and extensions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0283", "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29802", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3159", "Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31065", "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field.", "No PoCs found on GitHub currently.", "https://github.com/sahildari/cve/blob/master/CVE-2024-31065.md
https://portswigger.net/web-security/cross-site-scripting/stored"], ["2024", "CVE-2024-3388", "A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27571", "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md"], ["2024", "CVE-2024-0270", "A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file item_list_submit.php. The manipulation of the argument item_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249825 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27460", "A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.", "https://github.com/10cks/CVE-2024-27460-installer
https://github.com/Alaatk/CVE-2024-27460
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/xct/CVE-2024-27460", "No PoCs from references."], ["2024", "CVE-2024-2264", "A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256034 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20PHP-MYSQL-User-Login-System/SQLI%20Auth.md"], ["2024", "CVE-2024-0361", "A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.250128"], ["2024", "CVE-2024-22305", "Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress \u2013 Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress \u2013 Kali Forms: from n/a through 2.3.36.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3108", "An implicit intent vulnerability was reported for Motorola\u2019s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3048", "The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/e179ff7d-137c-48bf-8b18-e874e3f876f4/"], ["2024", "CVE-2024-34751", "Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23129", "A maliciously crafted MODEL 3DM, STP or SLDASM files in opennurbs.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3058", "The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/fc33c79d-ad24-4d55-973a-25280995a2ab/"], ["2024", "CVE-2024-23139", "An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code \u201cABC\u201d files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25435", "A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/machisri/CVEs-and-Vulnerabilities", "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25435%20-%3E%20Reflected%20XSS%20on%20md1patient%20login%20page"], ["2024", "CVE-2024-25575", "A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1963
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1963"], ["2024", "CVE-2024-2274", "A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256043. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3289", "When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3118", "A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.258779"], ["2024", "CVE-2024-22084", "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24499", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1007. Reason: This candidate is a duplicate of CVE-2024-1007. Notes: All CVE users should reference CVE-2024-1007 instead of this candidate.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-SQL_Injection_Admin_Update_Profile.md"], ["2024", "CVE-2024-29473", "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22195", "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.", "https://github.com/Its-Yayo/f-test", "No PoCs from references."], ["2024", "CVE-2024-0260", "A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2365", "A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\\fabric\\sdk\\android\\services\\network\\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Weak_Hashing_Algorithms.md"], ["2024", "CVE-2024-27561", "A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.", "https://github.com/zer0yu/CVE_Request", "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md"], ["2024", "CVE-2024-30259", "FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.", "No PoCs found on GitHub currently.", "https://drive.google.com/file/d/1Y2bGvP3UIOJCLh_XEURLdhrM2Sznlvlp/view?usp=sharing
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662"], ["2024", "CVE-2024-25524", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#workplanattachdownloadaspx"], ["2024", "CVE-2024-31135", "In JetBrains TeamCity before 2024.03 open redirect was possible on the login page", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34953", "An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file", "No PoCs found on GitHub currently.", "https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.assets/image-20240505161831080.png
https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.md
https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/poc/I7K9QM~F
https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted
https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted/poc
https://github.com/taurusxin/ncmdump/issues/19"], ["2024", "CVE-2024-29812", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0293", "A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34472", "An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/osvaldotenorio/CVE-2024-34472", "https://github.com/osvaldotenorio/CVE-2024-34472"], ["2024", "CVE-2024-27592", "Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL.", "No PoCs found on GitHub currently.", "https://medium.com/@nicatabbasov00002/open-redirect-vulnerability-62986ccaf0f7"], ["2024", "CVE-2024-27900", "Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33212", "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4999", "A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\u00a0attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22026", "A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/securekomodo/CVE-2024-22026", "No PoCs from references."], ["2024", "CVE-2024-29651", "A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions.", "No PoCs found on GitHub currently.", "https://gist.github.com/tariqhawis/5db76b38112bba756615b688c32409ad"], ["2024", "CVE-2024-34532", "A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query.", "No PoCs found on GitHub currently.", "https://github.com/luvsn/OdZoo/tree/main/exploits/query_deluxe"], ["2024", "CVE-2024-27743", "Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.", "No PoCs found on GitHub currently.", "https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27743.md"], ["2024", "CVE-2024-2147", "A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255500.", "No PoCs found on GitHub currently.", "https://github.com/vanitashtml/CVE-Dumps/blob/main/Sql%20Injection%20Authentication%20Bypass%20in%20Mobile%20Management%20Store.md"], ["2024", "CVE-2024-2056", "Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the \"tailon\" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.", "No PoCs found on GitHub currently.", "http://seclists.org/fulldisclosure/2024/Mar/14
https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt"], ["2024", "CVE-2024-20032", "In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08487630; Issue ID: MSV-1020.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33303", "SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via \"First Name\" under Add Users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-33303.md"], ["2024", "CVE-2024-22077", "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29903", "Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv"], ["2024", "CVE-2024-25617", "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25510", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#address_public_showaspx"], ["2024", "CVE-2024-2180", "Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers", "No PoCs found on GitHub currently.", "https://fluidattacks.com/advisories/gomez/"], ["2024", "CVE-2024-2211", "Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21119", "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-32368", "Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component.", "https://github.com/Yashodhanvivek/Agasta-SanketLife-2.0-ECG-Monitor_-Vulnerability
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1078", "The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22370", "In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25982", "The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20335", "A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29447", "** DISPUTED ** An issue was discovered in the default configurations of ROS2 Humble Hawksbill in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29447", "No PoCs from references."], ["2024", "CVE-2024-33144", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22230", "Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26639", "In the Linux kernel, the following vulnerability has been resolved:mm, kmsan: fix infinite recursion due to RCU critical sectionAlexander Potapenko writes in [1]: \"For every memory access in the codeinstrumented by KMSAN we call kmsan_get_metadata() to obtain the metadatafor the memory being accessed. For virtual memory the metadata pointersare stored in the corresponding `struct page`, therefore we need to callvirt_to_page() to get them.According to the comment in arch/x86/include/asm/page.h,virt_to_page(kaddr) returns a valid pointer iff virt_addr_valid(kaddr) istrue, so KMSAN needs to call virt_addr_valid() as well.To avoid recursion, kmsan_get_metadata() must not call instrumented code,therefore ./arch/x86/include/asm/kmsan.h forks parts ofarch/x86/mm/physaddr.c to check whether a virtual address is valid or not.But the introduction of rcu_read_lock() to pfn_valid() added instrumentedRCU API calls to virt_to_page_or_null(), which is called bykmsan_get_metadata(), so there is an infinite recursion now. I do notthink it is correct to stop that recursion by doingkmsan_enter_runtime()/kmsan_exit_runtime() in kmsan_get_metadata(): thatwould prevent instrumented functions called from within the runtime fromtracking the shadow values, which might introduce false positives.\"Fix the issue by switching pfn_valid() to the _sched() variant ofrcu_read_lock/unlock(), which does not require calling into RCU. Giventhe critical section in pfn_valid() is very small, this is a reasonabletrade-off (with preemptible RCU).KMSAN further needs to be careful to suppress calls into the scheduler,which would be another source of recursion. This can be done by wrappingthe call to pfn_valid() into preempt_disable/enable_no_resched(). Thedownside is that this sacrifices breaking scheduling guarantees; however,a kernel compiled with KMSAN has already given up any performanceguarantees due to being heavily instrumented.Note, KMSAN code already disables tracing via Makefile, and since mmzone.his included, it is not necessary to use the notrace variant, which isgenerally preferred in all other cases.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21059", "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-25450", "imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/derf/feh/issues/712"], ["2024", "CVE-2024-2351", "A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256303.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32339", "Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.", "https://github.com/adiapera/xss_how_to_page_wondercms_3.4.3", "https://github.com/adiapera/xss_how_to_page_wondercms_3.4.3"], ["2024", "CVE-2024-27444", "langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, or __base__ attribute in Python code. These are not prohibited by pal_chain/base.py.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/zgimszhd61/llm-security-quickstart", "No PoCs from references."], ["2024", "CVE-2024-1029", "A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux\"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.252302"], ["2024", "CVE-2024-1169", "The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31010", "SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.", "No PoCs found on GitHub currently.", "https://github.com/ss122-0ss/semcms/blob/main/README.md"], ["2024", "CVE-2024-27996", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25893", "ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.", "No PoCs found on GitHub currently.", "https://github.com/ChurchCRM/CRM/issues/6856"], ["2024", "CVE-2024-0194", "A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2091", "The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21008", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-29937", "NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.", "https://github.com/NaInSec/CVE-LIST", "https://www.youtube.com/watch?v=i_JOkHaCdzk"], ["2024", "CVE-2024-25623", "Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Mastodon server fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate an account on a remote server that satisfies all of the following properties: allows the attacker to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as the ActivityPub actors; and serves user-uploaded document in response to requests with an `Accept` header value of the Activity Streams media type. Versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19 contain a fix for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28558", "SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.", "No PoCs found on GitHub currently.", "https://github.com/xuanluansec/vul/issues/3#issue-2243633522"], ["2024", "CVE-2024-26998", "In the Linux kernel, the following vulnerability has been resolved:serial: core: Clearing the circular buffer before NULLifying itThe circular buffer is NULLified in uart_tty_port_shutdown()under the spin lock. However, the PM or other timer based callbacksmay still trigger after this event without knowning that buffer pointeris not valid. Since the serial code is a bit inconsistent in checkingthe buffer state (some rely on the head-tail positions, some on thebuffer pointer), it's better to have both aligned, i.e. buffer pointerto be NULL and head-tail possitions to be the same, meaning it's empty.This will prevent asynchronous calls to dereference NULL pointer asreported recently in 8250 case: BUG: kernel NULL pointer dereference, address: 00000cf5 Workqueue: pm pm_runtime_work EIP: serial8250_tx_chars (drivers/tty/serial/8250/8250_port.c:1809) ... ? serial8250_tx_chars (drivers/tty/serial/8250/8250_port.c:1809) __start_tx (drivers/tty/serial/8250/8250_port.c:1551) serial8250_start_tx (drivers/tty/serial/8250/8250_port.c:1654) serial_port_runtime_suspend (include/linux/serial_core.h:667 drivers/tty/serial/serial_port.c:63) __rpm_callback (drivers/base/power/runtime.c:393) ? serial_port_remove (drivers/tty/serial/serial_port.c:50) rpm_suspend (drivers/base/power/runtime.c:447)The proposed change will prevent ->start_tx() to be called duringsuspend on shut down port.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28418", "Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0167", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29877", "Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25763", "openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2062", "A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. This issue affects some unknown processing of the file /admin/edit_categories.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255377 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_categories.php%20SQL%20Injection.md"], ["2024", "CVE-2024-27965", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20006", "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22383", "Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),\u00a08.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2173", "Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34446", "Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20057", "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27934", "Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable for both `*const c_void` and `ExternalPointer` implementations. Version 1.40.3 fixes this issue.", "No PoCs found on GitHub currently.", "https://github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf"], ["2024", "CVE-2024-22152", "Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25831", "F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://neroteam.com/blog/f-logic-datacube3-vulnerability-report"], ["2024", "CVE-2024-1454", "The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33428", "Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.", "No PoCs found on GitHub currently.", "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.assets/image-20240420005017430.png
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.md
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/poc
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-1
https://github.com/stsaz/phiola/issues/29"], ["2024", "CVE-2024-32744", "A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.", "https://github.com/adiapera/xss_current_page_wondercms_3.4.3", "https://github.com/adiapera/xss_current_page_wondercms_3.4.3"], ["2024", "CVE-2024-28247", "The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of \"Adslists\" begins with \"file*\" it is understood that it is updating from a local file, on the other hand if it does not begin with \"file*\" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18.", "https://github.com/T0X1Cx/CVE-2024-28247-Pi-hole-Arbitrary-File-Read
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/pi-hole/pi-hole/security/advisories/GHSA-95g6-7q26-mp9x"], ["2024", "CVE-2024-4331", "Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28096", "Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21475", "Memory corruption when the payload received from firmware is not as per the expected protocol size.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30701", "** DISPUTED ** An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30701", "No PoCs from references."], ["2024", "CVE-2024-0678", "The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34308", "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.", "No PoCs found on GitHub currently.", "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md"], ["2024", "CVE-2024-30802", "An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.", "No PoCs found on GitHub currently.", "https://github.com/WarmBrew/web_vul/blob/main/TTX.md"], ["2024", "CVE-2024-1685", "The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1514", "The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24310", "In the module \"Generate barcode on invoice / delivery slip\" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26304", "There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.", "https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/wy876/POC", "No PoCs from references."], ["2024", "CVE-2024-3691", "A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nikhil-aniill/Small-CRM-CVE", "https://github.com/nikhil-aniill/Small-CRM-CVE
https://vuldb.com/?submit.312975"], ["2024", "CVE-2024-1405", "A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28187", "SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the execution of arbitrary OS commands through specially crafted file names containing a semicolon, affecting the jpegoptim functionality. This vulnerability has been patched in version 3.14.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28216", "nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0769", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md"], ["2024", "CVE-2024-34359", "llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenizers,` and `hardware settings`, `__init__` also loads the `chat template` from targeted `.gguf` 's Metadata and furtherly parses it to `llama_chat_format.Jinja2ChatFormatter.to_chat_handler()` to construct the `self.chat_handler` for this model. Nevertheless, `Jinja2ChatFormatter` parse the `chat template` within the Metadate with sandbox-less `jinja2.Environment`, which is furthermore rendered in `__call__` to construct the `prompt` of interaction. This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload.", "No PoCs found on GitHub currently.", "https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829"], ["2024", "CVE-2024-3440", "A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/edit_profile.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259693 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28174", "In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32477", "Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between `libc::tcflush(0, libc::TCIFLUSH)` and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the user input. Some ANSI escape sequences act as a info request to the master terminal emulator and the terminal emulator sends back the reply in the PTY channel. standard streams also use this channel to send and get data. For example the `\\033[6n` sequence requests the current cursor position. These sequences allow us to append data to the standard input of Deno. This vulnerability allows an attacker to bypass Deno permission policy. This vulnerability is fixed in 1.42.2.", "No PoCs found on GitHub currently.", "https://github.com/denoland/deno/security/advisories/GHSA-95cj-3hr2-7j5j"], ["2024", "CVE-2024-30572", "Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Netgear-R6850%20V1.1.0.88%20Command%20Injection(ntp_server).md"], ["2024", "CVE-2024-4393", "The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21905", "An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 build 20231110 and laterQuTS hero h5.1.3.2578 build 20231110 and laterQuTScloud c5.1.5.2651 and later", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29189", "PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21845", "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23940", "Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.", "No PoCs found on GitHub currently.", "https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1"], ["2024", "CVE-2024-1924", "A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254859.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md"], ["2024", "CVE-2024-23643", "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator\u2019s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7"], ["2024", "CVE-2024-28125", "FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23752", "GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/gventuri/pandas-ai/issues/868"], ["2024", "CVE-2024-23851", "copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26177", "Windows Kernel Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1676", "Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://issues.chromium.org/issues/40944847"], ["2024", "CVE-2024-29309", "An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service.", "No PoCs found on GitHub currently.", "https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858"], ["2024", "CVE-2024-29098", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calameo WP Calameo allows Stored XSS.This issue affects WP Calameo: from n/a through 2.1.7.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-28065", "In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.", "No PoCs found on GitHub currently.", "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-007.txt"], ["2024", "CVE-2024-23612", "An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4113", "A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. This vulnerability affects the function sub_42D4DC of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/fromSetSysTime.md"], ["2024", "CVE-2024-21410", "Microsoft Exchange Server Elevation of Privilege Vulnerability", "https://github.com/FreakyM0ndy/CVE-2024-21410-poc
https://github.com/JohnBordon/CVE-2024-21410-poc
https://github.com/Ostorlab/KEV
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-2489", "A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetQosBand.md"], ["2024", "CVE-2024-2718", "A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257471.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25388", "drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-26270", "The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user\u2019s hashed password in the page\u2019s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30867", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3474", "The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/e5c3e145-6738-4d85-8507-43ca1b1d5877/"], ["2024", "CVE-2024-24375", "SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32962", "xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional validation steps, the default configuration allows a malicious actor to re-sign an XML document, place the certificate in a `` element, and pass `xml-crypto` default validation checks. As a result `xml-crypto` trusts by default any certificate provided via digitally signed XML document's ``. `xml-crypto` prefers to use any certificate provided via digitally signed XML document's `` even if library was configured to use specific certificate (`publicCert`) for signature verification purposes. An attacker can spoof signature verification by modifying XML document and replacing existing signature with signature generated with malicious private key (created by attacker) and by attaching that private key's certificate to `` element. This vulnerability is combination of changes introduced to `4.0.0` on pull request 301 / commit `c2b83f98` and has been addressed in version 6.0.0 with pull request 445 / commit `21201723d`. Users are advised to upgrade. Users unable to upgrade may either check the certificate extracted via `getCertFromKeyInfo` against trusted certificates before accepting the results of the validation or set `xml-crypto's getCertFromKeyInfo` to `() => undefined` forcing `xml-crypto` to use an explicitly configured `publicCert` or `privateKey` for signature verification.", "No PoCs found on GitHub currently.", "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-2xp3-57p7-qf4v"], ["2024", "CVE-2024-30927", "Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component.", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-3534", "A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259904.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1431", "A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28222", "In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.", "https://github.com/JohnHormond/CVE-2024-21762-Fortinet-RCE-WORK
https://github.com/c0d3b3af/CVE-2024-28222-NetBackup-RCE-exploit
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-30624", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_urls.md"], ["2024", "CVE-2024-2749", "The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories for example) despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 configurations.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/c0640d3a-80b3-4cad-a3cf-fb5d86558e91/"], ["2024", "CVE-2024-21441", "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30735", "** DISPUTED ** An arbitrary file upload vulnerability has been discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via crafted payload to the file upload mechanism of the ROS system, including the server\u2019s functionality for handling file uploads and the associated validation processes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30735", "No PoCs from references."], ["2024", "CVE-2024-3425", "A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1520", "An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.", "https://github.com/timothee-chauvin/eyeballvul", "No PoCs from references."], ["2024", "CVE-2024-35050", "An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin.", "No PoCs found on GitHub currently.", "https://github.com/javahuang/SurveyKing/issues/57"], ["2024", "CVE-2024-22628", "Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31459", "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"], ["2024", "CVE-2024-22768", "Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-5069", "A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264926 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.264926"], ["2024", "CVE-2024-1460", "MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver.\u00a0The handle to the driver can only be obtained from a high integrity process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://fluidattacks.com/advisories/mingus/"], ["2024", "CVE-2024-23896", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30675", "** DISPUTED ** Unauthorized node injection vulnerability in ROS2 Iron Irwini in ROS_VERSION 2 and ROS_PYTHON_VERSION 3. This vulnerability could allow a malicious user to escalate privileges by injecting malicious ROS2 nodes into the system remotely. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30675", "No PoCs from references."], ["2024", "CVE-2024-21501", "Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557
https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334"], ["2024", "CVE-2024-2598", "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/select_send_2.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2609", "The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25108", "Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf"], ["2024", "CVE-2024-26143", "Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in \"_html\", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1941", "Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4127", "A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/guestWifiRuleRefresh.md"], ["2024", "CVE-2024-3844", "Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28111", "Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1801", "In Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21663", "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/DEMON1A/Discord-Recon/issues/23"], ["2024", "CVE-2024-30686", "** DISPUTED ** An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30686", "No PoCs from references."], ["2024", "CVE-2024-30985", "SQL Injection vulnerability in \"B/W Dates Reports\" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via \"todate\" and \"fromdate\" parameters.", "No PoCs found on GitHub currently.", "https://medium.com/@shanunirwan/cve-2024-30985-sql-injection-vulnerability-in-client-management-system-using-php-mysql-1-1-c21fecbda062"], ["2024", "CVE-2024-23865", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32880", "pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f"], ["2024", "CVE-2024-1702", "A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/omarexala/PHP-MYSQL-User-Login-System---SQL-Injection"], ["2024", "CVE-2024-3487", "Broken Authentication vulnerability discovered in OpenText\u2122 iManager 3.2.6.0200.\u00a0Thisvulnerability allows an attacker to manipulate certain parameters to bypassauthentication.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26283", "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24386", "An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.", "https://github.com/erick-duarte/CVE-2024-24386
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1582", "The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28391", "SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30406", "A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices\u00a0using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials.This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using\u00a0the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.\u00a0This issue does not affect releases before 23.1R1-EVO.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21632", "omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.descope.com/blog/post/noauth"], ["2024", "CVE-2024-4036", "The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26052", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23834", "Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1753", "A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1552", "Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2838", "The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21433", "Windows Print Spooler Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4237", "A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/R7WebsSecurityHandler.md"], ["2024", "CVE-2024-30596", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetDeviceName_deviceId.md"], ["2024", "CVE-2024-30607", "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_deviceId.md"], ["2024", "CVE-2024-3985", "The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28190", "Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23476", "The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22819", "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.", "No PoCs found on GitHub currently.", "https://github.com/mafangqian/cms/blob/main/2.md"], ["2024", "CVE-2024-1783", "A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3686", "A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26313", "Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24096", "Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.", "https://github.com/ASR511-OO7/CVE-2024-24096
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3406", "The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/1bfab060-64d2-4c38-8bc8-a8f81c5a6e0d/"], ["2024", "CVE-2024-3797", "A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260764.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/QR%20Code%20Bookmark%20System/QR%20Code%20Bookmark%20System%20-%20SQL%20Injection.md"], ["2024", "CVE-2024-30716", "** DISPUTED ** An insecure logging vulnerability in ROS2 Dashing Diademata ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attacks to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30716", "No PoCs from references."], ["2024", "CVE-2024-30656", "An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame.", "https://github.com/Yashodhanvivek/Firebolt-wristphone-vulnerability
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28250", "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.14.8 and 1.15.2 in in native routing mode (`routingMode=native`) and in Cilium 1.14.4 in tunneling mode (`routingMode=tunnel`). Not that in tunneling mode, `encryption.wireguard.encapsulate` must be set to `true`. There is no known workaround for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1443", "MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver.\u00a0The handle to the driver can only be obtained from a high integrity process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26342", "A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Nicholas-wei/bug-discovery/blob/main/asus/2/ASUS_ac68u.md"], ["2024", "CVE-2024-2929", "A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25309", "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-7.md"], ["2024", "CVE-2024-2799", "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3867", "The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "https://github.com/c4cnm/CVE-2024-3867
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-21491", "Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.

**Note:**

The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23605", "A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1962", "The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/469486d4-7677-4d66-83c0-a6b9ac7c503b/"], ["2024", "CVE-2024-1661", "A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-Totolink/X6000R-Hardcoded-Password.md"], ["2024", "CVE-2024-26160", "Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3764", "** DISPUTED ** ** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 5.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-260604. NOTE: The vendor explains that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22569", "Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Num-Nine/CVE/issues/12"], ["2024", "CVE-2024-22429", "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21640", "Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.", "No PoCs found on GitHub currently.", "https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh"], ["2024", "CVE-2024-23745", "** DISPUTED ** In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/louiselalanne/CVE-2024-23745
https://github.com/louiselalanne/louiselalanne
https://github.com/nomi-sec/PoC-in-GitHub", "https://blog.xpnsec.com/dirtynib/
https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model
https://github.com/louiselalanne/CVE-2024-23745"], ["2024", "CVE-2024-1822", "A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28132", "Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25249", "An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.", "https://github.com/intbjw/CVE-2024-25249
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1933", "Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2459", "The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-35340", "Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24034", "Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.", "https://github.com/ELIZEUOPAIN/CVE-2024-24034
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ELIZEUOPAIN/CVE-2024-24034/tree/main"], ["2024", "CVE-2024-26131", "Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3735", "A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "https://vuldb.com/?submit.311153"], ["2024", "CVE-2024-1770", "The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23817", "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS). To remediate the issue, validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks; and implement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-7947-48q7-cp5m"], ["2024", "CVE-2024-25189", "libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25218", "A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20Cross-Site-Scripting%20-1.md"], ["2024", "CVE-2024-2688", "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2519", "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as problematic. Affected is an unknown function of the file navbar.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256956. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20navbar.php.md"], ["2024", "CVE-2024-28163", "Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration\u00a0(PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30662", "** DISPUTED ** An issue was discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30662", "No PoCs from references."], ["2024", "CVE-2024-4083", "The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33899", "RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.", "No PoCs found on GitHub currently.", "https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983"], ["2024", "CVE-2024-29108", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0818", "Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9"], ["2024", "CVE-2024-23881", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1477", "The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by the plugin.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24333", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/15/TOTOlink%20A3300R%20setWiFiAclRules.md"], ["2024", "CVE-2024-0958", "A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203.", "No PoCs found on GitHub currently.", "https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing"], ["2024", "CVE-2024-20839", "Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30722", "** DISPUTED ** An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30722", "No PoCs from references."], ["2024", "CVE-2024-4252", "A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the function formSetUrlFilterRule. The manipulation of the argument groupIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i22/formSetUrlFilterRule.md"], ["2024", "CVE-2024-23553", "A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.", "https://github.com/kaje11/CVEs", "No PoCs from references."], ["2024", "CVE-2024-30633", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security.md"], ["2024", "CVE-2024-32736", "A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\u00a0An unauthenticated remote attacker can leak sensitive information via the \"query_utask_verbose\" function within MCUDBHelper.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2024-14"], ["2024", "CVE-2024-3523", "A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259894 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26327", "An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0849", "Leanote version 2.7.0 allows obtaining arbitrary local files. This is possiblebecause the application is vulnerable to LFR.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29019", "ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/advisories/GHSA-9p43-hj5j-96h5
https://github.com/esphome/esphome/security/advisories/GHSA-5925-88xh-6h99"], ["2024", "CVE-2024-1566", "The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could lead to undesired redirection to phishing sites or malicious web pages.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26267", "In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30870", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21407", "Windows Hyper-V Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/swagcrafte/CVE-2024-21407-POC
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-4203", "The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only affects sites running the premium version of the plugin.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23502", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category \u2013 List Category Posts Or Recent Posts allows Stored XSS.This issue affects Posts List Designer by Category \u2013 List Category Posts Or Recent Posts: from n/a through 3.3.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20868", "Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24140", "Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'", "https://github.com/BurakSevben/CVE-2024-24140
https://github.com/BurakSevben/CVEs
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/BurakSevben/Daily_Habit_Tracker_App_SQL_Injection"], ["2024", "CVE-2024-26045", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3641", "The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/f4047f1e-d5ea-425f-8def-76dd5e6a497e/"], ["2024", "CVE-2024-3942", "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4021", "A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Configuration Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261673 was assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21625", "SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28157", "Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1847", "Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0428", "The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23660", "The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln/"], ["2024", "CVE-2024-28386", "An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1604", "Improper authorization in the report management and creation module of BMC Control-M branches\u00a09.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate.Fix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.201.", "https://github.com/DojoSecurity/DojoSecurity
https://github.com/NaInSec/CVE-LIST
https://github.com/afine-com/research", "No PoCs from references."], ["2024", "CVE-2024-35374", "Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.", "No PoCs found on GitHub currently.", "https://chocapikk.com/posts/2024/mocodo-vulnerabilities/"], ["2024", "CVE-2024-30883", "Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function.", "No PoCs found on GitHub currently.", "https://github.com/jianyan74/rageframe2/issues/114"], ["2024", "CVE-2024-26294", "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.", "https://github.com/kaje11/CVEs", "No PoCs from references."], ["2024", "CVE-2024-26105", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23872", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21674", "This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server.Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction.Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher releaseSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30691", "** DISPUTED ** An issue was discovered in ROS2 Galactic Geochelone in version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30691", "No PoCs from references."], ["2024", "CVE-2024-23771", "darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32405", "Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/178101/Relate-Cross-Site-Scripting.html
https://portswigger.net/web-security/cross-site-scripting/stored"], ["2024", "CVE-2024-32794", "Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28106", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.", "No PoCs found on GitHub currently.", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r"], ["2024", "CVE-2024-21734", "SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1956", "The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/d7034ac2-0098-48d2-9ba9-87e09b178f7d/"], ["2024", "CVE-2024-1655", "Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/lnversed/CVE-2024-1655
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3750", "The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22353", "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0337", "The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/"], ["2024", "CVE-2024-25533", "Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#information-leakage-and-unauthorized-access-to-sensitive-data"], ["2024", "CVE-2024-0277", "A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This vulnerability affects unknown code of the file party_submit.php. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249832.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31062", "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field.", "No PoCs found on GitHub currently.", "https://github.com/sahildari/cve/blob/master/CVE-2024-31062.md
https://portswigger.net/web-security/cross-site-scripting/stored"], ["2024", "CVE-2024-2263", "Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/ec092ed9-eb3e-40a7-a878-ab854104e290/"], ["2024", "CVE-2024-0226", "Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25422", "SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31033", "** DISPUTED ** JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class. NOTE: the vendor disputes this because the \"ignores\" behavior cannot occur (in any version) unless there is a user error in how JJWT is used, and because the version that was actually tested must have been more than six years out of date.", "https://github.com/2308652512/JJWT_BUG
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2101", "The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the malicious script is executed in the admin context.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/b3a0bb3f-50b2-4dcb-b23c-b08480363a4a/"], ["2024", "CVE-2024-27705", "Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.", "No PoCs found on GitHub currently.", "https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-27705"], ["2024", "CVE-2024-25591", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25903", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-35618", "PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26529", "An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.", "No PoCs found on GitHub currently.", "https://github.com/mz-automation/libiec61850/issues/492
https://github.com/mz-automation/libiec61850/issues/495"], ["2024", "CVE-2024-25843", "In the module \"Import/Update Bulk Product from any Csv/Excel File Pro\" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.", "No PoCs found on GitHub currently.", "https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html"], ["2024", "CVE-2024-22120", "Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to \"Audit Log\". Due to \"clientip\" field is not sanitized, it is possible to injection SQL into \"clientip\" and exploit time based blind SQL injection.", "https://github.com/GhostTroops/TOP
https://github.com/W01fh4cker/CVE-2024-22120-RCE
https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/fireinrain/github-trending
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sampsonv/github-trending
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC
https://github.com/zhaoxiaoha/github-trending", "https://support.zabbix.com/browse/ZBX-24505"], ["2024", "CVE-2024-20025", "In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31351", "Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic \u2013 AI Content Writer & Generator.This issue affects Copymatic \u2013 AI Content Writer & Generator: from n/a through 1.6.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-25740", "A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25651", "User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0055", "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29945", "In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33345", "D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/DIR-823g/UploadFirmware"], ["2024", "CVE-2024-26578", "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.Users are recommended to upgrade to version [1.2.5], which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1279", "The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/4c537264-0c23-428e-9a11-7a9e74fb6b69/"], ["2024", "CVE-2024-21318", "Microsoft SharePoint Server Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21089", "Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: Request Submission and Scheduling). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Concurrent Processing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-25711", "diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0284", "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29805", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2317", "A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-2086", "The Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.", "https://github.com/MrCyberSecs/CVE-2024-2086-GOOGLE-DRIVE
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-0183", "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29893", "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD's helm package, does not limit the size nor time while fetching the data. It fetches it and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out of it. A patch for this vulnerability has been released in v2.10.3, v2.9.8, and v2.8.12.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24879", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33102", "A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter.", "No PoCs found on GitHub currently.", "https://github.com/thinksaas/ThinkSAAS/issues/35"], ["2024", "CVE-2024-29401", "xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/menghaining/PoC/blob/main/xzs-mysql/xzs-mysql%20--%20PoC.md"], ["2024", "CVE-2024-29790", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22336", "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4858", "The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24939", "In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27453", "In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).", "No PoCs found on GitHub currently.", "https://www.exsiliumsecurity.com/CVE-2024-27453.html"], ["2024", "CVE-2024-0352", "A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120.", "https://github.com/Tropinene/Yscanner
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-24828", "pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21\u2019s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0243", "With the following crawler configuration:```pythonfrom bs4 import BeautifulSoup as Soupurl = \"https://example.com\"loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, \"html.parser\").text)docs = loader.load()```An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like \"https://example.completely.different/my_file.html\" and the crawler would proceed to download that file as well even though `prevent_outside=True`.https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51Resolved in https://github.com/langchain-ai/langchain/pull/15559", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861"], ["2024", "CVE-2024-25447", "An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/derf/feh/issues/709"], ["2024", "CVE-2024-33153", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22227", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29450", "** DISPUTED ** An issue has been discovered in the permission and access control components within ROS2 Humble Hawksbill, in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the authentication system, including protocols, processes, and checks designed to verify the identities of users or devices attempting to access the ROS2 system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29450", "No PoCs from references."], ["2024", "CVE-2024-4809", "A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file setting.php. The manipulation of the argument logo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263929 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33382", "An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27793", "The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution.", "https://github.com/h26forge/h26forge", "No PoCs from references."], ["2024", "CVE-2024-2206", "An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the `build_proxy_request` function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2197", "Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29982", "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0303", "A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25507", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#plan_template_previewaspx"], ["2024", "CVE-2024-29732", "A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via \"user\" parameter.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22145", "Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8.", "https://github.com/RandomRobbieBF/CVE-2024-22145
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27923", "Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.", "No PoCs found on GitHub currently.", "https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v"], ["2024", "CVE-2024-20040", "In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27620", "An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/177506/Ladder-0.0.21-Server-Side-Request-Forgery.html"], ["2024", "CVE-2024-4528", "A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263131.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss2.md"], ["2024", "CVE-2024-22005", "there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20291", "A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.

This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.", "https://github.com/BetterCzz/CVE-2024-20291-POC
https://github.com/Instructor-Team8/CVE-2024-20291-POC
https://github.com/greandfather/CVE-2024-20291-POC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3208", "The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24698", "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22285", "Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.This issue affects Frontpage Manager: from n/a through 1.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33260", "Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/jerryscript-project/jerryscript/issues/5133"], ["2024", "CVE-2024-20011", "In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27972", "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/truonghuuphuc/CVE-2024-27972-Poc", "No PoCs from references."], ["2024", "CVE-2024-3319", "An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23278", "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30398", "An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state.This issue affects Junos OS:\u00a0\u00a0 * 21.2 before\u00a021.2R3-S7, * 21.4 before 21.4R3-S6,\u00a0 * 22.1 before 22.1R3-S5, * 22.2 before 22.2R3-S3, * 22.3 before 22.3R3-S2, * 22.4 before 22.4R3, * 23.2 before\u00a023.2R1-S2, 23.2R2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2075", "A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md"], ["2024", "CVE-2024-0170", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2135", "A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospital_activities/birth/form of the component Hospital Activities Page. The manipulation of the argument Description with the input

leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255497 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25634", "alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue.", "No PoCs found on GitHub currently.", "https://github.com/alfio-event/alf.io/security/advisories/GHSA-5wcv-pjc6-mxvv"], ["2024", "CVE-2024-0030", "In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4439", "WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.", "https://github.com/MielPopsssssss/CVE-2024-4439
https://github.com/Ostorlab/KEV
https://github.com/d0rb/CVE-2024-4439
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3259", "A vulnerability was found in SourceCodester Internship Portal Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/delete_activity.php. The manipulation of the argument activity_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259108.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25937", "SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31225", "RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a size check before copying data to the `_result_buf` static buffer. If an attacker can craft a long enough payload, they could cause a buffer overflow. If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.", "https://github.com/0xdea/advisories
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-25624", "Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web` is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability can lead to an arbitrary Remote Code Execution. An authenticated administrator has to upload a crafted report template containing the payload. Upon generation of a report based on the weaponized report, any user can trigger the vulnerability. The vulnerability is patched in IRIS v2.4.6. No workaround is available. It is recommended to update as soon as possible. Until patching, review the report templates and keep the administrative privileges that include the upload of report templates limited to dedicated users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22044", "A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25927", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash \u2013 custom post order.This issue affects postMash \u2013 custom post order: from n/a through 1.2.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3098", "A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.", "https://github.com/zgimszhd61/llm-security-quickstart", "No PoCs from references."], ["2024", "CVE-2024-27962", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20001", "In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25867", "A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-SQL_Injection_Add_Type.md"], ["2024", "CVE-2024-33270", "An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29870", "SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27661", "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2065", "A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/update-resident.php. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255380.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Barangay%20Population%20Monitoring%20System/Stored%20XSS%20update-resident.php%20.md"], ["2024", "CVE-2024-30388", "An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss.This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4before 20.4R3-S8, * 21.2 versions from 21.2R3-S2before 21.2R3-S6, * 21.4 versions from 21.4R2before 21.4R3-S4, * 22.1 versions from22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25675", "An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27770", "Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE-23: Relative Path Traversal", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2174", "Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3218", "A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondata[callee]/jsondata[imagename] leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259065 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/garboa/cve_3/blob/main/file_put_content.md"], ["2024", "CVE-2024-3189", "The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20050", "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27933", "Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node child_process IPC relies on the JS side to pass the raw IPC file descriptor to `op_node_ipc_pipe()`, which returns a `IpcJsonStreamResource` ID associated with the file descriptor. On closing the resource, the raw file descriptor is closed together.Use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors. This allow standard input (fd 0) to be closed and re-opened for a different resource, which allows a silent permission prompt bypass. This is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions.This bug is known to be exploitable. There is a working exploit that achieves arbitrary code execution by bypassing prompts from zero permissions, additionally abusing the fact that Cache API lacks filesystem permission checks. The attack can be conducted silently as stderr can also be closed, suppressing all prompt outputs.Version 1.39.1 fixes the bug.", "No PoCs found on GitHub currently.", "https://github.com/denoland/deno/security/advisories/GHSA-6q4w-9x56-rmwq"], ["2024", "CVE-2024-3358", "A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument to leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259462 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4538", "IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25735", "An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.", "https://github.com/codeb0ss/CVE-2024-25735-PoC
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "http://packetstormsecurity.com/files/177082"], ["2024", "CVE-2024-27630", "Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.", "https://github.com/ally-petitt/CVE-2024-27630
https://github.com/nomi-sec/PoC-in-GitHub", "https://medium.com/@allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3"], ["2024", "CVE-2024-25985", "In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4819", "A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file admin_class.php. The manipulation of the argument type with the input 1 leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263940.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/IDOR.md"], ["2024", "CVE-2024-25517", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#mfaspx"], ["2024", "CVE-2024-0313", "A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail.", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10418"], ["2024", "CVE-2024-29992", "Azure Identity Library for .NET Information Disclosure Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2216", "A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0253", "ManageEngine ADAudit Plus versions\u00a07270\u00a0and below are vulnerable to the Authenticated SQL injection in\u00a0home Graph-Data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24838", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29440", "** DISPUTED ** An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29440", "No PoCs from references."], ["2024", "CVE-2024-22237", "Aria Operations for Networks contains a local privilege escalation vulnerability.\u00a0A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0342", "A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown function of the file /app/api/controller/default/Sqlite.php. The manipulation of the argument sql leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250110 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2247", "JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34772", "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29883", "CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0193", "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2307", "A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://bugzilla.redhat.com/show_bug.cgi?id=2268513"], ["2024", "CVE-2024-27692", "** REJECT ** * REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-22939. Reason: This candidate is a duplicate of CVE-2024-22939. Notes: All CVE users should reference CVE-2024-22939 instead of this candidate.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27991", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33112", "D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yj94/Yj_learning", "https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md"], ["2024", "CVE-2024-25894", "ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.", "No PoCs found on GitHub currently.", "https://github.com/ChurchCRM/CRM/issues/6849"], ["2024", "CVE-2024-22266", "VMware Avi Load Balancer contains an information disclosure vulnerability.\u00a0A malicious actor with access to the system logs can view cloud connection\u00a0credentials in plaintext.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1269", "A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sajaljat/CVE-2024-1269", "https://github.com/PrecursorYork/Product-Management-System-Using-PHP-and-MySQL-Reflected-XSS-POC/blob/main/README.md"], ["2024", "CVE-2024-27907", "A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22051)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20064", "In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31081", "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25802", "SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33215", "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0294", "A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2391", "A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.exploit-db.com/exploits/51153"], ["2024", "CVE-2024-21099", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-25641", "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the \"Package Import\" feature, allows authenticated users having the \"Import Templates\" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-27744", "Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.", "No PoCs found on GitHub currently.", "https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27744.md"], ["2024", "CVE-2024-22021", "Vulnerability\u202fCVE-2024-22021 allows\u202fa\u202fVeeam Recovery Orchestrator user with a low\u202fprivileged\u202frole (Plan\u202fAuthor)\u202fto retrieve\u202fplans\u202ffrom\u202fa\u202fScope other than the one they are assigned to.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25942", "Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27956", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.", "https://github.com/AiGptCode/WordPress-Auto-Admin-Account-and-Reverse-Shell-cve-2024-27956
https://github.com/FoxyProxys/CVE-2024-27956
https://github.com/NaInSec/CVE-LIST
https://github.com/Ostorlab/KEV
https://github.com/W3BW/CVE-2024-27956-RCE-File-Package
https://github.com/X-Projetion/CVE-2024-27956-WORDPRESS-RCE-PLUGIN
https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/diego-tella/CVE-2024-27956-RCE
https://github.com/fireinrain/github-trending
https://github.com/johe123qwe/github-trending
https://github.com/k3ppf0r/CVE-2024-27956
https://github.com/nancyariah4/CVE-2024-27956
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sampsonv/github-trending
https://github.com/tanjiti/sec_profile
https://github.com/truonghuuphuc/CVE-2024-27956
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/zhaoxiaoha/github-trending", "No PoCs from references."], ["2024", "CVE-2024-22130", "Print preview option in\u00a0SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29844", "Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2051", "CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists thatcould cause account takeover and unauthorized access to the system when an attackerconducts brute-force attacks against the login form.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0014", "In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29904", "CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25610", "In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry\u2019s content text field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2111", "The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33304", "SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via \"Last Name\" under Add Users.", "No PoCs found on GitHub currently.", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-33304.md"], ["2024", "CVE-2024-25913", "Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0236", "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/"], ["2024", "CVE-2024-2333", "A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0x404Ming/CVE_Hunter/blob/main/SQLi-3.md"], ["2024", "CVE-2024-20357", "A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.

This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22252", "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.", "https://github.com/crackmapEZec/CVE-2024-22252-POC", "No PoCs from references."], ["2024", "CVE-2024-22312", "IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22083", "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34905", "FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25572", "Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27477", "In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.", "https://github.com/dead1nfluence/Leantime-POC", "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md"], ["2024", "CVE-2024-34486", "OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/faucetsdn/ryu/issues/190"], ["2024", "CVE-2024-34717", "PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0267", "A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29474", "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34954", "Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ethicalhackerNL/CVEs/blob/main/Budget%20Management/XSS/XSS.md"], ["2024", "CVE-2024-25523", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#file_memoaspx"], ["2024", "CVE-2024-2222", "The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27228", "there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/h26forge/h26forge", "No PoCs from references."], ["2024", "CVE-2024-28056", "Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but \"Effect\":\"Allow\" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat actors with no conditions. Thus, if Amplify CLI had been used to remove the Authentication component from a project built between August 2019 and January 2024, an \"assume role\" may have occurred, and may have been leveraged to obtain unauthorized access to an organization's AWS resources. NOTE: the problem could only occur if an authorized AWS user removed an Authentication component. (The vulnerability did not give a threat actor the ability to remove an Authentication component.) However, in realistic situations, an authorized AWS user may have removed an Authentication component, e.g., if the objective were to stop using built-in Cognito resources, or move to a completely different identity provider.", "No PoCs found on GitHub currently.", "https://securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/"], ["2024", "CVE-2024-4120", "A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindModify.md"], ["2024", "CVE-2024-3843", "Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26144", "Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24041", "A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php.", "https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md
https://portswigger.net/web-security/cross-site-scripting"], ["2024", "CVE-2024-20699", "Windows Hyper-V Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3591", "The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/f85d8b61-eaeb-433c-b857-06ee4db5c7d5/"], ["2024", "CVE-2024-24101", "Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.", "https://github.com/ASR511-OO7/CVE-2024-24101
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-23862", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1705", "A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.254393"], ["2024", "CVE-2024-28116", "Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/akabe1/Graver
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh"], ["2024", "CVE-2024-23761", "Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://herolab.usd.de/security-advisories/usd-2023-0048/"], ["2024", "CVE-2024-21664", "jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in versions 2.0.19 and 1.2.28.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/lestrrat-go/jwx/security/advisories/GHSA-pvcr-v8j8-j5q3"], ["2024", "CVE-2024-30681", "** DISPUTED ** An OS command injection vulnerability has been discovered in ROS2 Iron Irwini version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30681", "No PoCs from references."], ["2024", "CVE-2024-3903", "The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/"], ["2024", "CVE-2024-4060", "Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1917", "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28007", "Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28396", "An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30401", "An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC.Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow.This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2;\u00a0This issue does not affect: * versions of Junos OS prior to\u00a020.3R1; * any version of Junos OS 20.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21775", "Zoho ManageEngine Exchange Reporter Plus versions\u00a05714\u00a0and below are vulnerable to the Authenticated SQL injection in report exporting feature.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4171", "A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromWizardHandle.md"], ["2024", "CVE-2024-27279", "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3480", "An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26284", "Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23833", "OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4"], ["2024", "CVE-2024-24150", "A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.", "No PoCs found on GitHub currently.", "https://github.com/libming/libming/issues/309"], ["2024", "CVE-2024-1754", "The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/c061e792-e37a-4cf6-b46b-ff111c5a5c84/"], ["2024", "CVE-2024-34148", "Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1857", "The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23730", "The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4031", "Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21885", "A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30860", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29009", "** UNSUPPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0919", "A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23452", "Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request.Vulnerability Cause Description\uff1aThe http_parser does not comply with the RFC-7230 HTTP 1.1 specification.Attack\u00a0scenario:If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting.One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.\u00a0Solution:You can choose one solution from below:1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch:\u00a0 https://github.com/apache/brpc/pull/2518", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30623", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_page.md"], ["2024", "CVE-2024-29149", "An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-010.txt"], ["2024", "CVE-2024-30920", "Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component.", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-26337", "swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/matthiaskramm/swftools/issues/223"], ["2024", "CVE-2024-3533", "A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file academic_year_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259903.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0948", "** DISPUTED ** ** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <

>test

leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3422", "A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1527", "Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4242", "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue affects the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formwrlSSIDget.md"], ["2024", "CVE-2024-21446", "NTFS Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20829", "Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20969", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30672", "** DISPUTED ** Arbitrary file upload vulnerability in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via the file upload component. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30672", "No PoCs from references."], ["2024", "CVE-2024-21506", "Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/keltecc/62a7c2bf74a997d0a7b48a0ff3853a03
https://security.snyk.io/vuln/SNYK-PYTHON-PYMONGO-6370597"], ["2024", "CVE-2024-32874", "Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`.", "https://github.com/Sim4n6/Sim4n6", "No PoCs from references."], ["2024", "CVE-2024-23891", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29118", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scrollsequence allows Stored XSS.This issue affects Scrollsequence: from n/a through 1.5.4.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26061", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1760", "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28173", "In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the \"password\" type could be disclosed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2509", "The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://research.cleantalk.org/cve-2024-2509/
https://wpscan.com/vulnerability/dec4a632-e04b-4fdd-86e4-48304b892a4f/"], ["2024", "CVE-2024-36079", "An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-25208", "Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Barangay%20Population%20Monitoring%20System/Barangay%20Population%20System%20-%20XSS-1.md"], ["2024", "CVE-2024-25199", "Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2449", "A cross-site request forgery vulnerability has been identified in LoadMaster.\u00a0 It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.", "https://github.com/NaInSec/CVE-LIST
https://github.com/RhinoSecurityLabs/CVEs", "No PoCs from references."], ["2024", "CVE-2024-1923", "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BSimple%20Student%20Attendance%20System%20using%20PHP%20and%20MySQL%5D%20SQLi%20on%20ajax-api.php%3Faction=delete_class.md"], ["2024", "CVE-2024-31759", "An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.", "No PoCs found on GitHub currently.", "https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158
https://github.com/menghaining/PoC/blob/main/PublicCMS/publishCMS--PoC.md"], ["2024", "CVE-2024-5229", "The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3634", "The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/76e000e0-314f-4e39-8871-68bf8cc95b22/"], ["2024", "CVE-2024-26030", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24135", "Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.", "https://github.com/BurakSevben/CVE-2024-24135
https://github.com/BurakSevben/CVEs
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/BurakSevben/2024_Product_Inventory_with_Export_to_Excel_XSS/"], ["2024", "CVE-2024-1731", "The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post meta option. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31648", "Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.", "No PoCs found on GitHub currently.", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31648.md"], ["2024", "CVE-2024-2558", "A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formexeCommand.md"], ["2024", "CVE-2024-28122", "JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259"], ["2024", "CVE-2024-1832", "A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254623.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23755", "ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21650", "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the \"first name\" or \"last name\" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1972", "A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255128.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3877", "A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromqossetting.md"], ["2024", "CVE-2024-4114", "A vulnerability, which was classified as critical, has been found in Tenda TX9 22.03.02.10. This issue affects the function sub_42C014 of the file /goform/PowerSaveSet. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/setSmartPowerManagement.md"], ["2024", "CVE-2024-3774", "aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26170", "Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1671", "Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://issues.chromium.org/issues/41487933"], ["2024", "CVE-2024-32743", "A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.", "https://github.com/adiapera/xss_security_wondercms_3.4.3", "https://github.com/adiapera/xss_security_wondercms_3.4.3"], ["2024", "CVE-2024-28240", "The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2939", "A vulnerability classified as problematic has been found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258030 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26352", "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3416", "A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2879", "The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/JohnNetSouldRU/CVE-2024-2879-POC
https://github.com/Ostorlab/KEV
https://github.com/RansomGroupCVE/CVE-2024-22328-POC
https://github.com/herculeszxc/CVE-2024-2879
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-1981", "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/tanjiti/sec_profile", "https://research.hisolutions.com/2024/01/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration/"], ["2024", "CVE-2024-28091", "Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion).", "https://github.com/actuator/cve", "No PoCs from references."], ["2024", "CVE-2024-21472", "Memory corruption in Kernel while handling GPU operations.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30706", "** DISPUTED ** An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30706", "No PoCs from references."], ["2024", "CVE-2024-28180", "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28211", "nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4367", "A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.", "https://github.com/LOURC0D3/CVE-2024-4367-PoC
https://github.com/google/fishy-pdf
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/s4vvysec/CVE-2024-4367-POC
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-30586", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security_5g.md"], ["2024", "CVE-2024-3696", "A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1402", "Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post.", "https://github.com/c0rydoras/cves
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2828", "A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 23165d8cb569048c531150f194fea39f8800b8d5. It is recommended to apply a patch to fix this issue. VDB-257718 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21423", "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30637", "Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/formWriteFacMac.md"], ["2024", "CVE-2024-28231", "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w"], ["2024", "CVE-2024-23446", "An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.elastic.co/community/security"], ["2024", "CVE-2024-35012", "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Thirtypenny77/cms/blob/main/7.md"], ["2024", "CVE-2024-1562", "The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21891", "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26263", "EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2808", "A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md"], ["2024", "CVE-2024-23885", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrymodify.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1473", "The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30965", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Fishkey1/cms/commit/e9d294951ab2dd85709f1d12ad4747f25d326b1b"], ["2024", "CVE-2024-2919", "The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21683", "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\u00a0Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.htmlYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.This vulnerability was found internally.", "https://github.com/W01fh4cker/CVE-2024-21683-RCE
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC", "No PoCs from references."], ["2024", "CVE-2024-30666", "** DISPUTED ** A buffer overflow vulnerability has been discovered in the C++ components of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via improper handling of arrays or strings within these components. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30666", "No PoCs from references."], ["2024", "CVE-2024-23786", "Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30726", "** DISPUTED ** A shell injection vulnerability was discovered in ROS (Robot Operating System) Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS handles shell command execution in components like command interpreters or interfaces that process external inputs. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30726", "No PoCs from references."], ["2024", "CVE-2024-21452", "Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4256", "A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input > leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28320", "Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/177326/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-Account-Takeover.html
https://sospiro014.github.io/Hospital-Management-System-1.0-Insecure-Direct-Object-Reference-+-Account-Takeover"], ["2024", "CVE-2024-2859", "By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24337", "CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nitipoom-jar/CVE-2024-24337
https://github.com/nomi-sec/PoC-in-GitHub", "https://nitipoom-jar.github.io/CVE-2024-24337/"], ["2024", "CVE-2024-3917", "The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/88162016-9fc7-4194-9e81-44c50991f6e9/"], ["2024", "CVE-2024-30695", "** DISPUTED ** An issue was discovered in the default configurations of ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30695", "No PoCs from references."], ["2024", "CVE-2024-30504", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23775", "Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28102", "JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.", "No PoCs found on GitHub currently.", "https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97"], ["2024", "CVE-2024-2578", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22419", "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in commit `55e18f6d1` which will be included in future releases. Users are advised to update when possible.", "No PoCs found on GitHub currently.", "https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p"], ["2024", "CVE-2024-1711", "The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24115", "A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mechaneus/mechaneus.github.io", "https://mechaneus.github.io/CVE-2024-24115.html
https://mechaneus.github.io/CVE-PENDING-COTONTI.html"], ["2024", "CVE-2024-23876", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurecreate.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3614", "A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument nama_customer/alamat_customer/notelp_customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260271.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1651", "Torrentpier version 2.4.1 allows executing arbitrary commands on the server.This is possible because the application is vulnerable to insecure deserialization.", "https://github.com/Whiteh4tWolf/CVE-2024-1651-PoC
https://github.com/hy011121/CVE-2024-1651-exploit-RCE
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sharpicx/CVE-2024-1651-PoC", "No PoCs from references."], ["2024", "CVE-2024-21833", "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to \"Archer AX3000(JP)_V1_1.1.2 Build 20231115\", Archer AX5400 firmware versions prior to \"Archer AX5400(JP)_V1_1.1.2 Build 20231115\", Archer AXE75 firmware versions prior to \"Archer AXE75(JP)_V1_231115\", Deco X50 firmware versions prior to \"Deco X50(JP)_V1_1.4.1 Build 20231122\", and Deco XE200 firmware versions prior to \"Deco XE200(JP)_V1_1.2.5 Build 20231120\".", "https://github.com/H4lo/awesome-IoT-security-article", "No PoCs from references."], ["2024", "CVE-2024-26150", "`@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3857", "The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.", "https://github.com/googleprojectzero/fuzzilli
https://github.com/zhangjiahui-buaa/MasterThesis", "No PoCs from references."], ["2024", "CVE-2024-28042", "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25228", "Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.", "https://github.com/Chocapikk/My-CVEs
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/rkraper339/CVE-2024-25228-POC", "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"], ["2024", "CVE-2024-2529", "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/rooms.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20rooms.php.md"], ["2024", "CVE-2024-23724", "** DISPUTED ** Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\"", "https://github.com/RhinoSecurityLabs/CVEs", "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"], ["2024", "CVE-2024-28153", "Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23827", "Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.", "No PoCs found on GitHub currently.", "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m"], ["2024", "CVE-2024-26041", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3645", "The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22699", "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.", "No PoCs found on GitHub currently.", "https://github.com/biantaibao/cms/blob/main/1.md"], ["2024", "CVE-2024-1600", "A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application.", "https://github.com/timothee-chauvin/eyeballvul", "No PoCs from references."], ["2024", "CVE-2024-24004", "jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.", "No PoCs found on GitHub currently.", "https://github.com/jishenghua/jshERP/issues/99"], ["2024", "CVE-2024-32982", "Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/litestar-org/litestar/security/advisories/GHSA-83pv-qr33-2vcf"], ["2024", "CVE-2024-26101", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3705", "Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3806", "The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc", "No PoCs from references."], ["2024", "CVE-2024-4165", "A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261984. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/G3V15/modifyDhcpRule.md"], ["2024", "CVE-2024-21761", "An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/vulsio/go-cve-dictionary", "No PoCs from references."], ["2024", "CVE-2024-28013", "Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to change settings via the internet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2469", "An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30712", "** DISPUTED ** A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30712", "No PoCs from references."], ["2024", "CVE-2024-1995", "The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above, to retrieve post content that is password protected and/or private.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-28085", "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "https://github.com/giterlizzi/secdb-feeds
https://github.com/kherrick/lobsters
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/skyler-ferrante/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
https://www.openwall.com/lists/oss-security/2024/03/27/5"], ["2024", "CVE-2024-24092", "SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrary code via login.php.", "https://github.com/ASR511-OO7/CVE-2024-24092
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-24303", "SQL Injection vulnerability in HiPresta \"Gift Wrapping Pro\" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1507", "The Prime Slider \u2013 Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26197", "Windows Standards-Based Storage Management Service Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0968", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the vulnerability is not in distributable software.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/566033b9-df20-4928-b4aa-5cd4c3ca1561"], ["2024", "CVE-2024-29138", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEV Institute Restrict User Access \u2013 Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access \u2013 Membership Plugin with Force: from n/a through 2.5.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3542", "A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259912.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28254", "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `\u200eAlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by default uses the `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/events/subscriptions/validation/condition/` endpoint passes user-controlled data `AlertUtil::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and, therefore, any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-235`. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-j86m-rrpr-g8gw"], ["2024", "CVE-2024-20949", "Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21437", "Windows Graphics Component Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4233", "Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28345", "An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL.", "No PoCs found on GitHub currently.", "https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/"], ["2024", "CVE-2024-32646", "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `

.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.", "No PoCs found on GitHub currently.", "https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m"], ["2024", "CVE-2024-20858", "Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29029", "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/"], ["2024", "CVE-2024-0939", "A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/tanjiti/sec_profile", "https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md"], ["2024", "CVE-2024-1556", "The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30840", "A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromDhcpListClient_list1.md"], ["2024", "CVE-2024-1787", "The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'update_rewards_fuel_api_key' parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0879", "Authentication bypass in vector-admin allows a user to register to a vector-admin server while \u201cdomain restriction\u201d is active, even when not owning an authorized email address.", "No PoCs found on GitHub currently.", "https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/"], ["2024", "CVE-2024-30603", "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_urls.md"], ["2024", "CVE-2024-30592", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_page.md"], ["2024", "CVE-2024-4373", "The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28194", "your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows attackers to bypass authentication and authenticate as arbitrary YourSpotify users, including admin users. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-gvcr-g265-j827"], ["2024", "CVE-2024-1884", "This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26135", "MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8"], ["2024", "CVE-2024-33648", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wzy Media Recencio Book Reviews allows Stored XSS.This issue affects Recencio Book Reviews: from n/a through 1.66.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3832", "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21755", "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21615", "An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system.This issue affects:Junos OS: * all versions before 21.2R3-S7,\u00a0 * from 21.4 before 21.4R3-S5,\u00a0 * from 22.1 before 22.1R3-S5,\u00a0 * from 22.2 before 22.2R3-S3,\u00a0 * from 22.3 before 22.3R3-S2,\u00a0 * from 22.4 before 22.4R3,\u00a0 * from 23.2 before 23.2R1-S2.Junos OS Evolved:\u00a0 * all versions before 21.2R3-S7-EVO,\u00a0 * from 21.3 before 21.3R3-S5-EVO,\u00a0 * from 21.4 before 21.4R3-S5-EVO,\u00a0 * from 22.1 before 22.1R3-S5-EVO,\u00a0 * from 22.2 before 22.2R3-S3-EVO,\u00a0 * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO,\u00a0 * from 23.2 before 23.2R1-S2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1877", "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254725 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Leave%20Cancel%20SQL%20Injection.md"], ["2024", "CVE-2024-0418", "A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://cxsecurity.com/issue/WLB-2024010023"], ["2024", "CVE-2024-27319", "Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27088", "es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/medikoo/es5-ext/issues/201"], ["2024", "CVE-2024-35195", "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", "https://github.com/PBorocz/raindrop-io-py", "No PoCs from references."], ["2024", "CVE-2024-26164", "Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4291", "A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/L1ziang/Vulnerability/blob/main/formAddMacfilterRule.md"], ["2024", "CVE-2024-21495", "Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6248275"], ["2024", "CVE-2024-0698", "The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27208", "there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27199", "In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible", "https://github.com/CharonDefalt/CVE-2024-27198-RCE
https://github.com/Donata64/tc_test01
https://github.com/GhostTroops/TOP
https://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-
https://github.com/Stuub/RCity-CVE-2024-27198
https://github.com/W01fh4cker/CVE-2024-27198-RCE
https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hcy-picus/emerging_threat_simulator
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/juev/links
https://github.com/marl-ot/DevSecOps-2024
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/passwa11/CVE-2024-27198-RCE
https://github.com/rampantspark/CVE-2024-27198
https://github.com/sampsonv/github-trending
https://github.com/yoryio/CVE-2024-27198
https://github.com/zhaoxiaoha/github-trending", "No PoCs from references."], ["2024", "CVE-2024-27348", "RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4040", "A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.", "https://github.com/1ncendium/CVE-2024-4040
https://github.com/Mohammaddvd/CVE-2024-4040
https://github.com/Mufti22/CVE-2024-4040
https://github.com/Ostorlab/KEV
https://github.com/Praison001/CVE-2024-4040-CrushFTP-server
https://github.com/Stuub/CVE-2024-4040-SSTI-LFI
https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
https://github.com/Y4tacker/JavaSec
https://github.com/absholi7ly/absholi7ly
https://github.com/airbus-cert/CVE-2024-4040
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/getdrive/PoC
https://github.com/gotr00t0day/CVE-2024-4040
https://github.com/jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerability
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/qt2a23/CVE-2024-4040
https://github.com/rbih-boulanouar/CVE-2024-4040
https://github.com/tanjiti/sec_profile
https://github.com/toxyl/lscve
https://github.com/tr4c3rs/CVE-2024-4040-RCE-POC
https://github.com/tucommenceapousser/CVE-2024-4040-Scanner
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/zgimszhd61/cve-exploit-collection-scanner", "https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/"], ["2024", "CVE-2024-21644", "pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/ltranquility/CVE-2024-21644-Poc
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv"], ["2024", "CVE-2024-23741", "An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.", "https://github.com/V3x0r/CVE-2024-23741
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/giovannipajeu1/CVE-2024-23741
https://github.com/giovannipajeu1/giovannipajeu1
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1826", "A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254614 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1725", "A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3620", "A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260276.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/zyairelai/CVE-submissions/blob/main/kortex-adds-sqli.md"], ["2024", "CVE-2024-22223", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29454", "** DISPUTED ** An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary commands potentially leading to unauthorized system control, data breaches, system and network compromise, and operational disruption. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29454", "No PoCs from references."], ["2024", "CVE-2024-20326", "A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system.This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0247", "A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25443", "An issue in the HuginBase::ImageVariable::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://bugs.launchpad.net/hugin/+bug/2025035"], ["2024", "CVE-2024-28678", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/15.md"], ["2024", "CVE-2024-2193", "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/uthrasri/CVE-2024-2193", "https://www.vusec.net/projects/ghostrace/"], ["2024", "CVE-2024-2202", "The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25503", "Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function.", "No PoCs found on GitHub currently.", "https://github.com/EQSTLab/PoC/tree/main/2024/XSS/CVE-2024-25503"], ["2024", "CVE-2024-34974", "Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter.", "No PoCs found on GitHub currently.", "https://github.com/hunzi0/Vullnfo/tree/main/Tenda/AC18/formSetPPTPServer"], ["2024", "CVE-2024-33386", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/keaidmmc/CVE-2024-33386
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-22363", "SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).", "https://github.com/francoatmega/francoatmega", "No PoCs from references."], ["2024", "CVE-2024-25991", "In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29514", "File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.", "No PoCs found on GitHub currently.", "https://github.com/zzq66/cve6/"], ["2024", "CVE-2024-29794", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27985", "Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31003", "Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp.", "No PoCs found on GitHub currently.", "https://github.com/axiomatic-systems/Bento4/issues/939"], ["2024", "CVE-2024-27517", "Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/webasyst/webasyst-framework/issues/377"], ["2024", "CVE-2024-2313", "If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29897", "CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0187", "The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/b4600411-bee1-4cc8-aee9-0a613ac9b55b/"], ["2024", "CVE-2024-0216", "The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25552", "A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2071", "A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question leads to cross site scripting. The attack may be launched remotely. VDB-255386 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/faq-management-system.md"], ["2024", "CVE-2024-25770", "libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29864", "Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-32299", "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromWizardHandle.md"], ["2024", "CVE-2024-1189", "A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written.", "No PoCs found on GitHub currently.", "https://fitoxs.com/vuldb/15-exploit-perl.txt"], ["2024", "CVE-2024-25873", "Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/dd3x3r/enhavo/blob/main/html-injection-page-content-blockquote-author-v0.13.1.md"], ["2024", "CVE-2024-20015", "In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25933", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31221", "Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2131", "The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0034", "In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21328", "Dynamics 365 Sales Spoofing Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20044", "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID: ALPS08541784.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27927", "RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request.", "No PoCs found on GitHub currently.", "https://github.com/DIYgod/RSSHub/security/advisories/GHSA-3p3p-cgj7-vgw3"], ["2024", "CVE-2024-26548", "An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.", "No PoCs found on GitHub currently.", "https://github.com/cwh031600/vivotek/blob/main/vivotek-FD8166A-uploadfile-dos/vivotek-FD8166A-uploadfile-analysis.md"], ["2024", "CVE-2024-1309", "Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.honeywell.com/us/en/product-security
https://www.kb.cert.org/vuls/id/417980"], ["2024", "CVE-2024-1098", "A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.252455
https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls"], ["2024", "CVE-2024-20295", "A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ"], ["2024", "CVE-2024-31270", "Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27764", "An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34515", "image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists().", "No PoCs found on GitHub currently.", "https://github.com/spatie/image-optimizer/issues/210"], ["2024", "CVE-2024-32019", "Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93"], ["2024", "CVE-2024-2267", "A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 and classified as problematic. This issue affects some unknown processing of the file /shop.php. The manipulation of the argument product_price leads to business logic errors. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256037 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Business%20Logic/Business%20Logic%20shop.php%20.md"], ["2024", "CVE-2024-22097", "A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4928", "A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264464.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0222", "Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-34752", "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.", "https://github.com/password123456/cves", "No PoCs from references."], ["2024", "CVE-2024-2236", "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "https://github.com/GrigGM/05-virt-04-docker-hw
https://github.com/TimoTielens/TwT.Docker.Aspnet
https://github.com/TimoTielens/httpd-security
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fokypoky/places-list", "No PoCs from references."], ["2024", "CVE-2024-22357", "IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20252", "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.

Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24818", "EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in \"Password Change\" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.", "https://github.com/Kerkroups/Kerkroups", "https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j"], ["2024", "CVE-2024-27572", "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md"], ["2024", "CVE-2024-0273", "A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.249828"], ["2024", "CVE-2024-25956", "Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24539", "FusionPBX before 5.2.0 does not validate a session.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2154", "A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255586 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/vanitashtml/CVE-Dumps/blob/main/Unauthenticated%20SQL%20Injection%20-%20Mobile%20Management%20Store.md
https://vuldb.com/?id.255586"], ["2024", "CVE-2024-25655", "Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29941", "Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmwarebinary allows malicious actors to create credentials for any site code and card number that is using the defaultICT encryption.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0051", "In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "No PoCs found on GitHub currently.", "https://android.googlesource.com/platform/frameworks/av/+/a52c14a5b49f26efafa581dea653b4179d66909e"], ["2024", "CVE-2024-2014", "A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/mashroompc0527/CVE/blob/main/vul.md"], ["2024", "CVE-2024-34461", "Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25715", "Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29801", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Petri Damst\u00e9n Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0280", "A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23188", "Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4518", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3378", "A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.2.0.160 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259501 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?submit.310642"], ["2024", "CVE-2024-24479", "** DISPUTED ** A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24568", "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25907", "Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31215", "Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile.A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization\u2019s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2294", "The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4798", "A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263918 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Hefei-Coffee/cve/blob/main/sql5.md"], ["2024", "CVE-2024-4549", "A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.tenable.com/security/research/tra-2024-13"], ["2024", "CVE-2024-2045", "Session version 1.17.5 allows obtaining internal application files and publicfiles from the user's device without the user's consent. This is possiblebecause the application is vulnerable to Local File Read via chat attachments.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25744", "In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.", "https://github.com/ahoi-attacks/heckler
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33250", "An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request.", "No PoCs found on GitHub currently.", "https://github.com/hacker2004/cccccckkkkkk/blob/main/CVE-2024-33250.md"], ["2024", "CVE-2024-31355", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20021", "In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2055", "The \"Rich Filemanager\" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.", "No PoCs found on GitHub currently.", "http://seclists.org/fulldisclosure/2024/Mar/13
https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt"], ["2024", "CVE-2024-4559", "Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31345", "Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.", "https://github.com/Chokopikkk/CVE-2024-31345_exploit
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-20031", "In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541742.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22134", "Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31205", "Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24578", "RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h"], ["2024", "CVE-2024-29900", "Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0381", "The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0010", "A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user\u2019s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.", "https://github.com/afine-com/research", "No PoCs from references."], ["2024", "CVE-2024-2284", "A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-chat.php%20.md"], ["2024", "CVE-2024-0290", "A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29811", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34471", "An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/osvaldotenorio/CVE-2024-34471", "https://github.com/osvaldotenorio/CVE-2024-34471"], ["2024", "CVE-2024-20060", "In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33211", "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24469", "Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.", "No PoCs found on GitHub currently.", "https://github.com/tang-0717/cms/blob/main/2.md"], ["2024", "CVE-2024-3368", "The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/ab78b1a5-e28c-406b-baaf-6d53017f9328/"], ["2024", "CVE-2024-22025", "A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL.An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0041", "In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25645", "Under certain condition\u00a0SAP\u00a0NetWeaver (Enterprise Portal) - version 7.50\u00a0allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23349", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.Users are recommended to upgrade to version [1.2.5], which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29470", "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22196", "Nginx-UI is an online statistics for Server Indicators\u200b\u200b Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `\"desc\"` and `\"id\"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c"], ["2024", "CVE-2024-0263", "A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://0day.today/exploit/description/39212
https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html"], ["2024", "CVE-2024-24808", "pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5"], ["2024", "CVE-2024-25527", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#worklog_template_showaspx"], ["2024", "CVE-2024-0323", "Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules).The FTP server used on the B&RAutomation Runtime supports unsecure encryption mechanisms, such as SSLv3,TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conductman-in-the-middle attacks or to decrypt communications between the affected productclients. \u00a0This issue affects Automation Runtime: from 14.0 before 14.93.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31136", "In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34950", "D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20353", "A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.", "https://github.com/Spl0stus/CVE-2024-20353-CiscoASAandFTD
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/toxyl/lscve
https://github.com/west-wind/Threat-Hunting-With-Splunk", "No PoCs from references."], ["2024", "CVE-2024-29421", "xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code.", "No PoCs found on GitHub currently.", "https://github.com/SpikeReply/advisories/blob/530dbd7ce68600a22c47dd1bcbe360220feda1d9/cve/xmedcon/cve-2024-29421.md"], ["2024", "CVE-2024-22256", "VMware Cloud Director contains a partial information disclosure vulnerability.\u00a0A malicious actor can potentially gather information about organization names based on the behavior of the instance.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33122", "Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24859", "A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25436", "A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/machisri/CVEs-and-Vulnerabilities", "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions"], ["2024", "CVE-2024-0232", "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "https://github.com/GrigGM/05-virt-04-docker-hw
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2277", "A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities", "https://vuldb.com/?id.256046"], ["2024", "CVE-2024-22087", "route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.", "https://github.com/Halcy0nic/Trophies
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/skinnyrad/Trophies", "https://github.com/foxweb/pico/issues/31"], ["2024", "CVE-2024-22011", "In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29666", "Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-1088", "The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1319", "The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts).", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/5904dc7e-1058-4c40-bca3-66ba57b1414b/"], ["2024", "CVE-2024-27774", "Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 -CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25731", "The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi).", "https://github.com/actuator/com.cn.dq.ipc
https://github.com/actuator/cve
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-21338", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/GhostTroops/TOP
https://github.com/UMU618/CVE-2024-21338
https://github.com/Zombie-Kaiser/CVE-2024-21338-x64-build-
https://github.com/aneasystone/github-trending
https://github.com/crackmapEZec/CVE-2024-21338-POC
https://github.com/fireinrain/github-trending
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/gogobuster/CVE-2024-21338-POC
https://github.com/hakaioffsec/CVE-2024-21338
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/varwara/CVE-2024-21338", "https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/"], ["2024", "CVE-2024-1259", "A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27937", "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20054", "In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25832", "F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.", "https://github.com/0xNslabs/CVE-2024-25832-PoC
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC", "https://neroteam.com/blog/f-logic-datacube3-vulnerability-report"], ["2024", "CVE-2024-22040", "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread.
This could allow an unauthenticated remote attacker to crash the network service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25620", "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29874", "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0/sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0164", "Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25760", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27665", "Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.", "https://github.com/Thirukrishnan/CVE-2024-27665
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Thirukrishnan/CVE-2024-27665/"], ["2024", "CVE-2024-2061", "A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/edit_supplier.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255376.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_supplier.php%20SQL%20Injection.md"], ["2024", "CVE-2024-20005", "In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27966", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33274", "Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22100", "MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22291", "Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29777", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28889", "When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1199", "A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \\employee-tasks-php\\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1208", "The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210
https://github.com/karlemilnikka/CVE-2024-1209
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-28639", "Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_1.md"], ["2024", "CVE-2024-0346", "A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing"], ["2024", "CVE-2024-27447", "pretix before 2024.1.1 mishandles file validation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27995", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: from n/a through 4.0.23.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22262", "Applications that use UriComponentsBuilder\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 \u00a0and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.", "https://github.com/SeanPesce/CVE-2024-22243
https://github.com/hinat0y/Dataset1
https://github.com/hinat0y/Dataset10
https://github.com/hinat0y/Dataset11
https://github.com/hinat0y/Dataset12
https://github.com/hinat0y/Dataset2
https://github.com/hinat0y/Dataset3
https://github.com/hinat0y/Dataset4
https://github.com/hinat0y/Dataset5
https://github.com/hinat0y/Dataset6
https://github.com/hinat0y/Dataset7
https://github.com/hinat0y/Dataset8
https://github.com/hinat0y/Dataset9
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-0206", "A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10415"], ["2024", "CVE-2024-0197", "A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.", "https://github.com/ewilded/CVE-2024-0197-POC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27507", "libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25513", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#kaizen_downloadaspx"], ["2024", "CVE-2024-2212", "In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-28668", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/5.md"], ["2024", "CVE-2024-29504", "Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.", "No PoCs found on GitHub currently.", "https://github.com/summernote/summernote/pull/3782"], ["2024", "CVE-2024-25981", "Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22373", "An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20336", "A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29444", "** DISPUTED ** An OS command injection vulnerability has been discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via External Command Execution Modules, System Call Handlers, and Interface Scripts. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29444", "No PoCs from references."], ["2024", "CVE-2024-22233", "In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpathTypically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web\u00a0and org.springframework.boot:spring-boot-starter-security\u00a0dependencies to meet all conditions.", "https://github.com/Ostorlab/KEV
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hinat0y/Dataset1
https://github.com/hinat0y/Dataset10
https://github.com/hinat0y/Dataset11
https://github.com/hinat0y/Dataset12
https://github.com/hinat0y/Dataset2
https://github.com/hinat0y/Dataset3
https://github.com/hinat0y/Dataset4
https://github.com/hinat0y/Dataset5
https://github.com/hinat0y/Dataset6
https://github.com/hinat0y/Dataset7
https://github.com/hinat0y/Dataset8
https://github.com/hinat0y/Dataset9
https://github.com/muneebaashiq/MBProjects
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-33147", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25453", "Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/axiomatic-systems/Bento4/issues/204
https://github.com/axiomatic-systems/Bento4/issues/874"], ["2024", "CVE-2024-2352", "A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\\nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0459", "A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33749", "DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3630", "The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/cbab7639-fdb2-4ee5-b5ca-9e30701a63b7/"], ["2024", "CVE-2024-26034", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24131", "SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hebing123/cve/issues/14"], ["2024", "CVE-2024-3770", "A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260617 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20SQL%20Injection%20-%203.md"], ["2024", "CVE-2024-26174", "Windows Kernel Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1675", "Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://issues.chromium.org/issues/41486208"], ["2024", "CVE-2024-27189", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27218", "In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34069", "Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0688", "The \"WebSub (FKA. PubSubHubbub)\" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0519", "Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/JohnHormond/CVE-2024-0519-Chrome-exploit
https://github.com/Ostorlab/KEV
https://github.com/Oxdestiny/CVE-2024-0519-Chrome-exploit
https://github.com/Threekiii/CVE
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28066", "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).", "No PoCs found on GitHub currently.", "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"], ["2024", "CVE-2024-23611", "An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21485", "Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server.

**Note:**

This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://security.snyk.io/vuln/SNYK-JS-DASHCORECOMPONENTS-6183084
https://security.snyk.io/vuln/SNYK-JS-DASHHTMLCOMPONENTS-6226337
https://security.snyk.io/vuln/SNYK-PYTHON-DASH-6226335
https://security.snyk.io/vuln/SNYK-PYTHON-DASHCORECOMPONENTS-6226334
https://security.snyk.io/vuln/SNYK-PYTHON-DASHHTMLCOMPONENTS-6226336"], ["2024", "CVE-2024-3873", "A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260907.", "No PoCs found on GitHub currently.", "https://vuldb.com/?submit.312623"], ["2024", "CVE-2024-27098", "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0799", "An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2024-07"], ["2024", "CVE-2024-0408", "A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3661", "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.", "https://github.com/apiverve/news-API
https://github.com/bollwarm/SecToolSet
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/giterlizzi/secdb-feeds
https://github.com/leviathansecurity/TunnelVision
https://github.com/tanjiti/sec_profile", "https://news.ycombinator.com/item?id=40279632
https://www.leviathansecurity.com/blog/tunnelvision
https://www.leviathansecurity.com/research/tunnelvision"], ["2024", "CVE-2024-26065", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-35185", "Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends a request to an endpoint and will use the data from the body of the response as the data to evaluate against a certain rule. If the response is sufficiently large, it can drain memory on the machine and crash the Minder server. The attacker can control the remote REST endpoints that Minder sends requests to, and they can configure the remote REST endpoints to return responses with large bodies. They would then instruct Minder to send a request to their configured endpoint that would return the large response which would crash the Minder server. Version 0.0.49 fixes this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24160", "MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.", "No PoCs found on GitHub currently.", "https://github.com/wy876/cve/issues/1"], ["2024", "CVE-2024-3721", "A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/netsecfish/tbk_dvr_command_injection"], ["2024", "CVE-2024-26125", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1624", "An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release R2023 through Release R2024. A specially crafted HTTP request can lead to arbitrary command execution.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mwierszycki/mwierszycki.github.io", "No PoCs from references."], ["2024", "CVE-2024-1927", "A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254863.", "No PoCs found on GitHub currently.", "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20SQLi.md"], ["2024", "CVE-2024-23640", "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf
https://osgeo-org.atlassian.net/browse/GEOS-11149
https://osgeo-org.atlassian.net/browse/GEOS-11155"], ["2024", "CVE-2024-21745", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3822", "The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/ff5411b1-9e04-4e72-a502-e431d774642a/"], ["2024", "CVE-2024-0548", "A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250718 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html"], ["2024", "CVE-2024-29179", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.", "No PoCs found on GitHub currently.", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9"], ["2024", "CVE-2024-26307", "Possible race condition vulnerability in Apache Doris.Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.This could theoretically happen, but the impact would be minimal.This issue affects Apache Doris: before 1.2.8, before 2.0.4.Users are recommended to upgrade to version 2.0.4, which fixes the issue.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26096", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3692", "The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/6f100f85-3a76-44be-8092-06eb8595b0c9/"], ["2024", "CVE-2024-24202", "An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35176", "REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/lifeparticle/Ruby-Cheatsheet", "No PoCs from references."], ["2024", "CVE-2024-32487", "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "https://github.com/marklogic/marklogic-docker", "No PoCs from references."], ["2024", "CVE-2024-28215", "nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28184", "WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3991", "The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4363", "The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title_tag\u2019 parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30613", "Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/setSmartPowerManagement.md"], ["2024", "CVE-2024-20848", "Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21427", "Windows Kerberos Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30850", "An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go", "https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc
https://github.com/nomi-sec/PoC-in-GitHub", "https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/"], ["2024", "CVE-2024-26247", "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3443", "A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/zyairelai/CVE-submissions/blob/main/prison-xss.md"], ["2024", "CVE-2024-1546", "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0929", "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromNatStaticSetting.md"], ["2024", "CVE-2024-29128", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28095", "News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3880", "A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/formWriteFacMac.md"], ["2024", "CVE-2024-30702", "** DISPUTED ** An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30702", "No PoCs from references."], ["2024", "CVE-2024-21476", "Memory corruption when the channel ID passed by user is not validated and further used.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20819", "Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3783", "The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1686", "The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3484", "Path Traversal found\u00a0in OpenText\u2122 iManager 3.2.6.0200. This can lead to privilege escalationor file disclosure.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2479", "A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. This affects an unknown part of the component Cadastro Page. The manipulation of the argument Query leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256887. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/SQU4NCH/SQU4NCH", "No PoCs from references."], ["2024", "CVE-2024-28392", "SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28003", "Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23674", "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\"", "No PoCs found on GitHub currently.", "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1"], ["2024", "CVE-2024-30405", "An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).Continued receipt and processing of these specific packets will sustain the Denial of Service condition.This issue affects:Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-36049", "Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-007/"], ["2024", "CVE-2024-26051", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23837", "LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://redmine.openinfosecfoundation.org/issues/6444"], ["2024", "CVE-2024-1750", "A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254532. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.254532"], ["2024", "CVE-2024-3744", "A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3847", "Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4124", "A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetRemoteWebManage.md"], ["2024", "CVE-2024-2428", "The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/4832e223-4571-4b45-97db-2fd403797c49/"], ["2024", "CVE-2024-2568", "A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257071.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/bigbigbigbaby/cms/blob/main/5.md"], ["2024", "CVE-2024-25269", "libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/strukturag/libheif/issues/1073"], ["2024", "CVE-2024-28283", "There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30514", "Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro \u2013 Payfast Gateway Add On.This issue affects Paid Memberships Pro \u2013 Payfast Gateway Add On: from n/a through 1.4.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4064", "A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/R7WebsSecurityHandler.md"], ["2024", "CVE-2024-3907", "A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formSetCfm.md"], ["2024", "CVE-2024-30986", "Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via \"price\" and \"sname\" parameter.", "No PoCs found on GitHub currently.", "https://medium.com/@shanunirwan/cve-2024-30986-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3fb702d9d510"], ["2024", "CVE-2024-23866", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24105", "SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php.", "https://github.com/ASR511-OO7/CVE-2024-24105
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1701", "A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/omarexala/PHP-MYSQL-User-Login-System---Broken-Access-Control"], ["2024", "CVE-2024-22409", "DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.", "No PoCs found on GitHub currently.", "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv"], ["2024", "CVE-2024-31678", "Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the \"password\" parameter in the \"login.php\" file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CveSecLook/cve/issues/10"], ["2024", "CVE-2024-5099", "A vulnerability was found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updateprice.php. The manipulation of the argument ITEM leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265082 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-2.md"], ["2024", "CVE-2024-4246", "A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formQosManageDouble_user.md"], ["2024", "CVE-2024-30736", "** DISPUTED ** An insecure deserialization vulnerability has been identified in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30736", "No PoCs from references."], ["2024", "CVE-2024-21442", "Windows USB Print Driver Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3426", "A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1523", "EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24327", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md"], ["2024", "CVE-2024-2849", "A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CveSecLook/cve/issues/1"], ["2024", "CVE-2024-26362", "HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/177075/Enpass-Desktop-Application-6.9.2-HTML-Injection.html"], ["2024", "CVE-2024-3566", "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/michalsvoboda76/batbadbut", "No PoCs from references."], ["2024", "CVE-2024-23895", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32773", "Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4097", "The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21502", "Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/keltecc/49da037072276f21b005a8337c15db26
https://github.com/AntonKueltz/fastecdsa/commit/57fc5689c95d649dab7ef60cc99ac64589f01e36
https://security.snyk.io/vuln/SNYK-PYTHON-FASTECDSA-6262045"], ["2024", "CVE-2024-30676", "** DISPUTED ** A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. A malicious user could potentially exploit this vulnerability remotely to crash the ROS2 nodes, thereby causing a denial of service. The flaw allows an attacker to cause unexpected behavior in the operation of ROS2 nodes, which leads to their failure and interrupts the regular operation of the system, thus making it unavailable for its intended users. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30676", "No PoCs from references."], ["2024", "CVE-2024-23516", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4186", "The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21413", "Microsoft Outlook Remote Code Execution Vulnerability", "https://github.com/CMNatic/CVE-2024-21413
https://github.com/DevAkabari/CVE-2024-21413
https://github.com/GhostTroops/TOP
https://github.com/MSeymenD/CVE-2024-21413
https://github.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
https://github.com/Ostorlab/KEV
https://github.com/Threekiii/CVE
https://github.com/X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit
https://github.com/ZonghaoLi777/githubTrending
https://github.com/ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
https://github.com/aneasystone/github-trending
https://github.com/bkzk/cisco-email-filters
https://github.com/dshabani96/CVE-2024-21413
https://github.com/duy-31/CVE-2024-21413
https://github.com/fireinrain/github-trending
https://github.com/hktalent/bug-bounty
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/josephalan42/CTFs-Infosec-Witeups
https://github.com/labesterOct/CVE-2024-21413
https://github.com/madret/KQL
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/r00tb1t/CVE-2024-21413-POC
https://github.com/sampsonv/github-trending
https://github.com/securitycipher/daily-bugbounty-writeups
https://github.com/tanjiti/sec_profile
https://github.com/th3Hellion/CVE-2024-21413
https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
https://github.com/zhaoxiaoha/github-trending", "https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/"], ["2024", "CVE-2024-30864", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupTimePolicy.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3477", "The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/ca5e59e6-c500-4129-997b-391cdf9aa9c7/"], ["2024", "CVE-2024-26333", "swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/matthiaskramm/swftools/issues/219"], ["2024", "CVE-2024-30924", "Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component.", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-3537", "A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259907.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1432", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/bayuncao/vul-cve-12"], ["2024", "CVE-2024-4357", "An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30627", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the deviceId parameter from saveParentControlInfo function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_deviceId.md"], ["2024", "CVE-2024-4346", "The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30636", "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/formQuickIndex.md"], ["2024", "CVE-2024-23447", "An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.elastic.co/community/security"], ["2024", "CVE-2024-28230", "In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1423", "** REJECT ** Accidental Request", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3526", "A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259897 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2809", "A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md"], ["2024", "CVE-2024-1563", "An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32970", "Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities https://github.com/phlex-ruby/phlex/security/advisories/GHSA-242p-4v39-2v8g and https://github.com/phlex-ruby/phlex/security/advisories/GHSA-g7xq-xv8c-h98c, we have invested in extensive browser tests. It was these new tests that helped us uncover these issues. As of now the project exercises every possible attack vector the developers can think of \u2014 including enumerating every ASCII character, and we run these tests in Chrome, Firefox and Safari. Additionally, we test against a list of 6613 known XSS payloads (see: payloadbox/xss-payload-list). The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browsers are when it comes to executing unsafe JavaScript via HTML attributes. If you render an `` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. If you splat user-provided attributes when rendering any HTML or SVG tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. Patches are available on RubyGems for all minor versions released in the last year. Users are advised to upgrade. Users unable to upgrade should configure a Content Security Policy that does not allow `unsafe-inline` which would effectively prevent this vulnerability from being exploited. Users who upgrade are also advised to configure a Content Security Policy header that does not allow `unsafe-inline`.", "No PoCs found on GitHub currently.", "https://github.com/payloadbox/xss-payload-list"], ["2024", "CVE-2024-26262", "EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21890", "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:``` --allow-fs-read=/home/node/.ssh/*.pub```will ignore `pub` and give access to everything after `.ssh/`.This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21793", "An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/FeatherStark/CVE-2024-21793
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-21402", "Microsoft Outlook Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23507", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect \u2013 1-click WP Staging & Migration.This issue affects InstaWP Connect \u2013 1-click WP Staging & Migration: from n/a through 0.1.0.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4086", "The CM Tooltip Glossary \u2013 Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings or reset them via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4317", "Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.", "https://github.com/wiltondb/wiltondb", "No PoCs from references."], ["2024", "CVE-2024-30667", "** DISPUTED ** Insecure deserialization vulnerability in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or obtain sensitive information via crafted input to the data handling components. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30667", "No PoCs from references."], ["2024", "CVE-2024-23787", "Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23884", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnmodify.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1532", "A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24336", "A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and \u2018/members/members-home.pl\u2019 endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and \u2018Patrons Restriction\u2019 components.", "https://github.com/NaInSec/CVE-LIST
https://github.com/nitipoom-jar/CVE-2024-24336
https://github.com/nomi-sec/PoC-in-GitHub", "https://nitipoom-jar.github.io/CVE-2024-24336/"], ["2024", "CVE-2024-3437", "A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fubxx/CVE", "https://vuldb.com/?id.259631"], ["2024", "CVE-2024-2858", "The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/43297210-17a6-4b51-b8ca-32ceef9fc09a/"], ["2024", "CVE-2024-22939", "Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.", "https://github.com/NUDTTAN91/CVE-2024-22939
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/NUDTTAN91/CVE-2024-22939
https://github.com/NUDTTAN91/CVE20240109/blob/master/README.md"], ["2024", "CVE-2024-4257", "A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262149 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "https://github.com/GAO-UNO/cve/blob/main/sql.md"], ["2024", "CVE-2024-21453", "Transient DOS while decoding message of size that exceeds the available system memory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30727", "** DISPUTED ** An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, where the system transmits messages in plaintext, allowing attackers to obtain sensitive information via a man-in-the-middle attack. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30727", "No PoCs from references."], ["2024", "CVE-2024-23877", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1481", "A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://bugzilla.redhat.com/show_bug.cgi?id=2262169"], ["2024", "CVE-2024-21972", "An out of bounds write vulnerability in the AMD Radeon\u2122 user mode driver for DirectX\u00ae\u00a011 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5088", "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22418", "Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename such as \u201c>

.jpg\u201d triggers the vulnerability. When this file is uploaded, the JavaScript code within the filename is executed. This issue has been addressed in version 6.8.29. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp"], ["2024", "CVE-2024-2579", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30505", "Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30694", "** DISPUTED ** A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30694", "No PoCs from references."], ["2024", "CVE-2024-23774", "An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\\SYSTEM privileges.", "https://github.com/Verrideo/CVE-2024-23774
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-23634", "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx
https://osgeo-org.atlassian.net/browse/GEOS-11213"], ["2024", "CVE-2024-2439", "The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/7a375077-fc70-4389-b109-28fce3db2aef/"], ["2024", "CVE-2024-3755", "The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/"], ["2024", "CVE-2024-26151", "The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of `FelixSchwarz/mjml-python` who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input like `<script>` would be rendered as ` leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29455", "** DISPUTED ** An arbitrary file upload vulnerability has been discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via crafted payload to the file upload mechanism of the ROS2 system, including the server\u2019s functionality for handling file uploads and the associated validation processes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29455", "No PoCs from references."], ["2024", "CVE-2024-22222", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29515", "File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.", "No PoCs found on GitHub currently.", "https://github.com/zzq66/cve7/"], ["2024", "CVE-2024-29684", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/iimiss/cms/blob/main/1.md"], ["2024", "CVE-2024-25990", "In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2203", "The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25502", "Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/flusity/flusity-CMS/issues/10"], ["2024", "CVE-2024-25693", "There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory.", "https://github.com/MrSecby/CVE-2024-25693-exploit
https://github.com/awillard1/pentesting
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28679", "DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/19.md"], ["2024", "CVE-2024-27516", "Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/LiveHelperChat/livehelperchat/issues/2054"], ["2024", "CVE-2024-25413", "A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.", "https://github.com/capture0x/My-CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/capture0x/Magento-ver.-2.4.6
https://packetstormsecurity.com/files/175801/FireBear-Improved-Import-And-Export-3.8.6-XSLT-Server-Side-Injection.html"], ["2024", "CVE-2024-0186", "A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29896", "Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be \"allow-listing\" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26979", "In the Linux kernel, the following vulnerability has been resolved:drm/vmwgfx: Fix possible null pointer derefence with invalid contextsvmw_context_cotable can return either an error or a null pointer and itsusage sometimes went unchecked. Subsequent code would then try to accesseither a null pointer or an error value.The invalid dereferences were only possible with malformed userspaceapps which never properly initialized the rendering contexts.Check the results of vmw_context_cotable to fix the invalid derefs.Thanks:ziming zhang(@ezrak1e) from Ant Group Light-Year Security Labwho was the first person to discover it.Niels De Graef who reported it and helped to track down the poc.", "No PoCs found on GitHub currently.", "https://git.kernel.org/stable/c/07c3fe923ff7eccf684fb4f8c953d0a7cc8ded73
https://git.kernel.org/stable/c/517621b7060096e48e42f545fa6646fc00252eac
https://git.kernel.org/stable/c/585fec7361e7850bead21fada49a7fcde2f2e791
https://git.kernel.org/stable/c/899e154f9546fcae18065d74064889d08fff62c2
https://git.kernel.org/stable/c/9cb3755b1e3680b720b74dbedfac889e904605c7
https://git.kernel.org/stable/c/c560327d900bab968c2e1b4cd7fa2d46cd429e3d
https://git.kernel.org/stable/c/ff41e0d4f3fa10d7cdd7d40f8026bea9fcc8b000"], ["2024", "CVE-2024-29795", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more: from n/a through 4.5.24.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31002", "Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.", "No PoCs found on GitHub currently.", "https://github.com/axiomatic-systems/Bento4/issues/939"], ["2024", "CVE-2024-20376", "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31142", "Because of a logical error in XSA-407 (Branch Type Confusion), themitigation is not applied properly when it is intended to be used.XSA-434 (Speculative Return Stack Overflow) uses the sameinfrastructure, so is equally impacted.For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27456", "rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0357", "A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250124.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.250124"], ["2024", "CVE-2024-1188", "A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://fitoxs.com/vuldb/14-exploit-perl.txt"], ["2024", "CVE-2024-1219", "The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/ce4ac9c4-d293-4464-b6a0-82ddf8d4860b/"], ["2024", "CVE-2024-21378", "Microsoft Outlook Remote Code Execution Vulnerability", "https://github.com/JohnHormond/CVE-2024-21378
https://github.com/d0rb/CVE-2024-21378
https://github.com/gam4er/OutlookFormFinder
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-27674", "Macro Expert through 4.9.4 allows BUILTIN\\Users:(OI)(CI)(M) access to the \"%PROGRAMFILES(X86)%\\GrassSoft\\Macro Expert\" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary.", "https://github.com/Alaatk/CVE-2024-27674
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2070", "A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255385 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29865", "Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27734", "A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/sms2056/cms/blob/main/3.md"], ["2024", "CVE-2024-0035", "In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32049", "BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26458", "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "https://github.com/GrigGM/05-virt-04-docker-hw
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fokypoky/places-list", "No PoCs from references."], ["2024", "CVE-2024-25932", "Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix.This issue affects Change Table Prefix: from n/a through 2.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22051", "CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31220", "Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface outside of localhost may be affected, depending on firewall configuration. To exploit vulnerability, attacker could make an http/s request to the `node_modules` endpoint if user exposed Sunshine config web server to internet or attacker is on the LAN. Version 0.18.0 contains a patch for this issue. As a workaround, one may block access to Sunshine via firewall.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22140", "Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20045", "In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27625", "CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the \"New directory\" field.", "https://github.com/capture0x/My-CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/177243/CMS-Made-Simple-2.2.19-Cross-Site-Scripting.html"], ["2024", "CVE-2024-2021", "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/dtxharry/cve/blob/main/cve.md"], ["2024", "CVE-2024-21329", "Azure Connected Machine Agent Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32018", "RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted input, the software may be exposed to attacks that leverage the lack of proper input checks. In detail, in the `nimble_scanlist_update()` function below, `len` is checked in an assertion and subsequently used in a call to `memcpy()`. If an attacker is able to provide a larger `len` value while assertions are compiled-out, they can write past the end of the fixed-length `e->ad` buffer. If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. This issue has not yet been patched. Users are advised to add manual `len` checking.", "https://github.com/0xdea/advisories
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-27765", "Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2161", "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects\u00a0Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version\u00a02.02.0227 .", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22391", "A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26798", "In the Linux kernel, the following vulnerability has been resolved:fbcon: always restore the old font data in fbcon_do_set_font()Commit a5a923038d70 (fbdev: fbcon: Properly revert changes whenvc_resize() failed) started restoring old font data upon failure (ofvc_resize()). But it performs so only for user fonts. It means that the\"system\"/internal fonts are not restored at all. So in result, the veryfirst call to fbcon_do_set_font() performs no restore at all uponfailing vc_resize().This can be reproduced by Syzkaller to crash the system on the nextinvocation of font_get(). It's rather hard to hit the allocation failurein vc_resize() on the first font_set(), but not impossible. Esp. iffault injection is used to aid the execution/failure. It wasdemonstrated by Sirius: BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD cb7b067 P4D cb7b067 PUD cb7d067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8007 Comm: poc Not tainted 6.7.0-g9d1694dc91ce #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:fbcon_get_font+0x229/0x800 drivers/video/fbdev/core/fbcon.c:2286 Call Trace: con_font_get drivers/tty/vt/vt.c:4558 [inline] con_font_op+0x1fc/0xf20 drivers/tty/vt/vt.c:4673 vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] vt_ioctl+0x632/0x2ec0 drivers/tty/vt/vt_ioctl.c:752 tty_ioctl+0x6f8/0x1570 drivers/tty/tty_io.c:2803 vfs_ioctl fs/ioctl.c:51 [inline] ...So restore the font data in any case, not only for user fonts. Note thelater 'if' is now protected by 'old_userfont' and not 'old_data' as thelatter is always set now. (And it is supposed to be non-NULL. Otherwisewe would see the bug above again.)", "No PoCs found on GitHub currently.", "https://git.kernel.org/stable/c/00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f
https://git.kernel.org/stable/c/20a4b5214f7bee13c897477168c77bbf79683c3d
https://git.kernel.org/stable/c/2f91a96b892fab2f2543b4a55740c5bee36b1a6b
https://git.kernel.org/stable/c/73a6bd68a1342f3a44cac9dffad81ad6a003e520
https://git.kernel.org/stable/c/a2c881413dcc5d801bdc9535e51270cc88cb9cd8"], ["2024", "CVE-2024-1099", "A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected is the function getFileOfData of the file /filex/read-raw. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252456.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.yuque.com/mailemonyeyongjuan/tha8tr/dcilugg0htp973nx"], ["2024", "CVE-2024-27462", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/Alaatk/CVE-2024-27462
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-25567", "Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34582", "Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/silent6trinity/CVE-2024-34582", "No PoCs from references."], ["2024", "CVE-2024-24908", "Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2326", "The Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0223", "Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4929", "A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264465 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22356", "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2377", "A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0272", "A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4978", "Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29461", "An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/ErodedElk/399a226905c574efe705e3bff77955e3
https://github.com/floodlight/floodlight/issues/867"], ["2024", "CVE-2024-22216", "In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339).", "https://github.com/chnzzh/Redfish-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20313", "A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25654", "Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3239", "The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/dfa1421b-41b0-4b25-95ef-0843103e1f5e/"], ["2024", "CVE-2024-25957", "Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25817", "Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.", "https://github.com/CuB3y0nd/CuB3y0nd
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/advisories/GHSA-3qx3-6hxr-j2ch
https://www.cubeyond.net/blog/my-cves/eza-cve-report"], ["2024", "CVE-2024-4519", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2384", "The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0281", "A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25714", "In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34460", "The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31214", "Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it's not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably.", "https://github.com/nvn1729/advisories", "https://github.com/traccar/traccar/security/advisories/GHSA-3gxq-f2qj-c8v9"], ["2024", "CVE-2024-24569", "The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow \"escaping\" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2.", "No PoCs found on GitHub currently.", "https://github.com/pixee/java-security-toolkit/security/advisories/GHSA-qh4g-4m4w-jgv2"], ["2024", "CVE-2024-22125", "Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)\u00a0- version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20020", "In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2044", "pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users\u2019 sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.", "https://github.com/NaInSec/CVE-LIST", "https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/"], ["2024", "CVE-2024-4548", "An SQLi vulnerability exists in\u00a0Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.tenable.com/security/research/tra-2024-13"], ["2024", "CVE-2024-20030", "In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541741.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22135", "Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4558", "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2054", "The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the \"www-data\" user.", "https://github.com/Madan301/CVE-2024-2054
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "http://seclists.org/fulldisclosure/2024/Mar/12
https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt"], ["2024", "CVE-2024-29901", "The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2285", "A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-256052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-member-edit.php%20.md"], ["2024", "CVE-2024-4418", "A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being \"freed\" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23319", "Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's\u00a0Jira connection in Mattermost only by viewing the message.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24579", "stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25916", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24468", "Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.", "No PoCs found on GitHub currently.", "https://github.com/tang-0717/cms/blob/main/3.md"], ["2024", "CVE-2024-27902", "Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user\u2019s browser. There is no impact on the availability of the system", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25807", "Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hebing123/cve/issues/17"], ["2024", "CVE-2024-34470", "An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/osvaldotenorio/CVE-2024-34470", "https://github.com/osvaldotenorio/CVE-2024-34470"], ["2024", "CVE-2024-29810", "The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0291", "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2005", "In Blue Planet\u00ae products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected.Blue Planet\u00ae has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2394", "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256454 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md"], ["2024", "CVE-2024-23208", "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.", "https://github.com/fmyyss/XNU_KERNEL_RESEARCH
https://github.com/hrtowii/CVE-2024-23208-test
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-25644", "Under certain conditions SAP NetWeaver\u00a0WSRM\u00a0- version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0040", "In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2145", "A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Mobile%20Management%20Store.md"], ["2024", "CVE-2024-33350", "Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.", "No PoCs found on GitHub currently.", "https://github.com/majic-banana/vulnerability/blob/main/POC/taocms-3.0.2%20Arbitrary%20File%20Writing%20Vulnerability.md"], ["2024", "CVE-2024-22024", "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.", "https://github.com/0dteam/CVE-2024-22024
https://github.com/Ostorlab/KEV
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/inguardians/ivanti-VPN-issues-2024-research
https://github.com/labesterOct/CVE-2024-22024
https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-24809", "Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/traccar/traccar/security/advisories/GHSA-vhrw-72f6-gwp5"], ["2024", "CVE-2024-0262", "A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34483", "OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPBucket.len=0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/faucetsdn/ryu/issues/193"], ["2024", "CVE-2024-25466", "Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.", "https://github.com/FixedOctocat/CVE-2024-25466
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27563", "A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.", "https://github.com/zer0yu/CVE_Request", "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md"], ["2024", "CVE-2024-31077", "Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22206", "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22197", "Nginx-ui is online statistics for Server Indicators\u200b\u200b Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m"], ["2024", "CVE-2024-29471", "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31137", "In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0322", "Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec"], ["2024", "CVE-2024-25526", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#pm_gatt_incaspx"], ["2024", "CVE-2024-2227", "This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0233", "The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/04a708a0-b6f3-47d1-aac9-0bb17f57c61e/"], ["2024", "CVE-2024-24858", "A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22257", "In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22317", "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22086", "handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.", "https://github.com/Halcy0nic/Trophies
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/skinnyrad/Trophies", "https://github.com/hayyp/cherry/issues/1"], ["2024", "CVE-2024-2276", "A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument Venue map leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256045 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-27775", "SysAid before version 23.2.14 b18 -\u00a0CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32399", "Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.", "https://github.com/NN0b0dy/CVE-2024-32399
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/NN0b0dy/CVE-2024-32399/blob/main/README.md"], ["2024", "CVE-2024-25973", "The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities.\u00a0An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser.", "No PoCs found on GitHub currently.", "http://seclists.org/fulldisclosure/2024/Feb/23
https://r.sec-consult.com/openolat"], ["2024", "CVE-2024-22010", "In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20055", "In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27936", "Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41 of the deno_runtime library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to the program are based on the contents that contain the ANSI escape sequences. Any Deno program can spoof the content of the interactive permission prompt by inserting a broken ANSI code, which allows a malicious Deno program to display the wrong file path or program name to the user. Version 1.41 of the deno_runtime library contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw"], ["2024", "CVE-2024-25833", "F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://neroteam.com/blog/f-logic-datacube3-vulnerability-report"], ["2024", "CVE-2024-1258", "A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key
. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26559", "An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "https://syst1m.cn/2024/01/22/U%E9%AA%8C%E8%AF%81%E7%BD%91%E7%BB%9C%E7%94%A8%E6%88%B7%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E/"], ["2024", "CVE-2024-25730", "Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a \"Hitron\" substring, resulting in insufficient entropy (only about one million possibilities).", "https://github.com/actuator/cve
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-25730"], ["2024", "CVE-2024-22041", "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates.
This could allow an unauthenticated remote attacker to crash the network service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25922", "Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1209", "The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210
https://github.com/karlemilnikka/CVE-2024-1209
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1198", "A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27967", "Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20004", "In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985).", "https://github.com/Shangzewen/U-Fuzz
https://github.com/asset-group/5ghoul-5g-nr-attacks
https://github.com/asset-group/U-Fuzz
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22290", "Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33275", "SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0165", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29875", "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2060", "A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/app/login_crud.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255375.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/login_crud.php%20SQL%20Injection.md"], ["2024", "CVE-2024-32288", "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromwebExcptypemanFilter.md"], ["2024", "CVE-2024-0347", "A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2242", "The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018active-tab\u2019 parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0196", "A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2093", "The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content.", "https://github.com/gustavorobertux/CVE-2024-3094", "https://github.com/vektor-inc/vk-all-in-one-expansion-unit/pull/1072"], ["2024", "CVE-2024-27994", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25891", "ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.", "No PoCs found on GitHub currently.", "https://github.com/ChurchCRM/CRM/issues/6856"], ["2024", "CVE-2024-25980", "Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28669", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/10.md"], ["2024", "CVE-2024-25512", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#attachdownloadaspx"], ["2024", "CVE-2024-2182", "A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0256", "The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25452", "Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/axiomatic-systems/Bento4/issues/873"], ["2024", "CVE-2024-2353", "A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md"], ["2024", "CVE-2024-20337", "A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/swagcraftedd/CVE-2024-20337-POC", "No PoCs from references."], ["2024", "CVE-2024-33146", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29445", "** DISPUTED ** An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3 where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29445", "No PoCs from references."], ["2024", "CVE-2024-26035", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3631", "The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/c59a8b49-6f3e-452b-ba9b-50b80c522ee9/"], ["2024", "CVE-2024-24130", "Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hebing123/cve/issues/13"], ["2024", "CVE-2024-33748", "Cross-site scripting (XSS) vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27359", "Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3932", "A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build 20231128.01. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261369 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?submit.314381"], ["2024", "CVE-2024-30521", "Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23610", "An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1977", "The Restaurant Solutions \u2013 Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "No PoCs found on GitHub currently.", "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2022-004"], ["2024", "CVE-2024-4111", "A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub_42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/SetLEDCfg.md"], ["2024", "CVE-2024-21484", "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.

Workaround

The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.", "https://github.com/diotoborg/laudantium-itaque-esse
https://github.com/f1stnpm2/nobis-minima-odio
https://github.com/firanorg/et-non-error
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/kjur/jsrsasign
https://github.com/zibuthe7j11/repellat-sapiente-quas", "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"], ["2024", "CVE-2024-27219", "In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0689", "The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33599", "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.", "https://github.com/GrigGM/05-virt-04-docker-hw", "No PoCs from references."], ["2024", "CVE-2024-33608", "When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21816", "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3771", "A vulnerability was found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this issue is some unknown functionality of the file /edit-subject.php. The manipulation of the argument sub1/sub2/sub3/sub4/udate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260618 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20SQL%20Injection%20-%204.md"], ["2024", "CVE-2024-1674", "Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26064", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21907", "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.", "https://github.com/aargenveldt/SbomTest", "https://alephsecurity.com/vulns/aleph-2018004
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678"], ["2024", "CVE-2024-3660", "A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.", "No PoCs found on GitHub currently.", "https://kb.cert.org/vuls/id/253266
https://www.kb.cert.org/vuls/id/253266"], ["2024", "CVE-2024-24161", "MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.", "No PoCs found on GitHub currently.", "https://github.com/wy876/cve/issues/2"], ["2024", "CVE-2024-28176", "jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4000", "The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_hb' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0409", "A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23641", "SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49"], ["2024", "CVE-2024-1926", "A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254861 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Free%20and%20Open%20Source%20inventory%20management%20system-SQLi.md"], ["2024", "CVE-2024-4140", "An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.", "No PoCs found on GitHub currently.", "https://github.com/rjbs/Email-MIME/issues/66"], ["2024", "CVE-2024-3823", "The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/a138215c-4b8c-4182-978f-d21ce25070d3/"], ["2024", "CVE-2024-21744", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Mapster WP Maps allows Stored XSS.This issue affects Mapster WP Maps: from n/a through 1.2.38.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26124", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3720", "A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260572.", "No PoCs found on GitHub currently.", "https://github.com/scausoft/cve/blob/main/sql.md"], ["2024", "CVE-2024-28185", "Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.", "No PoCs found on GitHub currently.", "https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf"], ["2024", "CVE-2024-28214", "nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23463", "Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30612", "Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md"], ["2024", "CVE-2024-30583", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_mitInterface.md"], ["2024", "CVE-2024-26306", "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.", "https://github.com/chnzzh/OpenSSL-CVE-lib", "No PoCs from references."], ["2024", "CVE-2024-0868", "The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/bb7c2d2b-cdfe-433b-96cf-714e71d12b22/"], ["2024", "CVE-2024-0928", "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md"], ["2024", "CVE-2024-3442", "A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.259695"], ["2024", "CVE-2024-26246", "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30851", "Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.", "https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc"], ["2024", "CVE-2024-1547", "Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28354", "There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges.", "https://github.com/yj94/Yj_learning", "No PoCs from references."], ["2024", "CVE-2024-23523", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21426", "Microsoft SharePoint Server Remote Code Execution Vulnerability", "https://github.com/CVE-searcher/CVE-2024-21426-SharePoint-RCE
https://github.com/Geniorio01/CVE-2024-21426-SharePoint-RCE
https://github.com/JohnnyBradvo/CVE-2024-21426-SharePoint-RCE
https://github.com/NaInSec/CVE-LIST
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-20849", "Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32746", "A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module.", "https://github.com/adiapera/xss_menu_page_wondercms_3.4.3", "https://github.com/adiapera/xss_menu_page_wondercms_3.4.3"], ["2024", "CVE-2024-4333", "The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20958", "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29129", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3782", "Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3413", "A vulnerability has been found in SourceCodester Human Resource Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file initialize/login_process.php. The manipulation of the argument hr_email/hr_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259582 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1687", "The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1516", "The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrary content.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20818", "Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28094", "Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21477", "Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30703", "** DISPUTED ** An arbitrary file upload vulnerability has been discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via a crafted payload to the file upload mechanism of the ROS2 system, including the server\u2019s functionality for handling file uploads and the associated validation processes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30703", "No PoCs from references."], ["2024", "CVE-2024-30492", "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3881", "A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260915. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/frmL7ProtForm.md"], ["2024", "CVE-2024-28393", "SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3817", "HashiCorp\u2019s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.", "https://github.com/dellalibera/dellalibera
https://github.com/otms61/vex_dir", "No PoCs from references."], ["2024", "CVE-2024-22519", "An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets.", "https://github.com/Drone-Lab/opendroneid-vulnerability", "No PoCs from references."], ["2024", "CVE-2024-5218", "The Reviews and Rating \u2013 Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26281", "Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3714", "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3485", "Server Side Request Forgery vulnerability\u00a0has been discovered in OpenText\u2122 iManager 3.2.6.0200. Thiscould lead to senstive information disclosure.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1580", "An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26050", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23836", "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24155", "Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.", "No PoCs found on GitHub currently.", "https://github.com/axiomatic-systems/Bento4/issues/919"], ["2024", "CVE-2024-22459", "Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2538", "The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts.", "https://github.com/NaInSec/CVE-LIST", "https://gist.github.com/Xib3rR4dAr/b1eec00e844932c6f2f30a63024b404e"], ["2024", "CVE-2024-25239", "SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php.", "No PoCs found on GitHub currently.", "https://blu3ming.github.io/sourcecodester-employee-management-system-sql-injection/"], ["2024", "CVE-2024-4034", "The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3957", "The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2429", "The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/1c6812d8-a218-4c15-9e2d-d43f3f3b0e78/"], ["2024", "CVE-2024-4125", "A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetStaticRoute.md"], ["2024", "CVE-2024-3846", "Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26141", "Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3745", "MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://fluidattacks.com/advisories/gershwin/"], ["2024", "CVE-2024-5098", "A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-265081 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-1.md"], ["2024", "CVE-2024-30987", "Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters.", "No PoCs found on GitHub currently.", "https://medium.com/@shanunirwan/cve-2024-30987-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-b6a7a177d254"], ["2024", "CVE-2024-3594", "The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/7a8a834a-e5d7-4678-9d35-4390d1200437/"], ["2024", "CVE-2024-1700", "A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument username with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/omarexala/PHP-MYSQL-User-Login-System---Stored-XSS"], ["2024", "CVE-2024-23867", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3906", "A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formQuickIndex.md"], ["2024", "CVE-2024-4065", "A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/formSetRebootTimer.md"], ["2024", "CVE-2024-21661", "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. The vulnerability is rooted in the application's code, where an array is being modified while it is being iterated over. This is a classic programming error but becomes critically unsafe when executed in a multi-threaded environment. When two threads interact with the same array simultaneously, the application crashes. This is a Denial of Service (DoS) vulnerability. Any attacker can crash the application continuously, making it impossible for legitimate users to access the service. The issue is exacerbated because it does not require authentication, widening the pool of potential attackers. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7"], ["2024", "CVE-2024-30684", "** DISPUTED ** An insecure logging vulnerability has been identified within ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to access sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30684", "No PoCs from references."], ["2024", "CVE-2024-2569", "A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin-manage-user.php. The manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257072.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20admin-manage-user.php.md"], ["2024", "CVE-2024-3427", "A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24326", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/8/TOTOlink%20A3300R%20setStaticDhcpRules.md"], ["2024", "CVE-2024-1522", "A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application.", "https://github.com/timothee-chauvin/eyeballvul", "No PoCs from references."], ["2024", "CVE-2024-21443", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30737", "** DISPUTED ** An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30737", "No PoCs from references."], ["2024", "CVE-2024-4247", "A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. This vulnerability affects the function formQosManage_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. VDB-262138 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formQosManage_auto.md"], ["2024", "CVE-2024-21503", "Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.

Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273"], ["2024", "CVE-2024-3567", "A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.com/qemu-project/qemu/-/issues/2273"], ["2024", "CVE-2024-23894", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2908", "The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/58c9e088-ed74-461a-b305-e217679f26c1/"], ["2024", "CVE-2024-3476", "The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/46f74493-9082-48b2-90bc-2c1d1db64ccd/"], ["2024", "CVE-2024-30865", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23985", "EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/176663/EzServer-6.4.017-Denial-Of-Service.html"], ["2024", "CVE-2024-23517", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin \u2013 Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin \u2013 Online Booking for WordPress: from n/a through 3.5.10.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23686", "DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.", "No PoCs found on GitHub currently.", "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5
https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"], ["2024", "CVE-2024-32663", "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21412", "Internet Shortcut Files Security Feature Bypass Vulnerability", "https://github.com/GarethPullen/Powershell-Scripts
https://github.com/Sploitus/CVE-2024-29988-exploit
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/lsr00ter/CVE-2024-21412_Water-Hydra
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/wr00t/CVE-2024-21412_Water-Hydra", "No PoCs from references."], ["2024", "CVE-2024-23457", "The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30626", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedEndTime parameter from setSchedWifi function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_end.md"], ["2024", "CVE-2024-3536", "A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259906 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30925", "Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component.", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-1433", "A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4236", "A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1803/formSetSysToolDDNS.md"], ["2024", "CVE-2024-21432", "Windows Update Stack Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1553", "Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30845", "Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/Zshan7que/c813f2b52daab08c9fb4f6c6b8178b66
https://github.com/netcccyun/pan/issues/6"], ["2024", "CVE-2024-1782", "The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'bt_webid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24186", "Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/pcmacdon/jsish/issues/98"], ["2024", "CVE-2024-26312", "Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3687", "A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3516", "Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22818", "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save", "No PoCs found on GitHub currently.", "https://github.com/mafangqian/cms/blob/main/3.md"], ["2024", "CVE-2024-30606", "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_page.md"], ["2024", "CVE-2024-30597", "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWifiBasicSet_security.md"], ["2024", "CVE-2024-23477", "The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28191", "Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, do not output user data from frontend forms next to each other, always separate them by at least one character.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3895", "The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options that can be used for privilege escalation. This was partially patched in 2.0.9 and 2.1.0, and fully patched in 2.1.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21463", "Memory corruption while processing Codec2 during v13k decoder pitch synthesis.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24097", "Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed.", "https://github.com/ASR511-OO7/CVE-2024-24097
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-26192", "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26203", "Azure Data Studio Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3407", "The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/262348ab-a335-4acf-8e4d-229fc0b4972f/"], ["2024", "CVE-2024-2868", "The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24246", "Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/qpdf/qpdf/issues/1123"], ["2024", "CVE-2024-28251", "Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22568", "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.", "No PoCs found on GitHub currently.", "https://github.com/kayo-zjq/myc/blob/main/1.md"], ["2024", "CVE-2024-1660", "The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/5bd16f84-22bf-4170-b65c-08caf67d0005/"], ["2024", "CVE-2024-3765", "A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Service. The manipulation with the input ff00000000000000000000000000f103250000007b202252657422203a203130302c202253657373696f6e494422203a202230783022207d0a leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/netsecfish/xiongmai_incorrect_access_control
https://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.py"], ["2024", "CVE-2024-26161", "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21802", "A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21490", "This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.

**Note:**

This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/patrikx3/redis-ui", "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113"], ["2024", "CVE-2024-4294", "A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_idor.md"], ["2024", "CVE-2024-23604", "Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25308", "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-6.md"], ["2024", "CVE-2024-25099", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2798", "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1823", "A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23744", "An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1720", "The User Registration \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22428", "Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability.\u00a0It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.", "https://github.com/chnzzh/iDRAC-CVE-lib", "No PoCs from references."], ["2024", "CVE-2024-24035", "Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter.", "https://github.com/ELIZEUOPAIN/CVE-2024-24035
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ELIZEUOPAIN/CVE-2024-24035/tree/main"], ["2024", "CVE-2024-1631", "Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26130", "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.", "https://github.com/seal-community/patches", "No PoCs from references."], ["2024", "CVE-2024-21750", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3837", "Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1932", "Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/fefd711e-3bf0-4884-9acc-167649c1f9a2"], ["2024", "CVE-2024-23655", "Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue.", "No PoCs found on GitHub currently.", "https://github.com/tutao/tutanota/security/advisories/GHSA-5h47-g927-629g"], ["2024", "CVE-2024-30564", "An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/mestrtee/5dc2c948c2057f98d3de0a9790903c6c"], ["2024", "CVE-2024-21610", "An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.Stuck mgd processes can be monitored by executing the following command:\u00a0 user@host> show system processes extensive | match mgd | match sbwaitThis issue affects Juniper Networks Junos OS on MX Series:All versions earlier than 20.4R3-S9;21.2 versions earlier than 21.2R3-S7;21.3 versions earlier than 21.3R3-S5;21.4 versions earlier than 21.4R3-S5;22.1 versions earlier than 22.1R3-S4;22.2 versions earlier than 22.2R3-S3;22.3 versions earlier than 22.3R3-S2;22.4 versions earlier than 22.4R3;23.2 versions earlier than 23.2R1-S2, 23.2R2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28162", "In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32461", "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34"], ["2024", "CVE-2024-25219", "A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20Cross-Site-Scripting%20-%202.md"], ["2024", "CVE-2024-2518", "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This issue affects some unknown processing of the file book_history.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256955. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20book_history.php.md"], ["2024", "CVE-2024-35190", "Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1771", "The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat sections on the homepage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24272", "An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23880", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29109", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20978", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30663", "** DISPUTED ** An issue was discovered in the default configurations of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability allows unauthenticated attackers to gain access using default credentials, posing a serious threat to the integrity and security of the system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30663", "No PoCs from references."], ["2024", "CVE-2024-32766", "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 build 20231110 and laterQTS 4.5.4.2627 build 20231225 and laterQuTS hero h5.1.3.2578 build 20231110 and laterQuTS hero h4.5.4.2626 build 20231225 and laterQuTScloud c5.1.5.2651 and later", "https://github.com/3W1nd4r/CVE-2024-32766-RCE
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/p3c34r7/CVE-2024-32766-POC", "No PoCs from references."], ["2024", "CVE-2024-30723", "** DISPUTED ** An unauthorized node injection vulnerability has been identified in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS nodes into the system due to insecure permissions. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30723", "No PoCs from references."], ["2024", "CVE-2024-28325", "Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.", "https://github.com/ShravanSinghRathore/ShravanSinghRathore
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Credentials-Stored-in-Cleartext-CVE%E2%80%902024%E2%80%9028325"], ["2024", "CVE-2024-20838", "Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0959", "A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\\utils\\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29049", "Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24332", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md"], ["2024", "CVE-2024-3522", "A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30632", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formWifiBasicSet_security_5g.md"], ["2024", "CVE-2024-32737", "A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\u00a0An unauthenticated remote attacker can leak sensitive information via the \"query_contract_result\" function within MCUDBHelper.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2024-14"], ["2024", "CVE-2024-28234", "Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20929", "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20869", "Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4202", "In Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30871", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/applyhardware.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26266", "Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21894", "A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code", "https://github.com/AlexLondan/CVE-2024-21894-Proof-of-concept
https://github.com/RansomGroupCVE/CVE-2024-21894-POC
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-29018", "Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.In addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver.When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected.Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0429", "A denial service vulnerability has been found on \u00a0Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21624", "nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1846", "The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/ea2a8420-4b0e-4efb-a0c6-ceea996dae5a/"], ["2024", "CVE-2024-28156", "Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23721", "A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23822", "Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.", "No PoCs found on GitHub currently.", "https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx"], ["2024", "CVE-2024-24141", "Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.", "https://github.com/BurakSevben/CVE-2024-24141
https://github.com/BurakSevben/CVEs
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/BurakSevben/School-Task-Manager-System-SQLi-1"], ["2024", "CVE-2024-1745", "The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/b63bbfeb-d6f7-4c33-8824-b86d64d3f598/"], ["2024", "CVE-2024-3640", "An unquoted executable path exists in the Rockwell Automation\u00a0FactoryTalk\u00ae Remote Access\u2122 possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26044", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24001", "jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.", "No PoCs found on GitHub currently.", "https://github.com/jishenghua/jshERP/issues/99"], ["2024", "CVE-2024-1605", "BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.201.", "https://github.com/DojoSecurity/DojoSecurity
https://github.com/NaInSec/CVE-LIST
https://github.com/afine-com/research", "No PoCs from references."], ["2024", "CVE-2024-26104", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26295", "Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.", "https://github.com/kaje11/CVEs", "No PoCs from references."], ["2024", "CVE-2024-30410", "An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE\u00a0instead of being discarded when the\u00a0discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter.\u00a0This issue affects only IPv6 firewall filter.This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability.\u00a0This issue affects Juniper Networks Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28016", "Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to get device informations via the internet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28387", "An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27268", "IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30690", "** DISPUTED ** An unauthorized node injection vulnerability has been identified in ROS2 Galactic Geochelone versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to escalate privileges. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30690", "No PoCs from references."], ["2024", "CVE-2024-28107", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.", "No PoCs found on GitHub currently.", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r"], ["2024", "CVE-2024-1817", "A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32795", "Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io \u2013 Easy Meeting Scheduler.This issue affects WPCal.Io \u2013 Easy Meeting Scheduler: from n/a through 0.9.5.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32404", "Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/2404-exploits/rlts-sstexec.txt"], ["2024", "CVE-2024-23770", "darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33768", "lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg"], ["2024", "CVE-2024-23873", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1714", "An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1485", "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3580", "The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/31f401c4-735a-4efb-b81f-ab98c00c526b/"], ["2024", "CVE-2024-24050", "Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php.", "https://github.com/NaInSec/CVE-LIST", "https://www.muratcagrialis.com/workout-journal-app-stored-xss-cve-2024-24050"], ["2024", "CVE-2024-1654", "This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21836", "A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0538", "A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.250708"], ["2024", "CVE-2024-21735", "SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1957", "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25532", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22352", "IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22212", "Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34805", "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31063", "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field.", "No PoCs found on GitHub currently.", "https://github.com/sahildari/cve/blob/master/CVE-2024-31063.md
https://portswigger.net/web-security/cross-site-scripting/stored"], ["2024", "CVE-2024-0276", "A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file rawstock_used_damaged_smt.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249831.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28589", "An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.", "https://github.com/Alaatk/CVE-2024-28589
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2262", "Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/30544377-b90d-4762-b38a-ec89bda0dfdc/"], ["2024", "CVE-2024-34914", "php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked \"remember me\" when logging in.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://chmod744.super.site/redacted-vulnerability"], ["2024", "CVE-2024-22243", "Applications that use UriComponentsBuilder\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.", "https://github.com/SeanPesce/CVE-2024-22243
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hinat0y/Dataset1
https://github.com/hinat0y/Dataset10
https://github.com/hinat0y/Dataset11
https://github.com/hinat0y/Dataset12
https://github.com/hinat0y/Dataset2
https://github.com/hinat0y/Dataset3
https://github.com/hinat0y/Dataset4
https://github.com/hinat0y/Dataset5
https://github.com/hinat0y/Dataset6
https://github.com/hinat0y/Dataset7
https://github.com/hinat0y/Dataset8
https://github.com/hinat0y/Dataset9
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-20346", "A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device.

This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31032", "An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2322", "The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/"], ["2024", "CVE-2024-25423", "An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file.", "https://github.com/DriverUnload/cve-2024-25423
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/DriverUnload/cve-2024-25423"], ["2024", "CVE-2024-0227", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26468", "A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25902", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2291", "In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.\u00a0 An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0394", "Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege.\u00a0 The vulnerability is caused by the product's implementation of OpenSSL's`OPENSSLDIR` parameter where it is set to a path accessible to low-privileged users.\u00a0 The vulnerability has been remediated and fixed in version 4.5.5.", "https://github.com/chnzzh/OpenSSL-CVE-lib", "No PoCs from references."], ["2024", "CVE-2024-25741", "printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33255", "Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/jerryscript-project/jerryscript/issues/5135"], ["2024", "CVE-2024-20024", "In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33344", "D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function ofupload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29944", "An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0054", "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi\u00a0was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OSversions for the highlighted flaw. Please refer to the Axis security advisoryfor more information and solution.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25650", "Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29804", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0285", "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25710", "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.Users are recommended to upgrade to version 1.26.0 which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21088", "Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production Scheduling. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Production Scheduling accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21319", "Microsoft Identity Denial of service vulnerability", "https://github.com/Finbuckle/Finbuckle.MultiTenant
https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27916", "Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/stacklok/minder/security/advisories/GHSA-v627-69v2-xx37"], ["2024", "CVE-2024-29791", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29400", "An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter.", "No PoCs found on GitHub currently.", "https://github.com/Fr1ezy/RuoYi_info"], ["2024", "CVE-2024-33103", "** DISPUTED ** An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/dokuwiki/dokuwiki/issues/4267"], ["2024", "CVE-2024-2316", "A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This vulnerability affects unknown code of the file /billing/bill/edit/ of the component Update Bill Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-27683", "D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify.", "https://github.com/NaInSec/CVE-LIST", "https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-25417", "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.", "No PoCs found on GitHub currently.", "https://github.com/Carl0724/cms/blob/main/3.md"], ["2024", "CVE-2024-29892", "ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0182", "A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.249440"], ["2024", "CVE-2024-0213", "A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://kcm.trellix.com/corporate/index?page=content&id=SB10416"], ["2024", "CVE-2024-24938", "In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4859", "Solidus <= 4.3.4\u00a0is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22337", "IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22226", "Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25446", "An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://bugs.launchpad.net/hugin/+bug/2025037"], ["2024", "CVE-2024-0302", "A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249869 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29983", "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33383", "Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter.", "No PoCs found on GitHub currently.", "https://juvl1ne.github.io/2024/04/18/novel-plus-vulnerability/"], ["2024", "CVE-2024-31286", "Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005.", "https://github.com/Auggustino/CVE-2024-31286-Wordpress-Exploit
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-4808", "A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263928.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2025", "The \"BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages\" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22144", "Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.", "No PoCs found on GitHub currently.", "https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve"], ["2024", "CVE-2024-20041", "In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541746; Issue ID: ALPS08541746.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3209", "A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24699", "Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22395", "Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34982", "An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-20290", "A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.

For a description of this vulnerability, see the ClamAV blog .", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2074", "A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yuziiiiiiiiii/CVE-2024-2074", "No PoCs from references."], ["2024", "CVE-2024-34401", "Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter.", "No PoCs found on GitHub currently.", "https://www.exploit-db.com/exploits/51988"], ["2024", "CVE-2024-23279", "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3318", "A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the \u201cfile\u201c attribute, which in turn allowed the user to access files uploaded for other sources.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3089", "A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_csrf.md
https://vuldb.com/?submit.306963"], ["2024", "CVE-2024-24788", "A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22284", "Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25876", "A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-titel-v0.13.1.md"], ["2024", "CVE-2024-20010", "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25936", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31224", "GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24559", "Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.", "No PoCs found on GitHub currently.", "https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv"], ["2024", "CVE-2024-23339", "hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.", "https://github.com/d3ng03/PP-Auto-Detector", "No PoCs from references."], ["2024", "CVE-2024-2134", "A vulnerability has been found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This vulnerability affects unknown code of the file /investigation/delete/ of the component Investigation Report Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255496. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0031", "In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25635", "alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the ``\">http://192.168.26.128:8080/admin/api/users/` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue.", "No PoCs found on GitHub currently.", "https://github.com/alfio-event/alf.io/security/advisories/GHSA-ffr5-g3qg-gp4f"], ["2024", "CVE-2024-24549", "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-3248", "In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.", "No PoCs found on GitHub currently.", "https://forum.xpdfreader.com/viewtopic.php?t=43657"], ["2024", "CVE-2024-22045", "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25625", "Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application's domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/v0lck3r/SecurityResearch", "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx"], ["2024", "CVE-2024-2124", "The Translate WordPress and go Multilingual \u2013 Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23329", "changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch//history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr"], ["2024", "CVE-2024-30389", "An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device.When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic.This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6.This issue does not affect Junos OS releases earlier than 21.4R1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4568", "In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.", "https://github.com/bladchan/bladchan", "No PoCs from references."], ["2024", "CVE-2024-29871", "SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2064", "A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md"], ["2024", "CVE-2024-27660", "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27963", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25866", "A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-SQL_Injection_Login.md"], ["2024", "CVE-2024-22294", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.This issue affects IP2Location Country Blocker: from n/a through 2.33.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22014", "An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.", "https://github.com/mansk1es/CVE_360TS", "No PoCs from references."], ["2024", "CVE-2024-3188", "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/bc273e75-7faf-4eaf-8ebd-efc5d6e9261f/"], ["2024", "CVE-2024-25674", "An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27771", "Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 -CWE-22: 'Path Traversal'\u00a0may allow RCE", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25734", "An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/177081"], ["2024", "CVE-2024-27631", "Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php", "https://github.com/ally-petitt/CVE-2024-27631
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ally-petitt/CVE-2024-27631
https://medium.com/@allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3"], ["2024", "CVE-2024-3359", "A vulnerability, which was classified as critical, has been found in SourceCodester Online Library System 1.0. This issue affects some unknown processing of the file admin/login.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259463.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27932", "Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue", "No PoCs found on GitHub currently.", "https://github.com/denoland/deno/security/advisories/GHSA-5frw-4rwq-xhcr"], ["2024", "CVE-2024-20051", "In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29993", "Azure CycleCloud Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0312", "A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password.", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10418"], ["2024", "CVE-2024-4818", "A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263939.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/LFI.md"], ["2024", "CVE-2024-25984", "In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31047", "An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.", "No PoCs found on GitHub currently.", "https://github.com/AcademySoftwareFoundation/openexr/issues/1680"], ["2024", "CVE-2024-22236", "In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava\u00a0dependency in the org.springframework.cloud:spring-cloud-contract-shade\u00a0dependency.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29441", "** DISPUTED ** An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS2 nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yashpatelphd/CVE-2024-29441", "No PoCs from references."], ["2024", "CVE-2024-0252", "ManageEngine ADSelfService Plus versions\u00a06401\u00a0and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2357", "The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24928", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0343", "A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6. Affected by this vulnerability is an unknown functionality of the component Login Panel. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250111.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31156", "A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27990", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25895", "A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php", "No PoCs found on GitHub currently.", "https://github.com/ChurchCRM/CRM/issues/6853"], ["2024", "CVE-2024-33113", "D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yj94/Yj_learning", "https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md"], ["2024", "CVE-2024-0192", "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-29882", "SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-?callback=` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7"], ["2024", "CVE-2024-25407", "SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34773", "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2097", "Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24868", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21309", "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21098", "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-34474", "Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\\Clario and tries to load DLLs from there as SYSTEM.", "https://github.com/Alaatk/CVE-2024-34474
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-0295", "A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2390", "As a part of Tenable\u2019s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2001", "A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31080", "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33214", "Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1268", "A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34534", "A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model.", "No PoCs found on GitHub currently.", "https://github.com/luvsn/OdZoo/tree/main/exploits/text_commander"], ["2024", "CVE-2024-0044", "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "No PoCs found on GitHub currently.", "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html"], ["2024", "CVE-2024-25751", "A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.", "No PoCs found on GitHub currently.", "https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/fromSetSysTime.md"], ["2024", "CVE-2024-0155", "Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2050", "CWE-79: Improper Neutralization of Input During Web Page Generation (\u2018Cross-site Scripting\u2019)vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript codewithin the context of the product.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1239", "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27957", "Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20034", "In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08488849; Issue ID: ALPS08488849.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25852", "Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the \"AccessControlList\" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.", "https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md"], ["2024", "CVE-2024-22131", "In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to\u00a0invoke\u00a0an application function to perform actions which they would not normally be permitted to perform. \u00a0Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25912", "Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33305", "SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via \"Middle Name\" parameter in Create User.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-33305.md"], ["2024", "CVE-2024-1379", "The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25580", "An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29905", "DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (`/tmp/x509up_uNNNN`).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0015", "In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/UmVfX1BvaW50/CVE-2024-0015
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2281", "A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/BROKEN%20ACCESS%20CONTROL%20.md"], ["2024", "CVE-2024-2110", "The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20356", "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nettitude/CVE-2024-20356
https://github.com/nomi-sec/PoC-in-GitHub", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb"], ["2024", "CVE-2024-0237", "The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/"], ["2024", "CVE-2024-2332", "A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/vanitashtml/CVE-Dumps/blob/main/Blind%20SQL%20Injection%20Manage%20Category%20-%20Mobile%20Management%20Store.md"], ["2024", "CVE-2024-27476", "Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.", "https://github.com/dead1nfluence/Leantime-POC", "https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md"], ["2024", "CVE-2024-2272", "A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256042 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Home/Blind%20SQL%20Injection%20Home.php%20.md"], ["2024", "CVE-2024-22082", "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22313", "IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22202", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.", "No PoCs found on GitHub currently.", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35"], ["2024", "CVE-2024-0266", "A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34716", "PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be executed when an admin opens the attached file in back office. The script injected can access the session and the security token, which allows it to perform any authenticated action in the scope of the administrator's right. This vulnerability is patched in 8.1.6. A workaround is to disable the customer-thread feature-flag.", "https://github.com/aelmokhtar/CVE-2024-34716_PoC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-34487", "OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via inst.length=0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/faucetsdn/ryu/issues/192"], ["2024", "CVE-2024-27567", "LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/config_vpn_pptp.md"], ["2024", "CVE-2024-2363", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256318 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25522", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_work_form_saveaspx"], ["2024", "CVE-2024-34955", "Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ethicalhackerNL/CVEs/blob/main/Budget%20Management/SQLi.md"], ["2024", "CVE-2024-21826", "in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4121", "A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formQOSRuleDel.md"], ["2024", "CVE-2024-27229", "In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34058", "The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.openwall.com/lists/oss-security/2024/05/16/3"], ["2024", "CVE-2024-23760", "Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://herolab.usd.de/security-advisories/usd-2023-0050/"], ["2024", "CVE-2024-28286", "In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash", "https://github.com/NaInSec/CVE-LIST", "https://github.com/mz-automation/libiec61850/issues/496"], ["2024", "CVE-2024-28117", "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Upgrading to patched version 1.7.45 can mitigate this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv"], ["2024", "CVE-2024-4061", "The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/175a9f3a-1f8d-44d1-8a12-e037251b025d/"], ["2024", "CVE-2024-30511", "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30680", "** DISPUTED ** Shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Iron Irwini in versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30680", "No PoCs from references."], ["2024", "CVE-2024-21665", "ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.", "https://github.com/jiongle1/nvd-patch-getter", "https://github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf"], ["2024", "CVE-2024-3590", "The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/829f4d40-e5b0-4009-b753-85ca2a5b3d25/"], ["2024", "CVE-2024-1704", "A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.254392"], ["2024", "CVE-2024-32886", "Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23863", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24100", "Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.", "https://github.com/ASR511-OO7/CVE-2024-24100
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-20698", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/RomanRybachek/CVE-2024-20698
https://github.com/RomanRybachek/RomanRybachek
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3481", "The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/0c441293-e7f9-4634-8f3a-09925cd2b696/"], ["2024", "CVE-2024-33669", "An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user.", "No PoCs found on GitHub currently.", "https://blog.quarkslab.com/passbolt-a-bold-use-of-haveibeenpwned.html
https://help.passbolt.com/incidents/pwned-password-service-information-leak"], ["2024", "CVE-2024-27278", "OpenPNE Plugin \"opTimelinePlugin\" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23671", "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28006", "Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to view device information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1916", "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4170", "A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md"], ["2024", "CVE-2024-23731", "The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1856", "In Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0439", "As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP requestWhile this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce"], ["2024", "CVE-2024-1755", "The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/481a376b-55be-4afa-94f5-c3cf8a88b8d1/"], ["2024", "CVE-2024-0918", "A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29399", "An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.", "https://github.com/ally-petitt/CVE-2024-29399
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ally-petitt/CVE-2024-29399"], ["2024", "CVE-2024-3472", "The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/d42f74dd-520f-40aa-9cf0-3544db9562c7/"], ["2024", "CVE-2024-30861", "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35396", "TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32964", "Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.", "No PoCs found on GitHub currently.", "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc"], ["2024", "CVE-2024-3532", "A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. Affected is an unknown function of the file attendance_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259902 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30921", "Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component.", "https://github.com/Chocapikk/My-CVEs
https://github.com/Chocapikk/derbynet-research", "No PoCs from references."], ["2024", "CVE-2024-0858", "The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees.", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/f6627a35-d158-495e-9d56-69405cfca221/"], ["2024", "CVE-2024-20939", "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28224", "Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).", "No PoCs found on GitHub currently.", "https://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224/"], ["2024", "CVE-2024-30622", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_mitInterface.md"], ["2024", "CVE-2024-4352", "The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the \u2018year\u2019 parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/truonghuuphuc/CVE-2024-4352-Poc", "No PoCs from references."], ["2024", "CVE-2024-20828", "Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28335", "Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the \"lektor server\" command.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html"], ["2024", "CVE-2024-30733", "** DISPUTED ** A buffer overflow vulnerability has been discovered in the C++ components of ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings within these components. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30733", "No PoCs from references."], ["2024", "CVE-2024-21447", "Windows Authentication Elevation of Privilege Vulnerability", "https://github.com/Wh04m1001/UserManagerEoP
https://github.com/Wh04m1001/UserManager_Read", "No PoCs from references."], ["2024", "CVE-2024-4243", "A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-262134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formwrlSSIDset.md"], ["2024", "CVE-2024-3423", "A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1526", "The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/1664697e-0ea3-4d09-b2fd-153a104ec255/"], ["2024", "CVE-2024-29059", ".NET Framework Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/codewhitesec/HttpRemotingObjRefLeak
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-23890", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28275", "Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab"], ["2024", "CVE-2024-21507", "Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591300"], ["2024", "CVE-2024-4092", "The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018htmltag\u2019 parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20968", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25198", "Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25209", "Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Barangay%20Population%20Monitoring%20System/Barangay%20Population%20System%20-%20SQL%20Injection.md"], ["2024", "CVE-2024-23494", "SQL injection vulnerability exists in GetDIAE_unListParameters.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3967", "Remote CodeExecution has been discovered inOpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability cantrigger remote code execution unisng unsafe java object deserialization.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1761", "The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22529", "TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa.", "No PoCs found on GitHub currently.", "https://github.com/unpWn4bL3/iot-security/blob/main/29.md"], ["2024", "CVE-2024-26120", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1922", "A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254857 was assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.254857"], ["2024", "CVE-2024-4144", "The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2448", "An OS command injection vulnerability has been identified in LoadMaster.\u00a0 An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.", "https://github.com/NaInSec/CVE-LIST
https://github.com/RhinoSecurityLabs/CVEs", "No PoCs from references."], ["2024", "CVE-2024-1833", "A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254624.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/employee-management-system.md#2accountloginphp"], ["2024", "CVE-2024-3936", "The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with subscriber access or higher, to change the plugin's settings and invoke other functions hooked by AJAX actions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21651", "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2559", "A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromSysToolReboot.md"], ["2024", "CVE-2024-31649", "A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.", "No PoCs found on GitHub currently.", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31649.md"], ["2024", "CVE-2024-26031", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24134", "Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.", "https://github.com/BurakSevben/CVE-2024-24134
https://github.com/BurakSevben/CVEs
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/BurakSevben/2024_Online_Food_Menu_XSS/"], ["2024", "CVE-2024-23857", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21812", "An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3775", "aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1670", "Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://issues.chromium.org/issues/41481374"], ["2024", "CVE-2024-23917", "In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25318", "Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-3.md"], ["2024", "CVE-2024-4115", "A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formAddDnsForward.md"], ["2024", "CVE-2024-3876", "A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260910 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromVirtualSer.md"], ["2024", "CVE-2024-21480", "Memory corruption while playing audio file having large-sized input buffer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24256", "SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory.", "No PoCs found on GitHub currently.", "https://github.com/l8l1/killl.github.io/blob/main/3.md"], ["2024", "CVE-2024-2938", "A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258029 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22859", "** DISPUTED ** Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem.", "No PoCs found on GitHub currently.", "https://github.com/github/advisory-database/pull/3490"], ["2024", "CVE-2024-28241", "The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28090", "Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp.", "https://github.com/actuator/cve", "No PoCs from references."], ["2024", "CVE-2024-30707", "** DISPUTED ** Unauthorized node injection vulnerability in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS2 nodes into the system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30707", "No PoCs from references."], ["2024", "CVE-2024-21473", "Memory corruption while redirecting log file to any file location with any file name.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22919", "swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/matthiaskramm/swftools/issues/209"], ["2024", "CVE-2024-3786", "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30804", "An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.", "https://github.com/gmh5225/awesome-game-security", "No PoCs from references."], ["2024", "CVE-2024-26182", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1512", "The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rat-c/CVE-2024-1512", "No PoCs from references."], ["2024", "CVE-2024-1683", "A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3697", "A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30915", "An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component.", "No PoCs found on GitHub currently.", "https://github.com/OpenDDS/OpenDDS/issues/4527"], ["2024", "CVE-2024-1403", "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.\u00a0 Thevulnerability is a bypass to authentication based on a failure to properlyhandle username and password. Certain unexpectedcontent passed into the credentials can lead to unauthorized access without properauthentication.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/horizon3ai/CVE-2024-1403
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-28181", "turbo_boost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted depending on the the strictness of authorization checks that individual applications enforce. Being able to call some of these methods can have security implications. Commands verify that the class must be a `Command` and that the method requested is defined as a public method; however, this isn't robust enough to guard against all unwanted code execution. The library should more strictly enforce which methods are considered safe before allowing them to be executed. This issue has been addressed in versions 0.1.3, and 0.2.2. Users are advised to upgrade. Users unable to upgrade should see the repository GHSA for workaround advice.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30587", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_urls.md"], ["2024", "CVE-2024-32653", "jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/skylot/jadx/security/advisories/GHSA-3pp3-hg2q-9gpm"], ["2024", "CVE-2024-4226", "It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3446", "A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4796", "A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as critical. This affects an unknown part of the file /manage_inv.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263895.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/sql_manage_inv.md"], ["2024", "CVE-2024-28571", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-25909", "Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24566", "Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.", "https://github.com/dastaj/CVEs
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37"], ["2024", "CVE-2024-1362", "The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3267", "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1222", "This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25849", "In the module \"Make an offer\" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4547", "A SQLi vulnerability exists in\u00a0Delta Electronics\u00a0DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.tenable.com/security/research/tra-2024-13"], ["2024", "CVE-2024-28431", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/itsqian797/cms/blob/main/3.md"], ["2024", "CVE-2024-35851", "In the Linux kernel, the following vulnerability has been resolved:Bluetooth: qca: fix NULL-deref on non-serdev suspendQualcomm ROME controllers can be registered from the Bluetooth linediscipline and in this case the HCI UART serdev pointer is NULL.Add the missing sanity check to prevent a NULL-pointer dereference whenwakeup() is called for a non-serdev controller during suspend.Just return true for now to restore the original behaviour and addressthe crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657(\"Bluetooth: hci_qca: only assign wakeup with serial port support\") thatcauses the crash to happen already at setup() time.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28520", "File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an attacker to obtain sensitive information via the uploadfile.php component.", "No PoCs found on GitHub currently.", "https://github.com/aknbg1thub/cve/blob/main/upload.md"], ["2024", "CVE-2024-32023", "Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `find_and_replace` function. This vulnerability is fixed in 23.1.5.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss"], ["2024", "CVE-2024-1333", "The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/30546402-03b8-4e18-ad7e-04a6b556ffd7/"], ["2024", "CVE-2024-25958", "Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1273", "The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/9784d7c8-e3aa-42af-ace8-5b2b37ebc9cb/"], ["2024", "CVE-2024-3376", "A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Sospiro014/zday1/blob/main/Execution_After_Redirect.md"], ["2024", "CVE-2024-4984", "The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018display_name\u2019 author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21083", "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21312", ".NET Framework Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4516", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23186", "E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32163", "CMSeasy 7.7.7.9 is vulnerable to code execution.", "No PoCs found on GitHub currently.", "https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/CMSeasy_7.7.7.9_code_execution.md"], ["2024", "CVE-2024-22359", "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26750", "In the Linux kernel, the following vulnerability has been resolved:af_unix: Drop oob_skb ref before purging queue in GC.syzbot reported another task hung in __unix_gc(). [0]The current while loop assumes that all of the left candidateshave oob_skb and calling kfree_skb(oob_skb) releases the remainingcandidates.However, I missed a case that oob_skb has self-referencing fd andanother fd and the latter sk is placed before the former in thecandidate list. Then, the while loop never proceeds, resultingthe task hung.__unix_gc() has the same loop just before purging the collected skb,so we can call kfree_skb(oob_skb) there and let __skb_queue_purge()release all inflight sockets.[0]:Sending NMI from CPU 0 to CPUs 1:NMI backtrace for cpu 1CPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted 6.8.0-rc4-syzkaller-01028-g71b605d32017 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024Workqueue: events_unbound __unix_gcRIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200Code: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c 48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0d 90 52 70 7e 65 8b 15 91 52 70RSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287RAX: ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000RBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84R10: dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84eeR13: ffffc9000a17fae0 R14: 0000000000000000 R15: ffffffff8f47b840FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400Call Trace: __unix_gc+0xe69/0xf40 net/unix/garbage.c:343 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x913/0x1420 kernel/workqueue.c:2706 worker_thread+0xa5f/0x1000 kernel/workqueue.c:2787 kthread+0x2ef/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 ", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3154", "A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.", "https://github.com/cdxiaodong/CVE-2024-3154-communication
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j"], ["2024", "CVE-2024-4837", "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4734", "The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30244", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32341", "Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.", "https://github.com/adiapera/xss_home_page_wondercms_3.4.3", "https://github.com/adiapera/xss_home_page_wondercms_3.4.3"], ["2024", "CVE-2024-2378", "A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21070", "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-24816", "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.", "https://github.com/afine-com/CVE-2024-24816
https://github.com/afine-com/research
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-26581", "In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip end interval element from gcrbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3385", "A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.This affects the following hardware firewall models:- PA-5400 Series firewalls- PA-7000 Series firewalls", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3014", "A vulnerability classified as critical has been found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file Actions.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258300.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22188", "TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24595", "Allegro AI\u2019s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26490", "A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/2111715623/cms/blob/main/2.md"], ["2024", "CVE-2024-22308", "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22099", "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.This issue affects Linux kernel: v2.6.12-rc2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2269", "A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256039. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/SQL%20Injection%20Search/SQL%20Injection%20in%20search.php%20.md"], ["2024", "CVE-2024-24907", "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32310", "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md"], ["2024", "CVE-2024-28582", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-28613", "SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21021", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-23124", "A maliciously crafted STP file in ASMIMPORT228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28753", "RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25428", "SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.", "No PoCs found on GitHub currently.", "https://github.com/wuweiit/mushroom/issues/19"], ["2024", "CVE-2024-2329", "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_resource_icon.md"], ["2024", "CVE-2024-1140", "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26641", "In the Linux kernel, the following vulnerability has been resolved:ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()syzbot found __ip6_tnl_rcv() could access unitiliazed data [1].Call pskb_inet_may_pull() to fix this, and initialize ipv6hvariable after this call as it can change skb->head.[1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bUninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bCPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4926", "A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /intrams_sams/manage_student.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264462 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1247", "Concrete CMS version 9 before 9.2.5 is vulnerable to\u00a0\u00a0stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field.\u00a0A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21326", "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4522", "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32017", "RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()` function contains a small typo that may lead to a buffer overflow in the subsequent `strcpy()`. In detail, the length of the `_uri` string is checked instead of the length of the `_proxy` string. The `_gcoap_forward_proxy_copy_options()` function does not implement an explicit size check before copying data to the `cep->req_etag` buffer that is `COAP_ETAG_LENGTH_MAX` bytes long. If an attacker can craft input so that `optlen` becomes larger than `COAP_ETAG_LENGTH_MAX`, they can cause a buffer overflow. If the input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.", "https://github.com/0xdea/advisories
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-24692", "Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1307", "The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/bbc6cebd-e9bf-4b08-a474-f9312b3c0947/"], ["2024", "CVE-2024-1096", "Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F,\u00a00x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F,\u00a00x80112073, 0x80112077, 0x80112078, 0x8011207C\u00a0and 0x80112080\u00a0IOCTL codes of the fildds.sys\u00a0driver.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1187", "A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://fitoxs.com/vuldb/13-exploit-perl.txt"], ["2024", "CVE-2024-3313", "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26517", "SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/unrealjbr/CVE-2024-26517", "No PoCs from references."], ["2024", "CVE-2024-30392", "A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition.This issue affects:Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24880", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4433", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr Digital Simple Image Popup allows Stored XSS.This issue affects Simple Image Popup: from n/a through 2.4.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28545", "Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/setUsbUnload.md"], ["2024", "CVE-2024-0189", "A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-21015", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21384", "Microsoft Office OneNote Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23281", "This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4. An app may be able to access sensitive user data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28864", "SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as `\\n`. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). The patch for the issue has been released. Users are advised to update to version 1.2.2. As a workaround, one may use the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic. This workaround is safe but may involve double encoding since `TagAwareCipher` uses `NullEncoder` by default.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1034", "A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252309 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3131", "A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258874 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ycxdzj/CVE_Hunter/blob/main/SQL-7.md"], ["2024", "CVE-2024-30221", "Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24933", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28627", "An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26927", "In the Linux kernel, the following vulnerability has been resolved:ASoC: SOF: Add some bounds checking to firmware dataSmatch complains about \"head->full_size - head->header_size\" canunderflow. To some extent, we're always going to have to trust thefirmware a bit. However, it's easy enough to add a check for negatives,and let's add a upper bounds check as well.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21044", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-24822", "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28835", "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "https://github.com/GitHubForSnap/ssmtp-gael
https://github.com/GrigGM/05-virt-04-docker-hw
https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26624", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4803", "A vulnerability was found in Kashipara College Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The manipulation of the argument phone leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263923.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3160", "** DISPUTED ** ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29988", "SmartScreen Prompt Security Feature Bypass Vulnerability", "https://github.com/Sploitus/CVE-2024-29988-exploit
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mrobsidian1/CVE-2024-29988-MS-Exchange-RCE
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/toxyl/lscve", "No PoCs from references."], ["2024", "CVE-2024-4491", "A vulnerability classified as critical was found in Tenda i21 1.0.0.14(4656). This vulnerability affects the function formGetDiagnoseInfo. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263080. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formGetDiagnoseInfo.md"], ["2024", "CVE-2024-21104", "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-28676", "DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/18.md"], ["2024", "CVE-2024-27206", "there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27197", "Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2402", "The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/98e050cf-5686-4216-bad1-575decf3eaa7/"], ["2024", "CVE-2024-22563", "openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.", "No PoCs found on GitHub currently.", "https://github.com/openvswitch/ovs-issues/issues/315"], ["2024", "CVE-2024-22423", "yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain `\"`, `|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/michalsvoboda76/batbadbut", "No PoCs from references."], ["2024", "CVE-2024-31652", "A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.", "No PoCs found on GitHub currently.", "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31652.md"], ["2024", "CVE-2024-1828", "A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254616.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/jxp98/VulResearch/blob/main/2024/02/3.3Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_reg.md
https://vuldb.com/?id.254616"], ["2024", "CVE-2024-28029", "Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1939", "Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31840", "An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.", "No PoCs found on GitHub currently.", "https://www.gruppotim.it/it/footer/red-team.html"], ["2024", "CVE-2024-2453", "There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.", "https://github.com/NaInSec/CVE-LIST", "https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01"], ["2024", "CVE-2024-33646", "Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22532", "Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/pwndorei/CVE-2024-22532", "https://github.com/pwndorei/CVE-2024-22532"], ["2024", "CVE-2024-29194", "OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This has been patched in 7.0.1815.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mansploit/CVE-2024-29194-POC
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq"], ["2024", "CVE-2024-2981", "A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/form_fast_setting_wifi_set.md"], ["2024", "CVE-2024-2682", "A vulnerability classified as problematic has been found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/employee/controller.php. The manipulation of the argument EMPLOYEEID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257382 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0416", "A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25212", "Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%204.md"], ["2024", "CVE-2024-0937", "A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024.", "No PoCs found on GitHub currently.", "https://github.com/bayuncao/vul-cve-6/blob/main/poc.py
https://vuldb.com/?id.252182"], ["2024", "CVE-2024-29027", "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20755", "Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2832", "A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20856", "Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32648", "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a `default` function is a very sparsely used pattern. As such, the impact is low. Version 0.3.0 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/vyperlang/vyper/security/advisories/GHSA-m2v9-w374-5hj9"], ["2024", "CVE-2024-21439", "Windows Telephony Server Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2671", "A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user/index.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257371.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34204", "TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/setUpgradeFW"], ["2024", "CVE-2024-25170", "An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0", "https://github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0"], ["2024", "CVE-2024-0774", "A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2972", "The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/27134a4f-a59b-40e9-8fc8-abe1f58672ad/"], ["2024", "CVE-2024-22601", "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save", "No PoCs found on GitHub currently.", "https://github.com/ljw11e/cms/blob/main/5.md"], ["2024", "CVE-2024-5100", "A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been classified as critical. This affects an unknown part of the file tableedit.php. The manipulation of the argument from/to leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265083.", "No PoCs found on GitHub currently.", "https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-3.md"], ["2024", "CVE-2024-2863", "This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26199", "Microsoft Office Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1698", "The NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/codeb0ss/CVE-2024-1698-PoC
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/kamranhasan/CVE-2024-1698-Exploit
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-21468", "Memory corruption when there is failed unmap operation in GPU.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2760", "Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://fluidattacks.com/advisories/kent/"], ["2024", "CVE-2024-22902", "Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.", "https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain
https://github.com/Chocapikk/My-CVEs", "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"], ["2024", "CVE-2024-34084", "Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2620", "A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation of the argument uuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257197 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-20947", "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25121", "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage (\"zero-storage\") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0725", "A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html"], ["2024", "CVE-2024-29136", "Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic: from n/a through 2.11.17.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33435", "Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend function", "No PoCs found on GitHub currently.", "https://github.com/vulreport3r/cve-reports/blob/main/Ncast_Yingshi_has_RCE_vulnerabilities/report.md"], ["2024", "CVE-2024-29231", "Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-23829", "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/aio-libs/aiohttp/pull/8074
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2"], ["2024", "CVE-2024-3948", "A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \\admin\\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440.", "No PoCs found on GitHub currently.", "https://github.com/xuanluansec/vul/issues/5"], ["2024", "CVE-2024-2527", "A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/rooms.php. The manipulation of the argument room_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20rooms.php.md"], ["2024", "CVE-2024-25226", "A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Supplier%20Managment%20System/Supplier%20Managment%20System%20-%20SQL%20Injection.md"], ["2024", "CVE-2024-33831", "A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field.", "No PoCs found on GitHub currently.", "https://github.com/YMFE/yapi/issues/2745"], ["2024", "CVE-2024-31874", "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2467", "A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.", "https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34383", "Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25366", "Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/mz-automation/libiec61850/issues/492"], ["2024", "CVE-2024-33672", "An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30998", "SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component.", "https://github.com/efekaanakkar/CVEs", "https://github.com/efekaanakkar/CVEs/blob/main/PHPGurukul-Men-Salon-Management-System-2.0.md"], ["2024", "CVE-2024-23878", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33763", "lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg"], ["2024", "CVE-2024-20683", "Win32k Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31666", "An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component.", "https://github.com/hapa3/cms", "No PoCs from references."], ["2024", "CVE-2024-20980", "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31965", "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2576", "A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument admin_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257079.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-admin.php.md"], ["2024", "CVE-2024-33860", "An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0533", "A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md"], ["2024", "CVE-2024-29320", "Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23788", "Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2585", "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2614", "Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20973", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27010", "In the Linux kernel, the following vulnerability has been resolved:net/sched: Fix mirred deadlock on device recursionWhen the mirred action is used on a classful egress qdisc and a packet ismirrored or redirected to self we hit a qdisc lock deadlock.See trace below.[..... other info removed for brevity....][ 82.890906][ 82.890906] ============================================[ 82.890906] WARNING: possible recursive locking detected[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W[ 82.890906] --------------------------------------------[ 82.890906] ping/418 is trying to acquire lock:[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:__dev_queue_xmit+0x1778/0x3550[ 82.890906][ 82.890906] but task is already holding lock:[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:__dev_queue_xmit+0x1778/0x3550[ 82.890906][ 82.890906] other info that might help us debug this:[ 82.890906] Possible unsafe locking scenario:[ 82.890906][ 82.890906] CPU0[ 82.890906] ----[ 82.890906] lock(&sch->q.lock);[ 82.890906] lock(&sch->q.lock);[ 82.890906][ 82.890906] *** DEADLOCK ***[ 82.890906][..... other info removed for brevity....]Example setup (eth0->eth0) to recreatetc qdisc add dev eth0 root handle 1: htb default 30tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\ action mirred egress redirect dev eth0Another example(eth0->eth1->eth0) to recreatetc qdisc add dev eth0 root handle 1: htb default 30tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\ action mirred egress redirect dev eth1tc qdisc add dev eth1 root handle 1: htb default 30tc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\ action mirred egress redirect dev eth0We fix this by adding an owner field (CPU id) to struct Qdisc set afterroot qdisc is entered. When the softirq enters it a second time, if theqdisc owner is the same CPU, the packet is dropped to break the loop.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22876", "StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0480", "A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176548/Taokeyun-SQL-Injection.html"], ["2024", "CVE-2024-0711", "The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/8e286c04-ef32-4af0-be78-d978999b2a90/"], ["2024", "CVE-2024-29102", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20670", "Outlook for Windows Spoofing Vulnerability", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-29042", "Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj"], ["2024", "CVE-2024-22635", "WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.", "https://github.com/capture0x/My-CVE", "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"], ["2024", "CVE-2024-31444", "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87"], ["2024", "CVE-2024-2857", "The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/b7a35c5b-474a-444a-85ee-c50782c7a6c2/"], ["2024", "CVE-2024-5134", "A vulnerability was found in SourceCodester Electricity Consumption Monitoring Tool 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bill.php. The manipulation of the argument bill leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265210 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Electricity%20Consumption%20Monitoring%20Tool/Electricity%20Consumption%20Monitoring%20Tool%20-%20SQL%20Injection.md"], ["2024", "CVE-2024-2754", "A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/wkeyi0x1/vul-report/issues/4"], ["2024", "CVE-2024-20833", "Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0651", "A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251377 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30728", "** DISPUTED ** An issue was discovered in the default configurations of ROS (Robot Operating System) Kinetic Kame ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30728", "No PoCs from references."], ["2024", "CVE-2024-34230", "A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter.", "No PoCs found on GitHub currently.", "https://github.com/Amrita2000/CVES/blob/main/CVE-2024-34230.md"], ["2024", "CVE-2024-25144", "The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23448", "An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.elastic.co/community/security"], ["2024", "CVE-2024-30639", "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_page.md"], ["2024", "CVE-2024-4349", "A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CveSecLook/cve/issues/19"], ["2024", "CVE-2024-3529", "A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been classified as problematic. This affects an unknown part of the file students_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259899.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.259899"], ["2024", "CVE-2024-22724", "An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0903", "The User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execute when a user clicks the link, while also pressing the command key.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20761", "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31784", "An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2806", "A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md"], ["2024", "CVE-2024-2494", "A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2705", "A vulnerability, which was classified as critical, has been found in Tenda AC10U 1.0/15.03.06.49. Affected by this issue is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetQosBand.md"], ["2024", "CVE-2024-20862", "Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.", "https://github.com/dlehgus1023/dlehgus1023
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25395", "A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-25004", "KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html
http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html
http://seclists.org/fulldisclosure/2024/Feb/14
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004"], ["2024", "CVE-2024-3479", "An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2816", "A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolReboot.md"], ["2024", "CVE-2024-33691", "Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29003", "The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29392", "Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.", "No PoCs found on GitHub currently.", "https://gist.github.com/phulelouch/48ee63a7c46078574f3b3dc9a739052c"], ["2024", "CVE-2024-25385", "An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial of service via the flvmeta/src/flv.c:375:21 function in flv_close.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/hanxuer/crashes/blob/main/flvmeta/01/readme.md
https://github.com/noirotm/flvmeta/issues/23"], ["2024", "CVE-2024-27280", "A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.", "https://github.com/lifeparticle/Ruby-Cheatsheet", "No PoCs from references."], ["2024", "CVE-2024-20872", "Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2715", "A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/user-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257468.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23689", "Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30629", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromDhcpListClient_list1.md"], ["2024", "CVE-2024-0750", "A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://bugzilla.mozilla.org/show_bug.cgi?id=1863083"], ["2024", "CVE-2024-34220", "Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.", "https://github.com/dovankha/CVE-2024-34220
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "https://github.com/dovankha/CVE-2024-34220"], ["2024", "CVE-2024-25154", "Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31545", "Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the \"id\" parameter of /admin/?page=user/manage_user&id=6.", "No PoCs found on GitHub currently.", "https://github.com/emirhanmtl/vuln-research/blob/main/SQLi-4-Computer-Laboratory-Management-System-PoC.md"], ["2024", "CVE-2024-22734", "An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components.", "No PoCs found on GitHub currently.", "https://www.redlinecybersecurity.com/blog/cve-2024-22734"], ["2024", "CVE-2024-29143", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0853", "curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer tothe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/paulgibert/gryft", "No PoCs from references."], ["2024", "CVE-2024-3539", "A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259909 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20720", "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/xxDlib/CVE-2024-20720-PoC", "No PoCs from references."], ["2024", "CVE-2024-31454", "PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for this issue.CVE-2024-31454 allows users to violate the integrity of a file that is uploaded by another user. In this case, additional files are not loaded into the file bucket. Violation of integrity at the level of individual files. While the vulnerability with the number CVE-2024-31453 allows users to violate the integrity of a file bucket without violating the integrity of files uploaded by other users. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application\u2019s business logic.", "No PoCs found on GitHub currently.", "https://github.com/psi-4ward/psitransfer/security/advisories/GHSA-2p2x-p7wj-j5h2"], ["2024", "CVE-2024-22625", "Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33551", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5.", "https://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection", "No PoCs from references."], ["2024", "CVE-2024-29052", "Windows Storage Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24329", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md"], ["2024", "CVE-2024-4248", "A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. This issue affects the function formQosManage_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-262139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formQosManage_user.md"], ["2024", "CVE-2024-20823", "Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27140", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED **Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.This issue affects Apache Archiva: from 2.0.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2744", "The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/a5579c15-50ba-4618-95e4-04b2033d721f/"], ["2024", "CVE-2024-0701", "The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.", "No PoCs found on GitHub currently.", "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"], ["2024", "CVE-2024-0490", "A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595.", "https://github.com/Tropinene/Yscanner
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-33883", "The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/seal-community/patches", "No PoCs from references."], ["2024", "CVE-2024-25294", "An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27000", "In the Linux kernel, the following vulnerability has been resolved:serial: mxs-auart: add spinlock around changing cts stateThe uart_handle_cts_change() function in serial_core expects the callerto hold uport->lock. For example, I have seen the below kernel splat,when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut here ]------------ [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1 [ 85.151396] Hardware name: Freescale MXS (Device Tree) [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth] (...) [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4 [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210 (...)", "No PoCs found on GitHub currently.", "https://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026"], ["2024", "CVE-2024-20963", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2604", "A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md"], ["2024", "CVE-2024-2595", "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30678", "** DISPUTED ** An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to intercept and access this data. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30678", "No PoCs from references."], ["2024", "CVE-2024-3568", "The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2907", "The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/d2588b47-a518-4cb2-a557-2c7eaffa17e4/"], ["2024", "CVE-2024-5064", "A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264923.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%202%20(Unauthenticated).md
https://vuldb.com/?id.264923"], ["2024", "CVE-2024-20660", "Microsoft Message Queuing Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33780", "MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0802", "Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29112", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25327", "Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://packetstormsecurity.com/files/177500/FullCourt-Enterprise-8.2-Cross-Site-Scripting.html"], ["2024", "CVE-2024-0523", "A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27222", "In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33633", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22547", "WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5097", "A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265080.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20CSRF.md"], ["2024", "CVE-2024-33773", "A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter \"webpage.\"", "No PoCs found on GitHub currently.", "https://github.com/YuboZhaoo/IoT/blob/main/D-Link/DIR-619L/20240424.md"], ["2024", "CVE-2024-23868", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30988", "Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar.", "No PoCs found on GitHub currently.", "https://medium.com/@shanunirwan/cve-2024-30988-cross-site-scripting-vulnerability-in-client-management-system-using-php-mysql-1-1-e7a677936c23"], ["2024", "CVE-2024-3909", "A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexeCommand.md
https://vuldb.com/?id.261145"], ["2024", "CVE-2024-22895", "DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0463", "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2566", "A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/get_extension_yl.php. The manipulation of the argument imei leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257065 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-20990", "Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-34393", "libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).", "No PoCs found on GitHub currently.", "https://github.com/marudor/libxmljs2/issues/204
https://research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097/"], ["2024", "CVE-2024-25376", "An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.", "https://github.com/ewilded/CVE-2024-25376-POC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2477", "The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31864", "Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver.This issue affects Apache Zeppelin: before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23839", "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2537", "Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31924", "Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0735", "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22852", "D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.", "No PoCs found on GitHub currently.", "https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/1/1.md
https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-2630", "Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5050", "A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20654", "Microsoft ODBC Driver Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22751", "D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.", "No PoCs found on GitHub currently.", "https://github.com/5erua/vuls/blob/main/dir882.md
https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-0836", "The WordPress Review & Structure Data Schema Plugin \u2013 Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29126", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Mortellaro Specific Content For Mobile \u2013 Customize the mobile version without redirections allows Reflected XSS.This issue affects Specific Content For Mobile \u2013 Customize the mobile version without redirections: from n/a through 0.1.9.5.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1459", "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26218", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/GhostTroops/TOP
https://github.com/aneasystone/github-trending
https://github.com/exploits-forsale/CVE-2024-26218
https://github.com/fireinrain/github-trending
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-5110", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/student_payment_invoice.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265100.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31460", "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"], ["2024", "CVE-2024-29066", "Windows Distributed File System (DFS) Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22912", "A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.", "No PoCs found on GitHub currently.", "https://github.com/matthiaskramm/swftools/issues/212"], ["2024", "CVE-2024-20817", "Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2770", "A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-us.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257606 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-36080", "Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.", "No PoCs found on GitHub currently.", "https://www.westermo.com/-/media/Files/Cyber-security/westermo_sa_EDW-100_24-05.pdf"], ["2024", "CVE-2024-1799", "The GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26309", "Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2962", "The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.", "No PoCs found on GitHub currently.", "https://gist.github.com/Xib3rR4dAr/ab293092ffcfe3c14a3c7daf5462a50b"], ["2024", "CVE-2024-22491", "A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.", "No PoCs found on GitHub currently.", "https://github.com/cui2shark/security/blob/main/A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20beetl-bbs%20post%20save.md"], ["2024", "CVE-2024-2822", "A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20745", "Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22640", "TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/zunak/CVE-2024-22640", "https://github.com/zunak/CVE-2024-22640"], ["2024", "CVE-2024-29037", "datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of time, personal access tokens were possibly created with a default secret key. Since the secret key is a static, publicly available value, someone could inspect the algorithm used to generate personal access tokens and generate their own for an instance. Deploying with Metadata Service Authentication enabled would have been difficult during window of releases. If someone circumvented the helm settings and manually set Metadata Service Authentication to be enabled using environment variables directly, this would skip over the autogeneration logic for the Kubernetes Secrets and DataHub GMS would default to the signing key specified statically in the application.yml. Most deployments probably did not attempt to circumvent the helm settings to enable Metadata Service Authentication during this time, so impact is most likely limited. Any deployments with Metadata Service Authentication enabled should ensure that their secret values are properly randomized. Version 0.2.182 contains a patch for this issue. As a workaround, one may reset the token signing key to be a random value, which will invalidate active personal access tokens.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0927", "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromAddressNat_1.md"], ["2024", "CVE-2024-1548", "A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21429", "Windows USB Hub Driver Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0624", "The Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20846", "Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2721", "Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29184", "FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious scripts that will be executed when other users access the affected page. In this case, the Support Agent User can inject malicious scripts into their signature, which will then be executed when viewed by the Administrator.The application protects users against XSS attacks by enforcing a CSP policy, the CSP Policy is: `script-src 'self' 'nonce-abcd' `. The CSP policy only allows the inclusion of JS files that are present on the application server and doesn't allow any inline script or script other than nonce-abcd. The CSP policy was bypassed by uploading a JS file to the server by a POST request to /conversation/upload endpoint. After this, a working XSS payload was crafted by including the uploaded JS file link as the src of the script. This bypassed the CSP policy and XSS attacks became possible.The impact of this vulnerability is severe as it allows an attacker to compromise the FreeScout Application. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. Alternatively, the attacker can elevate the privileges of a low-privileged user to Administrator, further compromising the security of the application. Attackers can steal sensitive information such as login credentials, session tokens, personal identifiable information (PII), and financial data. The vulnerability can also lead to defacement of the Application.Version 1.8.128 contains a patch for this issue.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21908", "TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28179", "Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to the Jupyter server endpoint. This vulnerability can allow unauthenticated remote access to any websocket endpoint set up to be accessible via Jupyter Server Proxy. In many cases, this leads to remote unauthenticated arbitrary code execution, due to how affected instances use websockets. The websocket endpoints exposed by `jupyter_server` itself is not affected. Projects that do not rely on websockets are also not affected. Versions 3.2.3 and 4.1.1 contain a fix for this issue.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25202", "Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar.", "https://github.com/Agampreet-Singh/CVE-2024-25202
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Agampreet-Singh/CVE-2024-25202
https://medium.com/@agampreetsingh_93704/cve-2024-25202-discover-by-agampreet-singh-cyber-security-expert-ff8e32f5cf52"], ["2024", "CVE-2024-0406", "A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2692", "SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27096", "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0546", "A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html"], ["2024", "CVE-2024-2443", "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-31850", "A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.", "https://github.com/Stuub/CVE-2024-31848-PoC", "https://www.tenable.com/security/research/tra-2024-09"], ["2024", "CVE-2024-1929", "Local Root Exploit via Configuration Dictionary in dnf5daemon-server\u00a0before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the \"config\" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.\u00a0Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this \"config\" map, which is untrusted data.\u00a0It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.openwall.com/lists/oss-security/2024/03/04/2"], ["2024", "CVE-2024-28039", "Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29244", "Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22433", "Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33844", "The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.", "https://github.com/Entropy1110/Bugs
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27356", "An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.", "https://github.com/aggressor0/GL.iNet-Exploits
https://github.com/aggressor0/GL.iNet-RCE
https://github.com/aggressor0/GL.iNet-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28128", "Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25082", "Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25313", "Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20Authentication%20Bypass%20-%202.md"], ["2024", "CVE-2024-0686", "** REJECT ** Incorrect assignment", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0517", "Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/Uniguri/CVE-1day
https://github.com/sploitem/v8-writeups", "No PoCs from references."], ["2024", "CVE-2024-2412", "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29095", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Ryley Site Reviews allows Stored XSS.This issue affects Site Reviews: from n/a through 6.11.6.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0985", "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/marklogic/marklogic-kubernetes", "No PoCs from references."], ["2024", "CVE-2024-33398", "There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/HouqiyuA/k8s-rbac-poc"], ["2024", "CVE-2024-4813", "A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Affected is an unknown function of the file /view/networkConfig/physicalInterface/interface_commit.php. The manipulation of the argument name leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-263934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28666", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/2.md"], ["2024", "CVE-2024-21114", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-30260", "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27558", "Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/kilooooo/cms/blob/main/2.md"], ["2024", "CVE-2024-0259", "Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24832", "Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21054", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4650", "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3030", "The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26634", "In the Linux kernel, the following vulnerability has been resolved:net: fix removing a namespace with conflicting altnamesMark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520!Physical interfaces moved outside of init_net get \"refunded\"to init_net when that namespace disappears. The main interfacename may get overwritten in the process if it would haveconflicted. We need to also discard all conflicting altnames.Recent fixes addressed ensuring that altnames get movedwith the main interface, which surfaced this problem.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33149", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20338", "A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.

This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26725", "In the Linux kernel, the following vulnerability has been resolved:dpll: fix possible deadlock during netlink dump operationRecently, I've been hitting following deadlock warning during dpll pindump:[52804.637962] ======================================================[52804.638536] WARNING: possible circular locking dependency detected[52804.639111] 6.8.0-rc2jiri+ #1 Not tainted[52804.639529] ------------------------------------------------------[52804.640104] python3/2984 is trying to acquire lock:[52804.640581] ffff88810e642678 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: netlink_dump+0xb3/0x780[52804.641417] but task is already holding lock:[52804.642010] ffffffff83bde4c8 (dpll_lock){+.+.}-{3:3}, at: dpll_lock_dumpit+0x13/0x20[52804.642747] which lock already depends on the new lock.[52804.643551] the existing dependency chain (in reverse order) is:[52804.644259] -> #1 (dpll_lock){+.+.}-{3:3}:[52804.644836] lock_acquire+0x174/0x3e0[52804.645271] __mutex_lock+0x119/0x1150[52804.645723] dpll_lock_dumpit+0x13/0x20[52804.646169] genl_start+0x266/0x320[52804.646578] __netlink_dump_start+0x321/0x450[52804.647056] genl_family_rcv_msg_dumpit+0x155/0x1e0[52804.647575] genl_rcv_msg+0x1ed/0x3b0[52804.648001] netlink_rcv_skb+0xdc/0x210[52804.648440] genl_rcv+0x24/0x40[52804.648831] netlink_unicast+0x2f1/0x490[52804.649290] netlink_sendmsg+0x36d/0x660[52804.649742] __sock_sendmsg+0x73/0xc0[52804.650165] __sys_sendto+0x184/0x210[52804.650597] __x64_sys_sendto+0x72/0x80[52804.651045] do_syscall_64+0x6f/0x140[52804.651474] entry_SYSCALL_64_after_hwframe+0x46/0x4e[52804.652001] -> #0 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}:[52804.652650] check_prev_add+0x1ae/0x1280[52804.653107] __lock_acquire+0x1ed3/0x29a0[52804.653559] lock_acquire+0x174/0x3e0[52804.653984] __mutex_lock+0x119/0x1150[52804.654423] netlink_dump+0xb3/0x780[52804.654845] __netlink_dump_start+0x389/0x450[52804.655321] genl_family_rcv_msg_dumpit+0x155/0x1e0[52804.655842] genl_rcv_msg+0x1ed/0x3b0[52804.656272] netlink_rcv_skb+0xdc/0x210[52804.656721] genl_rcv+0x24/0x40[52804.657119] netlink_unicast+0x2f1/0x490[52804.657570] netlink_sendmsg+0x36d/0x660[52804.658022] __sock_sendmsg+0x73/0xc0[52804.658450] __sys_sendto+0x184/0x210[52804.658877] __x64_sys_sendto+0x72/0x80[52804.659322] do_syscall_64+0x6f/0x140[52804.659752] entry_SYSCALL_64_after_hwframe+0x46/0x4e[52804.660281] other info that might help us debug this:[52804.661077] Possible unsafe locking scenario:[52804.661671] CPU0 CPU1[52804.662129] ---- ----[52804.662577] lock(dpll_lock);[52804.662924] lock(nlk_cb_mutex-GENERIC);[52804.663538] lock(dpll_lock);[52804.664073] lock(nlk_cb_mutex-GENERIC);[52804.664490]The issue as follows: __netlink_dump_start() calls control->start(cb)with nlk->cb_mutex held. In control->start(cb) the dpll_lock is taken.Then nlk->cb_mutex is released and taken again in netlink_dump(), whiledpll_lock still being held. That leads to ABBA deadlock when anotherCPU races with the same operation.Fix this by moving dpll_lock taking into dumpit() callback which ensurescorrect lock taking order.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0348", "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24863", "In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23291", "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21394", "Dynamics 365 Field Service Spoofing Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21005", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4590", "A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263312. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/21.md"], ["2024", "CVE-2024-4601", "An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29889", "GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.", "https://github.com/PhDLeToanThang/itil-helpdesk
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0208", "GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24760", "mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`.", "https://github.com/killerbees19/CVE-2024-24760
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-23322", "Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1346", "Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.", "https://github.com/PeterGabaldon/CVE-2024-1346
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-24793", "A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_element_create()` parsing the elements in the File Meta Information header.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1931"], ["2024", "CVE-2024-24402", "An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.", "https://github.com/MAWK0235/CVE-2024-24402
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27968", "Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24890", "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C.This issue affects gala-gopher: through 1.0.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32287", "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromqossetting.md"], ["2024", "CVE-2024-26995", "In the Linux kernel, the following vulnerability has been resolved:usb: typec: tcpm: Correct the PDO counting in pd_setOff-by-one errors happen because nr_snk_pdo and nr_src_pdo areincorrectly added one. The index of the loop is equal to the number ofPDOs to be updated when leaving the loop and it doesn't need to be addedone.When doing the power negotiation, TCPM relies on the \"nr_snk_pdo\" asthe size of the local sink PDO array to match the Source capabilitiesof the partner port. If the off-by-one overflow occurs, a wrong RDOmight be sent and unexpected power transfer might happen such as overvoltage or over current (than expected).\"nr_src_pdo\" is used to set the Rp level when the port is in Sourcerole. It is also the array size of the local Source capabilities whenfilling up the buffer which will be sent as the Source PDOs (such asin Power Negotiation). If the off-by-one overflow occurs, a wrong Rplevel might be set and wrong Source PDOs will be sent to the partnerport. This could potentially cause over current or port resets.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30382", "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).This issue affects:Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2;Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1086", "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.", "https://github.com/Alicey0719/docker-POC_CVE-2024-1086
https://github.com/BachoSeven/stellestelline
https://github.com/CCIEVoice2009/CVE-2024-1086
https://github.com/EGI-Federation/SVG-advisories
https://github.com/GhostTroops/TOP
https://github.com/Hiimsonkul/Hiimsonkul
https://github.com/Notselwyn/CVE-2024-1086
https://github.com/Notselwyn/exploits
https://github.com/Notselwyn/notselwyn
https://github.com/Snoopy-Sec/Localroot-ALL-CVE
https://github.com/YgorAlberto/ygoralberto.github.io
https://github.com/aneasystone/github-trending
https://github.com/aobakwewastaken/aobakwewastaken
https://github.com/bfengj/Cloud-Security
https://github.com/brimstone/stars
https://github.com/bsauce/kernel-exploit-factory
https://github.com/bsauce/kernel-security-learning
https://github.com/daphne97/daphne97
https://github.com/fireinrain/github-trending
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/giterlizzi/secdb-feeds
https://github.com/iakat/stars
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/makoto56/penetration-suite-toolkit
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/phixion/phixion
https://github.com/seekerzz/MyRSSSync
https://github.com/tanjiti/sec_profile
https://github.com/uhub/awesome-c
https://github.com/unresolv/stars
https://github.com/wuhanstudio/awesome-stars
https://github.com/xairy/linux-kernel-exploitation", "https://github.com/Notselwyn/CVE-2024-1086
https://news.ycombinator.com/item?id=39828424
https://pwning.tech/nftables/"], ["2024", "CVE-2024-1257", "A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21336", "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25438", "A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/machisri/CVEs-and-Vulnerabilities", "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions"], ["2024", "CVE-2024-23134", "A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24857", "A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21031", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-26651", "In the Linux kernel, the following vulnerability has been resolved:sr9800: Add check for usbnet_get_endpointsAdd check for usbnet_get_endpoints() and return the error if it failsin order to transfer the error.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24754", "Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13.", "No PoCs found on GitHub currently.", "https://github.com/brefphp/bref/security/advisories/GHSA-82vx-mm6r-gg8w"], ["2024", "CVE-2024-22258", "Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients.Specifically, an application is vulnerable when a Confidential Client\u00a0uses PKCE for the Authorization Code Grant.An application is not vulnerable when a Public Client\u00a0uses PKCE for the Authorization Code Grant.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22318", "IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html
http://seclists.org/fulldisclosure/2024/Feb/7"], ["2024", "CVE-2024-26711", "In the Linux kernel, the following vulnerability has been resolved:iio: adc: ad4130: zero-initialize clock init dataThe clk_init_data struct does not have all its membersinitialized, causing issues when trying to expose the internalclock on the CLK pin.Fix this by zero-initializing the clk_init_data struct.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1010", "A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279.", "No PoCs found on GitHub currently.", "https://github.com/jomskiller/Employee-Management-System---Stored-XSS
https://github.com/jomskiller/Employee-Management-System---Stored-XSS/"], ["2024", "CVE-2024-1381", "The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or configuration data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30205", "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25578", "MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24806", "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://www.openwall.com/lists/oss-security/2024/02/08/2
https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6"], ["2024", "CVE-2024-21060", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-25469", "SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22198", "Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.", "No PoCs found on GitHub currently.", "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35"], ["2024", "CVE-2024-31078", "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3004", "A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258206 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Cross-Site-Scripting.md"], ["2024", "CVE-2024-26600", "In the Linux kernel, the following vulnerability has been resolved:phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRPIf the external phy working together with phy-omap-usb2 does not implementsend_srp(), we may still attempt to call it. This can happen on an idleEthernet gadget triggering a wakeup for example:configfs-gadget.g1 gadget.0: ECM Suspendconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup...Unable to handle kernel NULL pointer dereference at virtual address00000000 when execute...PC is at 0x0LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]...musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24cdev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4sch_direct_xmit from __dev_queue_xmit+0x334/0xd88__dev_queue_xmit from arp_solicit+0xf0/0x268arp_solicit from neigh_probe+0x54/0x7cneigh_probe from __neigh_event_send+0x22c/0x47c__neigh_event_send from neigh_resolve_output+0x14c/0x1c0neigh_resolve_output from ip_finish_output2+0x1c8/0x628ip_finish_output2 from ip_send_skb+0x40/0xd8ip_send_skb from udp_send_skb+0x124/0x340udp_send_skb from udp_sendmsg+0x780/0x984udp_sendmsg from __sys_sendto+0xd8/0x158__sys_sendto from ret_fast_syscall+0x0/0x58Let's fix the issue by checking for send_srp() and set_vbus() beforecalling them. For USB peripheral only cases these both could be NULL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26591", "In the Linux kernel, the following vulnerability has been resolved:bpf: Fix re-attachment branch in bpf_tracing_prog_attachThe following case can cause a crash due to missing attach_btf:1) load rawtp program2) load fentry program with rawtp as target_fd3) create tracing link for fentry program with target_fd = 04) repeat 3In the end we have:- prog->aux->dst_trampoline == NULL- tgt_prog == NULL (because we did not provide target_fd to link_create)- prog->aux->attach_btf == NULL (the program was loaded with attach_prog_fd=X)- the program was loaded for tgt_prog but we have no way to find out which one BUG: kernel NULL pointer dereference, address: 0000000000000058 Call Trace: ? __die+0x20/0x70 ? page_fault_oops+0x15b/0x430 ? fixup_exception+0x22/0x330 ? exc_page_fault+0x6f/0x170 ? asm_exc_page_fault+0x22/0x30 ? bpf_tracing_prog_attach+0x279/0x560 ? btf_obj_id+0x5/0x10 bpf_tracing_prog_attach+0x439/0x560 __sys_bpf+0x1cf4/0x2de0 __x64_sys_bpf+0x1c/0x30 do_syscall_64+0x41/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76Return -EINVAL in this situation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24494", "Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.", "No PoCs found on GitHub currently.", "https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/DailyHabitTracker-Stored_XSS.md"], ["2024", "CVE-2024-1290", "The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/a60187d4-9491-435a-bc36-8dd348a1ffa3/"], ["2024", "CVE-2024-3144", "A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/12.md"], ["2024", "CVE-2024-31138", "In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2228", "This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25529", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21120", "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-3366", "A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.", "No PoCs found on GitHub currently.", "https://github.com/xuxueli/xxl-job/issues/3391"], ["2024", "CVE-2024-1263", "A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25808", "Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hebing123/cve/issues/17"], ["2024", "CVE-2024-23196", "A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21093", "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-1323", "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25859", "A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1232", "The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/2a29b509-4cd5-43c8-84f4-f86251dd28f8/"], ["2024", "CVE-2024-35841", "In the Linux kernel, the following vulnerability has been resolved:net: tls, fix WARNIING in __sk_msg_freeA splice with MSG_SPLICE_PAGES will cause tls code to use thetls_sw_sendmsg_splice path in the TLS sendmsg code to move the userprovided pages from the msg into the msg_pl. This will loop over themsg until msg_pl is full, checked by sk_msg_full(msg_pl). The usercan also set the MORE flag to hint stack to delay sending until receivingmore pages and ideally a full buffer.If the user adds more pages to the msg than can fit in the msg_plscatterlist (MAX_MSG_FRAGS) we should ignore the MORE flag and sendthe buffer anyways.What actually happens though is we abort the msg to msg_pl scatterlistsetup and then because we forget to set 'full record' indicating wecan no longer consume data without a send we fallthrough to the 'continue'path which will check if msg_data_left(msg) has more bytes to send andthen attempts to fit them in the already full msg_pl. Then nextiteration of sender doing send will encounter a full msg_pl and throwthe warning in the syzbot report.To fix simply check if we have a full_record in splice code path andif not send the msg regardless of MORE flag.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28421", "SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php", "No PoCs found on GitHub currently.", "https://gist.github.com/LioTree/003202727a61c0fb3ec3c948ab5e38f9
https://github.com/cobub/razor/issues/178"], ["2024", "CVE-2024-26473", "A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35593", "An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24576", "Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process.The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.", "https://github.com/Brownpanda29/cve202424576
https://github.com/Gaurav1020/CVE-2024-24576-PoC-Rust
https://github.com/SheL3G/CVE-2024-24576-PoC-BatBadBut
https://github.com/WoodManGitHub/CVE-Research
https://github.com/aydinnyunus/CVE-2024-24576-Exploit
https://github.com/brains93/CVE-2024-24576-PoC-Python
https://github.com/corysabol/batbadbut-demo
https://github.com/fireinrain/github-trending
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/foxoman/CVE-2024-24576-PoC---Nim
https://github.com/frostb1ten/CVE-2024-24576-PoC
https://github.com/jafshare/GithubTrending
https://github.com/kherrick/lobsters
https://github.com/lpn/CVE-2024-24576.jl
https://github.com/michalsvoboda76/batbadbut
https://github.com/mishalhossin/CVE-2024-24576-PoC-Python
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/p14t1num/cve-2024-24576-python
https://github.com/securitycipher/daily-bugbounty-writeups
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-25919", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28401", "TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32293", "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromDhcpListClient_page.md"], ["2024", "CVE-2024-23276", "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24787", "On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a \"#cgo LDFLAGS\" directive.", "https://github.com/LOURC0D3/CVE-2024-24787-PoC
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1212", "Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.", "https://github.com/Chocapikk/CVE-2024-1212
https://github.com/Ostorlab/KEV
https://github.com/RhinoSecurityLabs/CVEs
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-28893", "Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3317", "An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23336", "MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addresses_ list (`$config['disallowed_remote_addresses']`) contains the address `127.0.0.1`, but does not include the complete block `127.0.0.0/8`. MyBB 1.8.38 resolves this issue in default installations. Administrators of installed boards should update the existing configuration (`inc/config.php`) to include all addresses blocked by default. Additionally, users are advised to verify that it includes any other IPv4 addresses resolving to the server and other internal resources. Users unable to upgrade may manually add 127.0.0.0/8' to their disallowed address list.", "https://github.com/CP04042K/CVE", "No PoCs from references."], ["2024", "CVE-2024-4526", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25828", "cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/sec-Kode/cve"], ["2024", "CVE-2024-3346", "A vulnerability was found in Byzoro Smart S80 up to 20240328. It has been declared as critical. This vulnerability affects unknown code of the file /log/webmailattach.php. The manipulation of the argument mail_file_path leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259450 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/Yu1e/vuls/blob/main/Byzro%20Networks%20Smart%20S80%20management%20platform%20has%20rce%20vulnerability.md"], ["2024", "CVE-2024-26542", "Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.", "No PoCs found on GitHub currently.", "https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-26542/README.md"], ["2024", "CVE-2024-24696", "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1303", "Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/guillermogm4/CVE-2024-1303---Badgermeter-moni-tool-Path-Traversal
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28681", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/17.md"], ["2024", "CVE-2024-24725", "Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.", "https://github.com/NaInSec/CVE-LIST
https://github.com/tanjiti/sec_profile", "https://www.exploit-db.com/exploits/51903"], ["2024", "CVE-2024-3024", "A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://docs.google.com/document/d/1wCIrViAJwGsO5afPBLLjRhO5RClsoUo3J9q1psLs84s/edit?usp=sharing"], ["2024", "CVE-2024-4644", "A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263488.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21040", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-24826", "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28732", "An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/ErodedElk/1133d64dde2d92393a065edc9b243792"], ["2024", "CVE-2024-4495", "A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263084. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formWifiMacFilterGet.md"], ["2024", "CVE-2024-21100", "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. While the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-32371", "An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0.", "https://github.com/chucrutis/CVE-2024-32371
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28672", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/3.md"], ["2024", "CVE-2024-25509", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_file_downloadaspx"], ["2024", "CVE-2024-22369", "Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/oscerd/CVE-2024-22369", "No PoCs from references."], ["2024", "CVE-2024-1061", "The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the \u00a0'get_view' function.", "https://github.com/JoshuaMart/JoshuaMart
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "https://www.tenable.com/security/research/tra-2024-02"], ["2024", "CVE-2024-28971", "Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4807", "A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file delete_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263927.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31009", "SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.", "No PoCs found on GitHub currently.", "https://github.com/ss122-0ss/semcms/blob/main/README.md"], ["2024", "CVE-2024-1170", "The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24774", "Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in\u00a0registered users on Jira being able to create webhooks that give them access to all Jira issues.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3075", "The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/450375f6-a9d4-49f6-8bab-867774372795/"], ["2024", "CVE-2024-4584", "A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21011", "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-23285", "This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24877", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23114", "Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.Users are recommended to upgrade to version 4.4.0, which fixes the issue.\u00a0If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1", "https://github.com/Croway/potential-cassandra
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25418", "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.", "No PoCs found on GitHub currently.", "https://github.com/Carl0724/cms/blob/main/2.md"], ["2024", "CVE-2024-2319", "Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30225", "Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32320", "Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formSetTimeZone.md"], ["2024", "CVE-2024-23054", "An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).", "No PoCs found on GitHub currently.", "https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-23054/README.md"], ["2024", "CVE-2024-24937", "In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28623", "RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.", "https://github.com/GURJOTEXPERT/ritecms", "https://github.com/GURJOTEXPERT/ritecms"], ["2024", "CVE-2024-1030", "A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252303.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.252303"], ["2024", "CVE-2024-32027", "Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss"], ["2024", "CVE-2024-21316", "Windows Server Key Distribution Service Security Feature Bypass", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21087", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4512", "A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss.md"], ["2024", "CVE-2024-23213", "The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27919", "Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.", "https://github.com/Ampferl/poc_http2-continuation-flood
https://github.com/DrewskyDev/H2Flood
https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/lockness-Ko/CVE-2024-27316", "No PoCs from references."], ["2024", "CVE-2024-29499", "Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/daddywolf/cms/blob/main/1.md"], ["2024", "CVE-2024-1366", "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018archive_title_tag\u2019 attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4891", "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tagName\u2019 parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26467", "A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4792", "A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /admin_class.php. The manipulation of the argument id/delete_category/delete_inv/delete_laundry/delete_supply/delete_user/login/save_inv/save_user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263891.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/sql_action.md"], ["2024", "CVE-2024-28575", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-28435", "The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28435"], ["2024", "CVE-2024-35855", "In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity updateThe rule activity update delayed work periodically traverses the list ofconfigured rules and queries their activity from the device.As part of this task it accesses the entry pointed by 'ventry->entry',but this entry can be changed concurrently by the rehash delayed work,leading to a use-after-free [1].Fix by closing the race and perform the activity query under the'vregion->lock' mutex.[1]BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140Read of size 8 at addr ffff8881054ed808 by task kworker/0:18/181CPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019Workqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_workCall Trace: dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140 mlxsw_sp_acl_rule_activity_update_work+0x219/0x400 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Allocated by task 1039: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc+0x19c/0x360 mlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x30d/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30Freed by task 1039: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x14/0x30 kfree+0xc1/0x290 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32136", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/xbz0n/CVE-2024-32136", "No PoCs from references."], ["2024", "CVE-2024-1226", "The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4761", "Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", "https://github.com/dan-mba/python-selenium-news
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/michredteam/CVE-2024-4761
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/securitycipher/daily-bugbounty-writeups
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-32314", "Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexecommand_cmdi.md"], ["2024", "CVE-2024-24903", "Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23060", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md"], ["2024", "CVE-2024-33078", "Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution.", "https://github.com/HBLocker/CVE-2024-33078
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1395", "Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system\u2019s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.This issue affects Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24591", "A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI\u2019s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user\u2019s system when interacted with.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3290", "A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28854", "tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using `TlsListener::new()` vulnerable to a slow-loris DoS attack. This impacts any publicly accessible service using the default configuration of tls-listener in versions prior to 0.10.0. Users are advised to upgrade. Users unable to upgrade may mitigate this by passing a large value, such as `usize::MAX` as the parameter to `Builder::max_handshakes`.", "https://github.com/NaInSec/CVE-LIST", "https://en.wikipedia.org/wiki/Slowloris_(computer_security)
https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7"], ["2024", "CVE-2024-1144", "Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24740", "SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions,\u00a0allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26645", "In the Linux kernel, the following vulnerability has been resolved:tracing: Ensure visibility when inserting an element into tracing_mapRunning the following two commands in parallel on a multi-processorAArch64 machine can sporadically produce an unexpected warning aboutduplicate histogram entries: $ while true; do echo hist:key=id.syscall:val=hitcount > \\ /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist sleep 0.001 done $ stress-ng --sysbadaddr $(nproc)The warning looks as follows:[ 2911.172474] ------------[ cut here ]------------[ 2911.173111] Duplicates detected: 1[ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408[ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E)[ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1[ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01[ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018[ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)[ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408[ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408[ 2911.185310] sp : ffff8000a1513900[ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001[ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008[ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180[ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff[ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8[ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731[ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c[ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8[ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000[ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480[ 2911.194259] Call trace:[ 2911.194626] tracing_map_sort_entries+0x3e0/0x408[ 2911.195220] hist_show+0x124/0x800[ 2911.195692] seq_read_iter+0x1d4/0x4e8[ 2911.196193] seq_read+0xe8/0x138[ 2911.196638] vfs_read+0xc8/0x300[ 2911.197078] ksys_read+0x70/0x108[ 2911.197534] __arm64_sys_read+0x24/0x38[ 2911.198046] invoke_syscall+0x78/0x108[ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8[ 2911.199157] do_el0_svc+0x28/0x40[ 2911.199613] el0_svc+0x40/0x178[ 2911.200048] el0t_64_sync_handler+0x13c/0x158[ 2911.200621] el0t_64_sync+0x1a8/0x1b0[ 2911.201115] ---[ end trace 0000000000000000 ]---The problem appears to be caused by CPU reordering of writes issued from__tracing_map_insert().The check for the presence of an element with a given key in thisfunction is: val = READ_ONCE(entry->val); if (val && keys_match(key, val->key, map->key_size)) ...The write of a new entry is: elt = get_free_elt(map); memcpy(elt->key, key, map->key_size); entry->val = elt;The \"memcpy(elt->key, key, map->key_size);\" and \"entry->val = elt;\"stores may become visible in the reversed order on another CPU. Thissecond CPU might then incorrectly determine that a new key doesn't matchan already present val->key and subse---truncated---", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21025", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-23120", "A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throughAutodesk AutoCAD can force an Out-of-Bound Write. A malicious actor canleverage this vulnerability to cause a crash, write sensitive data, or executearbitrary code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32254", "Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image.", "No PoCs found on GitHub currently.", "https://github.com/jinhaochan/CVE-POC/blob/main/tms/POC.md"], ["2024", "CVE-2024-28757", "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", "https://github.com/GrigGM/05-virt-04-docker-hw
https://github.com/NaInSec/CVE-LIST
https://github.com/RenukaSelvar/expat_CVE-2024-28757
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fokypoky/places-list
https://github.com/krnidhi/expat_2.1.1_CVE-2024-28757
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/saurabh2088/expat_2_1_0_CVE-2024-28757", "No PoCs from references."], ["2024", "CVE-2024-27438", "Download of Code Without Integrity Check vulnerability in Apache Doris.The jdbc driver files used for JDBC catalog is not checked and may\u00a0resulting in remote command execution.Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This\u00a0code snippet will be run when catalog is initializing without any check.This issue affects Apache Doris: from 1.2.0 through 2.0.4.Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4730", "A vulnerability classified as problematic has been found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/judge. The manipulation of the argument judge_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263808.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_judge.md"], ["2024", "CVE-2024-30240", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32345", "A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.", "https://github.com/adiapera/xss_language_cmsimple_5.15", "https://github.com/adiapera/xss_language_cmsimple_5.15"], ["2024", "CVE-2024-23031", "Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.", "No PoCs found on GitHub currently.", "https://github.com/weng-xianhu/eyoucms/issues/57"], ["2024", "CVE-2024-1055", "The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1115", "A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252473 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1284", "Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26585", "In the Linux kernel, the following vulnerability has been resolved:tls: fix race between tx work scheduling and socket closeSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)may exit as soon as the async crypto handler calls complete().Reorder scheduling the work before calling complete().This seems more logical in the first place, as it'sthe inverse order of what the submitting thread will do.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4670", "The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21074", "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-32205", "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-0279", "A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file item_list_edit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249834 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28108", "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.", "No PoCs found on GitHub currently.", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"], ["2024", "CVE-2024-1818", "A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254606 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31961", "A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20984", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2572", "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257075.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-details.php.md"], ["2024", "CVE-2024-33767", "lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg"], ["2024", "CVE-2024-20687", "Microsoft AllJoyn API Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21979", "An out of bounds write vulnerability in the AMD Radeon\u2122 user mode driver for DirectX\u00ae\u00a011 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27236", "In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2432", "A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.", "https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP
https://github.com/aneasystone/github-trending
https://github.com/fireinrain/github-trending
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "https://security.paloaltonetworks.com/CVE-2024-2432"], ["2024", "CVE-2024-1958", "The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/8be4ebcf-2b42-4b88-89a0-2df6dbf00b55/"], ["2024", "CVE-2024-36053", "In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2523", "A vulnerability classified as problematic was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This vulnerability affects unknown code of the file /admin/booktime.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20booktime.php.md"], ["2024", "CVE-2024-0426", "A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250445 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md"], ["2024", "CVE-2024-33835", "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.", "No PoCs found on GitHub currently.", "https://github.com/isBigChen/iot/blob/main/tenda/formSetSafeWanWebMan.md"], ["2024", "CVE-2024-25222", "Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20SQL%20Injection%20-%201.md"], ["2024", "CVE-2024-1849", "The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/e6d9fe28-def6-4f25-9967-a77f91899bfe/"], ["2024", "CVE-2024-28159", "A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29235", "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-29375", "CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.", "https://github.com/c0rvane/CVE-2024-29375
https://github.com/ismailcemunver/CVE-2024-29375
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ismailcemunver/CVE-2024-29375"], ["2024", "CVE-2024-28388", "SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2463", "Weak password recovery mechanism in CDeX application allows to retrieve\u00a0password\u00a0reset token.This issue affects CDeX application versions through 5.7.1.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0566", "The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/xbz0n/CVE-2024-0566", "https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32/"], ["2024", "CVE-2024-2942", "A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. This affects an unknown part of the file /adminpanel/admin/query/deleteQuestionExe.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258033 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26329", "Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in ChilkatRand::randomBytes function.", "No PoCs found on GitHub currently.", "https://x41-dsec.de/lab/advisories/x41-2024-001-chilkat-prng/"], ["2024", "CVE-2024-32738", "A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\u00a0An unauthenticated remote attacker can leak sensitive information via the \"query_ptask_lean\" function within MCUDBHelper.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2024-14"], ["2024", "CVE-2024-25140", "** DISPUTED ** A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is \"we do not have EV cert, so we use test cert as a workaround.\" Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/seyrenus/trace-release", "No PoCs from references."], ["2024", "CVE-2024-0744", "In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.", "https://github.com/googleprojectzero/fuzzilli
https://github.com/zhangjiahui-buaa/MasterThesis", "No PoCs from references."], ["2024", "CVE-2024-2490", "A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/Emilytutu/IoT-vulnerable/blob/main/Tenda/AC18/setSchedWifi_end.md"], ["2024", "CVE-2024-27105", "Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20866", "Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27294", "dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files \u2014 including the compiler binary \u2014 with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25391", "A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-21798", "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26269", "Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29386", "projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php.", "No PoCs found on GitHub currently.", "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/"], ["2024", "CVE-2024-33514", "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22660", "TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg", "No PoCs found on GitHub currently.", "https://github.com/Covteam/iot_vuln/tree/main/setLanguageCfg"], ["2024", "CVE-2024-2802", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1166. Reason: This candidate is a reservation duplicate of CVE-2024-1166. Notes: All CVE users should reference CVE-2024-1166 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35109", "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29106", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20674", "Windows Kerberos Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2913", "A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2610", "Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2581", "A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetRouteStatic.md"], ["2024", "CVE-2024-27014", "In the Linux kernel, the following vulnerability has been resolved:net/mlx5e: Prevent deadlock while disabling aRFSWhen disabling aRFS under the `priv->state_lock`, any scheduledaRFS works are canceled using the `cancel_work_sync` function,which waits for the work to end if it has already started.However, while waiting for the work handler, the handler willtry to acquire the `state_lock` which is already acquired.The worker acquires the lock to delete the rules if the stateis down, which is not the worker's responsibility sincedisabling aRFS deletes the rules.Add an aRFS state variable, which indicates whether the aRFS isenabled and prevent adding rules when the aRFS is disabled.Kernel log:======================================================WARNING: possible circular locking dependency detected6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G I------------------------------------------------------ethtool/386089 is trying to acquire lock:ffff88810f21ce68 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0but task is already holding lock:ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]which lock already depends on the new lock.the existing dependency chain (in reverse order) is:-> #1 (&priv->state_lock){+.+.}-{3:3}: __mutex_lock+0x80/0xc90 arfs_handle_work+0x4b/0x3b0 [mlx5_core] process_one_work+0x1dc/0x4a0 worker_thread+0x1bf/0x3c0 kthread+0xd7/0x100 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20-> #0 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}: __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0 __flush_work+0x7a/0x4e0 __cancel_work_timer+0x131/0x1c0 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 [mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit+0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x1a1/0x270 netlink_sendmsg+0x214/0x460 __sock_sendmsg+0x38/0x60 __sys_sendto+0x113/0x170 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x46/0x4eother info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&priv->state_lock); lock((work_completion)(&rule->arfs_work)); lock(&priv->state_lock); lock((work_completion)(&rule->arfs_work)); *** DEADLOCK ***3 locks held by ethtool/386089: #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240 #2: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]stack backtrace:CPU: 15 PID: 386089 Comm: ethtool Tainted: G I 6.7.0-rc4_net_next_mlx5_5483eb2 #1Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014Call Trace: dump_stack_lvl+0x60/0xa0 check_noncircular+0x144/0x160 __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0 ? __flush_work+0x74/0x4e0 ? save_trace+0x3e/0x360 ? __flush_work+0x74/0x4e0 __flush_work+0x7a/0x4e0 ? __flush_work+0x74/0x4e0 ? __lock_acquire+0xa78/0x2c80 ? lock_acquire+0xd0/0x2b0 ? mark_held_locks+0x49/0x70 __cancel_work_timer+0x131/0x1c0 ? mark_held_locks+0x49/0x70 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 [mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit+0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 ? ethn---truncated---", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20977", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0715", "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0484", "A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250589 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20837", "Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0655", "A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251383.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2853", "A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md"], ["2024", "CVE-2024-35049", "SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590.", "No PoCs found on GitHub currently.", "https://github.com/javahuang/SurveyKing/issues/55"], ["2024", "CVE-2024-31747", "An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option.", "No PoCs found on GitHub currently.", "https://medium.com/@deepsahu1/yealink-vp59-microsoft-teams-phone-lock-bypass-b7fee9dd9c8c"], ["2024", "CVE-2024-31844", "An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.", "No PoCs found on GitHub currently.", "https://www.gruppotim.it/it/footer/red-team.html"], ["2024", "CVE-2024-3838", "Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27082", "Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h"], ["2024", "CVE-2024-2686", "A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257386 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2517", "A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_history.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20book_history.php.md"], ["2024", "CVE-2024-0783", "A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.", "https://github.com/keru6k/Online-Admission-System-RCE-PoC
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/keru6k/Online-Admission-System-RCE-PoC
https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py"], ["2024", "CVE-2024-0412", "A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25187", "Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25216", "Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%201.md"], ["2024", "CVE-2024-0880", "A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.252032"], ["2024", "CVE-2024-29190", "Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view?usp=share_link
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3"], ["2024", "CVE-2024-29201", "JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.", "https://github.com/enomothem/PenTestNote
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC", "No PoCs from references."], ["2024", "CVE-2024-2985", "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formQuickIndex.md"], ["2024", "CVE-2024-23819", "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://osgeo-org.atlassian.net/browse/GEOS-11154"], ["2024", "CVE-2024-22567", "File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.", "https://github.com/labesterOct/CVE-2024-22567
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-31487", "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27193", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU PayU India allows Reflected XSS.This issue affects PayU India: from n/a through 3.8.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27202", "A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/kaje11/CVEs", "No PoCs from references."], ["2024", "CVE-2024-0692", "The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds\u2019 service, resulting in remote code execution.", "https://github.com/Ostorlab/KEV
https://github.com/f0ur0four/Insecure-Deserialization", "No PoCs from references."], ["2024", "CVE-2024-0503", "A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611.", "No PoCs found on GitHub currently.", "https://drive.google.com/file/d/1n9Zas-iSOfKVMN3UzPyVGgQgCmig2A5I/view?usp=sharing"], ["2024", "CVE-2024-25307", "Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at \"/Cinema-Reservation/booking.php?id=1.\"", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/tubakvgc/CVEs/blob/main/Cinema%20Seat%20Reservation%20System/Cinema%20Seat%20Reservation%20System%20-%20SQL%20Injection.md"], ["2024", "CVE-2024-2546", "A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/A18/fromSetWirelessRepeat_a.md"], ["2024", "CVE-2024-2764", "A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md"], ["2024", "CVE-2024-25065", "Possible path traversal in Apache OFBiz allowing authentication bypass.Users are recommended to upgrade to version 18.12.12, that fixes the issue.", "https://github.com/Threekiii/CVE
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-30718", "** DISPUTED ** An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION=2 and ROS_PYTHON_VERSION=3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30718", "No PoCs from references."], ["2024", "CVE-2024-24309", "In the module \"Survey TMA\" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24098", "Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.", "https://github.com/ASR511-OO7/CVE-2024-24098
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-0962", "A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20700", "Windows Hyper-V Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-33431", "An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file.", "No PoCs found on GitHub currently.", "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc
https://github.com/stsaz/phiola/issues/27"], ["2024", "CVE-2024-5044", "A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-264741 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-3548", "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/9eef8b29-2c62-4daa-ae90-467ff9be18d8/"], ["2024", "CVE-2024-20943", "Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27020", "In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()nft_unregister_expr() can concurrent with __nft_expr_type_get(),and there is not any protection when iterate over nf_tables_expressionslist in __nft_expr_type_get(). Therefore, there is potential data-raceof nf_tables_expressions list entry.Use list_for_each_entry_rcu() to iterate over nf_tables_expressionslist in __nft_expr_type_get(), and use rcu_read_lock() in the callernft_expr_type_get() to protect the entire type query process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34251", "An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the \"block_type_get_arity\" function in core/iwasm/interpreter/wasm.h.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/bytecodealliance/wasm-micro-runtime/issues/3347"], ["2024", "CVE-2024-4239", "A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetRebootTimer.md"], ["2024", "CVE-2024-20852", "Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34340", "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m"], ["2024", "CVE-2024-22957", "swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/matthiaskramm/swftools/issues/206"], ["2024", "CVE-2024-0630", "The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2836", "The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/36f95b19-af74-4c56-9848-8ff270af4723/"], ["2024", "CVE-2024-3459", "KioWare for Windows (versions all\u00a0through 8.34)\u00a0allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.", "https://github.com/DojoSecurity/DojoSecurity
https://github.com/afine-com/research", "No PoCs from references."], ["2024", "CVE-2024-3688", "A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24189", "Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/pcmacdon/jsish/issues/101"], ["2024", "CVE-2024-2675", "A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /admin/company/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257375.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-22817", "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte", "No PoCs found on GitHub currently.", "https://github.com/mafangqian/cms/blob/main/1.md"], ["2024", "CVE-2024-34200", "TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/setIpQosRules"], ["2024", "CVE-2024-23478", "SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30598", "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWifiBasicSet_security_5g.md"], ["2024", "CVE-2024-33470", "An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3698", "A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4369", "An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator's Azure service account.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30588", "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_start.md"], ["2024", "CVE-2024-25164", "iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality.", "No PoCs found on GitHub currently.", "https://github.com/u32i/cve/tree/main/CVE-2024-25164"], ["2024", "CVE-2024-34210", "TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/CloudACMunualUpdate_injection"], ["2024", "CVE-2024-20842", "Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2725", "Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2826", "A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5145", "A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265289 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/CveSecLook/cve/issues/38"], ["2024", "CVE-2024-33530", "In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby.", "No PoCs found on GitHub currently.", "https://insinuator.net/2024/05/vulnerability-in-jitsi-meet-meeting-password-disclosure-affecting-meetings-with-lobbies/"], ["2024", "CVE-2024-0923", "A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md"], ["2024", "CVE-2024-29033", "OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a JupyterHub. The restriction is intented to be to Google accounts part of one or more Google organization verified to control specified domain(s). Prior to version 16.3.0, the actual restriction has been to Google accounts with emails ending with the domain. Such accounts could have been created by anyone which at one time was able to read an email associated with the domain. This was described by Dylan Ayrey (@dxa4481) in this [blog post] from 15th December 2023). OAuthenticator 16.3.0 contains a patch for this issue. As a workaround, restrict who can login another way, such as `allowed_users` or `allowed_google_groups`.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24259", "freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29122", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0832", "In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0731", "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt"], ["2024", "CVE-2024-22856", "A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests.", "No PoCs found on GitHub currently.", "https://www.4rth4s.xyz/2024/04/cve-2024-22856-authenticated-blind-sql.html"], ["2024", "CVE-2024-34241", "A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20953", "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2634", "A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sse_generico/generico_login.jsp' is vulnerable to XSS attack via 'lang' query, i.e. '/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f¶ms='.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23439", "Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30708", "** DISPUTED ** An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS2 nodes. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30708", "No PoCs from references."], ["2024", "CVE-2024-34090", "An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22916", "In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.", "No PoCs found on GitHub currently.", "https://kee02p.github.io/2024/01/13/CVE-2024-22916/
https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-20813", "Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2774", "A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257608.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-5114", "A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_attendance_history1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265104.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2877", "Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20710", "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29062", "Secure Boot Security Feature Bypass Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2556", "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055.", "https://github.com/NaInSec/CVE-LIST
https://github.com/tht1997/tht1997", "https://github.com/tht1997/WhiteBox/blob/main/sourcecodesters/employee-management-system-php-attendance-info.md"], ["2024", "CVE-2024-29240", "Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-23858", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31497", "In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.", "https://github.com/HugoBond/CVE-2024-31497-POC
https://github.com/PazDak/LoonSecurity
https://github.com/ViktorNaum/CVE-2024-31497-POC
https://github.com/edutko/cve-2024-31497
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sh1k4ku/CVE-2024-31497
https://github.com/tanjiti/sec_profile", "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/
https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/"], ["2024", "CVE-2024-29091", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dnesscarkey WP Armour \u2013 Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour \u2013 Honeypot Anti Spam: from n/a through 2.1.13.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-33592", "Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33900", "** DISPUTED ** KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.", "No PoCs found on GitHub currently.", "https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838"], ["2024", "CVE-2024-27212", "In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3879", "A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260913 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/formSetCfm.md"], ["2024", "CVE-2024-25197", "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ros-planning/navigation2/issues/3940"], ["2024", "CVE-2024-0402", "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.", "https://github.com/0xfschott/CVE-search
https://github.com/ch4nui/CVE-2024-0402-RCE
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-27092", "Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form - easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mbiesiad/security-hall-of-fame-mb", "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-8r6h-8r68-q3pp"], ["2024", "CVE-2024-3968", "Remote CodeExecution has been discovered inOpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability cantrigger remote code execution using custom file upload task.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23809", "A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2995", "A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258197 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29180", "Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer's machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing.", "https://github.com/NaInSec/CVE-LIST
https://github.com/seal-community/patches", "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"], ["2024", "CVE-2024-0890", "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md"], ["2024", "CVE-2024-22526", "Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.", "No PoCs found on GitHub currently.", "https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3"], ["2024", "CVE-2024-22922", "An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php", "https://github.com/keru6k/CVE-2024-22922
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-20827", "Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2740", "Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21448", "Microsoft Teams for Android Information Disclosure Vulnerability", "https://github.com/Ch0pin/related_work
https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1529", "Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5120", "A vulnerability was found in SourceCodester Event Registration System 1.0. It has been classified as critical. Affected is an unknown function of the file /registrar/?page=registration. The manipulation of the argument e leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265200.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20SQL%20Injection%20-%203.md"], ["2024", "CVE-2024-29056", "Windows Authentication Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2903", "A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/GetParentControlInfo.md"], ["2024", "CVE-2024-20664", "Microsoft Message Queuing Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-31510", "An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29116", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs for WooCommerce by Iconic: from n/a through 5.5.3.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21508", "Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.", "https://github.com/Geniorio01/CVE-2024-21508-mysql2-RCE
https://github.com/nomi-sec/PoC-in-GitHub", "https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085"], ["2024", "CVE-2024-0705", "The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/RandomRobbieBF/CVE-2024-0679", "No PoCs from references."], ["2024", "CVE-2024-25101", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik \u2013 Spam Blacklist allows Stored XSS.This issue affects Maspik \u2013 Spam Blacklist: from n/a through 0.10.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20967", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2591", "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple\u00a0parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21419", "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0585", "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25381", "There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.", "https://github.com/Ox130e07d/CVE-2024-25381
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27284", "cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2480", "A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente at\u00e9 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/SQU4NCH/SQU4NCH", "No PoCs from references."], ["2024", "CVE-2024-2711", "A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as critical. Affected by this issue is the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceMac leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257462 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/addWifiMacFilter_deviceMac.md"], ["2024", "CVE-2024-2812", "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWriteFacMac.md"], ["2024", "CVE-2024-33695", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0917", "remote code execution in paddlepaddle/paddle 2.6.0", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119"], ["2024", "CVE-2024-26339", "swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/matthiaskramm/swftools/issues/225"], ["2024", "CVE-2024-33444", "SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component.", "No PoCs found on GitHub currently.", "https://gist.github.com/LioTree/1971a489dd5ff619b89e7a9e1da91152
https://github.com/liu21st/onethink/issues/39"], ["2024", "CVE-2024-34224", "Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.", "https://github.com/dovankha/CVE-2024-34224
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/dovankha/CVE-2024-34224"], ["2024", "CVE-2024-32728", "Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34397", "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "No PoCs found on GitHub currently.", "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"], ["2024", "CVE-2024-27277", "The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-28009", "Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1919", "A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This vulnerability affects unknown code of the file /Employer/ManageWalkin.php of the component Manage Walkin Page. The manipulation of the argument Job Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254854 is the identifier assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.254854"], ["2024", "CVE-2024-28149", "Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1859", "The Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34146", "Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2533", "A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256970 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-users.php.md"], ["2024", "CVE-2024-22452", "Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22543", "An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27226", "In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22891", "Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/EQSTLab/PoC/tree/main/2024/RCE/CVE-2024-22891"], ["2024", "CVE-2024-0467", "A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2562", "A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/role_menu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257061 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20994", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-1808", "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28118", "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4"], ["2024", "CVE-2024-20697", "Windows libarchive Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5093", "A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265072.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20Authentication%20Bypass.md"], ["2024", "CVE-2024-22403", "Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3000", "A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258202 is the identifier assigned to this vulnerability.", "https://github.com/FoxyProxys/CVE-2024-3000
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System%20-%20Authentication%20Bypass.md"], ["2024", "CVE-2024-26595", "In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error pathWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path afterfailing to attach the region to an ACL group, we hit a NULL pointerdereference upon 'region->group->tcam' [1].Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().[1]BUG: kernel NULL pointer dereference, address: 0000000000000000[...]RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0[...]Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26604", "In the Linux kernel, the following vulnerability has been resolved:Revert \"kobject: Remove redundant checks for whether ktype is NULL\"This reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31.It is reported to cause problems, so revert it for now until the rootcause can be found.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35475", "A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27568", "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/setupEC20Apn.md"], ["2024", "CVE-2024-34488", "OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/faucetsdn/ryu/issues/191"], ["2024", "CVE-2024-0269", "ManageEngine ADAudit Plus versions\u00a07270\u00a0and below are vulnerable to the Authenticated SQL injection in\u00a0File-Summary DrillDown. This issue has been fixed and released in version 7271.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28716", "An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://bugs.launchpad.net/solum/+bug/2047505
https://drive.google.com/file/d/11x-6CjWCyap8_W1JpVzun56HQkPNLtWT/view?usp=drive_link"], ["2024", "CVE-2024-21064", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-24942", "In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30250", "Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid `integrity` attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believe that the injected resource is legit. This vulnerability is patched in version 1.3.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3140", "A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915.", "No PoCs found on GitHub currently.", "https://github.com/Sospiro014/zday1/blob/main/xss_1.md"], ["2024", "CVE-2024-4823", "Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20359", "A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.

This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.", "https://github.com/Garvard-Agency/CVE-2024-20359-CiscoASA-FTD-exploit
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/toxyl/lscve
https://github.com/west-wind/Threat-Hunting-With-Splunk", "No PoCs from references."], ["2024", "CVE-2024-4932", "A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264468.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26655", "In the Linux kernel, the following vulnerability has been resolved:Fix memory leak in posix_clock_open()If the clk ops.open() function returns an error, we don't release thepccontext we allocated for this clock.Re-organize the code slightly to make it all more obvious.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23130", "A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21035", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-0238", "The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/774655ac-b201-4d9f-8790-9eff8564bc91/"], ["2024", "CVE-2024-26484", "** DISPUTED ** A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26715", "In the Linux kernel, the following vulnerability has been resolved:usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspendIn current scenario if Plug-out and Plug-In performed continuouslythere could be a chance while checking for dwc->gadget_driver indwc3_gadget_suspend, a NULL pointer dereference may occur.Call Stack:\tCPU1: CPU2:\tgadget_unbind_driver dwc3_suspend_common\tdwc3_gadget_stop dwc3_gadget_suspend dwc3_disconnect_gadgetCPU1 basically clears the variable and CPU2 checks the variable.Consider CPU1 is running and right before gadget_driver is clearedand in parallel CPU2 executes dwc3_gadget_suspend where it findsdwc->gadget_driver which is not NULL and resumes execution and thenCPU1 completes execution. CPU2 executes dwc3_disconnect_gadget whereit checks dwc->gadget_driver is already NULL because of which theNULL pointer deference occur.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1385", "The WP-Stateless \u2013 Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to the current time, which may completely take a site offline.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1014", "Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could interrupt the availability of the administration panel by sending multiple ICMP packets.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html"], ["2024", "CVE-2024-35845", "In the Linux kernel, the following vulnerability has been resolved:wifi: iwlwifi: dbg-tlv: ensure NUL terminationThe iwl_fw_ini_debug_info_tlv is used as a string, so we mustensure the string is terminated correctly before using it.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3333", "The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/JohnnyBradvo/CVE-2024-3333
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27958", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3273", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.", "https://github.com/Chocapikk/CVE-2024-3273
https://github.com/GhostTroops/TOP
https://github.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT
https://github.com/K3ysTr0K3R/K3ysTr0K3R
https://github.com/Ostorlab/KEV
https://github.com/ThatNotEasy/CVE-2024-3273
https://github.com/adhikara13/CVE-2024-3273
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mrrobot0o/CVE-2024-3273-
https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/toxyl/lscve
https://github.com/wangjiezhe/awesome-stars
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/yarienkiva/honeypot-dlink-CVE-2024-3273", "No PoCs from references."], ["2024", "CVE-2024-24572", "facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sqlvariable by appending a GET parameter search_sql in the URL. The information above means that the checks and SQL injection prevention attempts were rendered unusable.", "No PoCs found on GitHub currently.", "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-xw34-8pj6-75gc"], ["2024", "CVE-2024-28565", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-21097", "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21306", "Microsoft Bluetooth Driver Spoofing Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/PhucHauDeveloper/BadbBlue
https://github.com/d4rks1d33/C-PoC-for-CVE-2024-21306
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/marcnewlin/hi_my_name_is_keyboard
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/shirin-ehtiram/hi_my_name_is_keyboard", "No PoCs from references."], ["2024", "CVE-2024-29489", "Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/gandalf4a/crash_report", "No PoCs from references."], ["2024", "CVE-2024-26566", "An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1267", "A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24927", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30235", "Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin \u2013 MPG.This issue affects Multiple Page Generator Plugin \u2013 MPG: from n/a through 3.4.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22328", "IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950.", "https://github.com/RansomGroupCVE/CVE-2024-22328-POC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-3125", "A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/strik3r0x1/Vulns/blob/main/ZTC_GK420d-SXSS.md"], ["2024", "CVE-2024-26721", "In the Linux kernel, the following vulnerability has been resolved:drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg addressCommit bd077259d0a9 (\"drm/i915/vdsc: Add function to read any PPSregister\") defines a new macro to calculate the DSC PPS registeraddresses with PPS number as an input. This macro correctly calculatesthe addresses till PPS 11 since the addresses increment by 4. So in thatcase the following macro works correctly to give correct registeraddress:_MMIO(_DSCA_PPS_0 + (pps) * 4)However after PPS 11, the register address for PPS 12 increments by 12because of RC Buffer memory allocation in between. Because of thisdiscontinuity in the address space, the macro calculates wrong addressesfor PPS 12 - 16 resulting into incorrect DSC PPS parameter valueread/writes causing DSC corruption.This fixes it by correcting this macro to add the offset of 12 for PPS>=12.v3: Add correct paranthesis for pps argument (Jani Nikula)(cherry picked from commit 6074be620c31dc2ae11af96a1a5ea95580976fb5)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1020", "A vulnerability classified as problematic was found in Rebuild up to 3.5.5. Affected by this vulnerability is the function getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252289 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://www.yuque.com/mailemonyeyongjuan/tha8tr/gdd3hiwz8uo6ylab"], ["2024", "CVE-2024-2309", "The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/a4152818-1e07-46a7-aec4-70f1a1b579a6/"], ["2024", "CVE-2024-24867", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23295", "A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21001", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21390", "Microsoft Authenticator Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4594", "A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/25.md"], ["2024", "CVE-2024-2189", "The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/b8661fbe-78b9-4d29-90bf-5b68af468eb6/"], ["2024", "CVE-2024-25519", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_work_printaspx"], ["2024", "CVE-2024-28662", "A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30264", "Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges of the user. Version 2.24.0 contains a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73"], ["2024", "CVE-2024-21110", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4817", "A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263938 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/IDOR_manage_user.md"], ["2024", "CVE-2024-1071", "The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/Matrexdz/CVE-2024-1071
https://github.com/Matrexdz/CVE-2024-1071-Docker
https://github.com/Trackflaw/CVE-2024-1071-Docker
https://github.com/gbrsh/CVE-2024-1071
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-31299", "Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22239", "Aria Operations for Networks contains a local privilege escalation vulnerability.\u00a0A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3034", "The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the context in which the plugin should allow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26630", "In the Linux kernel, the following vulnerability has been resolved:mm: cachestat: fix folio read-after-free in cache walkIn cachestat, we access the folio from the page cache's xarray to computeits page offset, and check for its dirty and writeback flags. However, wedo not hold a reference to the folio before performing these actions,which means the folio can concurrently be released and reused as anotherfolio/page/slab.Get around this altogether by just using xarray's existing machinery forthe folio page offsets and dirty/writeback states.This changes behavior for tmpfs files to now always report zeroes in theirdirty and writeback counters. This is okay as tmpfs doesn't followconventional writeback cache behavior: its pages get \"cleaned\" duringswapout, after which they're no longer resident etc.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24836", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21050", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4654", "A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hefei-Coffee/cve/blob/main/sql2.md"], ["2024", "CVE-2024-25978", "Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3216", "The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible for unauthenticated attackers to reset all of the plugin's settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1313", "It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized.Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability.This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32392", "Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component.", "No PoCs found on GitHub currently.", "https://github.com/Hebing123/cve/issues/33"], ["2024", "CVE-2024-32003", "wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is `[[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]]` - where `[[URL]]` is the base URL of the site, `[[USER ID]]` is the ID of the user account and `[[MANAGER]]` is the authentication manager (either `backend` for Backend, or `user` for the User plugin). If a configuration of a site using the Dusk plugin is set up in such a way that the Dusk plugin is available publicly and the test cases in Dusk are run with live data, this route may potentially be used to gain access to any user account in either the Backend or User plugin without authentication. As indicated in the `README`, this plugin should only be used in development and should *NOT* be used in a production instance. It is specifically recommended that the plugin be installed as a development dependency only in Composer. In order to remediate this issue, the special routes used above will now no longer be registered unless the `APP_ENV` environment variable is specifically set to `dusk`. Since Winter by default does not use this environment variable and it is not populated by default, it will only exist if Dusk's automatic configuration is used (which won't exhibit this vulnerability) or if a developer manually specifies it in their configuration. The automatic configuration performed by the Dusk plugin has also been hardened by default to use sane defaults and not allow external environment variables to leak into this configuration. This will only affect users in which the Winter CMS installation meets ALL the following criteria: 1. The Dusk plugin is installed in the Winter CMS instance. 2. The application is in production mode (ie. the `debug` config value is set to `true` in `config/app.php`). 3. The Dusk plugin's automatic configuration has been overridden, either by providing a custom `.env.dusk` file or by providing custom configuration in the `config/dusk` folder, or by providing configuration environment variables externally. 4. The environment has been configured to use production data in the database for testing, and not the temporary SQLite database that Dusk uses by default. 5. The application is connectable via the web. This issue has been fixed in version 2.1.0. Users are advised to upgrade.", "https://github.com/JohnNetSouldRU/CVE-2024-32003-POC", "No PoCs from references."], ["2024", "CVE-2024-4536", "In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault.In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specific data address properties are resolved by the provider data plane. Problematically, the consumer-provided clientSecretKey, which indicates the OAuth2 client secret to retrieve from a secrets vault, is resolved in the context of the provider's vault, not the consumer. This secret's value is then sent to the tokenUrl, also consumer-controlled, as part of an OAuth2 client credentials grant. The returned access token is then sent as a bearer token to the data sink URL.This feature is now disabled entirely, because not all code paths necessary for a successful realization were fully implemented.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/198"], ["2024", "CVE-2024-1253", "A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/tanjiti/sec_profile", "https://github.com/b51s77/cve/blob/main/upload.md"], ["2024", "CVE-2024-3247", "In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.", "No PoCs found on GitHub currently.", "https://forum.xpdfreader.com/viewtopic.php?t=43597"], ["2024", "CVE-2024-1342", "A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28551", "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/form_fast_setting_wifi_set.md"], ["2024", "CVE-2024-32283", "Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formexecommand_cmdi.md"], ["2024", "CVE-2024-30386", "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).In an EVPN-VXLAN scenario,\u00a0when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.This issue affects:Junos OS:\u00a0 * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2;Junos OS Evolved:\u00a0 * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO,\u00a0 * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26991", "In the Linux kernel, the following vulnerability has been resolved:KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributesFix KVM_SET_MEMORY_ATTRIBUTES to not overflow lpage_info array and triggerKASAN splat, as seen in the private_mem_conversions_test selftest.When memory attributes are set on a GFN range, that range will havespecific properties applied to the TDP. A huge page cannot be used whenthe attributes are inconsistent, so they are disabled for those thespecific huge pages. For internal KVM reasons, huge pages are also notallowed to span adjacent memslots regardless of whether the backing memorycould be mapped as huge.What GFNs support which huge page sizes is tracked by an array of arrays'lpage_info' on the memslot, of \u2018kvm_lpage_info\u2019 structs. Each index oflpage_info contains a vmalloc allocated array of these for a specificsupported page size. The kvm_lpage_info denotes whether a specific hugepage (GFN and page size) on the memslot is supported. These arrays includeindices for unaligned head and tail huge pages.Preventing huge pages from spanning adjacent memslot is covered byincrementing the count in head and tail kvm_lpage_info when the memslot isallocated, but disallowing huge pages for memory that has mixed attributeshas to be done in a more complicated way. During theKVM_SET_MEMORY_ATTRIBUTES ioctl KVM updates lpage_info for each memslot inthe range that has mismatched attributes. KVM does this a memslot at atime, and marks a special bit, KVM_LPAGE_MIXED_FLAG, in the kvm_lpage_infofor any huge page. This bit is essentially a permanently elevated count.So huge pages will not be mapped for the GFN at that page size if thecount is elevated in either case: a huge head or tail page unaligned tothe memslot or if KVM_LPAGE_MIXED_FLAG is set because it has mixedattributes.To determine whether a huge page has consistent attributes, theKVM_SET_MEMORY_ATTRIBUTES operation checks an xarray to make sure itconsistently has the incoming attribute. Since level - 1 huge pages arealigned to level huge pages, it employs an optimization. As long as thelevel - 1 huge pages are checked first, it can just check these and assumethat if each level - 1 huge page contained within the level sized hugepage is not mixed, then the level size huge page is not mixed. Thisoptimization happens in the helper hugepage_has_attrs().Unfortunately, although the kvm_lpage_info array representing page size'level' will contain an entry for an unaligned tail page of size level,the array for level - 1 will not contain an entry for each GFN at pagesize level. The level - 1 array will only contain an index for anyunaligned region covered by level - 1 huge page size, which can be asmaller region. So this causes the optimization to overflow the level - 1kvm_lpage_info and perform a vmalloc out of bounds read.In some cases of head and tail pages where an overflow could happen,callers skip the operation completely as KVM_LPAGE_MIXED_FLAG is notrequired to prevent huge pages as discussed earlier. But for memslots thatare smaller than the 1GB page size, it does call hugepage_has_attrs(). Inthis case the huge page is both the head and tail page. The issue can beobserved simply by compiling the kernel with CONFIG_KASAN_VMALLOC andrunning the selftest \u201cprivate_mem_conversions_test\u201d, which produces theoutput like the following:BUG: KASAN: vmalloc-out-of-bounds in hugepage_has_attrs+0x7e/0x110Read of size 4 at addr ffffc900000a3008 by task private_mem_con/169Call Trace: dump_stack_lvl print_report ? __virt_addr_valid ? hugepage_has_attrs ? hugepage_has_attrs kasan_report ? hugepage_has_attrs hugepage_has_attrs kvm_arch_post_set_memory_attributes kvm_vm_ioctlIt is a little ambiguous whether the unaligned head page (in the bug casealso the tail page) should be expected to have KVM_LPAGE_MIXED_FLAG set.It is not functionally required, as the unal---truncated---", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25869", "An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-Unrestricted_Fileupload.md"], ["2024", "CVE-2024-26503", "Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.", "https://github.com/RoboGR00t/Exploit-CVE-2024-26503
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-3096", "In PHP\u00a0 version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if\u00a0a password stored with password_hash() starts with a null byte (\\x00), testing a blank string as the password via password_verify() will incorrectly return true.", "https://github.com/Symbolexe/SHIFU
https://github.com/fkie-cad/nvd-json-data-feeds", "http://www.openwall.com/lists/oss-security/2024/04/12/11
https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr"], ["2024", "CVE-2024-28883", "An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1193", "A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.252683"], ["2024", "CVE-2024-24786", "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", "https://github.com/DanielePeruzzi97/rancher-k3s-docker
https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21372", "Windows OLE Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30397", "An Improper Check for Unusual or Exceptional Conditions vulnerability in the the\u00a0Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail.This CPU utilization of pkid can be checked using this command: \u00a0 root@srx> show system processes extensive | match pkid\u00a0 xxxxx \u2003root \u2003103\u2003 0 \u2003846M \u2003136M \u2003CPU1 \u20031\u00a0569:00 100.00% pkidThis issue affects:Juniper Networks Junos OS * All\u00a0versions prior to 20.4R3-S10; * 21.2 versions prior to 21.2R3-S7; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to\u00a022.2R3-S3; * 22.3 versions prior to\u00a022.3R3-S1; * 22.4 versions prior to\u00a022.4R3; * 23.2 versions prior to\u00a023.2R1-S2, 23.2R2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23277", "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24885", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in L\u00ea V\u0103n To\u1ea3n Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32292", "Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/formexecommand_cmdi.md"], ["2024", "CVE-2024-24557", "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.", "https://github.com/DanielePeruzzi97/rancher-k3s-docker", "No PoCs from references."], ["2024", "CVE-2024-25938", "A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1958"], ["2024", "CVE-2024-4527", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28680", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/11.md"], ["2024", "CVE-2024-1302", "Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/guillermogm4/CVE-2024-1302---Badgermeter-moni-tool-Sensitive-information-exposure
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1093", "The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24506", "Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.", "No PoCs found on GitHub currently.", "https://bugs.limesurvey.org/bug_relationship_graph.php?bug_id=19364&graph=relation
https://www.exploit-db.com/exploits/51926"], ["2024", "CVE-2024-24697", "Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26792", "In the Linux kernel, the following vulnerability has been resolved:btrfs: fix double free of anonymous device after snapshot creation failureWhen creating a snapshot we may do a double free of an anonymous devicein case there's an error committing the transaction. The second free mayresult in freeing an anonymous device number that was allocated by someother subsystem in the kernel or another btrfs filesystem.The steps that lead to this:1) At ioctl.c:create_snapshot() we allocate an anonymous device number and assign it to pending_snapshot->anon_dev;2) Then we call btrfs_commit_transaction() and end up at transaction.c:create_pending_snapshot();3) There we call btrfs_get_new_fs_root() and pass it the anonymous device number stored in pending_snapshot->anon_dev;4) btrfs_get_new_fs_root() frees that anonymous device number because btrfs_lookup_fs_root() returned a root - someone else did a lookup of the new root already, which could some task doing backref walking;5) After that some error happens in the transaction commit path, and at ioctl.c:create_snapshot() we jump to the 'fail' label, and after that we free again the same anonymous device number, which in the meanwhile may have been reallocated somewhere else, because pending_snapshot->anon_dev still has the same value as in step 1.Recently syzbot ran into this and reported the following trace: ------------[ cut here ]------------ ida_free called for id=51 which is not allocated. WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525 Modules linked in: CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525 Code: 10 42 80 3c 28 (...) RSP: 0018:ffffc90015a67300 EFLAGS: 00010246 RAX: be5130472f5dd000 RBX: 0000000000000033 RCX: 0000000000040000 RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4 R10: dffffc0000000000 R11: fffff52002b4cdb5 R12: 0000000000000246 R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246 FS: 00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0 Call Trace: btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346 create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837 create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931 btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404 create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848 btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998 btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044 __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306 btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393 btrfs_ioctl+0xa74/0xd40 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7fca3e67dda9 Code: 28 00 00 00 (...) RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fca3e7abf80 RCX: 00007fca3e67dda9 RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658 Where we get an explicit message where we attempt to free an anonymousdevice number that is not currently allocated. It happens in a differentcode path from the example below, at btrfs_get_root_ref(), so this changemay not fix the case triggered by sy---truncated---", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3207", "A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-259054 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?submit.304572"], ["2024", "CVE-2024-26922", "In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: validate the parameters of bo mapping operations more clearlyVerify the parameters ofamdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21041", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4645", "A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss4.md"], ["2024", "CVE-2024-24827", "Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should reduce `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` as smaller uploads require less resources to process. Alternatively, `client_max_body_size` can be reduced in Nginx to prevent large uploads from reaching the server.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25448", "An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/derf/feh/issues/711"], ["2024", "CVE-2024-22228", "Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24724", "Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/177857"], ["2024", "CVE-2024-1060", "Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4806", "A vulnerability classified as critical was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file each_extracurricula_activities.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263926 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22368", "The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://www.openwall.com/lists/oss-security/2024/01/10/2
https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes
https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html"], ["2024", "CVE-2024-25508", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#bulletin_template_showaspx"], ["2024", "CVE-2024-21101", "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).", "https://github.com/vulsio/go-cve-dictionary", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4494", "A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this vulnerability is the function formSetUplinkInfo of the file /goform/setUplinkInfo. The manipulation of the argument pingHostIp2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263083. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formSetUplinkInfo.md"], ["2024", "CVE-2024-28673", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/4.md"], ["2024", "CVE-2024-32370", "An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.", "https://github.com/chucrutis/CVE-2024-32370
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-25419", "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.", "https://github.com/tanjiti/sec_profile", "https://github.com/Carl0724/cms/blob/main/1.md"], ["2024", "CVE-2024-2318", "A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841a"], ["2024", "CVE-2024-21010", "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21381", "Microsoft Azure Active Directory B2C Spoofing Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4585", "A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/16.md"], ["2024", "CVE-2024-23284", "A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28861", "Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-pv9j-c53q-h433"], ["2024", "CVE-2024-31008", "An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.", "No PoCs found on GitHub currently.", "https://github.com/majic-banana/vulnerability/blob/main/POC/WUZHICMS4.1.0-Captcha%20bypass%20(logic%20vulnerability).md"], ["2024", "CVE-2024-22339", "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30224", "Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24936", "In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23055", "An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.", "No PoCs found on GitHub currently.", "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055"], ["2024", "CVE-2024-25559", "URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2258", "The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32026", "Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss"], ["2024", "CVE-2024-26577", "VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data.", "No PoCs found on GitHub currently.", "https://github.com/guusec/VSeeDoS"], ["2024", "CVE-2024-4513", "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21086", "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-32166", "Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).", "No PoCs found on GitHub currently.", "https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md"], ["2024", "CVE-2024-4793", "A vulnerability, which was classified as critical, was found in Campcodes Online Laundry Management System 1.0. Affected is an unknown function of the file /manage_laundry.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263892.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/sql_manage_laundry.md"], ["2024", "CVE-2024-28574", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-1367", "A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24563", "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist.There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check.", "No PoCs found on GitHub currently.", "https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2"], ["2024", "CVE-2024-26466", "A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1227", "An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27949", "Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Optimizer, Resizer and CDN \u2013 Sirv.This issue affects Image Optimizer, Resizer and CDN \u2013 Sirv: from n/a through 7.2.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4542", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-3548. Reason: This candidate was issued in error. Please use CVE-2024-3548 instead.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://research.cleantalk.org/cve-2024-3548/
https://wpscan.com/vulnerability/9eef8b29-2c62-4daa-ae90-467ff9be18d8/"], ["2024", "CVE-2024-23243", "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.", "https://github.com/iCMDdev/iCMDdev", "No PoCs from references."], ["2024", "CVE-2024-35854", "In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehashThe rehash delayed work migrates filters from one region to anotheraccording to the number of available credits.The migrated from region is destroyed at the end of the work if thenumber of credits is non-negative as the assumption is that this isindicative of migration being complete. This assumption is incorrect asa non-negative number of credits can also be the result of a failedmigration.The destruction of a region that still has filters referencing it canresult in a use-after-free [1].Fix by not destroying the region if migration failed.[1]BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230Read of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858CPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G W 6.9.0-rc2-custom-00782-gf2275c2157d8 #5Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_workCall Trace: dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230 mlxsw_sp_acl_ctcam_entry_del+0x2e/0x70 mlxsw_sp_acl_atcam_entry_del+0x81/0x210 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Allocated by task 174: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc+0x19c/0x360 mlxsw_sp_acl_tcam_region_create+0xdf/0x9c0 mlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30Freed by task 7: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x14/0x30 kfree+0xc1/0x290 mlxsw_sp_acl_tcam_region_destroy+0x272/0x310 mlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28434", "The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434"], ["2024", "CVE-2024-24590", "Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI\u2019s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user\u2019s system when interacted with.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1394", "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them.", "https://github.com/NaInSec/CVE-LIST
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1005", "A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3291", "When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26495", "Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.", "No PoCs found on GitHub currently.", "https://github.com/friendica/friendica/issues/13884"], ["2024", "CVE-2024-30210", "IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4760", "A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71 microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23061", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md"], ["2024", "CVE-2024-21024", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-28756", "The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.", "https://github.com/NaInSec/CVE-LIST", "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt"], ["2024", "CVE-2024-23121", "A maliciously crafted MODEL file in libodxdll.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0229", "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33139", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24741", "SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1145", "User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-28855", "ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15. An attacker could create a malicious link, where he injected code which would be rendered as part of the login screen. While it was possible to inject HTML including JavaScript, the execution of such scripts would be prevented by the Content Security Policy. Versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15 contain a patch for this issue. No known workarounds are available.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4923", "A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264460.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26644", "In the Linux kernel, the following vulnerability has been resolved:btrfs: don't abort filesystem when attempting to snapshot deleted subvolumeIf the source file descriptor to the snapshot ioctl refers to a deletedsubvolume, we get the following abort: BTRFS: Transaction aborted (error -2) WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs] Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs] RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027 RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840 RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998 R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80 FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0 Call Trace: ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? __warn+0x81/0x130 ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? report_bug+0x171/0x1a0 ? handle_bug+0x3a/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? create_pending_snapshot+0x1040/0x1190 [btrfs] create_pending_snapshots+0x92/0xc0 [btrfs] btrfs_commit_transaction+0x66b/0xf40 [btrfs] btrfs_mksubvol+0x301/0x4d0 [btrfs] btrfs_mksnapshot+0x80/0xb0 [btrfs] __btrfs_ioctl_snap_create+0x1c2/0x1d0 [btrfs] btrfs_ioctl_snap_create_v2+0xc4/0x150 [btrfs] btrfs_ioctl+0x8a6/0x2650 [btrfs] ? kmem_cache_free+0x22/0x340 ? do_sys_openat2+0x97/0xe0 __x64_sys_ioctl+0x97/0xd0 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7fe20abe83af RSP: 002b:00007ffe6eff1360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe20abe83af RDX: 00007ffe6eff23c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fe20ad16cd0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe6eff13c0 R14: 00007fe20ad45000 R15: 0000559a120b6d58 ---[ end trace 0000000000000000 ]--- BTRFS: error (device vdc: state A) in create_pending_snapshot:1875: errno=-2 No such entry BTRFS info (device vdc: state EA): forced readonly BTRFS warning (device vdc: state EA): Skipping commit of aborted transaction. BTRFS: error (device vdc: state EA) in cleanup_transaction:2055: errno=-2 No such entryThis happens because create_pending_snapshot() initializes the new rootitem as a copy of the source root item. This includes the refs field,which is 0 for a deleted subvolume. The call to btrfs_insert_root()therefore inserts a root with refs == 0. btrfs_get_new_fs_root() thenfinds the root and returns -ENOENT if refs == 0, which causescreate_pending_snapshot() to abort.Fix it by checking the source root's refs before attempting thesnapshot, but after locking subvol_sem to avoid racing with deletion.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30241", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32344", "A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.", "https://github.com/adiapera/xss_language_cmsimple_5.15", "https://github.com/adiapera/xss_language_cmsimple_5.15/blob/main/README.md"], ["2024", "CVE-2024-0338", "A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27439", "An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket.This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series.Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected.Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0278", "A vulnerability, which was classified as critical, has been found in Kashipara Food Management System up to 1.0. This issue affects some unknown processing of the file partylist_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249833 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.249833"], ["2024", "CVE-2024-21075", "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4671", "Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "https://github.com/apiverve/news-API
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-23170", "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24813", "Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1285", "The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1114", "A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3011", "A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258297 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formQuickIndex.md"], ["2024", "CVE-2024-26584", "In the Linux kernel, the following vulnerability has been resolved:net: tls: handle backlogging of crypto requestsSince we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on ourrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, whenthe cryptd queue for AESNI is full (easy to trigger with anartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueuedto the backlog but still processed. In that case, the async callbackwill also be called twice: first with err == -EINPROGRESS, which itseems we can just ignore, then with err == 0.Compared to Sabrina's original patch this version uses the newtls_*crypt_async_wait() helpers and converts the EBUSY toEINPROGRESS to avoid having to modify all the error handlingpaths. The handling is identical.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22412", "ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn't have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r"], ["2024", "CVE-2024-33766", "lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg"], ["2024", "CVE-2024-20686", "Win32k Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2573", "A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file /task-info.php. The manipulation leads to execution after redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257076.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-info.php.md"], ["2024", "CVE-2024-20985", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1819", "A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254607.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28109", "veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27237", "In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21838", "Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29234", "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-28158", "A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1848", "Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2522", "A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/booktime.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20booktime.php.md
https://vuldb.com/?id.256959"], ["2024", "CVE-2024-36052", "RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.", "No PoCs found on GitHub currently.", "https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983"], ["2024", "CVE-2024-25223", "Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Simple%20Admin%20Panel%20App/Simple%20Admin%20Panel%20App%20-%20SQL%20Injection.md"], ["2024", "CVE-2024-31871", "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0567", "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "https://github.com/GitHubForSnap/ssmtp-gael
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fokypoky/places-list
https://github.com/marklogic/marklogic-kubernetes", "No PoCs from references."], ["2024", "CVE-2024-28389", "SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-29374", "A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the \"GET /?lang=\" URL parameter.", "https://github.com/NaInSec/CVE-LIST", "https://gist.github.com/fir3storm/f9c7f3ec1a6496498517ed216d2640b2"], ["2024", "CVE-2024-0745", "The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1871838"], ["2024", "CVE-2024-32739", "A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\u00a0An unauthenticated remote attacker can leak sensitive information via the \"query_ptask_verbose\" function within MCUDBHelper.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2024-14"], ["2024", "CVE-2024-26328", "An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29156", "In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://launchpad.net/bugs/2048114"], ["2024", "CVE-2024-2943", "A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/deleteExamExe.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258034 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33515", "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29387", "projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.", "No PoCs found on GitHub currently.", "https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/"], ["2024", "CVE-2024-2803", "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20764", "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26268", "User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1569", "parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.", "https://github.com/timothee-chauvin/eyeballvul", "No PoCs from references."], ["2024", "CVE-2024-32679", "Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21408", "Windows Hyper-V Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27295", "Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20867", "Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27104", "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2700", "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25390", "A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-20976", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27015", "In the Linux kernel, the following vulnerability has been resolved:netfilter: flowtable: incorrect pppoe tuplepppoe traffic reaching ingress path does not match the flowtable entrybecause the pppoe header is expected to be at the network header offset.This bug causes a mismatch in the flow table lookup, so pppoe packetsenter the classical forwarding path.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2580", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2611", "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0485", "A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25110", "The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.", "https://github.com/0xdea/advisories", "No PoCs from references."], ["2024", "CVE-2024-29296", "A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.", "https://github.com/Lavender-exe/CVE-2024-29296-PoC
https://github.com/ThaySolis/CVE-2024-29296
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ThaySolis/CVE-2024-29296"], ["2024", "CVE-2024-29107", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.12.10.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0817", "Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3"], ["2024", "CVE-2024-20675", "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1478", "The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35108", "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/FirstLIF/cms/blob/main/1.md"], ["2024", "CVE-2024-1538", "The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-35048", "An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password.", "No PoCs found on GitHub currently.", "https://github.com/javahuang/SurveyKing/issues/56"], ["2024", "CVE-2024-0957", "The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2852", "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md"], ["2024", "CVE-2024-20836", "Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0654", "A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25050", "IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3839", "Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31845", "An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication.", "No PoCs found on GitHub currently.", "https://www.gruppotim.it/it/footer/red-team.html"], ["2024", "CVE-2024-0553", "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "https://github.com/GitHubForSnap/ssmtp-gael
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fokypoky/places-list", "No PoCs from references."], ["2024", "CVE-2024-33643", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23818", "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://osgeo-org.atlassian.net/browse/GEOS-11153"], ["2024", "CVE-2024-29200", "Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/kimai/kimai/security/advisories/GHSA-cj3c-5xpm-cx94"], ["2024", "CVE-2024-29191", "gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://securitylab.github.com/advisories/GHSL-2023-205_GHSL-2023-207_go2rtc/"], ["2024", "CVE-2024-0881", "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/"], ["2024", "CVE-2024-2984", "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.md"], ["2024", "CVE-2024-2516", "A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file home.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20home.php.md"], ["2024", "CVE-2024-2687", "A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27083", "Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25217", "Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Online%20Medicine%20Ordering%20System/OMOS%20-%20SQL%20Injection(Unauthenticated).md"], ["2024", "CVE-2024-0413", "A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0782", "A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing
https://vuldb.com/?id.251698"], ["2024", "CVE-2024-3979", "A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261596.", "No PoCs found on GitHub currently.", "https://github.com/COVESA/vsomeip/files/14904610/details.zip
https://github.com/COVESA/vsomeip/issues/663"], ["2024", "CVE-2024-27192", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.This issue affects Configure SMTP: from n/a through 3.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33911", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/xbz0n/CVE-2024-33911", "No PoCs from references."], ["2024", "CVE-2024-25306", "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at \"School/index.php\".", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-1.md"], ["2024", "CVE-2024-25097", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0693", "A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251479. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://0day.today/exploit/description/39218
https://packetstormsecurity.com/files/176377/Easy-File-Sharing-FTP-Server-2.0-Denial-Of-Service.html
https://www.youtube.com/watch?v=Rcl6VWg_bPY"], ["2024", "CVE-2024-3868", "The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33612", "An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33752", "An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/wy876/POC", "No PoCs from references."], ["2024", "CVE-2024-3928", "A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261367.", "No PoCs found on GitHub currently.", "https://github.com/ggfzx/OCP-Security-Misconfiguration/tree/main"], ["2024", "CVE-2024-2547", "A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/R7WebsSecurityHandler.md"], ["2024", "CVE-2024-0963", "The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2866", "** REJECT ** Accidental reservation. Please use CVE-2024-2509.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://research.cleantalk.org/cve-2024-2509/
https://wpscan.com/vulnerability/dec4a632-e04b-4fdd-86e4-48304b892a4f/"], ["2024", "CVE-2024-24099", "Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update.", "https://github.com/ASR511-OO7/CVE-2024-24099
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-24308", "SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30719", "** DISPUTED ** An insecure deserialization vulnerability has been identified in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30719", "No PoCs from references."], ["2024", "CVE-2024-0660", "The Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25064", "Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34310", "Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.", "https://github.com/3309899621/CVE-2024-34310
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-27021", "In the Linux kernel, the following vulnerability has been resolved:r8169: fix LED-related deadlock on module removalBinding devm_led_classdev_register() to the netdev is problematicbecause on module removal we get a RTNL-related deadlock. Fix thisby avoiding the device-managed LED functions.Note: We can safely call led_classdev_unregister() for a LED evenif registering it failed, because led_classdev_unregister() detectsthis and is a no-op in this case.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2625", "Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/sploitem/v8-writeups", "No PoCs from references."], ["2024", "CVE-2024-0720", "A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link
https://github.com/beraoudabdelkhalek/research/tree/main/CVEs/CVE-2024-0720"], ["2024", "CVE-2024-34250", "A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the \"wasm_loader_check_br\" function in core/iwasm/interpreter/wasm_loader.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/bytecodealliance/wasm-micro-runtime/issues/3346"], ["2024", "CVE-2024-25124", "Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard (`*`) while also having the Access-Control-Allow-Credentials set to true, which goes against recommended security best practices. The impact of this misconfiguration is high as it can lead to unauthorized access to sensitive user data and expose the system to various types of attacks listed in the PortSwigger article linked in the references. Version 2.52.1 contains a patch for this issue. As a workaround, users may manually validate the CORS configurations in their implementation to ensure that they do not allow a wildcard origin when credentials are enabled. The browser fetch api, as well as browsers and utilities that enforce CORS policies, are not affected by this.", "No PoCs found on GitHub currently.", "http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
https://github.com/gofiber/fiber/security/advisories/GHSA-fmg4-x8pw-hjhg"], ["2024", "CVE-2024-30659", "** DISPUTED ** Shell Injection vulnerability in ROS (Robot Operating System) Melodic Morenia versions ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/yashpatelphd/CVE-2024-30659", "No PoCs from references."], ["2024", "CVE-2024-33430", "An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.", "No PoCs found on GitHub currently.", "https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/poc/I2ZFI3~5
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/segmentFault-1.assets/image-20240420011601263.png
https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/segmentFault-1.md
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/segmentFault-1
https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/segmentFault-1/poc
https://github.com/stsaz/phiola/issues/28"], ["2024", "CVE-2024-29133", "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.Users are recommended to upgrade to version 2.10.1, which fixes the issue.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0932", "A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/setSmartPowerManagement.md"], ["2024", "CVE-2024-2837", "The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/91058c48-f262-4fcc-9390-472d59d61115/"], ["2024", "CVE-2024-20750", "Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/vulsio/go-cve-dictionary", "No PoCs from references."], ["2024", "CVE-2024-27130", "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.We have already fixed the vulnerability in the following version:QTS 5.1.7.2770 build 20240520 and laterQuTS hero h5.1.7.2770 build 20240520 and later", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/watchtowrlabs/CVE-2024-27130
https://github.com/wy876/POC", "No PoCs from references."], ["2024", "CVE-2024-20853", "Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22956", "swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/matthiaskramm/swftools/issues/208"], ["2024", "CVE-2024-34341", "Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4238", "A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetDeviceName_devName.md"], ["2024", "CVE-2024-23479", "SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30599", "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/addWifiMacFilter_deviceMac.md"], ["2024", "CVE-2024-2674", "A vulnerability classified as critical was found in Campcodes Online Job Finder System 1.0. This vulnerability affects unknown code of the file /admin/employee/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257374 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34201", "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/getSaveConfig"], ["2024", "CVE-2024-25175", "An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/jet-pentest/CVE-2024-25175
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-22715", "Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.", "No PoCs found on GitHub currently.", "https://github.com/RumblingIsOccupied/cms/blob/main/1.md"], ["2024", "CVE-2024-3689", "A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24188", "Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/pcmacdon/jsish/issues/100"], ["2024", "CVE-2024-25165", "A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.", "No PoCs found on GitHub currently.", "https://github.com/matthiaskramm/swftools/issues/217"], ["2024", "CVE-2024-30589", "Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_entrys.md"], ["2024", "CVE-2024-4368", "Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31574", "Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22494", "A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2827", "A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257717 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29032", "Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7m"], ["2024", "CVE-2024-0922", "A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md"], ["2024", "CVE-2024-3448", "Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34351", "Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.", "https://github.com/Voorivex/CVE-2024-34351
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2724", "SQL injection vulnerability in the CIGESv2 system, through\u00a0/ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20843", "Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22857", "Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. So a check was missing in zlog_rule_new() while copying the record_name from file_path + 1 which caused the buffer overflow. An attacker can exploit this vulnerability to overwrite the zlog_record_fn record_func function pointer to get arbitrary code execution or potentially cause remote code execution (RCE).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.ebryx.com/blogs/arbitrary-code-execution-in-zlog-cve-2024-22857"], ["2024", "CVE-2024-2635", "The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they do not offer product functionality", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0833", "In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29123", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24258", "freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20711", "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2876", "The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/c0d3zilla/CVE-2024-2876
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-0973", "The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/798de421-4814-46a9-a055-ebb95a7218ed/"], ["2024", "CVE-2024-29063", "Azure AI Search Information Disclosure Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22917", "SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.", "https://github.com/ASR511-OO7/CVE-2024-22917
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-34091", "An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0670", "Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://seclists.org/fulldisclosure/2024/Mar/29
https://checkmk.com/werk/16361"], ["2024", "CVE-2024-2775", "A vulnerability, which was classified as problematic, has been found in Campcodes Online Marriage Registration System 1.0. This issue affects some unknown processing of the file /user/user-profile.php. The manipulation of the argument lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257609 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23859", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29241", "Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-27353", "A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2557", "A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/vanitashtml/CVE-Dumps/blob/main/Execute%20After%20Redirect%20-%20Food%20Management%20System.md"], ["2024", "CVE-2024-3878", "A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260912. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromwebExcptypemanFilter.md"], ["2024", "CVE-2024-33901", "** DISPUTED ** Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.", "No PoCs found on GitHub currently.", "https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838"], ["2024", "CVE-2024-25316", "Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-4.md"], ["2024", "CVE-2024-31804", "An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.exploit-db.com/exploits/51977"], ["2024", "CVE-2024-27213", "In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remote Code Execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2885", "Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33602", "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.", "https://github.com/GrigGM/05-virt-04-docker-hw", "No PoCs from references."], ["2024", "CVE-2024-29090", "Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.vicarius.io/vsociety/posts/chaos-in-the-ai-zoo-exploiting-cve-2024-29090-authenticated-ssrf-in-ai-engine-plugin-by-jordy-meow"], ["2024", "CVE-2024-29301", "SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html"], ["2024", "CVE-2024-0980", "The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-31616", "An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file.", "No PoCs found on GitHub currently.", "https://gist.github.com/Swind1er/0c50e72428059fb72a4fd4d31c43f883"], ["2024", "CVE-2024-0891", "A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043.", "No PoCs found on GitHub currently.", "https://github.com/biantaibao/octopus_XSS/blob/main/report.md
https://vuldb.com/?id.252043"], ["2024", "CVE-2024-29210", "A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges.The issue stems from improper permission settings on the application's configuration file, which is stored in a common directory accessible to all users. This file includes critical parameters, such as the update server URL. By default, the application does not enforce adequate access controls on this file, allowing non-privileged users to modify it without administrative consent.An attacker with regular user access can alter the update server URL specified in the configuration file to point to a malicious server. When the application performs its next update check, it will contact the attacker-controlled server. If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges.Impact:This vulnerability can lead to a regular user executing code with administrative privileges. This can result in unauthorized access to sensitive data, installation of additional malware, and a full takeover of the affected system.Affected Products:Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11Second Chance Client versions 2.0.0-2.0.9PIQ Client versions 1.0.0-1.0.15Remediation:KnowBe4 has released a patch that corrects the permission settings on the configuration file to prevent unauthorized modifications. Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4.Workarounds:Manually set the correct permissions on the configuration file to restrict write access to administrators only.Credits:This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0403", "Recipes version 1.5.10 allows arbitrary HTTP requests to be madethrough the server. This is possible because the application isvulnerable to SSRF.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25196", "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25207", "Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Barangay%20Population%20Monitoring%20System/Barangay%20Population%20System%20-%20XSS-2.md"], ["2024", "CVE-2024-27093", "Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with policy (because the webhooks for the repo do not match any known repository in the database). When attempting to register a repo with a different repo ID, the registered provider must have admin on the named repo, or a 404 error will result. Similarly, if the stored provider token does not have repo access, then the remediations will not apply successfully. Lastly, it appears that reconciliation actions do not execute against repos with this type of mismatch. This appears to primarily be a potential denial-of-service vulnerability. This vulnerability is patched in version 0.20240226.1425+ref.53868a8.", "No PoCs found on GitHub currently.", "https://github.com/stacklok/minder/security/advisories/GHSA-q6h8-4j2v-pjg4"], ["2024", "CVE-2024-27302", "go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the `isOriginAllowed` uses `strings.HasSuffix` to check the origin, which leads to bypass via a malicious domain. This vulnerability is capable of breaking CORS policy and thus allowing any page to make requests and/or retrieve data on behalf of other users. Version 1.4.4 fixes this issue.", "No PoCs found on GitHub currently.", "https://github.com/zeromicro/go-zero/security/advisories/GHSA-fgxv-gw55-r5fq"], ["2024", "CVE-2024-2697", "The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/c430b30d-61db-45f5-8499-91b491503b9c/"], ["2024", "CVE-2024-0543", "A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.250713"], ["2024", "CVE-2024-5121", "A vulnerability was found in SourceCodester Event Registration System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /registrar/?page=registration. The manipulation of the argument e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265201 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Event%20Registration%20System/Event%20Registration%20System%20-%20Cross-Site-Scripting%20-%202.md"], ["2024", "CVE-2024-29057", "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1528", "CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32638", "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\u00a0vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0.Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22923", "SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/whiteman007/"], ["2024", "CVE-2024-2741", "Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20826", "Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25100", "Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25291", "Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.", "No PoCs found on GitHub currently.", "https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25291"], ["2024", "CVE-2024-2590", "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the\u00a0'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27005", "In the Linux kernel, the following vulnerability has been resolved:interconnect: Don't access req_list while it's being manipulatedThe icc_lock mutex was split into separate icc_lock and icc_bw_lockmutexes in [1] to avoid lockdep splats. However, this didn't adequatelyprotect access to icc_node::req_list.The icc_set_bw() function will eventually iterate over req_list whileonly holding icc_bw_lock, but req_list can be modified while onlyholding icc_lock. This causes races between icc_set_bw(), of_icc_get(),and icc_put().Example A: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); icc_put(path_b) mutex_lock(&icc_lock); aggregate_requests() hlist_for_each_entry(r, ... hlist_del(... Example B: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); path_b = of_icc_get() of_icc_get_by_index() mutex_lock(&icc_lock); path_find() path_init() aggregate_requests() hlist_for_each_entry(r, ... hlist_add_head(... Fix this by ensuring icc_bw_lock is always held before manipulatingicc_node::req_list. The additional places icc_bw_lock is held don'tperform any memory allocations, so we should still be safe from theoriginal lockdep splats that motivated the separate locks.[1] commit af42269c3523 (\"interconnect: Fix locking for runpm vs reclaim\")", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20966", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21509", "Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591084"], ["2024", "CVE-2024-1468", "The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26369", "An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/eProsima/Fast-DDS/issues/4365"], ["2024", "CVE-2024-31680", "File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php component.", "No PoCs found on GitHub currently.", "https://github.com/heidashuai5588/cve/blob/main/upload.md"], ["2024", "CVE-2024-2902", "A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWifiGusetBasic.md"], ["2024", "CVE-2024-29117", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-35009", "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Thirtypenny77/cms/blob/main/5.md"], ["2024", "CVE-2024-1579", "Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue affects GateManager: before 11.2.624071020.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2813", "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md"], ["2024", "CVE-2024-33694", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0584", "** REJECT ** Do not use this CVE as it is duplicate of CVE-2023-6932", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2710", "A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257461 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/setSchedWifi_start.md"], ["2024", "CVE-2024-27285", "YARD is a Ruby Documentation tool. The \"frames.html\" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the \"frames.erb\" template file. This vulnerability is fixed in 0.9.36.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml"], ["2024", "CVE-2024-21418", "Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34225", "Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.", "https://github.com/dovankha/CVE-2024-34225
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/dovankha/CVE-2024-34225"], ["2024", "CVE-2024-25151", "The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0755", "Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20937", "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0856", "The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.", "https://github.com/NaInSec/CVE-LIST", "https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/"], ["2024", "CVE-2024-33445", "An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component.", "No PoCs found on GitHub currently.", "https://gist.github.com/LioTree/04a4ece38df53af4027d52b2aeb7aff6
https://github.com/hisiphp/hisiphp/issues/11"], ["2024", "CVE-2024-1918", "A vulnerability has been found in Byzoro Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254839. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28008", "Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25373", "Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function.", "No PoCs found on GitHub currently.", "https://github.com/cvdyfbwa/IoT-Tenda-Router/blob/main/sub_49B384.md"], ["2024", "CVE-2024-31861", "Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.The attackers can use Shell interpreter as a code generation gateway, and execute the generated code as a normal way.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which doesn't have Shell interpreter by default.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-22513", "djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.", "https://github.com/NaInSec/CVE-LIST
https://github.com/dmdhrumilmistry/CVEs", "No PoCs from references."], ["2024", "CVE-2024-22453", "Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-34147", "Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2532", "A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256969 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-users.php.md"], ["2024", "CVE-2024-27227", "A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20696", "Windows libarchive Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/clearbluejar/CVE-2024-20696
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-22402", "Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29275", "SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/seacms-net/CMS/issues/15"], ["2024", "CVE-2024-32888", "The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. This issue is patched in driver version 2.1.0.28. As a workaround, do not use the connection property `preferQueryMode=simple`. (NOTE: Those who do not explicitly specify a query mode use the default of extended query mode and are not affected by this issue.)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28288", "Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.", "https://github.com/adminquit/CVE-2024-28288
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28119", "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58"], ["2024", "CVE-2024-0466", "A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25262", "texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912"], ["2024", "CVE-2024-20995", "Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2563", "A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-24803", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion \u2013 Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion \u2013 Companion plugin for WPoperation Themes: from n/a through 1.1.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21065", "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-27569", "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md"], ["2024", "CVE-2024-0268", "A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.249824"], ["2024", "CVE-2024-34489", "OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via length=0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/faucetsdn/ryu/issues/195"], ["2024", "CVE-2024-26605", "In the Linux kernel, the following vulnerability has been resolved:PCI/ASPM: Fix deadlock when enabling ASPMA last minute revert in 6.7-final introduced a potential deadlock whenenabling ASPM during probe of Qualcomm PCIe controllers as reported bylockdep: ============================================ WARNING: possible recursive locking detected 6.7.0 #40 Not tainted -------------------------------------------- kworker/u16:5/90 is trying to acquire lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc but task is already holding lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(pci_bus_sem); lock(pci_bus_sem); *** DEADLOCK *** Call trace: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]The deadlock can easily be reproduced on machines like the Lenovo ThinkPadX13s by adding a delay to increase the race window during asynchronousprobe where another thread can take a write lock.Add a new pci_set_power_state_locked() and associated helper functions thatcan be called with the PCI bus semaphore held to avoid taking the read locktwice.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26594", "In the Linux kernel, the following vulnerability has been resolved:ksmbd: validate mech token in session setupIf client send invalid mech token in session setup request, ksmbdvalidate and make the error if it is invalid.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3001", "A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258203.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Online%20Book%20System/Online%20Book%20System-%20SQL%20Injection%20-%203.md"], ["2024", "CVE-2024-1104", "An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4822", "Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3141", "A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916.", "No PoCs found on GitHub currently.", "https://github.com/strik3r0x1/Vulns/blob/main/Clavister_E80-RXSS.md"], ["2024", "CVE-2024-24943", "In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30251", "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0239", "The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/b9a4a3e3-7cdd-4354-8541-4219bd41c854/"], ["2024", "CVE-2024-23131", "A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28746", "Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.\u00a0Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21034", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-26654", "In the Linux kernel, the following vulnerability has been resolved:ALSA: sh: aica: reorder cleanup operations to avoid UAF bugsThe dreamcastcard->timer could schedule the spu_dma_work and thespu_dma_work could also arm the dreamcastcard->timer.When the snd_pcm_substream is closing, the aica_channel will bedeallocated. But it could still be dereferenced in the workerthread. The reason is that del_timer() will return directlyregardless of whether the timer handler is running or not andthe worker could be rescheduled in the timer handler. As a result,the UAF bug will happen. The racy situation is shown below: (Thread 1) | (Thread 2)snd_aicapcm_pcm_close() | ... | run_spu_dma() //worker | mod_timer() flush_work() | del_timer() | aica_period_elapsed() //timer kfree(dreamcastcard->channel) | schedule_work() | run_spu_dma() //worker ... | dreamcastcard->channel-> //USEIn order to mitigate this bug and other possible corner cases,call mod_timer() conditionally in run_spu_dma(), then implementPCM sync_stop op to cancel both the timer and worker. The sync_stopop will be called from PCM core appropriately when needed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4933", "A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264469 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1155", "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20358", "A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26714", "In the Linux kernel, the following vulnerability has been resolved:interconnect: qcom: sc8180x: Mark CO0 BCM keepaliveThe CO0 BCM needs to be up at all times, otherwise some hardware (likethe UFS controller) loses its connection to the rest of the SoC,resulting in a hang of the platform, accompanied by a spectacularlogspam.Mark it as keepalive to prevent such cases.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3281", "A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-003.txt"], ["2024", "CVE-2024-1015", "Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html"], ["2024", "CVE-2024-24912", "A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32305", "Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromWizardHandle.md"], ["2024", "CVE-2024-26817", "In the Linux kernel, the following vulnerability has been resolved:amdkfd: use calloc instead of kzalloc to avoid integer overflowThis uses calloc instead of doing the multiplication which mightoverflow.", "https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-30200", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29748", "there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/toxyl/lscve", "No PoCs from references."], ["2024", "CVE-2024-27959", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync \u2013 Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync \u2013 Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-35844", "In the Linux kernel, the following vulnerability has been resolved:f2fs: compress: fix reserve_cblocks counting error when out of spaceWhen a file only needs one direct_node, performing the followingoperations will cause the file to be unrepairable:unisoc # ./f2fs_io compress test.apkunisoc #df -h | grep dm-48/dev/block/dm-48 112G 112G 1.2M 100% /dataunisoc # ./f2fs_io release_cblocks test.apk924unisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 4.8M 100% /dataunisoc # dd if=/dev/random of=file4 bs=1M count=33145728 bytes (3.0 M) copied, 0.025 s, 120 M/sunisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 1.8M 100% /dataunisoc # ./f2fs_io reserve_cblocks test.apkF2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on deviceadb rebootunisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 11M 100% /dataunisoc # ./f2fs_io reserve_cblocks test.apk0This is because the file has only one direct_node. After returningto -ENOSPC, reserved_blocks += ret will not be executed. As a result,the reserved_blocks at this time is still 0, which is not the realnumber of reserved blocks. Therefore, fsck cannot be set to repairthe file.After this patch, the fsck flag will be set to fix this problem.unisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 1.8M 100% /dataunisoc # ./f2fs_io reserve_cblocks test.apkF2FS_IOC_RESERVE_COMPRESS_BLOCKS failed: No space left on deviceadb reboot then fsck will be executedunisoc # df -h | grep dm-48/dev/block/dm-48 112G 112G 11M 100% /dataunisoc # ./f2fs_io reserve_cblocks test.apk924", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28564", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-23313", "An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3272", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/toxyl/lscve
https://github.com/wjlin0/poc-doc
https://github.com/wy876/POC
https://github.com/wy876/wiki", "No PoCs from references."], ["2024", "CVE-2024-26476", "An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/mpdf/mpdf/issues/867"], ["2024", "CVE-2024-24573", "facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges.", "No PoCs found on GitHub currently.", "https://github.com/WillyXJ/facileManager/security/advisories/GHSA-w67q-pp62-j4pf"], ["2024", "CVE-2024-1377", "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018author_meta_tag\u2019 attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1266", "A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253009 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://drive.google.com/file/d/16a9lQqUFBICw-Hhbe9bT5sSB7qwZjMwA/view?usp=sharing"], ["2024", "CVE-2024-23193", "E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21307", "Remote Desktop Client Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21096", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-28535", "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_mitInterface.md"], ["2024", "CVE-2024-23342", "The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.", "https://github.com/memphis-tools/dummy_fastapi_flask_blog_app", "https://minerva.crocs.fi.muni.cz/"], ["2024", "CVE-2024-26720", "In the Linux kernel, the following vulnerability has been resolved:mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again(struct dirty_throttle_control *)->thresh is an unsigned long, but ispassed as the u32 divisor argument to div_u64(). On architectures whereunsigned long is 64 bytes, the argument will be implicitly truncated.Use div64_u64() instead of div_u64() so that the value used in the \"isthis a safe division\" check is the same as the divisor.Also, remove redundant cast of the numerator to u64, as that should happenimplicitly.This would be difficult to exploit in memcg domain, given the ratio-basedarithmetic domain_drity_limits() uses, but is much easier in globalwriteback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4847", "The Alt Text AI \u2013 Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the \u2018last_post_id\u2019 parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3124", "A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258867.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ctflearner/Android_Findings/blob/main/Smartalarm/Backup.md
https://vuldb.com/?submit.307752"], ["2024", "CVE-2024-1021", "A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.", "https://github.com/tanjiti/sec_profile", "https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5"], ["2024", "CVE-2024-30234", "Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23294", "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24866", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4595", "A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21000", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2308", "The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28871", "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24765", "CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c"], ["2024", "CVE-2024-31298", "Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4816", "A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. This affects an unknown part of the file /view/networkConfig/GRE/gre_add_commit.php. The manipulation of the argument name/remote/local/IP leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21111", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "https://github.com/10cks/CVE-2024-21111-del
https://github.com/GhostTroops/TOP
https://github.com/aneasystone/github-trending
https://github.com/fireinrain/github-trending
https://github.com/mansk1es/CVE-2024-21111
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2188", "Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25518", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.", "No PoCs found on GitHub currently.", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_get_fields_approveaspx"], ["2024", "CVE-2024-25458", "An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP port.", "No PoCs found on GitHub currently.", "https://tanzhuyin.com/posts/cve-2024-25458/"], ["2024", "CVE-2024-21051", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-26631", "In the Linux kernel, the following vulnerability has been resolved:ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_workidev->mc_ifc_count can be written over without proper locking.Originally found by syzbot [1], fix this issue by encapsulating callsto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) withmutex_lock() and mutex_unlock() accordingly as these functionsshould only be called with mc_lock per their declarations.[1]BUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_workwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0: mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline] ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725 addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949 addrconf_notify+0x310/0x980 notifier_call_chain kernel/notifier.c:93 [inline] raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461 __dev_notify_flags+0x205/0x3d0 dev_change_flags+0xab/0xd0 net/core/dev.c:8685 do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916 rtnl_group_changelink net/core/rtnetlink.c:3458 [inline] __rtnl_newlink net/core/rtnetlink.c:3717 [inline] rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754 rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910 ...write to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1: mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700 worker_thread+0x525/0x730 kernel/workqueue.c:2781 ...", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4956", "Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC", "No PoCs from references."], ["2024", "CVE-2024-22238", "Aria Operations for Networks contains a cross site scripting vulnerability.\u00a0A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/kaje11/CVEs", "No PoCs from references."], ["2024", "CVE-2024-32002", "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.", "https://github.com/10cks/CVE-2024-32002-POC
https://github.com/10cks/CVE-2024-32002-hulk
https://github.com/10cks/CVE-2024-32002-linux-hulk
https://github.com/10cks/CVE-2024-32002-linux-submod
https://github.com/10cks/CVE-2024-32002-submod
https://github.com/GhostTroops/TOP
https://github.com/M507/CVE-2024-32002
https://github.com/amalmurali47/git_rce
https://github.com/amalmurali47/hook
https://github.com/aneasystone/github-trending
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/kun-g/Scraping-Github-trending
https://github.com/markuta/hooky
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/safebuffer/CVE-2024-32002
https://github.com/sampsonv/github-trending
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC
https://github.com/zhaoxiaoha/github-trending", "No PoCs from references."], ["2024", "CVE-2024-26881", "In the Linux kernel, the following vulnerability has been resolved:net: hns3: fix kernel crash when 1588 is received on HIP08 devicesThe HIP08 devices does not register the ptp devices, so thehdev->ptp is NULL, but the hardware can receive 1588 messages,and set the HNS3_RXD_TS_VLD_B bit, so, if match this case, theaccess of hdev->ptp->flags will cause a kernel crash:[ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018[ 5888.946475] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018...[ 5889.266118] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge][ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 [hclge][ 5889.279101] sp : ffff800012c3bc50[ 5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040[ 5889.289927] x27: ffff800009116484 x26: 0000000080007500[ 5889.296333] x25: 0000000000000000 x24: ffff204001c6f000[ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000[ 5889.309134] x21: 0000000000000000 x20: ffff204004220080[ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000[ 5889.321897] x17: 0000000000000000 x16: 0000000000000000[ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000[ 5889.334617] x13: 0000000000000000 x12: 00000000010011df[ 5889.340965] x11: bbfeff4d22000000 x10: 0000000000000000[ 5889.347303] x9 : ffff800009402124 x8 : 0200f78811dfbb4d[ 5889.353637] x7 : 2200000000191b01 x6 : ffff208002a7d480[ 5889.359959] x5 : 0000000000000000 x4 : 0000000000000000[ 5889.366271] x3 : 0000000000000000 x2 : 0000000000000000[ 5889.372567] x1 : 0000000000000000 x0 : ffff20400095c080[ 5889.378857] Call trace:[ 5889.382285] hclge_ptp_get_rx_hwts+0x40/0x170 [hclge][ 5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3][ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3][ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3][ 5889.405270] hns3_nic_common_poll+0xa8/0x220 [hns3][ 5889.411084] napi_poll+0xcc/0x264[ 5889.415329] net_rx_action+0xd4/0x21c[ 5889.419911] __do_softirq+0x130/0x358[ 5889.424484] irq_exit+0x134/0x154[ 5889.428700] __handle_domain_irq+0x88/0xf0[ 5889.433684] gic_handle_irq+0x78/0x2c0[ 5889.438319] el1_irq+0xb8/0x140[ 5889.442354] arch_cpu_idle+0x18/0x40[ 5889.446816] default_idle_call+0x5c/0x1c0[ 5889.451714] cpuidle_idle_call+0x174/0x1b0[ 5889.456692] do_idle+0xc8/0x160[ 5889.460717] cpu_startup_entry+0x30/0xfc[ 5889.465523] secondary_start_kernel+0x158/0x1ec[ 5889.470936] Code: 97ffab78 f9411c14 91408294 f9457284 (f9400c80)[ 5889.477950] SMP: stopping secondary CPUs[ 5890.514626] SMP: failed to stop secondary CPUs 0-69,71-95[ 5890.522951] Starting crashdump kernel...", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3217", "The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/BassamAssiri/CVE-2024-3217-POC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-25979", "The URL parameters accepted by forum search were not limited to the allowed parameters.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1252", "A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.252991"], ["2024", "CVE-2024-28441", "File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/iamHuFei/HVVault/blob/main/webapp/%E9%AD%94%E6%96%B9%E7%BD%91%E8%A1%A8/magicflu-mailupdate-jsp-fileupload.md"], ["2024", "CVE-2024-4537", "IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28550", "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formExpandDlnaFile.md"], ["2024", "CVE-2024-23327", "Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30156", "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25928", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3097", "The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24407", "SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25868", "A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-Stored_XSS_Add_Type.md"], ["2024", "CVE-2024-32113", "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.Users are recommended to upgrade to version 18.12.13, which fixes the issue.", "https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-32282", "Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formexecommand_cmdi.md"], ["2024", "CVE-2024-26990", "In the Linux kernel, the following vulnerability has been resolved:KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty statusCheck kvm_mmu_page_ad_need_write_protect() when deciding whether towrite-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMUaccounts for any role-specific reasons for disabling D-bit dirty logging.Specifically, TDP MMU SPTEs must be write-protected when the TDP MMU isbeing used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled.KVM always disables PML when running L2, even when L1 and L2 GPAs are inthe some domain, so failing to write-protect TDP MMU SPTEs will causewrites made by L2 to not be reflected in the dirty log.[sean: massage shortlog and changelog, tweak ternary op formatting]", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30387", "A\u00a0Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart.This issue affects Junos OS: * All versions before 20.4R3-S9, * 21.2 versions before 21.2R3-S5,\u00a0 * 21.3 versions before 21.3R3-S5,\u00a0 * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S2, * 22.2 versions before 22.2R3-S2, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24567", "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.", "https://github.com/brains93/CVE-2024-24576-PoC-Python
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-26462", "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "https://github.com/GrigGM/05-virt-04-docker-hw
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fokypoky/places-list", "No PoCs from references."], ["2024", "CVE-2024-4894", "ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3266", "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25908", "Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4406", "Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the integral-dialog-page.html file. When parsing the integralInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22332.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4797", "A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customer_name/username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263896.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/xss_action.md"], ["2024", "CVE-2024-23307", "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28570", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-21342", "Windows DNS Client Denial of Service Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35850", "In the Linux kernel, the following vulnerability has been resolved:Bluetooth: qca: fix NULL-deref on non-serdev setupQualcomm ROME controllers can be registered from the Bluetooth linediscipline and in this case the HCI UART serdev pointer is NULL.Add the missing sanity check to prevent a NULL-pointer dereference whensetup() is called for a non-serdev controller.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28430", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/itsqian797/cms/blob/main/1.md"], ["2024", "CVE-2024-25848", "In the module \"Ever Ultimate SEO\" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1223", "This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3237", "The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32022", "Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss"], ["2024", "CVE-2024-28521", "SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4517", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21313", "Windows TCP/IP Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21082", "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-23187", "Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the \"show more\" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24476", "** DISPUTED ** A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3377", "A vulnerability classified as problematic was found in SourceCodester Computer Laboratory Management System 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259498 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Sospiro014/zday1/blob/main/ear_stord_xss.md"], ["2024", "CVE-2024-30245", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DecaLog.This issue affects DecaLog: from n/a through 3.9.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4735", "A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tasks. The manipulation of the argument task_subject leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263821 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_tasks.md"], ["2024", "CVE-2024-32340", "A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.", "https://github.com/adiapera/xss_menu_page_wondercms_3.4.3", "https://github.com/adiapera/xss_menu_page_wondercms_3.4.3"], ["2024", "CVE-2024-23034", "Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.", "No PoCs found on GitHub currently.", "https://github.com/weng-xianhu/eyoucms/issues/57"], ["2024", "CVE-2024-22358", "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31069", "IO-1020 Micro ELD web server uses a default password for authentication.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22189", "quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1110", "The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3015", "A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Affected by this vulnerability is an unknown functionality of the file manage_plan.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258301 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3384", "A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26580", "Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/9673", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21071", "Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-24817", "Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs (private messages) can be retrieved by anyone, even if they're not logged in. This problem is resolved in version 0.4 of the discourse-calendar plugin. While no known workaround is available, putting the site behind `login_required` will disallow this endpoint to be used by anonymous users, but logged in users can still get the list of invitees in the private topics.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28583", "Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909"], ["2024", "CVE-2024-32311", "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWanParameterSetting.md"], ["2024", "CVE-2024-24906", "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25569", "An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2268", "A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been classified as critical. Affected is an unknown function of the file /product_update.php?update=1. The manipulation of the argument update_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256038 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/File%20Upload/Arbitrary%20FIle%20Upload%20in%20product_update.php%20.md"], ["2024", "CVE-2024-22309", "Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24594", "A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI\u2019s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26491", "A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/2111715623/cms/blob/main/1.md"], ["2024", "CVE-2024-28851", "The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1141", "A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4927", "A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264463.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26640", "In the Linux kernel, the following vulnerability has been resolved:tcp: add sanity checks to rx zerocopyTCP rx zerocopy intent is to map pages initially allocatedfrom NIC drivers, not pages owned by a fs.This patch adds to can_map_frag() these additional checks:- Page must not be a compound one.- page->mapping must be NULL.This fixes the panic reported by ZhangPeng.syzbot was able to loopback packets built with sendfile(),mapping pages owned by an ext4 file to TCP rx zerocopy.r3 = socket$inet_tcp(0x2, 0x1, 0x0)mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)r4 = socket$inet_tcp(0x2, 0x1, 0x0)bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10)connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10)r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\\x00', 0x181e42, 0x0)fallocate(r5, 0x0, 0x0, 0x85b8)sendfile(r4, r5, 0x0, 0x8ba0)getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40)r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\\x00', 0x181e42, 0x0)", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21020", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4624", "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018eael_ext_toc_title_tag\u2019 parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28752", "A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-23125", "A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk AutoCAD can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4523", "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21327", "Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23222", "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/securitycipher/daily-bugbounty-writeups
https://github.com/supportmango/CVE-2024-23222-patch
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-1246", "Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1306", "The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/c7ce2649-b2b0-43f4-994d-07b1023405e9/"], ["2024", "CVE-2024-24693", "Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3203", "A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.14.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-259050 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?submit.304556"], ["2024", "CVE-2024-28684", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/16.md"], ["2024", "CVE-2024-28515", "Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component.", "https://github.com/heshi906/CVE-2024-28515
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/heshi906/CVE-2024-28515"], ["2024", "CVE-2024-24881", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28404", "TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1186", "A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://fitoxs.com/vuldb/12-exploit-perl.txt
https://www.exploit-db.com/exploits/45884"], ["2024", "CVE-2024-24782", "An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34899", "WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).", "No PoCs found on GitHub currently.", "https://hackerdna.com/courses/cve/cve-2024-34899"], ["2024", "CVE-2024-23333", "LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20378", "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.

This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28865", "django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21385", "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-21014", "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-23280", "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29898", "CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0219", "In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0188", "A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-27518", "An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\\Program Files\\SUPERAntiSpyware folder.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/secunnix/CVE-2024-27518", "https://github.com/secunnix/CVE-2024-27518
https://www.youtube.com/watch?v=FM5XlZPdvdo"], ["2024", "CVE-2024-27689", "Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Xin246/cms/blob/main/2.md"], ["2024", "CVE-2024-24932", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1035", "A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4853", "Memory handling issue in editcap could cause denial of service via crafted capture file", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.com/wireshark/wireshark/-/issues/19724"], ["2024", "CVE-2024-24720", "An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28834", "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "https://github.com/GitHubForSnap/ssmtp-gael
https://github.com/GrigGM/05-virt-04-docker-hw
https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://minerva.crocs.fi.muni.cz/"], ["2024", "CVE-2024-26625", "In the Linux kernel, the following vulnerability has been resolved:llc: call sock_orphan() at release timesyzbot reported an interesting trace [1] caused by a stale sk->sk_wqpointer in a closed llc socket.In commit ff7b11aa481f (\"net: socket: set sock->sk to NULL aftercalling proto_ops::release()\") Eric Biggers hinted that some protocolsare missing a sock_orphan(), we need to perform a full audit.In net-next, I plan to clear sock->sk from sock_orphan() andamend Eric patch to add a warning.[1] BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline] BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline] BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline] BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 list_empty include/linux/list.h:373 [inline] waitqueue_active include/linux/wait.h:127 [inline] sock_def_write_space_wfree net/core/sock.c:3384 [inline] sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080 skb_release_all net/core/skbuff.c:1092 [inline] napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404 e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970 e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline] e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801 __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [inline] net_rx_action+0x956/0xe90 net/core/dev.c:6778 __do_softirq+0x21a/0x8de kernel/softirq.c:553 run_ksoftirqd kernel/softirq.c:921 [inline] run_ksoftirqd+0x31/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164 kthread+0x2c6/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Allocated by task 5167: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3019 [inline] sock_alloc_inode+0x25/0x1c0 net/socket.c:308 alloc_inode+0x5d/0x220 fs/inode.c:260 new_inode_pseudo+0x16/0x80 fs/inode.c:1005 sock_alloc+0x40/0x270 net/socket.c:634 __sock_create+0xbc/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x14c/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6bFreed by task 0: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inlin---truncated---", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0248", "The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/"], ["2024", "CVE-2024-21045", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-26926", "In the Linux kernel, the following vulnerability has been resolved:binder: check offset alignment in binder_get_object()Commit 6d98eb95b450 (\"binder: avoid potential data leakage when copyingtxn\") introduced changes to how binder objects are copied. In doing so,it unintentionally removed an offset alignment check done through callsto binder_alloc_copy_from_buffer() -> check_buffer().These calls were replaced in binder_get_object() with copy_from_user(),so now an explicit offset alignment check is needed here. This avoidslater complications when unwinding the objects gets harder.It is worth noting this check existed prior to commit 7a67a39320df(\"binder: add function to copy binder object from buffer\"), likelyremoved due to redundancy at the time.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24823", "Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21105", "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4701", "A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18", "https://github.com/JoeBeeton/CVE-2024-4701-POC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-28677", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/14.md"], ["2024", "CVE-2024-29989", "Azure Monitor Agent Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1064", "A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4802", "A vulnerability was found in Kashipara College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file submit_extracurricular_activity.php. The manipulation of the argument activity_datetime leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263922 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22562", "swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c.", "No PoCs found on GitHub currently.", "https://github.com/matthiaskramm/swftools/issues/210"], ["2024", "CVE-2024-2891", "A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formQuickIndex.md"], ["2024", "CVE-2024-1969", "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Secomea GateManager (webserver modules) allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27196", "Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash \u2013 custom post order allows Reflected XSS.This issue affects postMash \u2013 custom post order: from n/a through 1.2.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27207", "Exported broadcast receivers allowing malicious apps to bypass broadcast protection.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25302", "Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVE/blob/main/Event_Student_Attendance_System.md"], ["2024", "CVE-2024-2543", "The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts.", "No PoCs found on GitHub currently.", "https://gist.github.com/Xib3rR4dAr/a248426dfee107c6fda08e80f98fa894"], ["2024", "CVE-2024-27347", "Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.Users are recommended to upgrade to version 1.3.0, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0446", "A maliciously crafted STP, CATPART or MODEL file in ASMKERN228A.dll whenparsed through Autodesk AutoCAD can force an Out-of-Bound Write. A maliciousactor can leverage this vulnerability to cause a crash, write sensitive data,or execute arbitrary code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1829", "A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/jxp98/VulResearch/blob/main/2024/02/3.4Library%20System%20In%20PHP%20-%20SQL%20Injection-student_reg.md"], ["2024", "CVE-2024-22422", "AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The \u201cdata-export\u201d endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-xmj6-g32r-fc5q"], ["2024", "CVE-2024-22533", "Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2452", "In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-31841", "An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem.", "No PoCs found on GitHub currently.", "https://www.gruppotim.it/it/footer/red-team.html"], ["2024", "CVE-2024-1938", "Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1878", "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254726 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md"], ["2024", "CVE-2024-2683", "A vulnerability classified as problematic was found in Campcodes Online Job Finder System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/company/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257383.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27087", "Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a \"Custom\" link type for advanced use cases that don't fit any of the pre-defined link formats. As the \"Custom\" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27316", "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.", "https://github.com/Ampferl/poc_http2-continuation-flood
https://github.com/DrewskyDev/H2Flood
https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
https://github.com/aeyesec/CVE-2024-27316_poc
https://github.com/lockness-Ko/CVE-2024-27316
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-25213", "Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%203.md"], ["2024", "CVE-2024-0417", "A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the argument member_info leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250437 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0885", "A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252036.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/176633/SpyCamLizard-1.230-Denial-Of-Service.html"], ["2024", "CVE-2024-29195", "The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2980", "A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formexeCommand.md"], ["2024", "CVE-2024-21919", "An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32649", "Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions are available.", "No PoCs found on GitHub currently.", "https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h"], ["2024", "CVE-2024-21438", "Microsoft AllJoyn API Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20857", "Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34345", "The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.", "No PoCs found on GitHub currently.", "https://github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203
https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1063
https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7"], ["2024", "CVE-2024-33525", "A Stored Cross-site Scripting (XSS) vulnerability in the \"Import of organizational units and title of organizational unit\" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.", "No PoCs found on GitHub currently.", "https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/"], ["2024", "CVE-2024-22651", "There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.", "No PoCs found on GitHub currently.", "https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md"], ["2024", "CVE-2024-29026", "Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0936", "A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024.", "No PoCs found on GitHub currently.", "https://github.com/bayuncao/vul-cve-5
https://github.com/bayuncao/vul-cve-5/blob/main/poc.py"], ["2024", "CVE-2024-31420", "A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20754", "Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1559", "The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26318", "Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1788", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2813. Reason: This candidate is a duplicate of CVE-2023-2813. Notes: All CVE users should reference CVE-2023-2813 instead of this candidate.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33465", "Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2670", "A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/vacancy/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257370 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0775", "A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32709", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/truonghuuphuc/CVE-2024-32709-Poc", "No PoCs from references."], ["2024", "CVE-2024-2761", "The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/e092ccdc-7ea1-4937-97b7-4cdbff5e74e5/"], ["2024", "CVE-2024-22903", "Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.", "https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain
https://github.com/Chocapikk/My-CVEs", "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"], ["2024", "CVE-2024-26209", "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability", "https://github.com/EvanMcBroom/pocs", "No PoCs from references."], ["2024", "CVE-2024-26198", "Microsoft Exchange Server Remote Code Execution Vulnerability", "https://github.com/MrCyberSec/CVE-2024-26198-Exchange-RCE
https://github.com/MrSecby/CVE-2024-26198-Exchange-RCE
https://github.com/NaInSec/CVE-LIST
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-1508", "The Prime Slider \u2013 Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33574", "Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22591", "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.", "No PoCs found on GitHub currently.", "https://github.com/ysuzhangbin/cms2/blob/main/1.md"], ["2024", "CVE-2024-0967", "A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.", "https://github.com/Oxdestiny/CVE-2024-0967-exploit
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-2862", "This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-5101", "A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file updateproduct.php. The manipulation of the argument ITEM leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265084.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-4.md"], ["2024", "CVE-2024-33434", "An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29137", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26349", "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Icycu123/cms/blob/main/1.md"], ["2024", "CVE-2024-2621", "A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-25120", "TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2526", "A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/rooms.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20rooms.php.md"], ["2024", "CVE-2024-27322", "Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user\u2019s system when interacted with.", "https://github.com/hrbrmstr/rdaradar
https://github.com/vin01/bogus-cves", "No PoCs from references."], ["2024", "CVE-2024-33830", "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/xyaly163/cms/blob/main/2.md"], ["2024", "CVE-2024-25227", "SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/thetrueartist/ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227
https://github.com/thetrueartist/ABO.CMS-Login-SQLi-CVE-2024-25227", "No PoCs from references."], ["2024", "CVE-2024-29230", "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.", "https://github.com/LOURC0D3/ENVY-gitbook
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2024", "CVE-2024-31636", "An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/lief-project/LIEF/issues/1038"], ["2024", "CVE-2024-33673", "An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0563", "Denial of service condition in M-Files Server in\u00a0versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3918", "The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/2074d0f5-4165-4130-9391-37cb21e8aa1b/"], ["2024", "CVE-2024-2577", "A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-employee.php.md
https://vuldb.com/?id.257080"], ["2024", "CVE-2024-31964", "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20981", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22416", "pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mindstorm38/ensimag-secu3a-cve-2024-22416
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm"], ["2024", "CVE-2024-20682", "Windows Cryptographic Services Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-23879", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/kaanatmacaa/CVE-2024-23897", "No PoCs from references."], ["2024", "CVE-2024-27233", "In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0532", "A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md"], ["2024", "CVE-2024-3858", "It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.", "https://github.com/googleprojectzero/fuzzilli
https://github.com/zhangjiahui-buaa/MasterThesis", "No PoCs from references."], ["2024", "CVE-2024-3579", "Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22774", "An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.", "https://github.com/Gray-0men/CVE-2024-22774
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-33791", "A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29103", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam Database for Contact Form 7 allows Stored XSS.This issue affects Database for Contact Form 7: from n/a through 3.0.6.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20671", "Microsoft Defender Security Feature Bypass Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27011", "In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: fix memleak in map from abort pathThe delete set command does not rely on the transaction object forelement removal, therefore, a combination of delete element + delete setfrom the abort path could result in restoring twice the refcount of themapping.Check for inactive element in the next generation for the delete elementcommand in the abort path, skip restoring state if next generation bithas been already cleared. This is similar to the activate logic usingthe set walk iterator.[ 6170.286929] ------------[ cut here ]------------[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables][ 6170.287071] Modules linked in: [...][ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables][ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100[ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000[ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0[ 6170.287962] Call Trace:[ 6170.287967] [ 6170.287973] ? __warn+0x9f/0x1a0[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables][ 6170.288092] ? report_bug+0x1b1/0x1e0[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables][ 6170.288092] ? report_bug+0x1b1/0x1e0[ 6170.288104] ? handle_bug+0x3c/0x70[ 6170.288112] ? exc_invalid_op+0x17/0x40[ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20[ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables][ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables][ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables][ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20972", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2615", "Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2584", "Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0710", "The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.", "https://github.com/karlemilnikka/CVE-2024-0710
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-22877", "StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23789", "Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30729", "** DISPUTED ** An OS command injection vulnerability has been discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the External Command Execution Modules, System Call Handlers, and Interface Scripts. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30729", "No PoCs from references."], ["2024", "CVE-2024-20832", "Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0650", "A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input \"> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251376.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0953", "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/securitycipher/daily-bugbounty-writeups", "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"], ["2024", "CVE-2024-5135", "A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265211.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20SQL%20Injection%20-%201.md"], ["2024", "CVE-2024-2856", "A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/Schnaidr/CVE-2024-2856-Stack-overflow-EXP
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md"], ["2024", "CVE-2024-0842", "The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2947", "A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3528", "A vulnerability was found in Campcodes Complete Online Student Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file units_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259898 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4348", "A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262488. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?submit.320855"], ["2024", "CVE-2024-30638", "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromAddressNat_entrys.md"], ["2024", "CVE-2024-0741", "An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://bugzilla.mozilla.org/show_bug.cgi?id=1864587"], ["2024", "CVE-2024-34231", "A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter.", "No PoCs found on GitHub currently.", "https://github.com/Amrita2000/CVES/blob/main/CVE-2024-34231.md"], ["2024", "CVE-2024-27100", "Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could render an instance inoperable. A site could be disrupted by either a malicious moderator on the same site or a malicious staff member on another site in the same multisite cluster. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20863", "Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2704", "A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49. Affected by this vulnerability is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetFirewallCfg.md"], ["2024", "CVE-2024-2495", "Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25394", "A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\\0' character.", "https://github.com/0xdea/advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hnsecurity/vulns", "No PoCs from references."], ["2024", "CVE-2024-4199", "The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to invoke their corresponding functions. This may lead to post creation and duplication, post content retrieval, post taxonomy manipulation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4208", "The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33511", "There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.", "https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0902", "The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/fd53e40a-516b-47b9-b495-321774432367/"], ["2024", "CVE-2024-2807", "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md"], ["2024", "CVE-2024-20760", "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25015", "IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0580", "Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3, etc.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2485", "A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/SetSpeedWan.md
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/setUsbUnload.md"], ["2024", "CVE-2024-2714", "A vulnerability has been found in Campcodes Complete Online DJ Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257467.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27281", "An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.", "https://github.com/lifeparticle/Ruby-Cheatsheet", "No PoCs from references."], ["2024", "CVE-2024-2817", "A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md"], ["2024", "CVE-2024-33690", "Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3478", "The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/09f1a696-86ee-47cc-99de-57cfd2a3219d/"], ["2024", "CVE-2024-3538", "A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259908.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31544", "A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into \u201cremarks\u201d, \u201cborrower_name\u201d, \u201cfaculty_department\u201d parameters in /classes/Master.php?f=save_record.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/emirhanmtl/vuln-research/blob/main/Stored-XSS-Computer-Laboratory-Management-System-PoC.md"], ["2024", "CVE-2024-29142", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebberZone Better Search \u2013 Relevant search results for WordPress allows Stored XSS.This issue affects Better Search \u2013 Relevant search results for WordPress: from n/a through 3.3.0.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25155", "In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22836", "An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/u32i/cve/tree/main/CVE-2024-22836"], ["2024", "CVE-2024-34221", "Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.", "https://github.com/dovankha/CVE-2024-34221
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/dovankha/CVE-2024-34221"], ["2024", "CVE-2024-0751", "A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20933", "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30628", "Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/fromAddressNat_page.md"], ["2024", "CVE-2024-22927", "Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.", "No PoCs found on GitHub currently.", "https://github.com/weng-xianhu/eyoucms/issues/57"], ["2024", "CVE-2024-20822", "Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4249", "A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formwrlSSIDget.md"], ["2024", "CVE-2024-24328", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.", "No PoCs found on GitHub currently.", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md"], ["2024", "CVE-2024-31455", "Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20721", "Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29053", "Microsoft Defender for IoT Remote Code Execution Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20661", "Microsoft Message Queuing Denial of Service Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-5065", "A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264924.", "No PoCs found on GitHub currently.", "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%203%20(Unauthenticated).md"], ["2024", "CVE-2024-2906", "Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29113", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0803", "Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33781", "MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3569", "A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30679", "** DISPUTED ** An issue was discovered in the default configurations of ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to authenticate using default credentials. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/yashpatelphd/CVE-2024-30679", "No PoCs from references."], ["2024", "CVE-2024-0700", "The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "No PoCs found on GitHub currently.", "https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request
https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve"], ["2024", "CVE-2024-2594", "Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability\u00a0through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2605", "An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-20962", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0522", "A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27223", "In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0462", "A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22894", "An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.", "https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability
https://github.com/Jaarden/CVE-2024-22894
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-31974", "The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).", "https://github.com/actuator/com.solarized.firedown
https://github.com/actuator/cve
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-20991", "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2567", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. VDB-257070 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The code maintainer was contacted early about this disclosure but did not respond in any way. Instead the GitHub repository got deleted after a few days. We have to assume that the product is not supported anymore.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/ctflearner/Android_Findings/blob/main/AndroidWeatherApp/Android_backup.md"], ["2024", "CVE-2024-3908", "A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261144. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formWriteFacMac.md"], ["2024", "CVE-2024-23869", "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-30989", "Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the \"cname\", \"comname\", \"state\" and \"city\" parameter.", "No PoCs found on GitHub currently.", "https://medium.com/@shanunirwan/cve-2024-30989-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3cfa1c54e4a6"], ["2024", "CVE-2024-5096", "A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20692", "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33772", "A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter \"curTime.\"", "No PoCs found on GitHub currently.", "https://github.com/YuboZhaoo/IoT/blob/main/D-Link/DIR-619L/20240424.md"], ["2024", "CVE-2024-29271", "Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/givanz/VvvebJs/issues/342"], ["2024", "CVE-2024-23978", "** UNSUPPPORTED WHEN ASSIGNED ** Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34392", "libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.", "No PoCs found on GitHub currently.", "https://github.com/libxmljs/libxmljs/issues/646
https://research.jfrog.com/vulnerabilities/libxmljs-namespaces-type-confusion-rce-jfsa-2024-001034096/"], ["2024", "CVE-2024-31865", "Improper Input Validation vulnerability in Apache Zeppelin.The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33820", "Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/Swind1er/ee095fbfe13f77a5b45b39a5aa82bd17"], ["2024", "CVE-2024-29220", "Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20655", "Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2932", "A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CveSecLook/cve/issues/3"], ["2024", "CVE-2024-5051", "A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264748.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.264748"], ["2024", "CVE-2024-29127", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-33424", "A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section.", "https://github.com/adiapera/xss_language_cmsimple_5.15", "https://github.com/adiapera/xss_language_cmsimple_5.15"], ["2024", "CVE-2024-25130", "Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22853", "D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.dlink.com/en/security-bulletin/"], ["2024", "CVE-2024-34244", "libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2631", "Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20956", "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22913", "A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.", "No PoCs found on GitHub currently.", "https://github.com/matthiaskramm/swftools/issues/213"], ["2024", "CVE-2024-20816", "Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31461", "Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests.", "https://github.com/Ostorlab/KEV", "No PoCs from references."], ["2024", "CVE-2024-5111", "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/student_payment_invoice1.php. The manipulation of the argument date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265101 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0977", "The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26188", "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0866", "The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-22490", "Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter.", "No PoCs found on GitHub currently.", "https://github.com/cui2shark/security/blob/main/beetl-bbs%20-%20A%20reflected%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20the%20search%20box.md"], ["2024", "CVE-2024-35179", "Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who handed out admin credentials to the mail server but expect these to only grant access according to the `RUN_AS_USER` and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. Version 0.8.0 contains a patch for the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h"], ["2024", "CVE-2024-26308", "Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.Users are recommended to upgrade to version 1.26, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-34215", "TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function.", "No PoCs found on GitHub currently.", "https://github.com/n0wstr/IOTVuln/tree/main/CP450/SetUrlFilterRules"], ["2024", "CVE-2024-0765", "As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state.This would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786"], ["2024", "CVE-2024-36081", "Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.", "No PoCs found on GitHub currently.", "https://www.westermo.com/-/media/Files/Cyber-security/westermo_sa_EDW-100_24-05.pdf"], ["2024", "CVE-2024-25021", "IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22942", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md"], ["2024", "CVE-2024-0625", "The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wpfront-notification-bar-options[custom_class]\u2019 parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2720", "A vulnerability classified as problematic was found in Campcodes Complete Online DJ Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257473 was assigned to this vulnerability.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27124", "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 build 20231110 and laterQTS 4.5.4.2627 build 20231225 and laterQuTS hero h5.1.3.2578 build 20231110 and laterQuTS hero h4.5.4.2626 build 20231225 and laterQuTScloud c5.1.5.2651 and later", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-20847", "Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35039", "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1549", "If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2823", "A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/NaInSec/CVE-LIST", "https://github.com/lcg-22266/cms/blob/main/1.md"], ["2024", "CVE-2024-0926", "A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/yaoyue123/iot", "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formWifiWpsOOB.md"], ["2024", "CVE-2024-29036", "Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-27306", "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27097", "A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade. Users unable to upgrade should override the `/user/reset` endpoint to filter the `id` parameter in order to exclude newlines.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21909", "PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22463", "Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29185", "FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the `App_Key` of the application. This limitation makes the Attack Complexity to be High. If an attacker gets hold of the `App_Key`, the attacker can compromise the Complete server on which the application is deployed. Version 1.8.128 contains a patch for this issue.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0895", "The PDF Flipbook, 3D Flipbook \u2013 DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-22523", "Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1928", "A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-admin.php of the component Edit User Profile Page. The manipulation of the argument Fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254864.", "No PoCs found on GitHub currently.", "https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20XSS.md"], ["2024", "CVE-2024-0547", "A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250717 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html"], ["2024", "CVE-2024-25343", "Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.", "https://github.com/ShravanSinghRathore/ShravanSinghRathore", "https://github.com/ShravanSinghRathore/Tenda-N300-F3-Router/wiki/Password-Policy-Bypass-Vulnerability-CVE%E2%80%902024%E2%80%9025343"], ["2024", "CVE-2024-2442", "Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-0456", "An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project", "https://github.com/0xfschott/CVE-search
https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-2553", "A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257052.", "https://github.com/BurakSevben/CVEs
https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/BurakSevben/CVEs/blob/main/Product%20Rating%20System/CVE-2024-2553%20-%20Product%20Rating%20System%20-%20Cross-Site-Scripting.md"], ["2024", "CVE-2024-5273", "Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-31492", "An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-29094", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-25312", "Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at \"School/sub_delete.php?id=5.\"", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tubakvgc/CVEs", "https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-5.md"], ["2024", "CVE-2024-33905", "In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type.", "https://github.com/tanjiti/sec_profile", "https://medium.com/@pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90"], ["2024", "CVE-2024-2413", "Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1979", "A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-28069", "A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28667", "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/777erp/cms/blob/main/6.md"], ["2024", "CVE-2024-30261", "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21115", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-33148", "J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26635", "In the Linux kernel, the following vulnerability has been resolved:llc: Drop support for ETH_P_TR_802_2.syzbot reported an uninit-value bug below. [0]llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2(0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', \"90e5dd\"}}}}, 0x16)llc_conn_handler() initialises local variables {saddr,daddr}.macbased on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passesthem to __llc_lookup().However, the initialisation is done only when skb->protocol ishtons(ETH_P_802_2), otherwise, __llc_lookup_established() and__llc_lookup_listener() will read garbage.The missing initialisation existed prior to commit 211ed865108e(\"net: delete all instances of special processing for token ring\").It removed the part to kick out the token ring stuff but forgot toclose the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().Let's remove llc_tr_packet_type and complete the deprecation.[0]:BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90 __llc_lookup_established+0xe9d/0xf90 __llc_lookup net/llc/llc_conn.c:611 [inline] llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 __netif_receive_skb_one_core net/core/dev.c:5527 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641 netif_receive_skb_internal net/core/dev.c:5727 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5786 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x1490 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6bLocal variable daddr created at: llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28824", "Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-4651", "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21055", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-27559", "Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/kilooooo/cms/blob/main/1.md"], ["2024", "CVE-2024-30230", "Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27448", "MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.", "https://github.com/Tim-Hoekstra/MailDev-2.1.0-Exploit-RCE", "No PoCs from references."], ["2024", "CVE-2024-0349", "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2024", "CVE-2024-26724", "In the Linux kernel, the following vulnerability has been resolved:net/mlx5: DPLL, Fix possible use after free after delayed work timer triggersI managed to hit following use after free warning recently:[ 2169.711665] ==================================================================[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014[ 2169.722457] Call Trace:[ 2169.722756] [ 2169.723024] dump_stack_lvl+0x58/0xb0[ 2169.723417] print_report+0xc5/0x630[ 2169.723807] ? __virt_addr_valid+0x126/0x2b0[ 2169.724268] kasan_report+0xbe/0xf0[ 2169.724667] ? __run_timers.part.0+0x179/0x4c0[ 2169.725116] ? __run_timers.part.0+0x179/0x4c0[ 2169.725570] __run_timers.part.0+0x179/0x4c0[ 2169.726003] ? call_timer_fn+0x320/0x320[ 2169.726404] ? lock_downgrade+0x3a0/0x3a0[ 2169.726820] ? kvm_clock_get_cycles+0x14/0x20[ 2169.727257] ? ktime_get+0x92/0x150[ 2169.727630] ? lapic_next_deadline+0x35/0x60[ 2169.728069] run_timer_softirq+0x40/0x80[ 2169.728475] __do_softirq+0x1a1/0x509[ 2169.728866] irq_exit_rcu+0x95/0xc0[ 2169.729241] sysvec_apic_timer_interrupt+0x6b/0x80[ 2169.729718] [ 2169.729993] [ 2169.730259] asm_sysvec_apic_timer_interrupt+0x16/0x20[ 2169.730755] RIP: 0010:default_idle+0x13/0x20[ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00[ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242[ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62[ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55[ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14[ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0[ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200[ 2169.736478] ? ct_kernel_exit.constprop.0+0xa2/0xc0[ 2169.736954] ? do_idle+0x285/0x290[ 2169.737323] default_idle_call+0x63/0x90[ 2169.737730] do_idle+0x285/0x290[ 2169.738089] ? arch_cpu_idle_exit+0x30/0x30[ 2169.738511] ? mark_held_locks+0x1a/0x80[ 2169.738917] ? lockdep_hardirqs_on_prepare+0x12e/0x200[ 2169.739417] cpu_startup_entry+0x30/0x40[ 2169.739825] start_secondary+0x19a/0x1c0[ 2169.740229] ? set_cpu_sibling_map+0xbd0/0xbd0[ 2169.740673] secondary_startup_64_no_verify+0x15d/0x16b[ 2169.741179] [ 2169.741686] Allocated by task 1098:[ 2169.742058] kasan_save_stack+0x1c/0x40[ 2169.742456] kasan_save_track+0x10/0x30[ 2169.742852] __kasan_kmalloc+0x83/0x90[ 2169.743246] mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll][ 2169.743730] auxiliary_bus_probe+0x62/0xb0[ 2169.744148] really_probe+0x127/0x590[ 2169.744534] __driver_probe_device+0xd2/0x200[ 2169.744973] device_driver_attach+0x6b/0xf0[ 2169.745402] bind_store+0x90/0xe0[ 2169.745761] kernfs_fop_write_iter+0x1df/0x2a0[ 2169.746210] vfs_write+0x41f/0x790[ 2169.746579] ksys_write+0xc7/0x160[ 2169.746947] do_syscall_64+0x6f/0x140[ 2169.747333] entry_SYSCALL_64_after_hwframe+0x46/0x4e[ 2169.748049] Freed by task 1220:[ 2169.748393] kasan_save_stack+0x1c/0x40[ 2169.748789] kasan_save_track+0x10/0x30[ 2169.749188] kasan_save_free_info+0x3b/0x50[ 2169.749621] poison_slab_object+0x106/0x180[ 2169.750044] __kasan_slab_free+0x14/0x50[ 2169.750451] kfree+0x118/0x330[ 2169.750792] mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll][ 2169.751271] auxiliary_bus_remove+0x2e/0x40[ 2169.751694] device_release_driver_internal+0x24b/0x2e0[ 2169.752191] unbind_store+0xa6/0xb0[ 2169.752563] kernfs_fo---truncated---", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3120", "A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP\u00a0messages.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4903", "A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument M_ID_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264436. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3060", "The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/7740646d-f3ea-4fc7-b35e-8b4a6821e178/"], ["2024", "CVE-2024-24761", "Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27508", "Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-0209", "IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file", "No PoCs found on GitHub currently.", "https://gitlab.com/wireshark/wireshark/-/issues/19501"], ["2024", "CVE-2024-23290", "A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24862", "In function pci1xxxx_spi_probe, there is a potential null pointer thatmay be caused by a failed memory allocation by the function devm_kzalloc.Hence, a null pointer check needs to be added to prevent null pointerdereferencing later in the code.To fix this issue, spi_bus->spi_int[iter] should be checked. The memoryallocated by devm_kzalloc will be automatically released, so just directlyreturn -ENOMEM without worrying about memory leaks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4600", "Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the \u2018set_param.cgi\u2019 file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4591", "A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/22.md"], ["2024", "CVE-2024-21004", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-21395", "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24543", "Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.", "No PoCs found on GitHub currently.", "https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0130/setSchedWifi.md"], ["2024", "CVE-2024-23323", "Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32286", "Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromVirtualSer.md"], ["2024", "CVE-2024-23263", "A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4562", "In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality.\u00a0 Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27969", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-3093", "** REJECT ** ** DUPLICATE ** Accidental request. Please use CVE-2024-1752 instead.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/7c87fcd2-6ffd-4285-bbf5-36efea70b620/"], ["2024", "CVE-2024-1207", "The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/securitycipher/daily-bugbounty-writeups", "No PoCs from references."], ["2024", "CVE-2024-3213", "The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24512", "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component.", "https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
https://github.com/machisri/CVEs-and-Vulnerabilities", "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24512%20-%3E%20Stored%20XSS%20in%20input%20SubTitle%20of%20the%20Component"], ["2024", "CVE-2024-24683", "Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0.Users are recommended to upgrade to version 2.8.0, which fixes the issue.When Hop Server writes links to the\u00a0PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped.The variable not properly escaped is the \"id\", which is not directly accessible by users creating pipelines making the risk of exploiting this low.This issue only affects users using the Hop Server component and does not directly affect the client.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-1316", "The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events).", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/"], ["2024", "CVE-2024-1087", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2024-1085.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4473", "The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"aThemes: Portfolio\" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21337", "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-26557", "Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hebing123/cve/issues/18"], ["2024", "CVE-2024-1256", "A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-27938", "Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from a server that a user has 'authorised' to send mail on their behalf but were not the genuine author of the e-mail. Postal is not affected for sending outgoing e-mails as email is re-encoded with `` line endings when transmitted over SMTP. This issue has been addressed and users should upgrade to Postal v3.0.0 or higher. Once upgraded, Postal will only accept End of DATA sequences which are explicitly `.`. If a non-compliant sequence is detected it will be logged to the SMTP server log. There are no workarounds for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide"], ["2024", "CVE-2024-22259", "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.", "https://github.com/NaInSec/CVE-LIST
https://github.com/SeanPesce/CVE-2024-22243
https://github.com/ashrafsarhan/order-service
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2024", "CVE-2024-26650", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1151", "A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23135", "A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21030", "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2278", "Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/2cbabde8-1e3e-4205-8a5c-b889447236a0/"], ["2024", "CVE-2024-25579", "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-32301", "Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.", "No PoCs found on GitHub currently.", "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromWizardHandle.md"], ["2024", "CVE-2024-28593", "** DISPUTED ** The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says \"If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text.\" This page also says \"Chat is due to be removed from standard Moodle.\"", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2024", "CVE-2024-30204", "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26481", "Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26710", "In the Linux kernel, the following vulnerability has been resolved:powerpc/kasan: Limit KASAN thread size increase to 32KBKASAN is seen to increase stack usage, to the point that it was reportedto lead to stack overflow on some 32-bit machines (see link).To avoid overflows the stack size was doubled for KASAN builds incommit 3e8635fb2e07 (\"powerpc/kasan: Force thread size increase withKASAN\").However with a 32KB stack size to begin with, the doubling leads to a64KB stack, which causes build errors: arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff)Although the asm could be reworked, in practice a 32KB stack seemssufficient even for KASAN builds - the additional usage seems to be inthe 2-3KB range for a 64-bit KASAN build.So only increase the stack for KASAN if the stack size is < 32KB.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-1011", "A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280.", "No PoCs found on GitHub currently.", "https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control"], ["2024", "CVE-2024-22088", "Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.", "https://github.com/Halcy0nic/Trophies
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/skinnyrad/Trophies", "https://github.com/chendotjs/lotos/issues/7"], ["2024", "CVE-2024-26590", "In the Linux kernel, the following vulnerability has been resolved:erofs: fix inconsistent per-file compression formatEROFS can select compression algorithms on a per-file basis, and eachper-file compression algorithm needs to be marked in the on-disksuperblock for initialization.However, syzkaller can generate inconsistent crafted images that usean unsupported algorithmtype for specific inodes, e.g. use MicroLZMAalgorithmtype even it's not set in `sbi->available_compr_algs`. Thiscan lead to an unexpected \"BUG: kernel NULL pointer dereference\" ifthe corresponding decompressor isn't built-in.Fix this by checking against `sbi->available_compr_algs` for eachm_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs presetbitmap is now fixed together since it was harmless previously.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-26601", "In the Linux kernel, the following vulnerability has been resolved:ext4: regenerate buddy after block freeing failed if under fc replayThis mostly reverts commit 6bd97bf273bd (\"ext4: remove redundantmb_regenerate_buddy()\") and reintroduces mb_regenerate_buddy(). Based oncode in mb_free_blocks(), fast commit replay can end up marking as freeblocks that are already marked as such. This causes corruption of thebuddy bitmap so we need to regenerate it in that case.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-4966", "A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264534 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CveSecLook/cve/issues/30"], ["2024", "CVE-2024-24495", "SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/DailyHabitTracker-SQL_Injection.md"], ["2024", "CVE-2024-22208", "phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.", "No PoCs found on GitHub currently.", "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg"], ["2024", "CVE-2024-22199", "This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-2369", "The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://wpscan.com/vulnerability/252dfc35-4c8c-4304-aa09-73dfe986b10d/"], ["2024", "CVE-2024-25468", "An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21061", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-4725", "A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/client_user. The manipulation of the argument f_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263803.", "No PoCs found on GitHub currently.", "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_client_user.md"], ["2024", "CVE-2024-30255", "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.", "https://github.com/Ampferl/poc_http2-continuation-flood
https://github.com/DrewskyDev/H2Flood
https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
https://github.com/blackmagic2023/Envoy-CPU-Exhaustion-Vulnerability-PoC
https://github.com/lockness-Ko/CVE-2024-27316
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2024", "CVE-2024-21121", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-2229", "CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote codeexecution when a malicious project file is loaded into the application by a valid user.", "https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-25528", "RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#wf_work_stat_settingaspx"], ["2024", "CVE-2024-31139", "In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-3145", "A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtml_js_action.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Hckwzh/cms/blob/main/13.md
https://vuldb.com/?id.258920"], ["2024", "CVE-2024-23206", "An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-21092", "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2024.html"], ["2024", "CVE-2024-1262", "A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-23346", "Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.", "No PoCs found on GitHub currently.", "https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f"], ["2024", "CVE-2024-26472", "KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of 'create-new-pwd.php'.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-24577", "libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-35592", "An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2024", "CVE-2024-28560", "SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.", "https://github.com/NaInSec/CVE-LIST", "No PoCs from references."], ["2023", "CVE-2023-0799", "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "https://github.com/ARPSyndicate/cvemon
https://github.com/peng-hui/CarpetFuzz
https://github.com/waugustus/CarpetFuzz
https://github.com/waugustus/waugustus", "https://gitlab.com/libtiff/libtiff/-/issues/494"], ["2023", "CVE-2023-50919", "An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html"], ["2023", "CVE-2023-21974", "Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Team Calendar Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Team Calendar Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Team Calendar Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-40593", "In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4001", "An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the \"/boot/\" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42496", "Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6104", "** REJECT ** The CVE Record was published by accident.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23871", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <=\u00a01.1.23 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32797", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <=\u00a01.0.22 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23772", "Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://tetraburst.com/"], ["2023", "CVE-2023-33929", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaqu\u00edn Ruiz Easy Admin Menu plugin <=\u00a01.3 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32546", "Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent.", "https://github.com/kohnakagawa/kohnakagawa", "No PoCs from references."], ["2023", "CVE-2023-26157", "Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730"], ["2023", "CVE-2023-21834", "Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workflow, Approval, Work Force Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Self-Service Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-4141", "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3822", "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5"], ["2023", "CVE-2023-42647", "In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24052", "An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password.", "No PoCs found on GitHub currently.", "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/"], ["2023", "CVE-2023-50859", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.1.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26046", "teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-21925", "Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-42756", "A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.", "No PoCs found on GitHub currently.", "https://seclists.org/oss-sec/2023/q3/242"], ["2023", "CVE-2023-1836", "A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in \"raw\" mode, it can be made to render as HTML if viewed under specific circumstances", "No PoCs found on GitHub currently.", "https://gitlab.com/gitlab-org/gitlab/-/issues/404613"], ["2023", "CVE-2023-49121", "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32457", "Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28154", "Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.", "https://github.com/ARPSyndicate/cvemon
https://github.com/EyalDelarea/JFrog-Frogbot-Demo
https://github.com/OneIdentity/IdentityManager.Imx
https://github.com/jfrog/frogbot
https://github.com/seal-community/patches", "No PoCs from references."], ["2023", "CVE-2023-45076", "A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.", "No PoCs found on GitHub currently.", "https://support.lenovo.com/us/en/product_security/LEN-141775"], ["2023", "CVE-2023-39360", "Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4"], ["2023", "CVE-2023-21766", "Windows Overlay Filter Information Disclosure Vulnerability", "https://github.com/Y3A/cve-2023-21766
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-0519", "Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/891ad0cb-d12f-4c5e-aac8-d7326caf2129"], ["2023", "CVE-2023-21865", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26106", "All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JS-DOTLENS-3227646"], ["2023", "CVE-2023-37272", "JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1.13 of JobScheduler (JS1). The vulnerability does not affect branch 2.x of JobScheduler (JS7) for releases after 2.1.0. The vulnerability is resolved with release 1.13.19.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4281", "This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.", "https://github.com/b0marek/CVE-2023-4281
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-4110", "A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173926/PHPJabbers-Availability-Booking-Calendar-5.0-Cross-Site-Scripting.html"], ["2023", "CVE-2023-51467", "The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code", "https://github.com/0x7ax/Bizness
https://github.com/0xsyr0/OSCP
https://github.com/20142995/sectool
https://github.com/Chocapikk/CVE-2023-51467
https://github.com/D0g3-8Bit/OFBiz-Attack
https://github.com/Jake123otte1/BadBizness-CVE-2023-51467
https://github.com/JaneMandy/CVE-2023-51467
https://github.com/JaneMandy/CVE-2023-51467-Exploit
https://github.com/K3ysTr0K3R/CVE-2023-51467-EXPLOIT
https://github.com/Marco-zcl/POC
https://github.com/Ostorlab/KEV
https://github.com/Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467
https://github.com/Rishi-45/Bizness-Machine-htb
https://github.com/Subha-BOO7/Exploit_CVE-2023-51467
https://github.com/Threekiii/CVE
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/Tropinene/Yscanner
https://github.com/UserConnecting/Exploit-CVE-2023-49070-and-CVE-2023-51467-Apache-OFBiz
https://github.com/Y4tacker/JavaSec
https://github.com/bakery312/Vulhub-Reproduce
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/txuswashere/OSCP
https://github.com/vulncheck-oss/cve-2023-51467
https://github.com/vulncheck-oss/go-exploit
https://github.com/wy876/POC
https://github.com/xingchennb/POC-
https://github.com/yukselberkay/CVE-2023-49070_CVE-2023-51467", "No PoCs from references."], ["2023", "CVE-2023-6015", "MLflow allowed arbitrary files to be PUT onto the server.", "https://github.com/shubhamkulkarni97/CVE-Presentations", "https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3"], ["2023", "CVE-2023-30630", "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.", "https://github.com/seal-community/patches", "No PoCs from references."], ["2023", "CVE-2023-3552", "Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.dev/bounties/aeb2f43f-0602-4ac6-9685-273e87ff4ded"], ["2023", "CVE-2023-51946", "Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34239", "Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/DummyOrganisationTest/dummy-application
https://github.com/DummyOrganisationTest/test_dependabot", "No PoCs from references."], ["2023", "CVE-2023-35155", "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E&includeDocument=inline&message=I+wanted+to+share+this+page+with+you.`, where `` is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8.", "No PoCs found on GitHub currently.", "https://jira.xwiki.org/browse/XWIKI-20370"], ["2023", "CVE-2023-49243", "Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21896", "Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-6377", "A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1985", "A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function save_brand of the file /classes/Master.php?f=save_brand. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225533 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.225533"], ["2023", "CVE-2023-44078", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-20768", "In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0978", "A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10397"], ["2023", "CVE-2023-39002", "A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.", "No PoCs found on GitHub currently.", "https://logicaltrust.net/blog/2023/08/opnsense.html"], ["2023", "CVE-2023-1517", "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.", "https://github.com/ARPSyndicate/cvemon
https://github.com/khanhchauminh/khanhchauminh", "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d"], ["2023", "CVE-2023-30770", "A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-51806", "File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.", "No PoCs found on GitHub currently.", "https://github.com/ujcms/ujcms/issues/8"], ["2023", "CVE-2023-3783", "A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_name/c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235050 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://seclists.org/fulldisclosure/2023/Jul/38
https://www.vulnerability-lab.com/get_content.php?id=2321"], ["2023", "CVE-2023-47211", "A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27019", "Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.", "No PoCs found on GitHub currently.", "https://github.com/DrizzlingSun/Tenda/blob/main/AC10/8/8.md"], ["2023", "CVE-2023-45205", "A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39113", "ngiflib commit fb271 was discovered to contain a segmentation violation via the function \"main\" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.", "No PoCs found on GitHub currently.", "https://github.com/miniupnp/ngiflib/issues/27"], ["2023", "CVE-2023-23410", "Windows HTTP.sys Elevation of Privilege Vulnerability", "https://github.com/ARPSyndicate/cvemon
https://github.com/SapDragon/http.sys-research
https://github.com/immortalp0ny/mypocs", "No PoCs from references."], ["2023", "CVE-2023-47091", "An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.", "No PoCs found on GitHub currently.", "https://advisories.stormshield.eu/2023-024/"], ["2023", "CVE-2023-3692", "Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/be6616eb-384d-40d6-b1fd-0ec9e4973f12"], ["2023", "CVE-2023-3991", "An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21987", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).", "https://github.com/AtonceInventions/Hypervisor", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-30962", "The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .", "No PoCs found on GitHub currently.", "https://palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0"], ["2023", "CVE-2023-42465", "Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33799", "A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.", "No PoCs found on GitHub currently.", "https://github.com/anhdq201/netbox/issues/14"], ["2023", "CVE-2023-33408", "Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.", "https://github.com/Thirukrishnan/CVE-2023-33408
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Thirukrishnan/CVE-2023-33408"], ["2023", "CVE-2023-4223", "Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-4223"], ["2023", "CVE-2023-37141", "ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().", "No PoCs found on GitHub currently.", "https://github.com/chakra-core/ChakraCore/issues/6886"], ["2023", "CVE-2023-24330", "Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/.", "No PoCs found on GitHub currently.", "https://github.com/caoyebo/CVE/tree/main/dlink%20882%20-%20CVE-2023-24330"], ["2023", "CVE-2023-1546", "The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/bb065397-370f-4ee1-a2c8-20e4dc4415a0"], ["2023", "CVE-2023-23550", "An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1694"], ["2023", "CVE-2023-21455", "Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-3443", "An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27159", "Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.", "No PoCs found on GitHub currently.", "https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a
https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb"], ["2023", "CVE-2023-1641", "A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1641"], ["2023", "CVE-2023-39354", "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6"], ["2023", "CVE-2023-3744", "Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the \"scrape_image.php\" file in the imageURL parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21752", "Windows Backup Service Elevation of Privilege Vulnerability", "https://github.com/ARPSyndicate/cvemon
https://github.com/CVEDB/PoC-List
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/DarkFunct/CVE_Exploits
https://github.com/GhostTroops/TOP
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/Threekiii/CVE
https://github.com/Wh04m1001/CVE-2023-21752
https://github.com/hktalent/TOP
https://github.com/k0mi-tg/CVE-POC
https://github.com/lions2012/Penetration_Testing_POC
https://github.com/manas3c/CVE-POC
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/ycdxsb/WindowsPrivilegeEscalation
https://github.com/yosef0x01/CVE-2023-21752", "No PoCs from references."], ["2023", "CVE-2023-26132", "Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.", "https://github.com/ARPSyndicate/cvemon
https://github.com/seal-community/patches", "https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763"], ["2023", "CVE-2023-21851", "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-4124", "Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/2c684f99-d181-4106-8ee2-64a76ae6a348"], ["2023", "CVE-2023-3847", "A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html"], ["2023", "CVE-2023-6021", "LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/5039c045-f986-4cbc-81ac-370fe4b0d3f8"], ["2023", "CVE-2023-2428", "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"], ["2023", "CVE-2023-38178", ".NET Core and Visual Studio Denial of Service Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41999", "An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2023-37"], ["2023", "CVE-2023-37306", "MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.", "No PoCs found on GitHub currently.", "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle"], ["2023", "CVE-2023-21911", "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-26072", "An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Emergency number list.", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/171378/Shannon-Baseband-NrmmMsgCodec-Emergency-Number-List-Heap-Buffer-Overflow.html"], ["2023", "CVE-2023-6161", "The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45102", "Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <=\u00a01.20 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1701", "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256"], ["2023", "CVE-2023-42861", "A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.", "https://github.com/fractal-visi0n/security-assessement", "No PoCs from references."], ["2023", "CVE-2023-1490", "A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1490"], ["2023", "CVE-2023-39185", "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39214", "Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21612", "Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/ARPSyndicate/cvemon
https://github.com/kohnakagawa/kohnakagawa", "No PoCs from references."], ["2023", "CVE-2023-28071", "Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).", "https://github.com/ycdxsb/ycdxsb", "No PoCs from references."], ["2023", "CVE-2023-45013", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47116", "Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r"], ["2023", "CVE-2023-40875", "DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.", "https://github.com/DiliLearngent/BugReport
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21492", "Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors", "No PoCs from references."], ["2023", "CVE-2023-2479", "OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.", "https://github.com/Marco-zcl/POC
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC
https://github.com/xingchennb/POC-
https://github.com/zn9988/publications", "No PoCs from references."], ["2023", "CVE-2023-4175", "A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.236210"], ["2023", "CVE-2023-51402", "Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6070", "A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10413"], ["2023", "CVE-2023-49395", "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.", "No PoCs found on GitHub currently.", "https://github.com/nightcloudos/new_cms/blob/main/CSRF%20exists%20in%20the%20column%20management%20modification%20section.md"], ["2023", "CVE-2023-21940", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-4035", "The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24126", "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4_5g parameter at /goform/WifiBasicSet.", "No PoCs found on GitHub currently.", "https://oxnan.com/posts/WifiBasic_wepkey4_5g_DoS"], ["2023", "CVE-2023-28131", "A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the \"Expo AuthSession Redirect Proxy\" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).", "No PoCs found on GitHub currently.", "https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps"], ["2023", "CVE-2023-3655", "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...).\u00a0This vulnerability can be triggered by an HTTP endpoint exposed to the network.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24095", "** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "No PoCs found on GitHub currently.", "https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/05/README.md"], ["2023", "CVE-2023-6312", "A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function delete_user of the file deleteUser.php of the component Users Page. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246138 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/joinia/webray.com.cn/blob/main/Loan-Management-System/lmssql%20-%20deleteuser.md"], ["2023", "CVE-2023-22608", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "https://github.com/13579and2468/Wei-fuzz", "No PoCs from references."], ["2023", "CVE-2023-46118", "RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an \"out-of-memory killer\"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.", "No PoCs found on GitHub currently.", "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg"], ["2023", "CVE-2023-1572", "A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223564.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-23564", "An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.", "https://github.com/Orange-Cyberdefense/CVE-repository", "https://github.com/Orange-Cyberdefense/CVE-repository
https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_geomatika_isigeoweb.md"], ["2023", "CVE-2023-45231", "EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.", "https://github.com/quarkslab/pixiefail", "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"], ["2023", "CVE-2023-32750", "Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job \"remote-download\" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.", "No PoCs found on GitHub currently.", "https://www.redteam-pentesting.de/advisories/rt-sa-2023-005/
https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses"], ["2023", "CVE-2023-21521", "An SQL Injection vulnerability in the Management Console\u202f\u00a0(Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.", "No PoCs found on GitHub currently.", "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406"], ["2023", "CVE-2023-3537", "A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233289 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.233289"], ["2023", "CVE-2023-41638", "An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file.", "No PoCs found on GitHub currently.", "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41638%20%7C%20RealGimm%20-%20RCE%20via%20Unrestricted%20File%20Upload.md
https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20RCE%20via%20Unrestricted%20File%20Upload.md"], ["2023", "CVE-2023-36359", "TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.", "No PoCs found on GitHub currently.", "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/8/TP-Link%20TL-WR940N%20TL-WR841N%20TL-WR941ND%20wireless%20router%20userRpmQoSRuleListRpm%20buffer%20read%20out-of-bounds%20vulnerability.md"], ["2023", "CVE-2023-52449", "In the Linux kernel, the following vulnerability has been resolved:mtd: Fix gluebi NULL pointer dereference caused by ftl notifierIf both ftl.ko and gluebi.ko are loaded, the notifier of ftltriggers NULL pointer dereference when trying to access\u2018gluebi->desc\u2019 in gluebi_read().ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_mtd tr->add_mtd() scan_header mtd_read mtd_read_oob mtd_read_oob_std gluebi_read mtd->read() gluebi->desc - NULLDetailed reproduction information available at the Link [1],In the normal case, obtain gluebi->desc in the gluebi_get_device(),and access gluebi->desc in the gluebi_read(). However,gluebi_get_device() is not executed in advance in theftl_add_mtd() process, which leads to NULL pointer dereference.The solution for the gluebi module is to run jffs2 on the UBIvolume without considering working with ftl or mtdblock [2].Therefore, this problem can be avoided by preventing gluebi fromcreating the mtdblock device after creating mtd partition of thetype MTD_UBIVOLUME.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46058", "Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/Stored_XSS_in_group.php.md"], ["2023", "CVE-2023-4357", "Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/20142995/sectool
https://github.com/Marco-zcl/POC
https://github.com/OgulcanUnveren/CVE-2023-4357-APT-Style-exploitation
https://github.com/T0ngMystic/Vulnerability_List
https://github.com/Threekiii/CVE
https://github.com/WinnieZy/CVE-2023-4357
https://github.com/aneasystone/github-trending
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/johe123qwe/github-trending
https://github.com/kujian/githubTrending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/passwa11/CVE-2023-4357-APT-Style-exploitation
https://github.com/sampsonv/github-trending
https://github.com/sunu11/chrome-CVE-2023-4357
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC
https://github.com/xcanwin/CVE-2023-4357-Chrome-XXE
https://github.com/xingchennb/POC-
https://github.com/zoroqi/my-awesome", "No PoCs from references."], ["2023", "CVE-2023-30956", "A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.", "No PoCs found on GitHub currently.", "https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a"], ["2023", "CVE-2023-22659", "An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1699"], ["2023", "CVE-2023-6343", "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.", "https://github.com/qwell/disorder-in-the-court", "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"], ["2023", "CVE-2023-28342", "Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.", "https://github.com/r00t4dm/r00t4dm", "No PoCs from references."], ["2023", "CVE-2023-1523", "Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.", "No PoCs found on GitHub currently.", "https://marc.info/?l=oss-security&m=167879021709955&w=2"], ["2023", "CVE-2023-30744", "In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication. \u00a0A subsequent call to one of these methods can read or change the state of existing services without any effect on availability.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-41729", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <=\u00a01.22.3.31 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52558", "In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a\u00a0network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41669", "Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <=\u00a01.06 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-36308", "** DISPUTED ** disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence", "No PoCs found on GitHub currently.", "https://github.com/disintegration/imaging/issues/165"], ["2023", "CVE-2023-1463", "Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6"], ["2023", "CVE-2023-32490", "Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.", "No PoCs found on GitHub currently.", "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"], ["2023", "CVE-2023-3566", "A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233359. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md
https://youtu.be/ouwud0PlHkE"], ["2023", "CVE-2023-4097", "The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26081", "In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.", "No PoCs found on GitHub currently.", "https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x"], ["2023", "CVE-2023-32802", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <=\u00a01.9.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42791", "A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31568", "Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.", "No PoCs found on GitHub currently.", "https://github.com/podofo/podofo/issues/72"], ["2023", "CVE-2023-46009", "gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/kohler/gifsicle/issues/196"], ["2023", "CVE-2023-4699", "Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.", "https://github.com/Scottzxor/Citrix-Bleed-Buffer-Overread-Demo
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-4508", "A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.", "No PoCs found on GitHub currently.", "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a
https://github.com/gerbv/gerbv/commit/dfb5aac533a3f9e8ccd93ca217a753258cba4fe5
https://github.com/gerbv/gerbv/issues/191"], ["2023", "CVE-2023-36994", "In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2004", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "No PoCs found on GitHub currently.", "https://bugzilla.redhat.com/show_bug.cgi?id=2186428"], ["2023", "CVE-2023-2395", "A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/15
https://vuldb.com/?id.227673"], ["2023", "CVE-2023-46596", "Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33263", "In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/172560/WFTPD-3.25-Credential-Disclosure.html"], ["2023", "CVE-2023-52216", "Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38886", "An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.", "No PoCs found on GitHub currently.", "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf"], ["2023", "CVE-2023-29863", "Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.", "No PoCs found on GitHub currently.", "https://medium.com/@waadalbyalii5/sql-injection-in-wsdl-file-c66fa00042f5"], ["2023", "CVE-2023-3368", "Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-3368/"], ["2023", "CVE-2023-37829", "A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3228", "Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/0a7ee1fb-e693-4259-abf8-a2c3218c1647"], ["2023", "CVE-2023-52356", "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "https://github.com/PromptFuzz/PromptFuzz", "https://gitlab.com/libtiff/libtiff/-/issues/622"], ["2023", "CVE-2023-29923", "PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.", "https://github.com/1820112015/CVE-2023-29923
https://github.com/CKevens/CVE-2023-29923-Scan
https://github.com/KayCHENvip/vulnerability-poc
https://github.com/Le1a/CVE-2023-29923
https://github.com/Threekiii/Awesome-POC
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-5724", "Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41127", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster \u2013 Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster \u2013 Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1.", "https://github.com/parkttule/parkttule", "No PoCs from references."], ["2023", "CVE-2023-50253", "Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.", "No PoCs found on GitHub currently.", "https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f"], ["2023", "CVE-2023-46747", "Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "https://github.com/AliBrTab/CVE-2023-46747-POC
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/GhostTroops/TOP
https://github.com/MD-SEC/MDPOCS
https://github.com/Marco-zcl/POC
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/Threekiii/CVE
https://github.com/W01fh4cker/CVE-2023-46747-RCE
https://github.com/bhaveshharmalkar/learn365
https://github.com/bijaysenihang/CVE-2023-46747-Mass-RCE
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/f1tao/awesome-iot-security-resource
https://github.com/fu2x2000/CVE-2023-46747
https://github.com/getdrive/PoC
https://github.com/hktalent/TOP
https://github.com/irgoncalves/awesome-security-articles
https://github.com/maniak-academy/Mitigate-CVE-2023-46747
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/nvansluis/test_cve-2023-46747
https://github.com/sanjai-AK47/CVE-2023-22518
https://github.com/sanjai-AK47/CVE-2023-22527
https://github.com/sanjai-AK47/CVE-2023-46747
https://github.com/tanjiti/sec_profile
https://github.com/vidura2/cve-2023-46747
https://github.com/wy876/POC
https://github.com/xingchennb/POC-
https://github.com/y4v4z/CVE-2023-46747-POC", "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"], ["2023", "CVE-2023-22057", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-49539", "Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter.", "https://github.com/geraldoalcantara/CVE-2023-49539
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-4448", "A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.237569"], ["2023", "CVE-2023-20043", "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.

This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.", "https://github.com/Live-Hack-CVE/CVE-2023-20043", "No PoCs from references."], ["2023", "CVE-2023-2055", "A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/config_save.php. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225940.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.225940"], ["2023", "CVE-2023-29731", "SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service.", "No PoCs found on GitHub currently.", "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29731/CVE%20detail.md"], ["2023", "CVE-2023-49428", "Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.", "No PoCs found on GitHub currently.", "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetOnlineDevName.md"], ["2023", "CVE-2023-34452", "Grav is a flat-file content management system. In versions 1.7.42 and prior, the \"/forgot_password\" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the \"email\" parameter of the request. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user's browser, the impact is limited as it requires user interaction to trigger the vulnerability. As of time of publication, a patch is not available. Server-side validation should be implemented to prevent this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/getgrav/grav/security/advisories/GHSA-xcr8-cc2j-62fc"], ["2023", "CVE-2023-50342", "HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. \u00a0A user can obtain certain details about another user as a result of improper access control.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38997", "A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://logicaltrust.net/blog/2023/08/opnsense.html"], ["2023", "CVE-2023-52307", "Stack overflow in paddle.linalg.lu_unpack\u00a0in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md"], ["2023", "CVE-2023-3279", "The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/3b7a7070-8d61-4ff8-b003-b4ff06221635"], ["2023", "CVE-2023-39669", "D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24998", "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Threekiii/CVE
https://github.com/muneebaashiq/MBProjects
https://github.com/nice1st/CVE-2023-24998
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-22006", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "https://github.com/motoyasu-saburi/reported_vulnerability", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-43251", "XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.", "https://github.com/mrtouch93/exploits", "http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2023/Oct/15"], ["2023", "CVE-2023-5557", "A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24728", "Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the contact parameter in the user profile update function.", "No PoCs found on GitHub currently.", "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip"], ["2023", "CVE-2023-40038", "Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)", "https://github.com/actuator/cve", "No PoCs from references."], ["2023", "CVE-2023-36936", "Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com"], ["2023", "CVE-2023-46474", "File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.", "https://github.com/Xn2/CVE-2023-46474
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-27893", "An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform.\u00a0 Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-34973", "An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQuTS hero h5.1.0.2424 build 20230609 and later", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33381", "A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function.", "https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-33010", "A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors", "No PoCs from references."], ["2023", "CVE-2023-40178", "Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5.", "No PoCs found on GitHub currently.", "https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw"], ["2023", "CVE-2023-4878", "Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/655c4f77-04b2-4220-bfaf-a4d99fe86703"], ["2023", "CVE-2023-47489", "CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.", "https://github.com/nitipoom-jar/CVE-2023-47489
https://github.com/nomi-sec/PoC-in-GitHub", "https://bugplorer.github.io/cve-csv-itop/
https://nitipoom-jar.github.io/CVE-2023-47489/"], ["2023", "CVE-2023-23399", "Microsoft Excel Remote Code Execution Vulnerability", "https://github.com/2lambda123/CVE-mitre
https://github.com/ARPSyndicate/cvemon
https://github.com/nu11secur1ty/CVE-mitre", "http://packetstormsecurity.com/files/171767/Microsoft-Excel-365-MSO-2302-Build-16.0.16130.20186-Remote-Code-Execution.html"], ["2023", "CVE-2023-27401", "A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20308, ZDI-CAN-20345)", "https://github.com/ARPSyndicate/cvemon
https://github.com/dhn/dhn", "No PoCs from references."], ["2023", "CVE-2023-4969", "A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.", "https://github.com/trailofbits/publications", "https://blog.trailofbits.com
https://kb.cert.org/vuls/id/446598
https://www.kb.cert.org/vuls/id/446598"], ["2023", "CVE-2023-30368", "Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function.", "No PoCs found on GitHub currently.", "https://github.com/2205794866/Tenda/blob/main/AC5/1.md"], ["2023", "CVE-2023-43200", "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.", "No PoCs found on GitHub currently.", "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.md"], ["2023", "CVE-2023-43191", "SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft", "https://github.com/etn0tw/cmscve_test
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34761", "An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.", "https://github.com/actuator/7-Eleven-Bluetooth-Smart-Cup-Jailbreak
https://github.com/actuator/cve
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-36664", "Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).", "https://github.com/BC-SECURITY/Moriarty
https://github.com/JeanChpt/CVE-2023-36664
https://github.com/SrcVme50/Hospital
https://github.com/izj007/wechat
https://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/winkler-winsen/Scan_GhostScript", "No PoCs from references."], ["2023", "CVE-2023-50071", "Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/geraldoalcantara/CVE-2023-50071
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-2366", "A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.227642"], ["2023", "CVE-2023-29402", "The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via \"go get\", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-31144", "Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-29542", "A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code.*This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox\u00a0and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1810793
https://bugzilla.mozilla.org/show_bug.cgi?id=1815062"], ["2023", "CVE-2023-0323", "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343"], ["2023", "CVE-2023-43340", "Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/-CVE-2023-43340-Evolution-Reflected-XSS---Installation-Admin-Options", "https://github.com/sromanhu/-CVE-2023-43340-Evolution-Reflected-XSS---Installation-Admin-Options
https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Admin-Options"], ["2023", "CVE-2023-4829", "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/babd73ca-6c80-4145-8c7d-33a883fe606b"], ["2023", "CVE-2023-23059", "An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html"], ["2023", "CVE-2023-25652", "Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.", "https://github.com/9069332997/session-1-full-stack
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46821", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5842", "Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.", "https://github.com/blakduk/Advisories
https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3"], ["2023", "CVE-2023-46722", "The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.", "https://github.com/tht1997/tht1997", "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f"], ["2023", "CVE-2023-0024", "SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-6528", "The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46662", "Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.", "No PoCs found on GitHub currently.", "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"], ["2023", "CVE-2023-38471", "A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.", "https://github.com/adegoodyer/kubernetes-admin-toolkit", "No PoCs from references."], ["2023", "CVE-2023-0164", "OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function.", "No PoCs found on GitHub currently.", "https://fluidattacks.com/advisories/queen/"], ["2023", "CVE-2023-44767", "A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-44767_RiteCMS-File-Upload--XSS---Filemanager", "https://github.com/sromanhu/RiteCMS-File-Upload--XSS---Filemanager/blob/main/README.md"], ["2023", "CVE-2023-33197", "Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.", "No PoCs found on GitHub currently.", "https://github.com/craftcms/cms/security/advisories/GHSA-6qjx-787v-6pxr"], ["2023", "CVE-2023-25811", "Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-553g-fcpf-m3wp"], ["2023", "CVE-2023-50376", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5590", "NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99"], ["2023", "CVE-2023-5601", "The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.", "https://github.com/codeb0ss/CVE-2023-5601-PoC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-36563", "Microsoft WordPad Information Disclosure Vulnerability", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors", "No PoCs from references."], ["2023", "CVE-2023-27586", "CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default.", "https://github.com/karimhabush/cyberowl", "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv"], ["2023", "CVE-2023-35809", "An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174301/SugarCRM-12.2.0-Bean-Manipulation.html"], ["2023", "CVE-2023-52362", "Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29917", "H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/rJJzEg1e3"], ["2023", "CVE-2023-5481", "Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5710", "The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27497", "Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-27706", "Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.", "https://github.com/RedTeamPentesting/bitwarden-windows-hello", "No PoCs from references."], ["2023", "CVE-2023-36472", "Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.", "No PoCs found on GitHub currently.", "https://github.com/strapi/strapi/security/advisories/GHSA-v8gg-4mq2-88q4"], ["2023", "CVE-2023-1319", "Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.", "https://github.com/indevi0us/indevi0us", "https://huntr.dev/bounties/a822067a-d90d-4c3e-b9ef-9b2a5c2bc97f"], ["2023", "CVE-2023-28578", "Memory corruption in Core Services while executing the command for removing a single event listener.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6579", "A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176124/osCommerce-4-SQL-Injection.html"], ["2023", "CVE-2023-27805", "H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/EditSTList"], ["2023", "CVE-2023-46773", "Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38560", "An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.", "https://github.com/fullwaywang/QlRules", "No PoCs from references."], ["2023", "CVE-2023-33317", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <=\u00a02.1.6 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33086", "Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-20026", "A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device.

This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.", "No PoCs found on GitHub currently.", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"], ["2023", "CVE-2023-2030", "An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/netlas-io/netlas-dorks", "No PoCs from references."], ["2023", "CVE-2023-28438", "Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-25743", "A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.
*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1800203"], ["2023", "CVE-2023-46930", "GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.", "No PoCs found on GitHub currently.", "https://github.com/gpac/gpac/issues/2666"], ["2023", "CVE-2023-46780", "Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <=\u00a01.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2183", "Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.", "No PoCs found on GitHub currently.", "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3"], ["2023", "CVE-2023-2212", "A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.226977"], ["2023", "CVE-2023-36813", "Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.", "No PoCs found on GitHub currently.", "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx"], ["2023", "CVE-2023-34916", "Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.", "No PoCs found on GitHub currently.", "https://github.com/fuge/cms/issues/4"], ["2023", "CVE-2023-38602", "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-38593", "A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-29576", "Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.", "https://github.com/z1r00/fuzz_vuln", "https://github.com/axiomatic-systems/Bento4/issues/844
https://github.com/z1r00/fuzz_vuln/blob/main/Bento4/mp4decrypt/sigv/readme.md"], ["2023", "CVE-2023-44986", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <=\u00a05.15.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34615", "An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.", "No PoCs found on GitHub currently.", "https://github.com/billdavidson/JSONUtil/issues/10"], ["2023", "CVE-2023-36481", "An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop.", "https://github.com/N3vv/N3vv
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50294", "The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.", "https://github.com/a-zara-n/a-zara-n", "No PoCs from references."], ["2023", "CVE-2023-34755", "bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.", "No PoCs found on GitHub currently.", "https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability"], ["2023", "CVE-2023-27524", "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.", "https://github.com/20142995/sectool
https://github.com/Awrrays/FrameVul
https://github.com/CN016/Apache-Superset-SECRET_KEY-CVE-2023-27524-
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/KayCHENvip/vulnerability-poc
https://github.com/MaanVader/CVE-2023-27524-POC
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/NguyenCongHaiNam/Research-CVE-2023-27524
https://github.com/Okaytc/Superset_auth_bypass_check
https://github.com/Ostorlab/KEV
https://github.com/Pari-Malam/CVE-2023-27524
https://github.com/TardC/CVE-2023-27524
https://github.com/ThatNotEasy/CVE-2023-27524
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/CVE
https://github.com/XRSec/AWVS-Update
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/aleksey-vi/offzone_2023
https://github.com/aleksey-vi/presentation-report
https://github.com/antx-code/CVE-2023-27524
https://github.com/d-rn/vulBox
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/gobysec/Research
https://github.com/hktalent/TOP
https://github.com/horizon3ai/CVE-2023-27524
https://github.com/jakabakos/CVE-2023-27524-Apache-Superset-Auth-Bypass-and-RCE
https://github.com/lions2012/Penetration_Testing_POC
https://github.com/machevalia/ButProxied
https://github.com/necroteddy/CVE-2023-27524
https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/nvn1729/advisories
https://github.com/summerainX/vul_poc
https://github.com/todb-cisa/kev-cwes
https://github.com/togacoder/superset_study", "http://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html
http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"], ["2023", "CVE-2023-6858", "Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31030", "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33135", ".NET and Visual Studio Elevation of Privilege Vulnerability", "https://github.com/ycdxsb/ycdxsb", "No PoCs from references."], ["2023", "CVE-2023-26759", "Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component.", "No PoCs found on GitHub currently.", "https://www.swascan.com/it/security-advisory-sme-up-erp/"], ["2023", "CVE-2023-43325", "A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.", "https://github.com/ahrixia/CVE-2023-43325
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ahrixia/CVE-2023-43325"], ["2023", "CVE-2023-34644", "Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.", "https://github.com/tanjiti/sec_profile", "https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389/"], ["2023", "CVE-2023-36741", "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45629", "Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery \u2013 Image and Video Gallery with Thumbnails plugin <=\u00a02.0.3 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46992", "TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.", "No PoCs found on GitHub currently.", "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md"], ["2023", "CVE-2023-5563", "The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.", "No PoCs found on GitHub currently.", "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv"], ["2023", "CVE-2023-2092", "A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves
https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-2303", "The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "No PoCs found on GitHub currently.", "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita"], ["2023", "CVE-2023-31061", "Repetier Server through 1.4.10 does not have CSRF protection.", "No PoCs found on GitHub currently.", "https://cybir.com/2023/cve/poc-repetier-server-140/"], ["2023", "CVE-2023-48880", "A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.", "https://github.com/DiliLearngent/BugReport", "No PoCs from references."], ["2023", "CVE-2023-44794", "An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.", "https://github.com/m4ra7h0n/m4ra7h0n", "No PoCs from references."], ["2023", "CVE-2023-38482", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QualityUnit Post Affiliate Pro plugin <=\u00a01.25.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42298", "An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.", "No PoCs found on GitHub currently.", "https://github.com/gpac/gpac/issues/2567"], ["2023", "CVE-2023-28808", "Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-5573", "Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/46a2bb2c-712a-4008-a147-b862e3af7d72"], ["2023", "CVE-2023-43275", "Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.", "No PoCs found on GitHub currently.", "https://github.com/thedarknessdied/dedecms/blob/main/v5.7_110-CSRF.md"], ["2023", "CVE-2023-45779", "In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.", "https://github.com/metaredteam/rtx-cve-2023-45779
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962
https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html"], ["2023", "CVE-2023-26609", "ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.", "https://github.com/ARPSyndicate/cvemon
https://github.com/D1G17/CVE-2023-26609
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/171136/ABUS-Security-Camera-TVIP-20000-21150-LFI-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2023/Feb/16
https://nwsec.de/NWSSA-001-2023.txt"], ["2023", "CVE-2023-0216", "An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Tuttu7/Yum-command
https://github.com/a23au/awe-base-images
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/stkcat/awe-base-images", "No PoCs from references."], ["2023", "CVE-2023-31071", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <=\u00a03.5.14 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-29537", "Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1823365"], ["2023", "CVE-2023-33034", "Memory corruption while parsing the ADSP response command.", "https://github.com/Moonshieldgru/Moonshieldgru", "No PoCs from references."], ["2023", "CVE-2023-31131", "Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.", "https://github.com/Sim4n6/Sim4n6", "No PoCs from references."], ["2023", "CVE-2023-46450", "Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yte121/-CVE-2023-46450", "https://github.com/yte121/-CVE-2023-46450/
https://youtu.be/LQy0_xIK2q0"], ["2023", "CVE-2023-45639", "Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <=\u00a010.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36751", "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", "https://github.com/sudo-jtcsec/CVE", "No PoCs from references."], ["2023", "CVE-2023-34654", "taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).", "No PoCs found on GitHub currently.", "https://github.com/ae6e361b/taocms-XSS"], ["2023", "CVE-2023-52041", "An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.", "No PoCs found on GitHub currently.", "https://kee02p.github.io/2024/01/13/CVE-2023-52041/"], ["2023", "CVE-2023-5522", "Mattermost Mobile fails to limit\u00a0the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and\u00a0freeze the mobile app of users when viewing that particular channel.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27534", "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "https://github.com/1g-v/DevSec_Docker_lab
https://github.com/L-ivan7/-.-DevSec_Docker
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-25431", "An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.", "No PoCs found on GitHub currently.", "https://github.com/hundanchen69/bug_report/blob/main/vendors/janobe/Online%20Reviewer%20Management%20System/XSS-1.md"], ["2023", "CVE-2023-52150", "Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0247", "Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/cab50e44-0995-4ac1-a5d5-889293b9704f"], ["2023", "CVE-2023-2342", "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "https://github.com/clearbluejar/ghidriff
https://github.com/khanhchauminh/khanhchauminh", "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829"], ["2023", "CVE-2023-26489", "wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-controlled load/store operation could read/write addresses up to 35 bits away from the base of linear memory. Due to this bug, however, addresses up to `0xffffffff * 8 + 0x7ffffffc = 36507222004 = ~34G` bytes away from the base of linear memory are possible from guest code. This means that the virtual memory 6G away from the base of linear memory up to ~34G away can be read/written by a malicious module. A guest module can, without the knowledge of the embedder, read/write memory in this region. The memory may belong to other WebAssembly instances when using the pooling allocator, for example. Affected embedders are recommended to analyze preexisting wasm modules to see if they're affected by the incorrect codegen rules and possibly correlate that with an anomalous number of traps during historical execution to locate possibly suspicious modules. The specific bug in Cranelift's x86_64 backend is that a WebAssembly address which is left-shifted by a constant amount from 1 to 3 will get folded into x86_64's addressing modes which perform shifts. For example `(i32.load (i32.shl (local.get 0) (i32.const 3)))` loads from the WebAssembly address `$local0 << 3`. When translated to Cranelift the `$local0 << 3` computation, a 32-bit value, is zero-extended to a 64-bit value and then added to the base address of linear memory. Cranelift would generate an instruction of the form `movl (%base, %local0, 8), %dst` which calculates `%base + %local0 << 3`. The bug here, however, is that the address computation happens with 64-bit values, where the `$local0 << 3` computation was supposed to be truncated to a a 32-bit value. This means that `%local0`, which can use up to 32-bits for an address, gets 3 extra bits of address space to be accessible via this `movl` instruction. The fix in Cranelift is to remove the erroneous lowering rules in the backend which handle these zero-extended expression. The above example is then translated to `movl %local0, %temp; shl $3, %temp; movl (%base, %temp), %dst` which correctly truncates the intermediate computation of `%local0 << 3` to 32-bits inside the `%temp` register which is then added to the `%base` value. Wasmtime version 4.0.1, 5.0.1, and 6.0.1 have been released and have all been patched to no longer contain the erroneous lowering rules. While updating Wasmtime is recommended, there are a number of possible workarounds that embedders can employ to mitigate this issue if updating is not possible. Note that none of these workarounds are on-by-default and require explicit configuration: 1. The `Config::static_memory_maximum_size(0)` option can be used to force all accesses to linear memory to be explicitly bounds-checked. This will perform a bounds check separately from the address-mode computation which correctly calculates the effective address of a load/store. Note that this can have a large impact on the execution performance of WebAssembly modules. 2. The `Config::static_memory_guard_size(1 << 36)` option can be used to greatly increase the guard pages placed after linear memory. This will guarantee that memory accesses up-to-34G away are guaranteed to be semantically correct by reserving unmapped memory for the instance. Note that this reserves a very large amount of virtual memory per-instances and can greatly reduce the maximum number of concurrent instances being run. 3. If using a non-x86_64 host is possible, then that will also work around this bug. This bug does not affect Wasmtime's or Cranelift's AArch64 backend, for example.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-0307", "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"], ["2023", "CVE-2023-38583", "A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29566", "huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.", "No PoCs found on GitHub currently.", "https://github.com/omnitaint/Vulnerability-Reports/blob/ec3645003c7f8996459b5b24c722474adc2d599f/reports/dawnsparks-node-tesseract/report.md"], ["2023", "CVE-2023-36803", "Windows Kernel Information Disclosure Vulnerability", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175109/Microsoft-Windows-Kernel-Out-Of-Bounds-Reads-Memory-Disclosure.html"], ["2023", "CVE-2023-2193", "Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.", "No PoCs found on GitHub currently.", "https://mattermost.com/security-updates/"], ["2023", "CVE-2023-43364", "main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.", "No PoCs found on GitHub currently.", "https://github.com/advisories/GHSA-66m2-493m-crh2
https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-
https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection"], ["2023", "CVE-2023-38911", "A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.", "No PoCs found on GitHub currently.", "https://github.com/desencrypt/CVE/blob/main/CVE-2023-38911/Readme.md"], ["2023", "CVE-2023-32309", "PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax `--8<--\"/etc/passwd\"` or `--8<--\"/proc/self/environ\"` the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to render the content of a file outside the specified base paths: `--8<-- \"../../../../etc/passwd\"`. Within the Snippets extension, there exists a `base_path` option but the implementation is vulnerable to Directory Traversal. The vulnerable section exists in `get_snippet_path(self, path)` lines 155 to 174 in snippets.py. Any readable file on the host where the plugin is executing may have its content exposed. This can impact any use of Snippets that exposes the use of Snippets to external users. It is never recommended to use Snippets to process user-facing, dynamic content. It is designed to process known content on the backend under the control of the host, but if someone were to accidentally enable it for user-facing content, undesired information could be exposed. This issue has been addressed in version 10.0. Users are advised to upgrade. Users unable to upgrade may restrict relative paths by filtering input.", "https://github.com/MaxymVlasov/renovate-vuln-alerts
https://github.com/renovate-reproductions/22747", "https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-jh85-wwv9-24hv"], ["2023", "CVE-2023-38430", "An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0125", "A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/SQU4NCH/SQU4NCH", "https://vuldb.com/?id.217717"], ["2023", "CVE-2023-5640", "The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability.", "No PoCs found on GitHub currently.", "https://devl00p.github.io/posts/Injection-SQL-dans-le-plugin-Wordpress-Article-Analytics/"], ["2023", "CVE-2023-29847", "AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.", "https://github.com/karimhabush/cyberowl", "https://github.com/MegaTKC/AeroCMS/issues/11"], ["2023", "CVE-2023-28428", "PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1.", "No PoCs found on GitHub currently.", "https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf"], ["2023", "CVE-2023-1249", "A use-after-free flaw was found in the Linux kernel\u2019s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 (\"coredump: Use the vma snapshot in fill_files_note\") not applied yet, then kernel could be affected.", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html"], ["2023", "CVE-2023-27487", "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue.", "No PoCs found on GitHub currently.", "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g"], ["2023", "CVE-2023-36462", "Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29907", "H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/rk-6aRRyn"], ["2023", "CVE-2023-52372", "Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-25582", "Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1723"], ["2023", "CVE-2023-34567", "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/H1xUqzfHh"], ["2023", "CVE-2023-33096", "Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46763", "Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2160", "Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "https://huntr.dev/bounties/54fb6d6a-6b39-45b6-b62a-930260ba484b"], ["2023", "CVE-2023-45998", "kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6569", "External Control of File Name or Path in h2oai/h2o-3", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/a5d003dc-c23e-4c98-8dcf-35ba9252fa3c"], ["2023", "CVE-2023-46672", "An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.elastic.co/community/security"], ["2023", "CVE-2023-6478", "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45889", "A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612.", "No PoCs found on GitHub currently.", "https://blog.zerdle.net/classlink/
https://blog.zerdle.net/classlink2/"], ["2023", "CVE-2023-1189", "A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is the function 0x222400/0x222404/0x222410 in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-222361 was assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1189
https://vuldb.com/?id.222361"], ["2023", "CVE-2023-1218", "Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-41012", "An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism.", "No PoCs found on GitHub currently.", "https://github.com/te5tb99/For-submitting/wiki/Command-Execution-Vulnerability-in-China-Mobile-Intelligent-Home-Gateway-HG6543C4-Identity-verification-has-design-flaws"], ["2023", "CVE-2023-27747", "BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.", "https://github.com/ARPSyndicate/cvemon
https://github.com/eyJhb/blackvue-cve-2023", "No PoCs from references."], ["2023", "CVE-2023-48620", "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1358", "A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-6538", "SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.", "https://github.com/Arszilla/CVE-2023-5808
https://github.com/Arszilla/CVE-2023-6538
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-22022", "Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality). Supported versions that are affected are 3.1.0.2, 3.1.1.3 and 3.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences Sciences Data Management Workbench accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-33356", "IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).", "No PoCs found on GitHub currently.", "https://github.com/Thecosy/IceCMS/issues/8"], ["2023", "CVE-2023-38521", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Exifography plugin <=\u00a01.3.1 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5852", "Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29552", "The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-34932", "A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "No PoCs found on GitHub currently.", "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34932.md"], ["2023", "CVE-2023-22325", "A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1736"], ["2023", "CVE-2023-2236", "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Both\u00a0io_install_fixed_file\u00a0and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.", "No PoCs found on GitHub currently.", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d94c04c0db024922e886c9fd429659f22f48ea4"], ["2023", "CVE-2023-40139", "In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/abhishekg999/CTFWriteups", "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33"], ["2023", "CVE-2023-49948", "Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL.", "https://github.com/codeb0ss/CVE-2023-49948-PoC", "No PoCs from references."], ["2023", "CVE-2023-5687", "Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/33f95510-cdee-460e-8e61-107874962f2d"], ["2023", "CVE-2023-50061", "PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher().", "No PoCs found on GitHub currently.", "https://security.friendsofpresta.org/modules/2024/02/08/oparteasyredirect.html"], ["2023", "CVE-2023-27500", "An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-36674", "An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38865", "COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.", "No PoCs found on GitHub currently.", "https://github.com/TTY-flag/my_iot_vul/tree/main/COMFAST/CF-XR11/Command_Inject5"], ["2023", "CVE-2023-23298", "The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.", "No PoCs found on GitHub currently.", "https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23298.md"], ["2023", "CVE-2023-30378", "In Tenda AC15 V15.03.05.19, the function \"sub_8EE8\" contains a stack-based buffer overflow vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/2205794866/Tenda/blob/main/AC15/5.md"], ["2023", "CVE-2023-47619", "Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf/"], ["2023", "CVE-2023-4979", "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f"], ["2023", "CVE-2023-37689", "Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/rt122001/CVES/blob/main/CVE-2023-37689.txt"], ["2023", "CVE-2023-24769", "Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the \"Add a new change detection watch\" function.", "No PoCs found on GitHub currently.", "https://www.edoardoottavianelli.it/CVE-2023-24769
https://www.youtube.com/watch?v=TRTpRlkU3Hc"], ["2023", "CVE-2023-38766", "Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.", "https://github.com/0x72303074/CVE-Disclosures", "No PoCs from references."], ["2023", "CVE-2023-34872", "A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.", "No PoCs found on GitHub currently.", "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399"], ["2023", "CVE-2023-27992", "The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u00a0V5.21(AAZF.14)C0, NAS540 firmware versions prior to\u00a0V5.21(AATB.11)C0, and NAS542\u00a0firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/todb-cisa/kev-cwes", "No PoCs from references."], ["2023", "CVE-2023-37798", "A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.", "No PoCs found on GitHub currently.", "https://www.cyderes.com/blog/cve-2023-37798-stored-cross-site-scripting-in-vanderbilt-redcap/"], ["2023", "CVE-2023-24678", "A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a Denial of Service (DoS) via a crafted Zigbee message.", "https://github.com/ARPSyndicate/cvemon
https://github.com/iot-sec23/HubFuzzer", "No PoCs from references."], ["2023", "CVE-2023-38677", "FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md"], ["2023", "CVE-2023-22374", "A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/ARPSyndicate/cvemon
https://github.com/H4lo/awesome-IoT-security-article
https://github.com/Threekiii/CVE
https://github.com/UNC1739/awesome-vulnerability-research
https://github.com/f0cus77/awesome-iot-security-resource
https://github.com/f1tao/awesome-iot-security-resource
https://github.com/wr0x00/Lsploit", "No PoCs from references."], ["2023", "CVE-2023-31294", "CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.", "No PoCs found on GitHub currently.", "https://herolab.usd.de/en/security-advisories/usd-2022-0052/"], ["2023", "CVE-2023-5895", "Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/2cc80417-32b2-4024-bbcd-d95a039c11ae"], ["2023", "CVE-2023-5796", "A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.243602"], ["2023", "CVE-2023-52075", "ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching.", "No PoCs found on GitHub currently.", "https://github.com/ReVanced/revanced-api/security/advisories/GHSA-852x-grxp-8p3q"], ["2023", "CVE-2023-4868", "A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://skypoc.wordpress.com/2023/09/05/vuln1/"], ["2023", "CVE-2023-4928", "SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/cb72cc17-5a0d-4392-9a5f-a13aa773de9e"], ["2023", "CVE-2023-50030", "In the module \"Jms Setting\" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://security.friendsofpresta.org/modules/2024/01/16/jmssetting.html"], ["2023", "CVE-2023-43241", "D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.", "No PoCs found on GitHub currently.", "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/823G/SetWLanRadioSecurity/1.md"], ["2023", "CVE-2023-52135", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33140", "Microsoft OneNote Spoofing Vulnerability", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173064/Microsoft-OneNote-2305-Build-16.0.16501.20074-Spoofing.html"], ["2023", "CVE-2023-2327", "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "https://github.com/khanhchauminh/khanhchauminh", "https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6"], ["2023", "CVE-2023-3269", "A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.", "https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/GhostTroops/TOP
https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation
https://github.com/LumaKernel/awesome-stars
https://github.com/Snoopy-Sec/Localroot-ALL-CVE
https://github.com/aneasystone/github-trending
https://github.com/giterlizzi/secdb-feeds
https://github.com/hktalent/TOP
https://github.com/izj007/wechat
https://github.com/johe123qwe/github-trending
https://github.com/kherrick/hacker-news
https://github.com/kun-g/Scraping-Github-trending
https://github.com/lrh2000/StackRot
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/xairy/linux-kernel-exploitation", "http://seclists.org/fulldisclosure/2023/Jul/43
http://www.openwall.com/lists/oss-security/2023/07/28/1
http://www.openwall.com/lists/oss-security/2023/08/25/4"], ["2023", "CVE-2023-36407", "Windows Hyper-V Elevation of Privilege Vulnerability", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/pwndorei/CVE-2023-36407", "No PoCs from references."], ["2023", "CVE-2023-41166", "An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.", "No PoCs found on GitHub currently.", "https://advisories.stormshield.eu/2023-027"], ["2023", "CVE-2023-46805", "An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.", "https://github.com/20142995/sectool
https://github.com/Chocapikk/CVE-2023-46805
https://github.com/H4lo/awesome-IoT-security-article
https://github.com/HiS3/Ivanti-ICT-Snapshot-decryption
https://github.com/Ostorlab/KEV
https://github.com/TheRedDevil1/Check-Vulns-Script
https://github.com/cbeek-r7/CVE-2023-46805
https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887
https://github.com/emo-crab/attackerkb-api-rs
https://github.com/farukokutan/Threat-Intelligence-Research-Reports
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/inguardians/ivanti-VPN-issues-2024-research
https://github.com/jake-44/Research
https://github.com/jaredfolkins/5min-cyber-notes
https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887
https://github.com/rxwx/pulse-meter
https://github.com/seajaysec/Ivanti-Connect-Around-Scan
https://github.com/stephen-murcott/Ivanti-ICT-Snapshot-decryption
https://github.com/tanjiti/sec_profile
https://github.com/w2xim3/CVE-2023-46805
https://github.com/yoryio/CVE-2023-46805
https://github.com/zwxxb/CVE-2023-21887", "http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html"], ["2023", "CVE-2023-48614", "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-22016", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-0391", "MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.", "No PoCs found on GitHub currently.", "https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-same-ssl-certificate-private-key/"], ["2023", "CVE-2023-5866", "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"], ["2023", "CVE-2023-2105", "Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/de213e0b-a227-4fc3-bbe7-0b33fbf308e1"], ["2023", "CVE-2023-36895", "Microsoft Outlook Remote Code Execution Vulnerability", "https://github.com/jake-44/Research", "No PoCs from references."], ["2023", "CVE-2023-4409", "A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237512.", "https://github.com/ApricityXX/cve", "https://vuldb.com/?id.237512"], ["2023", "CVE-2023-4549", "The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.", "https://github.com/b0marek/CVE-2023-4549
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-49438", "An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.", "https://github.com/brandon-t-elliott/CVE-2023-49438
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/brandon-t-elliott/CVE-2023-49438"], ["2023", "CVE-2023-33222", "When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52257", "LogoBee 0.2 allows updates.php?id= XSS.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/174815"], ["2023", "CVE-2023-43123", "On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. This affects the class\u00a0 https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 \u00a0and was introduced by\u00a0 https://issues.apache.org/jira/browse/STORM-3123 In practice, this has a very limited impact as this class is used only if\u00a0ui.disable.spout.lag.monitoring is set to false, but its value is true by default.Moreover, the temporary file gets deleted soon after its creation.The solution is to use\u00a0 Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) \u00a0instead.We recommend that all users upgrade to the latest version of Apache Storm.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-37928", "A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.", "No PoCs found on GitHub currently.", "https://bugprove.com/knowledge-hub/cve-2023-37927-and-cve-2023-37928-multiple-post-auth-blind-os-command-and-python-code-injection-vulnerabilities-in-zyxel-s-nas-326-devices/"], ["2023", "CVE-2023-36456", "authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used.This poses a possible security risk when someone has flows or policies that check the user's IP address, e.g. when they want to ignore the user's 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account's log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to.Versions 2023.4.3 and 2023.5.5 contain a patch for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34553", "An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack.", "No PoCs found on GitHub currently.", "https://ashallen.net/wireless-smart-lock-vulnerability-disclosure"], ["2023", "CVE-2023-3238", "A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231509 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md"], ["2023", "CVE-2023-37839", "An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-22047", "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-48946", "An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.", "No PoCs found on GitHub currently.", "https://github.com/openlink/virtuoso-opensource/issues/1178"], ["2023", "CVE-2023-0051", "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.", "https://github.com/ARPSyndicate/cvemon", "https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9"], ["2023", "CVE-2023-46757", "The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2154", "A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/?page=reminders/view_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226275.", "No PoCs found on GitHub currently.", "https://youtu.be/teK82KkWtdA"], ["2023", "CVE-2023-27821", "Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter.", "https://github.com/ARPSyndicate/cvemon
https://github.com/luelueking/luelueking", "https://github.com/luelueking/Databasir-1.0.7-vuln-poc
https://github.com/vran-dev/databasir/issues/269"], ["2023", "CVE-2023-33273", "An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind).", "https://github.com/dtssec/CVE-Disclosures
https://github.com/l4rRyxz/CVE-Disclosures", "https://github.com/l4rRyxz/CVE-Disclosures/blob/main/CVE-2023-33273.md"], ["2023", "CVE-2023-29770", "In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.", "No PoCs found on GitHub currently.", "https://github.com/sapplica/sentrifugo/issues/384"], ["2023", "CVE-2023-44483", "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.", "https://github.com/phax/ph-xmldsig", "No PoCs from references."], ["2023", "CVE-2023-0111", "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3"], ["2023", "CVE-2023-2385", "A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/5"], ["2023", "CVE-2023-2014", "Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/a77bf7ed-6b61-452e-b5ee-e20017e28d1a"], ["2023", "CVE-2023-37979", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <=\u00a03.6.25 versions.", "https://github.com/Fire-Null/CVE-2023-37979
https://github.com/Fire-Null/Write-Ups
https://github.com/Mehran-Seifalinia/CVE-2023-37979
https://github.com/codeb0ss/CVE-2023-37979
https://github.com/d0rb/CVE-2023-37979
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/173983/WordPress-Ninja-Forms-3.6.25-Cross-Site-Scripting.html"], ["2023", "CVE-2023-50303", "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5674", "The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/32a23d0d-7ece-4870-a99d-f3f344be2d67"], ["2023", "CVE-2023-46914", "SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52206", "Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-44811", "Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.", "https://github.com/ahrixia/CVE-2023-44811
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ahrixia/CVE-2023-44811"], ["2023", "CVE-2023-3576", "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "https://github.com/adegoodyer/kubernetes-admin-toolkit
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42882", "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/176536/macOS-AppleVADriver-Out-Of-Bounds-Write.html"], ["2023", "CVE-2023-36089", "** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46019", "Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter.", "https://github.com/ersinerenler/CVE-2023-46019-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability
https://github.com/ersinerenler/Code-Projects-Blood-Bank-1.0
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ersinerenler/CVE-2023-46019-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability"], ["2023", "CVE-2023-46388", "LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"], ["2023", "CVE-2023-24205", "Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml).", "No PoCs found on GitHub currently.", "https://github.com/Fndroid/clash_for_windows_pkg/issues/3891"], ["2023", "CVE-2023-4316", "Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails", "https://github.com/bdragon-org/dependabot-create-pull-requests-from-rules-2", "No PoCs from references."], ["2023", "CVE-2023-51661", "Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.", "No PoCs found on GitHub currently.", "https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j"], ["2023", "CVE-2023-6353", "Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.", "https://github.com/qwell/disorder-in-the-court", "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"], ["2023", "CVE-2023-24345", "D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.", "No PoCs found on GitHub currently.", "https://github.com/1160300418/Vuls/tree/main/D-Link/DIR-605L/curTime_Vuls/03"], ["2023", "CVE-2023-4256", "Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.", "No PoCs found on GitHub currently.", "https://github.com/appneta/tcpreplay/issues/813"], ["2023", "CVE-2023-31438", "** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "https://github.com/kastel-security/Journald", "No PoCs from references."], ["2023", "CVE-2023-36258", "An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41739", "Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2859", "Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.", "https://github.com/mnqazi/CVE-2023-2859
https://github.com/nomi-sec/PoC-in-GitHub", "https://huntr.dev/bounties/d7b8ea75-c74a-4721-89bb-12e5c80fb0ba"], ["2023", "CVE-2023-3436", "Xpdf 4.04 will deadlock on a PDF object stream whose \"Length\" field is itself in another object stream.", "No PoCs found on GitHub currently.", "https://forum.xpdfreader.com/viewtopic.php?t=42618"], ["2023", "CVE-2023-23525", "This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to gain root privileges.", "https://github.com/ARPSyndicate/cvemon
https://github.com/houjingyi233/macOS-iOS-system-security
https://github.com/jhftss/POC", "No PoCs from references."], ["2023", "CVE-2023-39026", "Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/getdrive/PoC", "http://packetstormsecurity.com/files/174491/FileMage-Gateway-1.10.9-Local-File-Inclusion.html
https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html"], ["2023", "CVE-2023-28352", "An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled.", "No PoCs found on GitHub currently.", "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories"], ["2023", "CVE-2023-52459", "In the Linux kernel, the following vulnerability has been resolved:media: v4l: async: Fix duplicated list deletionThe list deletion call dropped here is already called from thehelper function in the line before. Having a second list_del()call results in either a warning (with CONFIG_DEBUG_LIST=y):list_del corruption, c46c8198->next is LIST_POISON1 (00000100)If CONFIG_DEBUG_LIST is disabled the operation results in akernel error due to NULL pointer dereference.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41628", "An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components.", "No PoCs found on GitHub currently.", "https://jira.o-ran-sc.org/browse/RIC-1002"], ["2023", "CVE-2023-2948", "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"], ["2023", "CVE-2023-47324", "Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.", "https://github.com/RhinoSecurityLabs/CVEs", "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47324"], ["2023", "CVE-2023-32740", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <=\u00a03.8.1 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-39137", "An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.", "No PoCs found on GitHub currently.", "https://blog.ostorlab.co/zip-packages-exploitation.html
https://github.com/brendan-duncan/archive/issues/266"], ["2023", "CVE-2023-6242", "The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the evo_eventpost_update_meta function. This makes it possible for unauthenticated attackers to update arbitrary post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32843", "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849).", "https://github.com/Shangzewen/U-Fuzz
https://github.com/asset-group/5ghoul-5g-nr-attacks
https://github.com/asset-group/U-Fuzz", "No PoCs from references."], ["2023", "CVE-2023-49236", "A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30946", "A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.", "No PoCs found on GitHub currently.", "https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3"], ["2023", "CVE-2023-40544", "An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4347", "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f"], ["2023", "CVE-2023-22618", "If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42501", "Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.This issue affects Apache Superset: before 2.1.2.Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.", "https://github.com/msegoviag/msegoviag", "No PoCs from references."], ["2023", "CVE-2023-49376", "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.", "No PoCs found on GitHub currently.", "https://github.com/cui2shark/cms/blob/main/Delete%20existing%20CSRF%20in%20label%20management.md"], ["2023", "CVE-2023-30806", "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.", "No PoCs found on GitHub currently.", "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4"], ["2023", "CVE-2023-37165", "Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php.", "No PoCs found on GitHub currently.", "https://www.exploit-db.com/exploits/51450"], ["2023", "CVE-2023-51770", "Arbitrary File Read Vulnerability in Apache Dolphinscheduler.This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.", "https://github.com/Snakinya/Snakinya
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4196", "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/c275a2d4-721f-49f7-8787-b146af2056a0"], ["2023", "CVE-2023-4207", "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.", "https://github.com/hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208
https://github.com/nidhi7598/linux-4.19.72_net_CVE-2023-4207
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-30705", "Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32591", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <=\u00a03.0.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28303", "Windows Snipping Tool Information Disclosure Vulnerability", "https://github.com/ARPSyndicate/cvemon
https://github.com/frankthetank-music/Acropalypse-Multi-Tool
https://github.com/qixils/AntiCropalypse", "No PoCs from references."], ["2023", "CVE-2023-1562", "Mattermost fails to check the \"Show Full Name\" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.", "No PoCs found on GitHub currently.", "https://mattermost.com/security-updates/"], ["2023", "CVE-2023-25078", "Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2808", "Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.", "No PoCs found on GitHub currently.", "https://mattermost.com/security-updates/"], ["2023", "CVE-2023-38139", "Windows Kernel Elevation of Privilege Vulnerability", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174849/Microsoft-Windows-Kernel-Refcount-Overflow-Use-After-Free.html"], ["2023", "CVE-2023-23855", "SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-6120", "The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3946", "A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10402"], ["2023", "CVE-2023-40626", "The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.", "https://github.com/TLWebdesign/Joomla-3.10.12-languagehelper-hotfix
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-21950", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-26033", "Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the \"Recently Visited Packages\" view for the index page, the value of the `search_history` cookie is used as a base64 encoded comma separated list of atoms. These are string loaded directly into the SQL query with `atom = '%s'` format string. As a result, any user can modify the browser's cookie value and inject most SQL queries. A proof of concept malformed cookie was generated that wiped the database or changed it's content. On the database, only public data is stored, so there is no confidentiality issues to site users. If it is known that the database was modified, a full restoration of data is possible by performing a full database wipe and performing full update of all components. This issue is patched with commit id 5ae9ca83b73. Version 1.0.1 contains the patch. If users are unable to upgrade immediately, the following workarounds may be applied: (1.) Use a proxy to always drop the `search_history` cookie until upgraded. The impact on user experience is low. (2.) Sanitize to the value of `search_history` cookie after base64 decoding it.", "No PoCs found on GitHub currently.", "https://github.com/gentoo/soko/security/advisories/GHSA-gp8g-jfq9-5q2g"], ["2023", "CVE-2023-45143", "Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42820", "JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue.", "https://github.com/20142995/sectool
https://github.com/Awrrays/FrameVul
https://github.com/C1ph3rX13/CVE-2023-42819
https://github.com/C1ph3rX13/CVE-2023-42820
https://github.com/Startr4ck/cve-2023-42820
https://github.com/T0ngMystic/Vulnerability_List
https://github.com/Threekiii/CVE
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/bakery312/Vulhub-Reproduce
https://github.com/h4m5t/CVE-2023-42820
https://github.com/izj007/wechat
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/tarihub/blackjump
https://github.com/tarimoe/blackjump
https://github.com/wh-gov/CVE-2023-42820
https://github.com/wwsuixin/jumpserver", "No PoCs from references."], ["2023", "CVE-2023-28121", "An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.", "https://github.com/1337nemojj/CVE-2023-28121
https://github.com/ARPSyndicate/cvemon
https://github.com/Jenderal92/CVE-2023-28121
https://github.com/Jenderal92/WP-CVE-2023-28121
https://github.com/XRSec/AWVS-Update
https://github.com/gbrsh/CVE-2023-28121
https://github.com/getdrive/PoC
https://github.com/iluaster/getdrive_PoC
https://github.com/im-hanzou/Mass-CVE-2023-28121
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rio128128/Mass-CVE-2023-28121-kdoec", "https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/"], ["2023", "CVE-2023-32422", "This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.", "https://github.com/gergelykalman/CVE-2023-32422-a-macOS-TCC-bypass-in-sqlite
https://github.com/houjingyi233/macOS-iOS-system-security
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-48238", "joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library is the RS256 algorithm is in use, however it is a best practice to use that algorithm.", "No PoCs found on GitHub currently.", "https://github.com/joaquimserafim/json-web-token/security/advisories/GHSA-4xw9-cx39-r355"], ["2023", "CVE-2023-5209", "The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/afine-com/research", "No PoCs from references."], ["2023", "CVE-2023-5198", "An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.com/gitlab-org/gitlab/-/issues/416957"], ["2023", "CVE-2023-3705", "The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47106", "Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm"], ["2023", "CVE-2023-1591", "A vulnerability classified as critical has been found in SourceCodester Automatic Question Paper Generator System 1.0. This affects an unknown part of the file classes/Users.php?f=save_ruser. The manipulation of the argument id/email leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223659.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-45003", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin <=\u00a02.2.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-23915", "A cleartext transmission of sensitive information vulnerability exists in curl https://github.com/ARPSyndicate/cvemon
https://github.com/a23au/awe-base-images
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/stkcat/awe-base-images", "No PoCs from references."], ["2023", "CVE-2023-42663", "Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "https://github.com/Y4tacker/JavaSec", "No PoCs from references."], ["2023", "CVE-2023-1903", "SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-4165", "A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/izj007/wechat
https://github.com/mvpyyds/CVE-2023-4165
https://github.com/mvpyyds/CVE-2023-4166
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-40766", "User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"], ["2023", "CVE-2023-37207", "A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1816287"], ["2023", "CVE-2023-24167", "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.", "No PoCs found on GitHub currently.", "https://github.com/DrizzlingSun/Tenda/blob/main/AC18/1/1.md"], ["2023", "CVE-2023-49294", "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.", "No PoCs found on GitHub currently.", "https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f"], ["2023", "CVE-2023-49105", "An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.", "https://github.com/ambionics/owncloud-exploits
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-1812", "Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-4074", "Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3917", "Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.", "No PoCs found on GitHub currently.", "https://gitlab.com/gitlab-org/gitlab/-/issues/417896"], ["2023", "CVE-2023-5318", "Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/17826bdd-8136-48ae-afb9-af627cb6fd5d"], ["2023", "CVE-2023-31919", "Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.", "https://github.com/EJueon/EJueon", "https://github.com/jerryscript-project/jerryscript/issues/5069"], ["2023", "CVE-2023-45283", "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", "https://github.com/20142995/sectool
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45112", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21742", "Microsoft SharePoint Server Remote Code Execution Vulnerability", "https://github.com/ARPSyndicate/cvemon
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/ohnonoyesyes/CVE-2023-21742", "No PoCs from references."], ["2023", "CVE-2023-40834", "OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/174525/OpenCart-CMS-4.0.2.2-Brute-Force.html"], ["2023", "CVE-2023-39344", "social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45052", "Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin <\u00a05.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5258", "A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2438", "The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.", "No PoCs found on GitHub currently.", "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"], ["2023", "CVE-2023-24027", "In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.", "https://github.com/sixgroup-security/CVE", "No PoCs from references."], ["2023", "CVE-2023-35353", "Connected User Experiences and Telemetry Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42632", "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3857", "A vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15. This affects an unknown part of the file /product.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235209 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51443", "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/176393/FreeSWITCH-Denial-Of-Service.html"], ["2023", "CVE-2023-21841", "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26122", "All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.
Exploiting this vulnerability might result in remote code execution (\"RCE\").

**Vulnerable functions:**

__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().", "https://github.com/exoad/ProgrammingDisc", "https://github.com/hacksparrow/safe-eval/issues/27
https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064"], ["2023", "CVE-2023-24320", "An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.", "No PoCs found on GitHub currently.", "https://yuyudhn.github.io/CVE-2023-24320/"], ["2023", "CVE-2023-37151", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2246. Reason: This candidate is a reservation duplicate of CVE-2023-2246. Notes: All CVE users should reference CVE-2023-2246 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "No PoCs found on GitHub currently.", "https://www.exploit-db.com/exploits/51431"], ["2023", "CVE-2023-33558", "An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.", "https://github.com/ninj4c0d3r/OcoMon-Research
https://github.com/ninj4c0d3r/ninj4c0d3r", "https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357def478b11119270b89329fceb115f12c69fc"], ["2023", "CVE-2023-50428", "** DISPUTED ** In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\"", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47250", "In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html
http://seclists.org/fulldisclosure/2023/Nov/13
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/"], ["2023", "CVE-2023-32634", "An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755"], ["2023", "CVE-2023-3513", "Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to\u00a0gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.", "https://github.com/star-sg/CVE", "https://starlabs.sg/advisories/23/23-3513/"], ["2023", "CVE-2023-45184", "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.", "https://github.com/afine-com/CVE-2023-45184
https://github.com/afine-com/CVE-2023-45185
https://github.com/afine-com/research
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-0879", "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541"], ["2023", "CVE-2023-27398", "A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20304)", "https://github.com/linuxshark/meli-api-challenge", "No PoCs from references."], ["2023", "CVE-2023-33789", "A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.", "No PoCs found on GitHub currently.", "https://github.com/anhdq201/netbox/issues/7"], ["2023", "CVE-2023-1884", "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"], ["2023", "CVE-2023-6276", "A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2023", "CVE-2023-21997", "Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-3981", "Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/f5018226-0063-415d-9675-d7e30934ff78"], ["2023", "CVE-2023-40570", "Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49313", "A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.", "https://github.com/louiselalanne/CVE-2023-49313
https://github.com/louiselalanne/louiselalanne
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/louiselalanne/CVE-2023-49313"], ["2023", "CVE-2023-49082", "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.", "No PoCs found on GitHub currently.", "https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx"], ["2023", "CVE-2023-21886", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-40461", "The ACEManagercomponent of ALEOS 4.16 and earlier allows anauthenticated userwith Administrator privileges to access a fileupload field whichdoes not fully validate the file name, creating aStored Cross-SiteScripting condition.", "No PoCs found on GitHub currently.", "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"], ["2023", "CVE-2023-4262", "Possible buffer overflow\u00a0 in Zephyr mgmt subsystem when asserts are disabled", "https://github.com/0xdea/advisories
https://github.com/hnsecurity/vulns", "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-56p9-5p3v-hhrc"], ["2023", "CVE-2023-0968", "The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018dn\u2019, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-43608", "A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1845"], ["2023", "CVE-2023-0828", "Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21554", "Microsoft Message Queuing Remote Code Execution Vulnerability", "https://github.com/3tternp/CVE-2023-21554
https://github.com/3tternp/MSMQ-RCE-
https://github.com/ARPSyndicate/cvemon
https://github.com/Hashi0x/PoC-CVE-2023-21554
https://github.com/MrAgrippa/nes-01
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/g1x-r/CVE-2023-21554-PoC
https://github.com/karimhabush/cyberowl
https://github.com/m4nbat/KustQueryLanguage_kql
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/zoemurmure/CVE-2023-21554-PoC", "No PoCs from references."], ["2023", "CVE-2023-30620", "mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. An attacker may leverage this vulnerability to overwrite any local file which the server process has access to. There is no risk of file exposure with this vulnerability. This issue has been addressed in release `23.2.1.0 `. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/Sim4n6/Sim4n6", "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-2g5w-29q9-w6hx"], ["2023", "CVE-2023-32725", "The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2023", "CVE-2023-1447", "A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Affected by this issue is some unknown functionality of the file app/?page=medicines/manage_medicine. The manipulation of the argument name/description with the input leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-223292.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-45244", "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/password123456/cve-collector", "No PoCs from references."], ["2023", "CVE-2023-28226", "Windows Enroll Engine Security Feature Bypass Vulnerability", "https://github.com/aapooksman/certmitm", "No PoCs from references."], ["2023", "CVE-2023-49253", "Root user password is hardcoded into the device and cannot be changed in the user interface.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24231", "A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.", "No PoCs found on GitHub currently.", "https://medium.com/@0x2bit/inventory-management-system-multiple-stored-xss-vulnerability-b296365065b"], ["2023", "CVE-2023-4322", "Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd"], ["2023", "CVE-2023-51655", "In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33968", "Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr"], ["2023", "CVE-2023-21776", "Windows Kernel Information Disclosure Vulnerability", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/170947/Windows-Kernsl-SID-Table-Poisoning.html
http://packetstormsecurity.com/files/172300/Windows-Kernel-CmpDoReDoCreateKey-CmpDoReOpenTransKey-Out-Of-Bounds-Read.html"], ["2023", "CVE-2023-30402", "YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re.", "No PoCs found on GitHub currently.", "https://github.com/yasm/yasm/issues/206"], ["2023", "CVE-2023-40800", "The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.", "No PoCs found on GitHub currently.", "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/compare_parentcontrol_time"], ["2023", "CVE-2023-1665", "Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.", "https://github.com/0xsu3ks/CVE-2023-1665
https://github.com/nomi-sec/PoC-in-GitHub", "https://huntr.dev/bounties/db8fcbab-6ef0-44ba-b5c6-3b0f17ca22a2"], ["2023", "CVE-2023-6394", "A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40703", "Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing\u00a0a attacker to\u00a0consume excessive resources, possibly leading to Denial of Service, by\u00a0patching the field of a block using a specially crafted string.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4100", "Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26116", "Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044"], ["2023", "CVE-2023-21875", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-37262", "CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting providers, like AWS, GCP, and Azure, those metadata services API endpoints are not forbidden (aka \"blacklisted\") by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. Versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3 contain a fix for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/cc-tweaked/CC-Tweaked/security/advisories/GHSA-7p4w-mv69-2wm2"], ["2023", "CVE-2023-0698", "Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)", "No PoCs found on GitHub currently.", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693"], ["2023", "CVE-2023-0509", "Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.", "https://github.com/ARPSyndicate/cvemon
https://github.com/bAuh0lz/Vulnerabilities", "https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31a8e839"], ["2023", "CVE-2023-24153", "A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.", "https://github.com/fullwaywang/QlRules", "https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/recvSlaveCloudCheckStatus_version/recvSlaveCloudCheckStatus.md"], ["2023", "CVE-2023-49131", "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1826", "A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\\admin\\system_info\\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/171790/Online-Computer-And-Laptop-Store-1.0-Shell-Upload.html"], ["2023", "CVE-2023-21935", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-30542", "OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would eventually execute without any calldata. The `ProposalCreated` event correctly represents what will eventually execute, but the proposal parameters as queried through `getActions` appear to respect the original intended calldata. This issue has been patched in 4.8.3. As a workaround, ensure that all proposals that pass through governance have equal length `signatures` and `calldatas` parameters.", "https://github.com/davidlpoole/eth-erc20-governance", "No PoCs from references."], ["2023", "CVE-2023-3620", "Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/a0fd0671-f051-4d41-8928-9b19819084c9"], ["2023", "CVE-2023-28144", "KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-30453", "The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.", "No PoCs found on GitHub currently.", "https://y-security.de/news-en/reminder-for-jira-cross-site-scripting-cve-2023-30453/index.html"], ["2023", "CVE-2023-3731", "Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)", "https://github.com/zhchbin/zhchbin", "No PoCs from references."], ["2023", "CVE-2023-40851", "Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page.", "No PoCs found on GitHub currently.", "https://www.exploit-db.com/exploits/51694"], ["2023", "CVE-2023-1634", "A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/info_deal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224016.", "No PoCs found on GitHub currently.", "https://github.com/BigTiger2020/2023-1/blob/main/ssrf/ssrf.md
https://vuldb.com/?id.224016"], ["2023", "CVE-2023-50849", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf \u2013 Export To Pdf Tool for WordPress.This issue affects E2Pdf \u2013 Export To Pdf Tool for WordPress: from n/a through 1.20.23.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6054", "A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.244875"], ["2023", "CVE-2023-4151", "The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40752", "There is a Cross Site Scripting (XSS) vulnerability in the \"action\" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"], ["2023", "CVE-2023-21824", "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26147", "All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability.", "https://github.com/dellalibera/dellalibera
https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/dellalibera/2be265b56b7b3b00de1a777b9dec0c7b
https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730768"], ["2023", "CVE-2023-6114", "The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.", "No PoCs found on GitHub currently.", "https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing"], ["2023", "CVE-2023-1877", "Command Injection in GitHub repository microweber/microweber prior to 1.3.3.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55"], ["2023", "CVE-2023-40583", "libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node\u2019s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21964", "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-26396", "Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/ARPSyndicate/cvemon
https://github.com/kohnakagawa/kohnakagawa", "No PoCs from references."], ["2023", "CVE-2023-0789", "Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"], ["2023", "CVE-2023-47072", "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1774", "When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.", "No PoCs found on GitHub currently.", "https://mattermost.com/security-updates/"], ["2023", "CVE-2023-28115", "Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the `generateFromHtml()` function, it will invoke deserialization. This vulnerability is capable of remote code execution if Snappy is used with frameworks or developer code with vulnerable POP chains. It has been fixed in version 1.4.2.", "No PoCs found on GitHub currently.", "https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc"], ["2023", "CVE-2023-32787", "The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.", "https://github.com/claroty/opcua-exploit-framework", "No PoCs from references."], ["2023", "CVE-2023-32416", "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-51406", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup \u2013 Fastest WordPress Migration & Duplicator.This issue affects FastDup \u2013 Fastest WordPress Migration & Duplicator: from n/a through 2.1.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3812", "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "https://github.com/nidhi7598/linux-4.19.72_CVE-2023-3812", "No PoCs from references."], ["2023", "CVE-2023-6074", "A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943.", "https://github.com/scumdestroy/scumdestroy", "No PoCs from references."], ["2023", "CVE-2023-49391", "An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/free5gc/free5gc/issues/497"], ["2023", "CVE-2023-49000", "An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component.", "https://github.com/actuator/com.artis.browser
https://github.com/actuator/cve
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/actuator/com.artis.browser/blob/main/CWE-94.md"], ["2023", "CVE-2023-0578", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-43989", "An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29088", "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172289/Shannon-Baseband-SIP-Session-Expires-Header-Stack-Buffer-Overflow.html"], ["2023", "CVE-2023-33919", "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html
http://seclists.org/fulldisclosure/2023/Jul/14"], ["2023", "CVE-2023-1585", "Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later.", "No PoCs found on GitHub currently.", "https://support.norton.com/sp/static/external/tools/security-advisories.html"], ["2023", "CVE-2023-45386", "In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().'", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://security.friendsofpresta.org/modules/2023/10/12/extratabspro.html"], ["2023", "CVE-2023-45017", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1614", "The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-28075", "Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.", "https://github.com/another1024/another1024", "No PoCs from references."], ["2023", "CVE-2023-3711", "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/vpxuser/CVE-2023-3711-POC", "https://www.honeywell.com/us/en/product-security"], ["2023", "CVE-2023-30473", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <=\u00a03.10.7 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-21707", "Microsoft Exchange Server Remote Code Execution Vulnerability", "https://github.com/FDlucifer/Proxy-Attackchain
https://github.com/N1k0la-T/CVE-2023-21707
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/hktalent/bug-bounty
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-32436", "The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1754", "Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"], ["2023", "CVE-2023-30533", "SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.", "https://github.com/BenEdridge/CVE-2023-30533
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-0438", "Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/07a5b61b-306d-47c4-8ff0-06c540c7dfb3"], ["2023", "CVE-2023-21944", "Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-49140", "Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24122", "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.", "No PoCs found on GitHub currently.", "https://oxnan.com/posts/WifiBasic_ssid_5g_DoS"], ["2023", "CVE-2023-37242", "Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21855", "Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales for Handhelds. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sales for Handhelds accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26136", "Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.", "https://github.com/CUCUMBERanOrSNCompany/SealSecurityAssignment
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mathworks/MATLAB-language-server
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/seal-community/patches
https://github.com/trong0dn/eth-todo-list", "https://github.com/salesforce/tough-cookie/issues/282
https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873"], ["2023", "CVE-2023-3843", "A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html
https://vuldb.com/?id.235194"], ["2023", "CVE-2023-4120", "A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/izj007/wechat", "https://github.com/RCEraser/cve/blob/main/rce.md"], ["2023", "CVE-2023-24033", "The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172137/Shannon-Baseband-accept-type-SDP-Attribute-Memory-Corruption.html"], ["2023", "CVE-2023-39350", "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh"], ["2023", "CVE-2023-1645", "A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1645"], ["2023", "CVE-2023-45046", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3740", "Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47143", "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39210", "Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39181", "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1494", "A vulnerability classified as critical has been found in IBOS 4.5.5. Affected is an unknown function of the file ApiController.php. The manipulation of the argument emailids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223380.", "No PoCs found on GitHub currently.", "https://gitee.com/cui-yiwei/cve-number/blob/master/images/IBOS%20oa%20v4.5.5.md/1.md"], ["2023", "CVE-2023-45106", "Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <=\u00a02.8.33 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30562", "A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26076", "An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G SM message codec can occur due to insufficient parameter validation when decoding reserved options.", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/171400/Shannon-Baseband-NrSmPcoCodec-Intra-Object-Overflow.html"], ["2023", "CVE-2023-21915", "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Book/Internal Transfer). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-37302", "An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).", "No PoCs found on GitHub currently.", "https://phabricator.wikimedia.org/T339111"], ["2023", "CVE-2023-40663", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <=\u00a08.3.4 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-29199", "There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`.", "https://github.com/3mpir3Albert/HTB_Codify
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/u-crew/vm2-test", "https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c
https://github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985"], ["2023", "CVE-2023-34349", "Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.", "https://github.com/another1024/another1024", "No PoCs from references."], ["2023", "CVE-2023-43628", "An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860"], ["2023", "CVE-2023-1527", "Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/f0272a31-9944-4545-8428-a26154d20348"], ["2023", "CVE-2023-28346", "An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials.", "No PoCs found on GitHub currently.", "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories"], ["2023", "CVE-2023-23531", "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.", "https://github.com/DarthOCE/MonkeyJB
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-32645", "A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752"], ["2023", "CVE-2023-30740", "SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity and availability of the application.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-24351", "D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.", "No PoCs found on GitHub currently.", "https://github.com/1160300418/Vuls/tree/main/D-Link/DIR-605L/01"], ["2023", "CVE-2023-6347", "Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/wh1ant/vulnjs", "No PoCs from references."], ["2023", "CVE-2023-44048", "Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category.", "https://github.com/xcodeOn1/xcode0x-CVEs", "https://github.com/xcodeOn1/XSS-Stored-Expense-Tracker-App/tree/main
https://github.com/xcodeOn1/xcode0x-CVEs/blob/main/CVE/CVE-2023-44048.md"], ["2023", "CVE-2023-20758", "In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636130.", "https://github.com/Resery/Resery
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33469", "In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.", "https://github.com/Sharpe-nl/CVEs", "No PoCs from references."], ["2023", "CVE-2023-26314", "The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.", "No PoCs found on GitHub currently.", "https://www.openwall.com/lists/oss-security/2023/01/05/1"], ["2023", "CVE-2023-42795", "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39172", "The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.", "No PoCs found on GitHub currently.", "https://seclists.org/fulldisclosure/2023/Nov/4"], ["2023", "CVE-2023-28197", "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/kherrick/lobsters
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/spotlightishere/inputcontrol", "No PoCs from references."], ["2023", "CVE-2023-28206", "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.", "https://github.com/ARPSyndicate/cvemon
https://github.com/C4ndyF1sh/CrashControl
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/ZZY3312/CVE-2023-28206
https://github.com/acceleratortroll/acceleratortroll
https://github.com/jake-44/Research
https://github.com/karimhabush/cyberowl
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-32494", "Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.", "No PoCs found on GitHub currently.", "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"], ["2023", "CVE-2023-30591", "Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://starlabs.sg/advisories/23/23-30591/"], ["2023", "CVE-2023-27078", "A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.", "No PoCs found on GitHub currently.", "https://github.com/B2eFly/Router/blob/main/TPLINK/MR3020/1.md"], ["2023", "CVE-2023-34198", "In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any\" type, which may have unexpected results for access control.", "No PoCs found on GitHub currently.", "https://advisories.stormshield.eu/2023-019"], ["2023", "CVE-2023-39063", "Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.", "https://github.com/AndreGNogueira/CVE-2023-39063
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/AndreGNogueira/CVE-2023-39063"], ["2023", "CVE-2023-45375", "In the module \"PireosPay\" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://security.friendsofpresta.org/modules/2023/10/12/pireospay.html"], ["2023", "CVE-2023-1576", "** REJECT ** This is a duplicate of an earlier CVE, CVE-2022-47069.", "No PoCs found on GitHub currently.", "https://sourceforge.net/p/p7zip/bugs/241/"], ["2023", "CVE-2023-23560", "In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Threekiii/CVE", "No PoCs from references."], ["2023", "CVE-2023-32614", "A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1749"], ["2023", "CVE-2023-0919", "Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/3c514923-473f-4c50-ae0d-d002a41fe70f"], ["2023", "CVE-2023-44019", "Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function.", "https://github.com/aixiao0621/Tenda", "https://github.com/aixiao0621/Tenda/blob/main/AC10U/5/0.md"], ["2023", "CVE-2023-4182", "A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.236217"], ["2023", "CVE-2023-40781", "Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.", "No PoCs found on GitHub currently.", "https://github.com/libming/libming/issues/288"], ["2023", "CVE-2023-51764", "Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports . but some other popular e-mail servers do not. To prevent attack variants (by always disallowing without ), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.", "https://github.com/Double-q1015/CVE-2023-51764
https://github.com/d4op/CVE-2023-51764-POC
https://github.com/duy-31/CVE-2023-51764
https://github.com/eeenvik1/CVE-2023-51764
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hannob/smtpsmug
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/duy-31/CVE-2023-51764
https://github.com/eeenvik1/CVE-2023-51764
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"], ["2023", "CVE-2023-37171", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2"], ["2023", "CVE-2023-30952", "A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .", "No PoCs found on GitHub currently.", "https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4"], ["2023", "CVE-2023-1436", "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.", "No PoCs found on GitHub currently.", "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"], ["2023", "CVE-2023-45235", "EDK2's Network Package is susceptible to a buffer overflow vulnerability whenhandling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", "https://github.com/quarkslab/pixiefail", "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"], ["2023", "CVE-2023-23420", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/TayoG/44con2023-resources
https://github.com/clearbluejar/44con2023-resources
https://github.com/clearbluejar/ghidriff", "http://packetstormsecurity.com/files/171794/Windows-Kernel-Registry-Key-Issue.html
http://packetstormsecurity.com/files/171867/Microsoft-Windows-Kernel-New-Registry-Key-name-Insufficient-Validation.html"], ["2023", "CVE-2023-3533", "Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-3533/"], ["2023", "CVE-2023-40954", "A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.", "No PoCs found on GitHub currently.", "https://github.com/luvsn/OdZoo/tree/main/exploits/web_progress"], ["2023", "CVE-2023-31939", "SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.", "https://github.com/DiliLearngent/BugReport", "No PoCs from references."], ["2023", "CVE-2023-21921", "Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-40657", "A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4054", "When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1840777"], ["2023", "CVE-2023-42752", "An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"], ["2023", "CVE-2023-26102", "All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype", "No PoCs found on GitHub currently.", "https://github.com/timdown/rangy/issues/478
https://security.snyk.io/vuln/SNYK-JS-RANGY-3175702"], ["2023", "CVE-2023-21861", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-51463", "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4114", "A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173932/PHPJabbers-Night-Club-Booking-1.0-Cross-Site-Scripting.html"], ["2023", "CVE-2023-6011", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.This issue affects Geodi: before 8.0.0.27396.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1972", "A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.", "https://github.com/13579and2468/Wei-fuzz", "No PoCs from references."], ["2023", "CVE-2023-6380", "Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/msegoviag/msegoviag", "No PoCs from references."], ["2023", "CVE-2023-2789", "A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md
https://github.com/DaisyPo/fuzzing-vulncollect/files/11343936/poc-file.zip
https://vuldb.com/?id.229373"], ["2023", "CVE-2023-22999", "In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "No PoCs found on GitHub currently.", "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3"], ["2023", "CVE-2023-48309", "NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the `next-auth.session-token` cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string). This vulnerability does not give access to other users' data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.) This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout). `next-auth` `v4.24.5` contains a patch for the vulnerability. As a workaround, using a custom authorization callback for Middleware, developers can manually do a basic authentication.", "https://github.com/HarshKanjiya/talkative-nextjs
https://github.com/dastaj/CVEs", "No PoCs from references."], ["2023", "CVE-2023-32513", "Deserialization of Untrusted Data vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform.This issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 2.25.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39364", "Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x"], ["2023", "CVE-2023-28381", "An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779"], ["2023", "CVE-2023-1671", "A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.", "https://github.com/0xdolan/cve_poc
https://github.com/H4lo/awesome-IoT-security-article
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/W01fh4cker/CVE-2023-1671-POC
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/behnamvanda/CVE-2023-1671
https://github.com/c4ln/CVE-2023-1671-POC
https://github.com/csffs/cve-2023-1671
https://github.com/getdrive/PoC
https://github.com/iluaster/getdrive_PoC
https://github.com/lions2012/Penetration_Testing_POC
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/ohnonoyesyes/CVE-2023-1671", "http://packetstormsecurity.com/files/172016/Sophos-Web-Appliance-4.3.10.4-Command-Injection.html"], ["2023", "CVE-2023-47177", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin <=\u00a01.2.1 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30787", "MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter.", "No PoCs found on GitHub currently.", "https://fluidattacks.com/advisories/napoli"], ["2023", "CVE-2023-5369", "Before correction, the\u00a0copy_file_range\u00a0system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32402", "An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.", "https://github.com/ulexec/Exploits", "No PoCs from references."], ["2023", "CVE-2023-42800", "Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.", "No PoCs found on GitHub currently.", "https://github.com/moonlight-stream/moonlight-common-c/security/advisories/GHSA-4927-23jw-rq62"], ["2023", "CVE-2023-1760", "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "https://github.com/punggawacybersecurity/CVE-List", "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"], ["2023", "CVE-2023-28101", "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-3665", "A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables,leading to denial of service and or the execution of arbitrary code.", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10405"], ["2023", "CVE-2023-47066", "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30696", "An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21970", "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-4005", "Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"], ["2023", "CVE-2023-40597", "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3966", "A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2698", "A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.", "https://github.com/tht1997/tht1997", "No PoCs from references."], ["2023", "CVE-2023-38059", "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2449", "The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"], ["2023", "CVE-2023-21830", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "https://github.com/ARPSyndicate/cvemon
https://github.com/gdams/openjdk-cve-parser
https://github.com/thiscodecc/thiscodecc", "https://www.oracle.com/security-alerts/cpujan2023.html
https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-26153", "Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value.

**Note:**

An attacker can use this vulnerability to execute commands on the host system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/CalumHutton/b7aa1c2e71c8d4386463ac14f686901d
https://security.snyk.io/vuln/SNYK-RUBY-GEOKITRAILS-5920323"], ["2023", "CVE-2023-4145", "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/ce852777-2994-40b4-bb4e-c4d10023eeb0"], ["2023", "CVE-2023-42643", "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6040", "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"], ["2023", "CVE-2023-23636", "In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.", "No PoCs found on GitHub currently.", "https://herolab.usd.de/security-advisories/usd-2022-0030/"], ["2023", "CVE-2023-42940", "A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.", "No PoCs found on GitHub currently.", "http://seclists.org/fulldisclosure/2023/Dec/20"], ["2023", "CVE-2023-3725", "Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem", "https://github.com/0xdea/advisories
https://github.com/hnsecurity/vulns", "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3"], ["2023", "CVE-2023-40845", "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks.", "No PoCs found on GitHub currently.", "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/14/14.md"], ["2023", "CVE-2023-30447", "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.", "No PoCs found on GitHub currently.", "https://www.ibm.com/support/pages/node/7010557"], ["2023", "CVE-2023-31698", "** DISPUTED ** Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html
https://github.com/bludit/bludit/issues/1369#issuecomment-940806199
https://github.com/bludit/bludit/issues/1509"], ["2023", "CVE-2023-46068", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <=\u00a02.16.0 versions.", "https://github.com/parkttule/parkttule", "No PoCs from references."], ["2023", "CVE-2023-21983", "Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express Administration. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express Administration accessible data as well as unauthorized read access to a subset of Application Express Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Application Express Administration. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-1890", "The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173727/WordPress-Tablesome-Cross-Site-Scripting.html"], ["2023", "CVE-2023-42461", "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.", "https://github.com/NH-RED-TEAM/GLPI-PoC", "No PoCs from references."], ["2023", "CVE-2023-45201", "Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities.\u00a0The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47095", "A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3696", "Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.", "https://github.com/seal-community/patches", "https://huntr.dev/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467"], ["2023", "CVE-2023-41599", "An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.", "https://github.com/Marco-zcl/POC
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/wy876/POC
https://github.com/xingchennb/POC-", "http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/"], ["2023", "CVE-2023-2968", "A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.", "No PoCs found on GitHub currently.", "https://research.jfrog.com/vulnerabilities/undefined-variable-usage-in-proxy-leads-to-remote-denial-of-service-xray-520917"], ["2023", "CVE-2023-36369", "An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.", "https://github.com/Sedar2024/Sedar", "No PoCs from references."], ["2023", "CVE-2023-25289", "Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.", "No PoCs found on GitHub currently.", "https://www.exploit-db.com/exploits/51142"], ["2023", "CVE-2023-25118", "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the username and the password variables.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716"], ["2023", "CVE-2023-2828", "Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.", "https://github.com/marklogic/marklogic-docker", "No PoCs from references."], ["2023", "CVE-2023-1542", "Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/d947417c-5a12-407a-9a2f-fa696f65126f"], ["2023", "CVE-2023-4227", "A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-37145", "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.", "No PoCs found on GitHub currently.", "https://github.com/DaDong-G/Vulnerability_info/blob/main/TOTOLINK/lr350/1/Readme.md"], ["2023", "CVE-2023-24334", "A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter.", "No PoCs found on GitHub currently.", "https://github.com/caoyebo/CVE/tree/main/TENDA%20AC23%20-%20CVE-2023-24334"], ["2023", "CVE-2023-49356", "A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/linzc21/bug-reports/blob/main/reports/mp3gain/1.6.2/stack-buffer-overflow/CVE-2023-49356.md"], ["2023", "CVE-2023-31449", "A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26320", "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.", "https://github.com/H4lo/awesome-IoT-security-article", "No PoCs from references."], ["2023", "CVE-2023-49247", "Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32832", "In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175662/Android-mtk_jpeg-Driver-Race-Condition-Privilege-Escalation.html"], ["2023", "CVE-2023-2939", "Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)", "https://github.com/ycdxsb/ycdxsb", "No PoCs from references."], ["2023", "CVE-2023-1453", "A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is the function 0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/karimhabush/cyberowl
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1453"], ["2023", "CVE-2023-47355", "The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation.", "https://github.com/actuator/com.eypcnnapps.quickreboot
https://github.com/actuator/cve
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/actuator/com.eypcnnapps.quickreboot/blob/main/CWE-925.md"], ["2023", "CVE-2023-39006", "The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.", "No PoCs found on GitHub currently.", "https://logicaltrust.net/blog/2023/08/opnsense.html"], ["2023", "CVE-2023-32671", "A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21400", "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"], ["2023", "CVE-2023-30774", "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "No PoCs found on GitHub currently.", "https://gitlab.com/libtiff/libtiff/-/issues/463"], ["2023", "CVE-2023-47184", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin <=\u00a01.2.8 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rach1tarora/CVE-2023-47184", "No PoCs from references."], ["2023", "CVE-2023-3787", "A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235054 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://seclists.org/fulldisclosure/2023/Jul/35
https://vuldb.com/?id.235054
https://www.vulnerability-lab.com/get_content.php?id=2276"], ["2023", "CVE-2023-51802", "Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component.", "https://github.com/geraldoalcantara/CVE-2023-51802
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-31418", "An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.", "No PoCs found on GitHub currently.", "https://www.elastic.co/community/security"], ["2023", "CVE-2023-4276", "The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3884", "A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235246 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/E1CHO/cve_hub/blob/main/Beauty%20Salon%20Management%20System/Beauty%20Salon%20Management%20System%20-%20vuln%2016.pdf"], ["2023", "CVE-2023-51490", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security \u2013 Malware Scanner, Login Security & Firewall.This issue affects Defender Security \u2013 Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51701", "fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21892", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-37285", "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-30877", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov XML for Google Merchant Center plugin <=\u00a03.0.1 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-49096", "Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos//stream` and `/Videos//stream.` endpoints which are present in the current Jellyfin version. Additional endpoints in the AudioController might also be vulnerable, as they differ only slightly in execution. Those endpoints are reachable by an unauthenticated user. In order to exploit this vulnerability an unauthenticated attacker has to guess an itemId, which is a completely random GUID. It\u2019s a very unlikely case even for a large media database with lots of items. Without an additional information leak, this vulnerability shouldn\u2019t be directly exploitable, even if the instance is reachable from the Internet. There are a lot of query parameters that get accepted by the method. At least two of those, videoCodec and audioCodec are vulnerable to the argument injection. The values can be traced through a lot of code and might be changed in the process. However, the fallback is to always use them as-is, which means we can inject our own arguments. Those arguments land in the command line of FFmpeg. Because UseShellExecute is always set to false, we can\u2019t simply terminate the FFmpeg command and execute our own. It should only be possible to add additional arguments to FFmpeg, which is powerful enough as it stands. There is probably a way of overwriting an arbitrary file with malicious content. This vulnerability has been addressed in version 10.8.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23997", "Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <=\u00a01.2.7 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27801", "H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/DelDNSHnList"], ["2023", "CVE-2023-20162", "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.", "No PoCs found on GitHub currently.", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"], ["2023", "CVE-2023-5817", "The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "No PoCs found on GitHub currently.", "https://drive.google.com/file/d/125xS3GVMr7_qo5HjWvXaXixuE_R-q_u3/view?usp=sharing"], ["2023", "CVE-2023-46777", "Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <=\u00a01.1.3 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29581", "yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c.", "https://github.com/z1r00/fuzz_vuln", "https://github.com/yasm/yasm/issues/216
https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md"], ["2023", "CVE-2023-33313", "Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <=\u00a01.2.9 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-22067", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "https://github.com/thiscodecc/thiscodecc", "No PoCs from references."], ["2023", "CVE-2023-47889", "The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode.", "https://github.com/actuator/com.bdrm.superreboot
https://github.com/actuator/cve
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/actuator/com.bdrm.superreboot/blob/main/CWE-925.md"], ["2023", "CVE-2023-4478", "Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3218", "Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/94d50b11-20ca-46e3-9086-dd6836421675"], ["2023", "CVE-2023-39599", "Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.", "No PoCs found on GitHub currently.", "https://github.com/desencrypt/CVE/blob/main/CVE-2023-39599/Readme.md"], ["2023", "CVE-2023-29913", "H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/HyvnMn013"], ["2023", "CVE-2023-52366", "Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5714", "The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5485", "Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27493", "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy\u2019s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.", "No PoCs found on GitHub currently.", "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q"], ["2023", "CVE-2023-44831", "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "https://github.com/password123456/cve-collector", "No PoCs from references."], ["2023", "CVE-2023-52226", "Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.This issue affects Advanced Flamingo: from n/a through 1.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5654", "The React Developer Tools extension registers a message listener with window.addEventListener('message', ) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The URL is not validated or sanitised before it is fetched, thus allowing a malicious web page to arbitrarily fetch URL\u2019s via the victim's browser.", "No PoCs found on GitHub currently.", "https://gist.github.com/CalumHutton/1fb89b64409570a43f89d1fd3274b231"], ["2023", "CVE-2023-4538", "The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords.This issue affects ERP XL: from 2020.2.2 through 2023.2.", "https://github.com/defragmentator/mitmsqlproxy", "No PoCs from references."], ["2023", "CVE-2023-27941", "A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.", "https://github.com/0x3c3e/codeql-queries
https://github.com/0x3c3e/pocs
https://github.com/houjingyi233/macOS-iOS-system-security", "No PoCs from references."], ["2023", "CVE-2023-2034", "Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/aba6beaa-570e-4523-8128-da4d8e374ef6"], ["2023", "CVE-2023-33253", "LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.", "https://github.com/Toxich4/CVE-2023-33253
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Toxich4/CVE-2023-33253"], ["2023", "CVE-2023-48826", "Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/176034"], ["2023", "CVE-2023-49558", "An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.", "No PoCs found on GitHub currently.", "https://github.com/yasm/yasm/issues/252"], ["2023", "CVE-2023-4429", "Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31247", "A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1746"], ["2023", "CVE-2023-20133", "A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5846", "Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.", "No PoCs found on GitHub currently.", "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"], ["2023", "CVE-2023-0020", "SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-22036", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-52337", "An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36427", "Windows Hyper-V Elevation of Privilege Vulnerability", "https://github.com/WinMin/awesome-vm-exploit
https://github.com/aneasystone/github-trending
https://github.com/johe123qwe/github-trending
https://github.com/katlol/stars
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sampsonv/github-trending
https://github.com/tandasat/CVE-2023-36427
https://github.com/tanjiti/sec_profile
https://github.com/zengzzzzz/golang-trending-archive", "No PoCs from references."], ["2023", "CVE-2023-39659", "An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.", "No PoCs found on GitHub currently.", "https://github.com/langchain-ai/langchain/issues/7700"], ["2023", "CVE-2023-3309", "A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://kr1shna4garwal.github.io/posts/cve-poc-2023/#cve-2023-3309"], ["2023", "CVE-2023-25487", "Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <=\u00a01.4.14 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43103", "An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-44860", "An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.", "https://github.com/Luwak-IoT-Security/CVEs", "https://github.com/adhikara13/CVE/blob/main/netis_N3/Improper%20Authentication%20Mechanism%20Leading%20to%20Denial-of-Service%20(DoS).md"], ["2023", "CVE-2023-52277", "Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5788.php"], ["2023", "CVE-2023-5605", "The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5594", "Improper validation of the server\u2019s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-20073", "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.", "https://github.com/CVEDB/awesome-cve-repo
https://github.com/RegularITCat/CVE-2023-20073
https://github.com/codeb0ss/CVE-2023-20073-
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-31096", "An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns.", "No PoCs found on GitHub currently.", "https://cschwarz1.github.io/posts/0x04/"], ["2023", "CVE-2023-46666", "An issue was discovered when using Document Level Security and the SPO \"Limited Access\" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.", "No PoCs found on GitHub currently.", "https://www.elastic.co/community/security"], ["2023", "CVE-2023-0160", "A deadlock flaw was found in the Linux kernel\u2019s BPF subsystem. This flaw allows a local user to potentially crash the system.", "No PoCs found on GitHub currently.", "https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/"], ["2023", "CVE-2023-44763", "** DISPUTED ** Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that \"pdf\" should be excluded from the allowed file types, even though pdf is one of the allowed file types in the default configuration.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-44763_ConcreteCMS-Arbitrary-file-upload-Thumbnail", "https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail"], ["2023", "CVE-2023-25815", "In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`.", "https://github.com/9069332997/session-1-full-stack
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33202", "Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)", "https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49418", "TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.", "No PoCs found on GitHub currently.", "https://github.com/cnitlrt/iot_vuln/tree/master/totolink/A7000R/setIpPortFilterRules"], ["2023", "CVE-2023-4848", "A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/"], ["2023", "CVE-2023-43321", "File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component.", "No PoCs found on GitHub currently.", "https://github.com/Push3AX/vul/blob/main/DCN/DCFW_1800_SDC_CommandInjection.md"], ["2023", "CVE-2023-36745", "Microsoft Exchange Server Remote Code Execution Vulnerability", "https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/GhostTroops/TOP
https://github.com/N1k0la-T/CVE-2023-36745
https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/hktalent/TOP
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sampsonv/github-trending", "No PoCs from references."], ["2023", "CVE-2023-5427", "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a\u00a0local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/176029/ARM-Mali-r44p0-Use-After-Free.html"], ["2023", "CVE-2023-20251", "A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot.

This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36846", "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrityfor a certain\u00a0part of the\u00a0file system, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.", "https://github.com/Chocapikk/CVE-2023-36846
https://github.com/Dreamy-elfland/CVE-2023-36846
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/devmehedi101/bugbounty-CVE-Report
https://github.com/iveresk/CVE-2023-36845-6-
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/r3dcl1ff/CVE-2023-36844_Juniper_RCE
https://github.com/securi3ytalent/bugbounty-CVE-Report
https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844", "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html"], ["2023", "CVE-2023-29523", "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading.", "No PoCs found on GitHub currently.", "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x764-ff8r-9hpx"], ["2023", "CVE-2023-38657", "An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24489", "A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.", "https://github.com/20142995/sectool
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/adhikara13/CVE-2023-24489-ShareFile
https://github.com/codeb0ss/CVE-2023-1112-EXP
https://github.com/codeb0ss/CVE-2023-24489-PoC
https://github.com/izj007/wechat
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/r3volved/CVEAggregate
https://github.com/whalebone7/CVE-2023-24489-poc", "No PoCs from references."], ["2023", "CVE-2023-37569", "This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174084/Emagic-Data-Center-Management-Suite-6.0-Remote-Command-Execution.html"], ["2023", "CVE-2023-40008", "Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <=\u00a02.3.4 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2307", "Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917"], ["2023", "CVE-2023-46695", "An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2096", "A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226104.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves
https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-38814", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not in the allowed scope of that CNA's CVE ID assignments. Notes: none.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-43261", "An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.", "https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/johe123qwe/github-trending
https://github.com/komodoooo/Some-things
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/win3zz/CVE-2023-43261", "http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html
https://github.com/win3zz/CVE-2023-43261"], ["2023", "CVE-2023-27571", "An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.", "No PoCs found on GitHub currently.", "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway/"], ["2023", "CVE-2023-41364", "In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.", "No PoCs found on GitHub currently.", "https://herolab.usd.de/security-advisories/usd-2023-0002/"], ["2023", "CVE-2023-47668", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin \u2013 Restrict Content plugin <=\u00a03.2.7 versions.", "https://github.com/RandomRobbieBF/CVE-2023-47668
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-38905", "SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.", "No PoCs found on GitHub currently.", "https://gist.github.com/wealeson1/e24fc8575f4e051320d69e9a75080642"], ["2023", "CVE-2023-34611", "An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.", "No PoCs found on GitHub currently.", "https://github.com/bolerio/mjson/issues/40"], ["2023", "CVE-2023-36485", "The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5476", "Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50290", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,\u00a0unlike Java system properties which are set per-Java-proccess.The Solr Metrics API is protected by the \"metrics-read\" permission.Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the \"metrics-read\" permission.This issue affects Apache Solr: from 9.0.0 before 9.3.0.Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.", "https://github.com/Marco-zcl/POC
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/wy876/POC
https://github.com/wy876/wiki
https://github.com/xingchennb/POC-", "No PoCs from references."], ["2023", "CVE-2023-47779", "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30189", "Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().", "No PoCs found on GitHub currently.", "https://friends-of-presta.github.io/security-advisories/modules/2023/04/27/posstaticblocks.html"], ["2023", "CVE-2023-49968", "Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php.", "https://github.com/geraldoalcantara/CVE-2023-49968
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-24609", "Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504842"], ["2023", "CVE-2023-37478", "pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8.", "https://github.com/TrevorGKann/CVE-2023-37478_npm_vs_pnpm
https://github.com/li-minhao/CVE-2023-37478-Demo
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/pnpm/pnpm/security/advisories/GHSA-5r98-f33j-g8h7"], ["2023", "CVE-2023-2216", "A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument firstname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226981 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.226981"], ["2023", "CVE-2023-2187", "On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a \"password change event\". Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.", "No PoCs found on GitHub currently.", "https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html"], ["2023", "CVE-2023-0313", "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"], ["2023", "CVE-2023-38606", "This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.", "https://github.com/Danie10/Danie10
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-2356", "Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors", "https://huntr.dev/bounties/7b5d130d-38eb-4133-8c7d-0dfc9a9d9896"], ["2023", "CVE-2023-31034", "NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34852", "PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.", "https://github.com/funny-kill/CVE-2023-34852
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-33131", "Microsoft Outlook Remote Code Execution Vulnerability", "https://github.com/2lambda123/CVE-mitre
https://github.com/nu11secur1ty/CVE-mitre", "http://packetstormsecurity.com/files/173361/Microsoft-365-MSO-2306-Build-16.0.16529.20100-Remote-Code-Execution.html"], ["2023", "CVE-2023-29432", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3.", "https://github.com/truocphan/VulnBox", "No PoCs from references."], ["2023", "CVE-2023-34751", "bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.", "No PoCs found on GitHub currently.", "https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability"], ["2023", "CVE-2023-27520", "Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5536", "A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.", "No PoCs found on GitHub currently.", "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071"], ["2023", "CVE-2023-46951", "Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5631", "Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attackerto load arbitrary JavaScript code.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/dan-mba/python-selenium-news
https://github.com/onhexgroup/Malware-Sample
https://github.com/tanjiti/sec_profile
https://github.com/whitfieldsdad/cisa_kev", "No PoCs from references."], ["2023", "CVE-2023-27627", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <=\u00a02.4 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36553", "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.", "https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-1238", "Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/52f97267-1439-4bb6-862b-89b8fafce50d"], ["2023", "CVE-2023-35839", "Solon before 2.3.3 allows Deserialization of Untrusted Data.", "No PoCs found on GitHub currently.", "https://github.com/noear/solon/issues/145"], ["2023", "CVE-2023-6458", "Mattermost webapp fails to validate\u00a0route parameters in//channels/\u00a0allowing an attacker to perform a client-side path traversal.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2051", "A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.225936"], ["2023", "CVE-2023-29735", "An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files.", "No PoCs found on GitHub currently.", "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29735/CVE%20detail.md"], ["2023", "CVE-2023-31273", "Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.", "https://github.com/MrTuxracer/advisories", "No PoCs from references."], ["2023", "CVE-2023-20107", "A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. This vulnerability is due to insufficient entropy in the DRBG for the affected hardware platforms when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-0014", "SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-38501", "copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.", "https://github.com/codeb0ss/CVE-2023-38501-Exploit
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/173821/Copyparty-1.8.6-Cross-Site-Scripting.html
https://github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hh"], ["2023", "CVE-2023-22002", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-6518", "Plaintext Storage of a Password vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.This issue affects M\u0130A-MED: before 1.0.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52303", "Nullptr in paddle.put_along_axis\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md"], ["2023", "CVE-2023-34407", "OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\\ in a URL.", "No PoCs found on GitHub currently.", "https://cybir.com/2023/cve/proof-of-concept-checkpoint-learning-harbinger-systems-offline-player-multiple-poc-for-cl-4-0-6-0-2-lfi-excessive-rights/"], ["2023", "CVE-2023-48711", "google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://translate.google.@127.0.0.1/...`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/cjvnjde/google-translate-api-browser/security/advisories/GHSA-4233-7q5q-m7p6"], ["2023", "CVE-2023-36693", "Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <=\u00a01.1 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-20016", "A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.", "https://github.com/ARPSyndicate/cvemon
https://github.com/oddrune/cisco-ucs-decrypt", "No PoCs from references."], ["2023", "CVE-2023-2391", "A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/11"], ["2023", "CVE-2023-46603", "In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.", "https://github.com/xsscx/xnuimagefuzzer", "https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53"], ["2023", "CVE-2023-6549", "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service", "https://github.com/Ostorlab/KEV
https://github.com/jake-44/Research", "No PoCs from references."], ["2023", "CVE-2023-20156", "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.", "No PoCs found on GitHub currently.", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"], ["2023", "CVE-2023-5823", "Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <=\u00a02.2.11 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0045", "The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set \u00a0function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. \u00a0The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.We recommend upgrading past commit\u00a0a664ec9158eeddd75121d39c9a0758016097fa96", "https://github.com/ASkyeye/CVE-2023-0045
https://github.com/es0j/CVE-2023-0045
https://github.com/k0mi-tg/CVE-POC
https://github.com/manas3c/CVE-POC
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/xu-xiang/awesome-security-vul-llm", "https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8"], ["2023", "CVE-2023-22053", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-48952", "An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.", "No PoCs found on GitHub currently.", "https://github.com/openlink/virtuoso-opensource/issues/1175"], ["2023", "CVE-2023-50257", "eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7.", "No PoCs found on GitHub currently.", "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98"], ["2023", "CVE-2023-28869", "Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://herolab.usd.de/en/security-advisories/usd-2022-0003/"], ["2023", "CVE-2023-35798", "Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This\u00a0vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically\u00a0updating the connection to exploit it.This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.It is recommended to\u00a0upgrade to a version that is not affected", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27986", "emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-33105", "Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-44464", "pretix before 2023.7.2 allows Pillow to parse EPS files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29406", "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", "https://github.com/LuizGustavoP/EP3_Redes
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-21389", "In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sxsuperxuan/Weblogic_CVE-2023-21389", "No PoCs from references."], ["2023", "CVE-2023-6868", "In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.*This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45499", "VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html
http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html
http://seclists.org/fulldisclosure/2023/Oct/31
https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/"], ["2023", "CVE-2023-6928", "EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.", "No PoCs found on GitHub currently.", "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05"], ["2023", "CVE-2023-45648", "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fractal-visi0n/security-assessement
https://github.com/muneebaashiq/MBProjects
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2023", "CVE-2023-43344", "Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-43344-Quick-CMS-Stored-XSS---SEO-Meta-description", "https://github.com/sromanhu/CVE-2023-43344-Quick-CMS-Stored-XSS---SEO-Meta-description"], ["2023", "CVE-2023-34625", "ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/2307-exploits/mojobox14-replay.txt
https://www.whid.ninja/blog/mojobox-yet-another-not-so-smartlock"], ["2023", "CVE-2023-41241", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <=\u00a02.5.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2222", "** REJECT ** This was deemed not a security vulnerability by upstream.", "https://github.com/13579and2468/Wei-fuzz", "No PoCs from references."], ["2023", "CVE-2023-38632", "async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets.", "https://github.com/Halcy0nic/CVE-2023-38632
https://github.com/Halcy0nic/Trophies
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/skinnyrad/Trophies", "No PoCs from references."], ["2023", "CVE-2023-2333", "The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/codeb0ss/CVE-2023-2333-EXP
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-36932", "In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.", "https://github.com/KushGuptaRH/MOVEit-Response
https://github.com/curated-intel/MOVEit-Transfer", "No PoCs from references."], ["2023", "CVE-2023-34837", "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sahiloj/CVE-2023-34837", "No PoCs from references."], ["2023", "CVE-2023-29457", "Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.", "https://github.com/Hritikpatel/InsecureTrust_Bank
https://github.com/Hritikpatel/SecureTrust_Bank
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/futehc/tust5", "No PoCs from references."], ["2023", "CVE-2023-0236", "The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/ARPSyndicate/cvemon", "https://wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8"], ["2023", "CVE-2023-6839", "Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34734", "Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) .", "No PoCs found on GitHub currently.", "https://github.com/prismbreak/vulnerabilities/issues/3"], ["2023", "CVE-2023-25440", "Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/172470/CiviCRM-5.59.alpha1-Cross-Site-Scripting.html"], ["2023", "CVE-2023-36631", "** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is \"this is intended behavior as the application can be locked using a password.\"", "No PoCs found on GitHub currently.", "https://www.bencteux.fr/posts/malwarebytes_wfc/"], ["2023", "CVE-2023-29985", "Sourcecodester Student Study Center Desk Management System v1.0 admin\\reports\\index.php#date_from has a SQL Injection vulnerability.", "No PoCs found on GitHub currently.", "https://liaorj.github.io/2023/03/17/admin-reports-date-from-has-sql-injection-vulnerability/#more"], ["2023", "CVE-2023-38960", "Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://rodelllemit.medium.com/insecure-permissions-vulnerability-in-raidenftpd-v2-4-build-4005-2016-04-01-ea7389be3d33"], ["2023", "CVE-2023-25500", "Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.", "https://github.com/muneebaashiq/MBProjects", "No PoCs from references."], ["2023", "CVE-2023-27405", "A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20432)", "https://github.com/ARPSyndicate/cvemon
https://github.com/dhn/dhn", "No PoCs from references."], ["2023", "CVE-2023-50164", "An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to\u00a0fix this issue.", "https://github.com/Marco-zcl/POC
https://github.com/Thirukrishnan/CVE-2023-50164-Apache-Struts-RCE
https://github.com/Threekiii/CVE
https://github.com/Trackflaw/CVE-2023-50164-ApacheStruts2-Docker
https://github.com/aaronm-sysdig/cve-2023-50164
https://github.com/bcdannyboy/CVE-2023-50164
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/dwisiswant0/cve-2023-50164-poc
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/helsecert/cve-2023-50164
https://github.com/henrikplate/struts-demo
https://github.com/hetianlab/S2-066
https://github.com/jakabakos/CVE-2023-50164-Apache-Struts-RCE
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/snyk-labs/CVE-2023-50164-POC
https://github.com/sunnyvale-it/CVE-2023-50164-PoC
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC
https://github.com/xingchennb/POC-", "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html"], ["2023", "CVE-2023-21109", "In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597", "https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21109
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-32378", "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26769", "Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Marsman1996/pocs", "No PoCs from references."], ["2023", "CVE-2023-51199", "Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code or cause a denial of service via improper handling of arrays or strings.", "https://github.com/16yashpatel/CVE-2023-51199
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-51208", "An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code and cause other impacts via upload of crafted file.", "https://github.com/16yashpatel/CVE-2023-51208
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-5881", "Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) \"Garage Door Control Module Setup\" and modify the Garage door's SSID settings.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27897", "In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-29517", "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine (e.g. tomcat) running XWiki. The same vulnerability also allowed to perform internal requests to resources from the hosting server. The problem has been patched in XWiki 13.10.11, 14.10.1, 14.4.8, 15.0-rc-1. Users are advised to upgrade. It might be possible to workaround this vulnerability by running XWiki in a sandbox with a user with very low privileges on the machine.", "No PoCs found on GitHub currently.", "https://jira.xwiki.org/browse/XWIKI-20324"], ["2023", "CVE-2023-21288", "In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/Trinadh465/platform_frameworks_base_CVE-2023-21288
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-27415", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <=\u00a01.1.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27784", "An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Marsman1996/pocs", "https://github.com/appneta/tcpreplay/issues/787"], ["2023", "CVE-2023-36761", "Microsoft Word Information Disclosure Vulnerability", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/apt0factury/CVE-2023-36761
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-38970", "Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function.", "No PoCs found on GitHub currently.", "https://panda002.hashnode.dev/badaso-version-297-has-an-xss-vulnerability-in-new-member"], ["2023", "CVE-2023-29696", "H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set.", "No PoCs found on GitHub currently.", "https://github.com/Stevenbaga/fengsha/blob/main/H3C/GR-1200W/aVersionSet.md"], ["2023", "CVE-2023-38673", "PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in\u00a0the ability to execute arbitrary commands on the operating system.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-005.md"], ["2023", "CVE-2023-5891", "Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/ce4956e4-9ef5-4e0e-bfb2-481ec5cfb0a5"], ["2023", "CVE-2023-28968", "An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through. An example session can be seen by running the following command and evaluating the output. user@device# run show security flow session source-prefix

extensive Session ID: , Status: Normal, State: Active Policy name: Dynamic application: junos:UNKNOWN, <<<<< LOOK HERE Please note, the JDPI-Decoder and the AppID SigPack are both affected and both must be upgraded along with the operating system to address the matter. By default, none of this is auto-enabled for automatic updates. This issue affects: Juniper Networks any version of the JDPI-Decoder Engine prior to version 5.7.0-47 with the JDPI-Decoder enabled using any version of the AppID SigPack prior to version 1.550.2-31 (SigPack 3533) on Junos OS on SRX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2;", "No PoCs found on GitHub currently.", "https://www.juniper.net/documentation/us/en/software/jdpi/release-notes/jdpi-decoder-release-notes-october-2022/jdpi-decoder-release-notes-october-2022.pdf"], ["2023", "CVE-2023-38733", "IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33144", "Visual Studio Code Spoofing Vulnerability", "https://github.com/em1ga3l/cve-msrc-extractor
https://github.com/gbdixg/PSMDE", "No PoCs from references."], ["2023", "CVE-2023-36922", "Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. \u00a0On successful exploitation, the attacker can read or modify the system data as well as shut down the system.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-2323", "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3"], ["2023", "CVE-2023-36621", "An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.", "No PoCs found on GitHub currently.", "https://seclists.org/fulldisclosure/2023/Jul/12"], ["2023", "CVE-2023-48432", "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34724", "An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174553/TECHView-LA5570-Wireless-Gateway-1.0.19_T53-Traversal-Privilege-Escalation.html
https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725"], ["2023", "CVE-2023-52131", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Zinc Page Generator.This issue affects Page Generator: from n/a through 1.7.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45749", "Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <=\u00a03.2.4 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5452", "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"], ["2023", "CVE-2023-50125", "A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state.", "No PoCs found on GitHub currently.", "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices"], ["2023", "CVE-2023-34635", "Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173669/Wifi-Soft-Unibox-Administration-3.0-3.1-SQL-Injection.html
https://www.exploit-db.com/exploits/51610"], ["2023", "CVE-2023-38921", "Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.", "No PoCs found on GitHub currently.", "https://github.com/FirmRec/IoT-Vulns/tree/main/netgear/upgrade_handler"], ["2023", "CVE-2023-43354", "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension", "https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension"], ["2023", "CVE-2023-6938", "The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data for more details.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38622", "Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34936", "A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "No PoCs found on GitHub currently.", "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34936.md"], ["2023", "CVE-2023-20224", "A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device.

This vulnerability is due to insufficient input validation of user-supplied CLI arguments. An attacker could exploit this vulnerability by authenticating to an affected device and using crafted commands at the prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. The attacker must have valid credentials on the affected device.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174233/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2023/Aug/20"], ["2023", "CVE-2023-38762", "SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.", "https://github.com/0x72303074/CVE-Disclosures", "No PoCs from references."], ["2023", "CVE-2023-33284", "Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to execute code in context of the web server.", "No PoCs found on GitHub currently.", "https://www.cyberskydd.se/cve/2023/CVE-2023-33284.html"], ["2023", "CVE-2023-51098", "Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .", "No PoCs found on GitHub currently.", "https://github.com/GD008/TENDA/blob/main/W9/W9_setDiagnoseInfo/W9_setDiagnoseInfo.md"], ["2023", "CVE-2023-35788", "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7"], ["2023", "CVE-2023-28879", "In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.", "https://github.com/0xsyr0/OSCP
https://github.com/ARPSyndicate/cvemon
https://github.com/SirElmard/ethical_hacking
https://github.com/fardeen-ahmed/Bug-bounty-Writeups
https://github.com/kgwanjala/oscp-cheatsheet
https://github.com/oscpname/OSCP_cheat
https://github.com/revanmalang/OSCP
https://github.com/txuswashere/OSCP
https://github.com/xhref/OSCP", "http://www.openwall.com/lists/oss-security/2023/04/12/4
https://bugs.ghostscript.com/show_bug.cgi?id=706494"], ["2023", "CVE-2023-5512", "An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.", "No PoCs found on GitHub currently.", "https://gitlab.com/gitlab-org/gitlab/-/issues/427827"], ["2023", "CVE-2023-41080", "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.The vulnerability is limited to the ROOT (default) web application.", "https://github.com/muneebaashiq/MBProjects
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/shiomiyan/CVE-2023-41080", "No PoCs from references."], ["2023", "CVE-2023-36670", "A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.", "No PoCs found on GitHub currently.", "https://kratosdefense.com"], ["2023", "CVE-2023-38861", "An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.", "No PoCs found on GitHub currently.", "https://github.com/TTY-flag/my_iot_vul/tree/main/WAVLINK/WL-WN575A3"], ["2023", "CVE-2023-52160", "The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.", "https://github.com/Helica-core/eap_pwn
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-22043", "Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-0055", "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.", "https://github.com/ARPSyndicate/cvemon
https://github.com/bAuh0lz/Vulnerabilities", "https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce"], ["2023", "CVE-2023-5833", "Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/raltheo/raltheo", "No PoCs from references."], ["2023", "CVE-2023-2150", "A vulnerability, which was classified as critical, has been found in SourceCodester Task Reminder System 1.0. This issue affects some unknown processing of the file Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226271.", "No PoCs found on GitHub currently.", "https://youtu.be/o46oHLvY2-E"], ["2023", "CVE-2023-5730", "Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50096", "STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.", "https://github.com/elttam/publications
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md"], ["2023", "CVE-2023-43176", "A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.", "No PoCs found on GitHub currently.", "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H&version=3.1"], ["2023", "CVE-2023-52193", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.23.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-35878", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin <=\u00a00.5 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-26998", "Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.", "No PoCs found on GitHub currently.", "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/"], ["2023", "CVE-2023-33277", "The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.", "No PoCs found on GitHub currently.", "https://www.syss.de/en/responsible-disclosure-policy
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-015.txt"], ["2023", "CVE-2023-44487", "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", "https://github.com/AlexRogalskiy/AlexRogalskiy
https://github.com/Austnez/tools
https://github.com/ByteHackr/CVE-2023-44487
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/GhostTroops/TOP
https://github.com/Millen93/HTTP-2.0-Rapid-Reset-Attack-Laboratory
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/ReToCode/golang-CVE-2023-44487
https://github.com/XiangTrong/http2-rapid-client
https://github.com/ZonghaoLi777/githubTrending
https://github.com/aerospike-managed-cloud-services/flb-output-gcs
https://github.com/alex-grandson/docker-python-example
https://github.com/aneasystone/github-trending
https://github.com/bartvoet/assignment-ehb-security-review-adamlenez
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/danielkec/rapid-reset
https://github.com/dygma0/dygma0
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/ge-wijayanto/http2-rapid-reset-validator
https://github.com/giterlizzi/secdb-feeds
https://github.com/h7ml/h7ml
https://github.com/hktalent/TOP
https://github.com/imabee101/CVE-2023-44487
https://github.com/irgoncalves/awesome-security-articles
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/jrg1a/tools
https://github.com/juev/links
https://github.com/knabben/dos-poc
https://github.com/kyverno/policy-reporter-plugins
https://github.com/lucasrod16/exploitlens
https://github.com/m00dy/r4p1d-r3s3t
https://github.com/micrictor/http2-rst-stream
https://github.com/ndrscodes/http2-rst-stream-attacker
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/nvdg2/http2RapidReset
https://github.com/nxenon/cve-2023-44487
https://github.com/oscerd/nice-cve-poc
https://github.com/pabloec20/rapidreset
https://github.com/rxerium/stars
https://github.com/secengjeff/rapidresetclient
https://github.com/sigridou/CVE-2023-44487-
https://github.com/studiogangster/CVE-2023-44487
https://github.com/tanjiti/sec_profile
https://github.com/terrorist/HTTP-2-Rapid-Reset-Client
https://github.com/wolfc/snakeinmyboot
https://github.com/zengzzzzz/golang-trending-archive
https://github.com/zhaohuabing/cve-agent
https://github.com/zhaoolee/garss", "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
https://github.com/Azure/AKS/issues/3947
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/akka/akka-http/issues/4323
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/apisix/issues/10320
https://github.com/apache/httpd-site/pull/10
https://github.com/apache/trafficserver/pull/10564
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://github.com/caddyserver/caddy/issues/5877
https://github.com/eclipse/jetty.project/issues/10679
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/etcd-io/etcd/issues/16740
https://github.com/facebook/proxygen/pull/466
https://github.com/golang/go/issues/63417
https://github.com/grpc/grpc-go/pull/6703
https://github.com/h2o/h2o/pull/3291
https://github.com/haproxy/haproxy/issues/2312
https://github.com/kazu-yamamoto/http2/issues/93
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/line/armeria/pull/5232
https://github.com/micrictor/http2-rst-stream
https://github.com/microsoft/CBL-Mariner/pull/6381
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/ninenines/cowboy/issues/1615
https://github.com/nodejs/node/pull/50121
https://github.com/openresty/openresty/issues/930
https://github.com/opensearch-project/data-prepper/issues/3474
https://github.com/projectcontour/contour/pull/5826
https://github.com/tempesta-tech/tempesta/issues/1986
https://github.com/varnishcache/varnish-cache/issues/3996
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"], ["2023", "CVE-2023-46582", "SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component.", "https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0", "https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46582-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md"], ["2023", "CVE-2023-34994", "An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773"], ["2023", "CVE-2023-22012", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-48913", "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.", "No PoCs found on GitHub currently.", "https://github.com/Tiamat-ron/cms/blob/main/The%20deletion%20function%20of%20the%20Article%20Management%20Office%20exists%20in%20CSRF.md"], ["2023", "CVE-2023-29665", "D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings.", "No PoCs found on GitHub currently.", "https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/HNAP1/boSetPasswdSettings"], ["2023", "CVE-2023-0004", "A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.These files can include logs and system components that impact the integrity and availability of PAN-OS software.", "https://github.com/jeremymonk21/Vulnerability-Management-and-SIEM-Implementation-Project", "No PoCs from references."], ["2023", "CVE-2023-5862", "Missing Authorization in GitHub repository hamza417/inure prior to Build95.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d"], ["2023", "CVE-2023-36403", "Windows Kernel Elevation of Privilege Vulnerability", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176209/Windows-Kernel-Race-Conditions.html"], ["2023", "CVE-2023-27777", "Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL.", "https://github.com/ARPSyndicate/cvemon
https://github.com/lohyt/Privilege-escalation-in-online-jewelry-website", "No PoCs from references."], ["2023", "CVE-2023-5761", "The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52313", "FPE in paddle.argmin and paddle.argmax\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md"], ["2023", "CVE-2023-48610", "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28509", "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.", "No PoCs found on GitHub currently.", "https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/"], ["2023", "CVE-2023-35829", "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.", "https://github.com/20142995/sectool
https://github.com/apkc/CVE-2023-35829-poc
https://github.com/hktalent/bug-bounty
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/onhexgroup/Malware-Sample
https://github.com/timb-machine/linux-malware", "No PoCs from references."], ["2023", "CVE-2023-27637", "An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.", "No PoCs found on GitHub currently.", "https://friends-of-presta.github.io/security-advisories/module/2023/03/21/tshirtecommerce_cwe-89.html"], ["2023", "CVE-2023-36543", "Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang.\u00a0It is recommended to upgrade to a version that is not affected", "https://github.com/CP04042K/CVE", "No PoCs from references."], ["2023", "CVE-2023-50356", "SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-25732", "When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1804564"], ["2023", "CVE-2023-27934", "A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.", "https://github.com/houjingyi233/macOS-iOS-system-security", "No PoCs from references."], ["2023", "CVE-2023-20057", "A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device.

This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.", "https://github.com/Live-Hack-CVE/CVE-2023-20057", "No PoCs from references."], ["2023", "CVE-2023-6448", "Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/whitfieldsdad/cisa_kev", "No PoCs from references."], ["2023", "CVE-2023-37528", "A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/kaje11/CVEs", "No PoCs from references."], ["2023", "CVE-2023-0243", "A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\\Manage\\Controller\\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151.", "No PoCs found on GitHub currently.", "https://github.com/yeyinshi/tuzicms/issues/12"], ["2023", "CVE-2023-31024", "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36947", "TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.", "No PoCs found on GitHub currently.", "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md"], ["2023", "CVE-2023-41325", "OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee\u2019s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable \u2018e\u2019 is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.", "No PoCs found on GitHub currently.", "https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm"], ["2023", "CVE-2023-25435", "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.", "https://github.com/13579and2468/Wei-fuzz", "https://gitlab.com/libtiff/libtiff/-/issues/518"], ["2023", "CVE-2023-52154", "File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files.", "No PoCs found on GitHub currently.", "https://nexacybersecurity.blogspot.com/2024/02/journey-finding-vulnerabilities-in-pmb-library-management-system.html"], ["2023", "CVE-2023-47629", "DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8"], ["2023", "CVE-2023-49978", "Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.", "https://github.com/geraldoalcantara/CVE-2023-49978
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-41265", "An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/praetorian-inc/zeroqlik-detect
https://github.com/whitfieldsdad/cisa_kev", "No PoCs from references."], ["2023", "CVE-2023-27470", "BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\\GetSupportService_N-Central\\PushUpdates, leading to arbitrary file deletion.", "https://github.com/3lp4tr0n/CVE-2023-27470_Exercise
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-36495", "An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-25575", "API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\\Metadata\\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue. The result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users. This issue impacts the 2.7, 3.0 and 3.1 branches. Please upgrade to versions 2.7.10, 3.0.12 or 3.1.3. As a workaround, replace the `cache_key` of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the `ApiPlatform\\Metadata\\ApiProperty` attribute is used.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-43360", "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension", "https://github.com/sromanhu/CMSmadesimple-Stored-XSS---File-Picker-extension
https://github.com/sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension"], ["2023", "CVE-2023-29562", "TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.", "No PoCs found on GitHub currently.", "https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA7510"], ["2023", "CVE-2023-20181", "A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2023", "CVE-2023-40109", "In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "https://github.com/Moonshieldgru/Moonshieldgru
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/uthrasri/CVE-2023-40109", "No PoCs from references."], ["2023", "CVE-2023-37468", "Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48894", "Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.", "No PoCs found on GitHub currently.", "https://github.com/jishenghua/jshERP/issues/98"], ["2023", "CVE-2023-2317", "DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in

tag. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.", "https://github.com/d4n-sec/d4n-sec.github.io", "https://starlabs.sg/advisories/23/23-2317/"], ["2023", "CVE-2023-30088", "An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.", "No PoCs found on GitHub currently.", "https://github.com/cesanta/mjs/issues/243"], ["2023", "CVE-2023-50000", "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.", "No PoCs found on GitHub currently.", "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_resetMesh/w30e_resetMesh.md"], ["2023", "CVE-2023-36584", "Windows Mark of the Web Security Feature Bypass Vulnerability", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/whitfieldsdad/cisa_kev", "No PoCs from references."], ["2023", "CVE-2023-27561", "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", "https://github.com/shakyaraj9569/Documentation
https://github.com/ssst0n3/docker_archive", "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
https://github.com/opencontainers/runc/issues/3751"], ["2023", "CVE-2023-27421", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <=\u00a01.1.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36755", "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", "https://github.com/sudo-jtcsec/CVE", "No PoCs from references."], ["2023", "CVE-2023-30259", "A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file.", "No PoCs found on GitHub currently.", "https://github.com/LibreCAD/LibreCAD/issues/1481"], ["2023", "CVE-2023-4858", "The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", "No PoCs found on GitHub currently.", "https://github.com/nightcloudos/bug_report/blob/main/vendors/poc2.md"], ["2023", "CVE-2023-40158", "Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31135", "Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph https://github.com/HakuPiku/CVEs", "No PoCs from references."], ["2023", "CVE-2023-46454", "In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.", "https://github.com/cyberaz0r/GL.iNet-Multiple-Vulnerabilities
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-27592", "Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the `html.ServerError` is returned unescaped without the expected Content Security Policy header added to valid responses. By creating an RSS feed item with the inline description containing an `` tag with a `srcset` attribute pointing to an invalid URL like `http:a`, we can coerce the proxy handler into an error condition where the invalid URL is returned unescaped and in full. This results in JavaScript execution on the Miniflux instance as soon as the user is convinced (e.g. by a message in the alt text) to open the broken image. An attacker can execute arbitrary JavaScript in the context of a victim Miniflux user when they open a broken image in a crafted RSS feed. This can be used to perform actions on the Miniflux instance as that user and gain administrative access to the Miniflux instance if it is reachable and the victim is an administrator. A patch is available in version 2.0.43. As a workaround sisable image proxy; default value is `http-only`.", "https://github.com/40826d/advisories
https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-41387", "A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device.", "No PoCs found on GitHub currently.", "https://seredynski.com/articles/exploiting-ios-apps-to-extract-session-tokens-and-overwrite-user-data"], ["2023", "CVE-2023-52267", "ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings.", "https://github.com/Halcy0nic/Trophies
https://github.com/skinnyrad/Trophies", "https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766
https://github.com/hongliuliao/ehttp/issues/38"], ["2023", "CVE-2023-25706", "Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <=\u00a01.4.5 versions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/yaudahbanh/CVE-Archive", "No PoCs from references."], ["2023", "CVE-2023-39709", "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.", "https://github.com/Arajawat007/CVE-2023-39709
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-3319", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14.", "https://github.com/ccelikanil/ccelikanil", "No PoCs from references."], ["2023", "CVE-2023-37918", "Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 or to 1.11.2. This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing. The issue has been fixed in Dapr 1.10.9 or to 1.11.2. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj"], ["2023", "CVE-2023-49408", "Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.", "No PoCs found on GitHub currently.", "https://github.com/GD008/TENDA/blob/main/AX3/tenda_AX3_setBlackRule/AX3-setBlackRule.md"], ["2023", "CVE-2023-49799", "`nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `\\nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. \"To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.\". This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/johannschopplich/nuxt-api-party/security/advisories/GHSA-3wfp-253j-5jxv"], ["2023", "CVE-2023-5916", "A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5856", "Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46736", "EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who have access to `the /Attachment/fromImageUrl` endpoint can specify URL to point to an internal host. Even though there is check for content type, it can be bypassed by redirects in some cases. This SSRF can be leveraged to disclose internal information (in some cases), target internal hosts and bypass firewalls. This vulnerability has been addressed in commit `c536cee63` which is included in release version 8.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/espocrm/espocrm/security/advisories/GHSA-g955-rwxx-jvf6"], ["2023", "CVE-2023-4439", "A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The identifier of this vulnerability is VDB-237560.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.237560"], ["2023", "CVE-2023-49548", "Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user.", "https://github.com/geraldoalcantara/CVE-2023-49548
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-37858", "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48624", "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41047", "OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.", "https://github.com/numencyber/Vulnerability_PoC", "No PoCs from references."], ["2023", "CVE-2023-50333", "Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing\u00a0freshly demoted guests to change group names.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-44821", "** DISPUTED ** Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/kohler/gifsicle/issues/195
https://github.com/kohler/gifsicle/issues/65"], ["2023", "CVE-2023-48836", "Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176046"], ["2023", "CVE-2023-33243", "RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.", "https://github.com/RedTeamPentesting/CVE-2023-33243
https://github.com/nomi-sec/PoC-in-GitHub", "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-004/-starface-authentication-with-password-hash-possible"], ["2023", "CVE-2023-29740", "An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database.", "No PoCs found on GitHub currently.", "https://play.google.com/store/apps/details?id=com.amdroidalarmclock.amdroid"], ["2023", "CVE-2023-38434", "xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.", "https://github.com/Halcy0nic/CVE-2023-38434
https://github.com/Halcy0nic/Trophies
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/skinnyrad/Trophies", "https://github.com/cozis/xHTTP/issues/1"], ["2023", "CVE-2023-5947", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-7247. Reason: This candidate is a duplicate of CVE-2023-7247. Notes: All CVE users should reference CVE-2023-7247 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2024", "Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/team890/CVE-2023-2024", "No PoCs from references."], ["2023", "CVE-2023-27951", "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper.", "https://github.com/houjingyi233/macOS-iOS-system-security", "No PoCs from references."], ["2023", "CVE-2023-20032", "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:

A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.

This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.

For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"].", "https://github.com/ARPSyndicate/cvemon
https://github.com/cbk914/clamav-scan
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/halon/changelog
https://github.com/karimhabush/cyberowl
https://github.com/marekbeckmann/Clamav-Installation-Script", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy"], ["2023", "CVE-2023-31346", "Failure to initializememory in SEV Firmware may allow a privileged attacker to access stale datafrom other guests.", "https://github.com/Freax13/cve-2023-31346-poc
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-4468", "A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"], ["2023", "CVE-2023-49688", "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtUser' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46767", "Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2164", "An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.", "No PoCs found on GitHub currently.", "https://gitlab.com/gitlab-org/gitlab/-/issues/407783"], ["2023", "CVE-2023-36466", "Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46864", "Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Peppermint-Lab/peppermint/issues/171"], ["2023", "CVE-2023-5495", "A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175071/Smart-School-6.4.1-SQL-Injection.html"], ["2023", "CVE-2023-41107", "TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.", "No PoCs found on GitHub currently.", "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-020.txt
https://www.syss.de/pentest-blog/sicherheitsschwachstellen-im-tef-haendlerportal-syss-2023-020/-021"], ["2023", "CVE-2023-44961", "SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.", "https://github.com/ggb0n/CVE-2023-44961
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ggb0n/CVE-2023-44961"], ["2023", "CVE-2023-34563", "netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.", "No PoCs found on GitHub currently.", "https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-34563/EN.md"], ["2023", "CVE-2023-25586", "A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://sourceware.org/bugzilla/show_bug.cgi?id=29855"], ["2023", "CVE-2023-25617", "SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.", "https://github.com/karimhabush/cyberowl", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-39618", "TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3199", "The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/truocphan/VulnBox", "No PoCs from references."], ["2023", "CVE-2023-37809", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/TraiLeR2/Unquoted-Service-Path-in-the-Wondershare-Dr.Fone-13.1.5", "No PoCs from references."], ["2023", "CVE-2023-3406", "Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-35001", "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", "https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/johe123qwe/github-trending
https://github.com/mrbrelax/Exploit_CVE-2023-35001
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/syedhafiz1234/nftables-oob-read-write-exploit-CVE-2023-35001-
https://github.com/synacktiv/CVE-2023-35001
https://github.com/xairy/linux-kernel-exploitation", "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"], ["2023", "CVE-2023-32962", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite \u2013 Wishlist for WooCommerce plugin <=\u00a01.3.4 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-35390", ".NET and Visual Studio Remote Code Execution Vulnerability", "https://github.com/r3volved/CVEAggregate", "No PoCs from references."], ["2023", "CVE-2023-49086", "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack.Exploitation of the vulnerability is possible for an authorized user. The vulnerable component isthe `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code inthe attacked user's browser. This issue has been patched in version 1.2.26.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr"], ["2023", "CVE-2023-21882", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-40465", "Several versions ofALEOS, including ALEOS 4.16.0, include an opensourcethird-partycomponent which can be exploited from the localarea network,resulting in a Denial of Service condition for the captive portal.", "No PoCs found on GitHub currently.", "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"], ["2023", "CVE-2023-31799", "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.", "https://github.com/msegoviag/discovered-vulnerabilities
https://github.com/msegoviag/msegoviag", "No PoCs from references."], ["2023", "CVE-2023-31548", "A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.", "https://github.com/10splayaSec/CVE-Disclosures", "https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-31548"], ["2023", "CVE-2023-49257", "An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47345", "Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.", "No PoCs found on GitHub currently.", "https://github.com/free5gc/free5gc/issues/483"], ["2023", "CVE-2023-32721", "A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23455", "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", "https://github.com/ARPSyndicate/cvemon
https://github.com/alopresto/epss_api_demo
https://github.com/alopresto6m/epss_api_demo", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b"], ["2023", "CVE-2023-28222", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/Wh04m1001/CVE-2023-29343", "No PoCs from references."], ["2023", "CVE-2023-1443", "A vulnerability was found in Filseclab Twister Antivirus 8. It has been declared as problematic. This vulnerability affects the function 0x80112053 in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223288.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1443"], ["2023", "CVE-2023-47254", "An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt
https://www.syss.de/pentest-blog/command-injection-via-cli-des-draytek-vigor167-syss-2023-023"], ["2023", "CVE-2023-36239", "libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.", "No PoCs found on GitHub currently.", "https://github.com/libming/libming/issues/273"], ["2023", "CVE-2023-2838", "Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f"], ["2023", "CVE-2023-4237", "A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42471", "The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).", "https://github.com/actuator/cve
https://github.com/actuator/wave.ai.browser
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/actuator/cve/blob/main/CVE-2023-42471
https://github.com/actuator/wave.ai.browser/blob/main/CWE-94.md
https://github.com/actuator/wave.ai.browser/blob/main/poc.apk"], ["2023", "CVE-2023-1880", "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"], ["2023", "CVE-2023-35110", "An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.", "No PoCs found on GitHub currently.", "https://github.com/grobmeier/jjson/issues/2"], ["2023", "CVE-2023-21993", "Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications (component: Forms). The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical Remote Data Capture. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Clinical Remote Data Capture accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-40574", "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", "No PoCs found on GitHub currently.", "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-422p-gj6x-93cw"], ["2023", "CVE-2023-31519", "Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php.", "https://github.com/yangliukk/Injection-Vulnerability-In-Pharmacy-Management-System-1.0", "No PoCs from references."], ["2023", "CVE-2023-25108", "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716"], ["2023", "CVE-2023-2978", "A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be"], ["2023", "CVE-2023-3686", "A vulnerability was found in Bylancer QuickAI OpenAI 3.8.1. It has been declared as critical. This vulnerability affects unknown code of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-234232. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1783", "OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.", "No PoCs found on GitHub currently.", "https://fluidattacks.com/advisories/stirling/"], ["2023", "CVE-2023-39107", "An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.", "https://github.com/NSEcho/vos", "https://www.ns-echo.com/posts/nomachine_afo.html"], ["2023", "CVE-2023-24046", "An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility.", "No PoCs found on GitHub currently.", "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/"], ["2023", "CVE-2023-42653", "In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40756", "User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"], ["2023", "CVE-2023-3836", "A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/1f3lse/taiE
https://github.com/20142995/sectool
https://github.com/codeb0ss/CVE-2023-3836
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/zh-byte/CVE-2023-3836", "No PoCs from references."], ["2023", "CVE-2023-26143", "Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JS-BLAMER-5731318"], ["2023", "CVE-2023-3735", "Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39325", "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/knabben/dos-poc
https://github.com/latchset/tang-operator", "https://go.dev/issue/63417"], ["2023", "CVE-2023-1630", "A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1630"], ["2023", "CVE-2023-47076", "Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39265", "Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like\u00a0sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity.\u00a0This vulnerability exists in Apache Superset versions up to and including 2.1.0.", "https://github.com/nvn1729/advisories", "http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"], ["2023", "CVE-2023-48208", "A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175805"], ["2023", "CVE-2023-48199", "HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker can then manipulate page content in the QR code detail popup, often coupled with social engineering tactics, exploiting both the trust of users and the application's lack of proper input handling.", "https://github.com/nitipoom-jar/CVE-2023-48199
https://github.com/nomi-sec/PoC-in-GitHub", "https://nitipoom-jar.github.io/CVE-2023-48199/"], ["2023", "CVE-2023-2519", "A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. VDB-228010 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.228010"], ["2023", "CVE-2023-49164", "Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21960", "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-2799", "A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-35363", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4295", "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176109/Arm-Mali-CSF-Overflow-Use-After-Free.html"], ["2023", "CVE-2023-4104", "An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.*This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.", "https://github.com/aobakwewastaken/aobakwewastaken
https://github.com/kherrick/hacker-news", "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7110"], ["2023", "CVE-2023-21871", "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26112", "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\$(.*)\$.

**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494"], ["2023", "CVE-2023-21772", "Windows Kernel Elevation of Privilege Vulnerability", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html"], ["2023", "CVE-2023-28391", "A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1732"], ["2023", "CVE-2023-32503", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <=\u00a00.4.6 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1721", "Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.", "No PoCs found on GitHub currently.", "https://fluidattacks.com/advisories/blessd/"], ["2023", "CVE-2023-28140", "An Executable Hijacking condition exists in theQualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackersmay load a malicious copy of a Dependency Link Library (DLL) via a localattack vector instead of the DLL that the application was expecting, whenprocesses are running with escalated privileges. This vulnerabilityis bounded only to the time of uninstallation and can only be exploitedlocally.At the time of this disclosure, versions before 4.0 are classified as End ofLife.", "No PoCs found on GitHub currently.", "https://www.qualys.com/security-advisories/"], ["2023", "CVE-2023-23737", "Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <=\u00a04.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32443", "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents.", "https://github.com/jp-cpe/retrieve-cvss-scores
https://github.com/xsscx/Commodity-Injection-Signatures
https://github.com/xsscx/macos-research", "No PoCs from references."], ["2023", "CVE-2023-24157", "A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.", "No PoCs found on GitHub currently.", "https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/updateWifiInfo/updateWifiInfo.md"], ["2023", "CVE-2023-1822", "Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-21931", "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "https://github.com/20142995/sectool
https://github.com/4ra1n/CVE-2023-21839
https://github.com/ARPSyndicate/cvemon
https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
https://github.com/BrittanyKuhn/javascript-tutorial
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
https://github.com/KimJun1010/WeblogicTool
https://github.com/MMarch7/weblogic_CVE-2023-21931_POC-EXP
https://github.com/Romanc9/Gui-poc-test
https://github.com/X1r0z/X1r0z
https://github.com/gobysec/Weblogic
https://github.com/hktalent/TOP
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/trganda/starrlist", "http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html
https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-42445", "Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6246", "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.", "https://github.com/20142995/sectool
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/krishnamk00/Top-10-OpenSource-News-Weekly
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2024/Feb/3
https://www.openwall.com/lists/oss-security/2024/01/30/6
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"], ["2023", "CVE-2023-35124", "An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775"], ["2023", "CVE-2023-47320", "Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in \"Maintenance Mode\" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.", "https://github.com/RhinoSecurityLabs/CVEs", "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320"], ["2023", "CVE-2023-3523", "Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac"], ["2023", "CVE-2023-27179", "GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/171894/GDidees-CMS-3.9.1-Local-File-Disclosure-Directory-Traversal.html"], ["2023", "CVE-2023-30701", "PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23570", "Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32595", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <=\u00a01.0.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28096", "OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `{\"jsonrpc\": \"2.0\",\"method\": \"log_le`. This malformed message was tested against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption over time. To abuse this memory leak, attackers need to reach the management interface (MI) which typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying system\u2019s availability. No authentication is typically required to reproduce this issue. On the other hand, memory leaks may occur in other areas of OpenSIPS where the cJSON library is used for parsing JSON objects. The issue has been fixed in versions 3.1.8 and 3.2.5.", "https://github.com/karimhabush/cyberowl", "https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf"], ["2023", "CVE-2023-39073", "An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request.", "No PoCs found on GitHub currently.", "https://gist.github.com/ph4nt0mbyt3/9456312e867c10de8f808250ec0b12d3"], ["2023", "CVE-2023-6306", "A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246132.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.246132"], ["2023", "CVE-2023-49372", "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.", "No PoCs found on GitHub currently.", "https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20present%20at%20the%20new%20location%20of%20the%20rotation%20image.md"], ["2023", "CVE-2023-30802", "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.", "No PoCs found on GitHub currently.", "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4"], ["2023", "CVE-2023-4203", "Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2023/Aug/13
https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/"], ["2023", "CVE-2023-40791", "extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.", "No PoCs found on GitHub currently.", "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12"], ["2023", "CVE-2023-4192", "A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235.", "No PoCs found on GitHub currently.", "https://github.com/Yesec/Resort-Reservation-System/blob/main/SQL%20Injection%20in%20manage_user.php/vuln.md"], ["2023", "CVE-2023-33568", "An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.", "https://github.com/komodoooo/Some-things
https://github.com/komodoooo/some-things", "https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/"], ["2023", "CVE-2023-44398", "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5"], ["2023", "CVE-2023-44009", "File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-37070", "Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)", "No PoCs found on GitHub currently.", "https://github.com/InfoSecWarrior/Offensive-Payloads/blob/main/Cross-Site-Scripting-XSS-Payloads.txt"], ["2023", "CVE-2023-26095", "ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33479", "RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.", "No PoCs found on GitHub currently.", "https://github.com/remoteclinic/RemoteClinic/issues/23"], ["2023", "CVE-2023-0818", "Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a"], ["2023", "CVE-2023-34188", "The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.", "https://github.com/narfindustries/http-garden", "https://github.com/cesanta/mongoose/pull/2197"], ["2023", "CVE-2023-30581", "The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js", "https://github.com/RafaelGSS/is-my-node-vulnerable", "No PoCs from references."], ["2023", "CVE-2023-42886", "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution.", "https://github.com/kohnakagawa/kohnakagawa", "No PoCs from references."], ["2023", "CVE-2023-45274", "Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <=\u00a01.3.1 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3432", "Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51"], ["2023", "CVE-2023-1537", "Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/171cde18-a447-446c-a9ab-297953ad9b86"], ["2023", "CVE-2023-50449", "JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.", "No PoCs found on GitHub currently.", "https://gitee.com/heyewei/JFinalcms/issues/I7WGC6"], ["2023", "CVE-2023-26244", "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves", "No PoCs from references."], ["2023", "CVE-2023-40451", "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3610", "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.", "https://github.com/EGI-Federation/SVG-advisories", "No PoCs from references."], ["2023", "CVE-2023-40970", "Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.", "No PoCs found on GitHub currently.", "https://github.com/slims/slims9_bulian/issues/205"], ["2023", "CVE-2023-1715", "A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-1715/"], ["2023", "CVE-2023-23492", "The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.", "https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/JoshuaMart/JoshuaMart", "https://www.tenable.com/security/research/tra-2023-3"], ["2023", "CVE-2023-32477", "Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-7219", "A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50968", "Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.The same uri can be operated to realize a SSRF attack also without authorizations.Users are recommended to upgrade to version 18.12.11, which fixes this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29189", "SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-29218", "** DISPUTED ** The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. NOTE: Vendor states that allowing users to unfollow, mute, block, and report tweets and accounts and the impact of these negative engagements on Twitter\u2019s ranking algorithm is a conscious design decision, rather than a security vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/igorbrigadir/awesome-twitter-algo", "No PoCs from references."], ["2023", "CVE-2023-49290", "lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource- intensive. Therefore, if an attacker sets the p2c parameter in JWE to a very large number, it can cause a lot of computational consumption, resulting in a denial of service. This vulnerability has been addressed in commit `64f2a229b` which has been included in release version 1.2.27 and 2.0.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf"], ["2023", "CVE-2023-1816", "Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-4070", "Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21905", "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Routing Hub). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-35357", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/174116/Microsoft-Windows-Kernel-Unsafe-Reference.html"], ["2023", "CVE-2023-24023", "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.", "https://github.com/engn33r/awesome-bluetooth-security
https://github.com/francozappa/bluffs", "No PoCs from references."], ["2023", "CVE-2023-42636", "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1956", "A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.225343"], ["2023", "CVE-2023-3853", "A vulnerability was found in phpscriptpoint BloodBank 1.1. It has been rated as problematic. This issue affects some unknown processing of the file page.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235205 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://vuldb.com/?id.235205"], ["2023", "CVE-2023-26126", "All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.", "No PoCs found on GitHub currently.", "https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998
https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915"], ["2023", "CVE-2023-21845", "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). The supported version that is affected is 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-21746", "Windows NTLM Elevation of Privilege Vulnerability", "https://github.com/0xsyr0/OSCP
https://github.com/ARPSyndicate/cvemon
https://github.com/Etoile1024/Pentest-Common-Knowledge
https://github.com/MarikalAbhijeet/Localpotatoexploit
https://github.com/Muhammad-Ali007/LocalPotato_CVE-2023-21746
https://github.com/SirElmard/ethical_hacking
https://github.com/blu3ming/LocalPotato
https://github.com/chudamax/LocalPotatoExamples
https://github.com/decoder-it/LocalPotato
https://github.com/kgwanjala/oscp-cheatsheet
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/oscpname/OSCP_cheat
https://github.com/revanmalang/OSCP
https://github.com/txuswashere/OSCP
https://github.com/xhref/OSCP", "No PoCs from references."], ["2023", "CVE-2023-1655", "Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9"], ["2023", "CVE-2023-33849", "IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.", "No PoCs found on GitHub currently.", "https://www.ibm.com/support/pages/node/7001687"], ["2023", "CVE-2023-42824", "The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/Threekiii/CVE
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2023", "CVE-2023-23752", "An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.", "https://github.com/0x783kb/Security-operation-book
https://github.com/0xNahim/CVE-2023-23752
https://github.com/0xWhoami35/Devvorte-Writeup
https://github.com/20142995/Goby
https://github.com/20142995/pocsuite3
https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/ATIGNONWilliam/-Joomla-v4.2.8---Divulgation-d-informations-non-authentifi-es
https://github.com/Acceis/exploit-CVE-2023-23752
https://github.com/AkbarWiraN/Joomla-Scanner
https://github.com/AlissoftCodes/CVE-2023-23752
https://github.com/Anekant-Singhai/Exploits
https://github.com/Archan6el/Devvortex-Writeup
https://github.com/Archan6el/Devvortex-Writeup-HackTheBox
https://github.com/BearClaw96/Joomla-v4.x-Unauthenticated-information-disclosure
https://github.com/BugBlocker/lotus-scripts
https://github.com/C1ph3rX13/CVE-2023-23752
https://github.com/CVEDB/PoC-List
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/Fernando-olv/Joomla-CVE-2023-23752
https://github.com/Ge-Per/Scanner-CVE-2023-23752
https://github.com/Gerxnox/One-Liner-Collections
https://github.com/GhostToKnow/CVE-2023-23752
https://github.com/H454NSec/CVE-2023-23752
https://github.com/Henry4E36/POCS
https://github.com/Jenderal92/Joomla-CVE-2023-23752
https://github.com/JeneralMotors/CVE-2023-23752
https://github.com/K3ysTr0K3R/CVE-2023-23752-EXPLOIT
https://github.com/KayCHENvip/vulnerability-poc
https://github.com/Ly0kha/Joomla-CVE-2023-23752-Exploit-Script
https://github.com/Marco-zcl/POC
https://github.com/MrP4nda1337/CVE-2023-23752
https://github.com/Ostorlab/KEV
https://github.com/Pari-Malam/CVE-2023-23752
https://github.com/Pari-Malam/DorkerW-CVE-2023-23752
https://github.com/Pushkarup/CVE-2023-23752
https://github.com/Rival420/CVE-2023-23752
https://github.com/RootKRD/CVE-2023
https://github.com/Saboor-Hakimi/CVE-2023-23752
https://github.com/SrcVme50/Devvortex
https://github.com/Sweelg/CVE-2023-23752
https://github.com/ThatNotEasy/CVE-2023-23752
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/CVE
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/TindalyTn/CVE-2023-23752
https://github.com/Vulnmachines/joomla_CVE-2023-23752
https://github.com/WhiteOwl-Pub/CVE-2023-23752
https://github.com/WhiteOwl-Pub/Joomla-PoC-CVE-2023-23752
https://github.com/XRSec/AWVS-Update
https://github.com/Youns92/Joomla-v4.2.8---CVE-2023-23752
https://github.com/YusinoMy/CVE-2023-23752
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/adhikara13/CVE-2023-23752
https://github.com/adriyansyah-mf/CVE-2023-23752
https://github.com/aliestercrowleymv/CVE-2023-23752-Vulnerability-Scanner
https://github.com/bakery312/Vulhub-Reproduce
https://github.com/cybernetwiz/CVE-2023-23752
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/dravenww/curated-article
https://github.com/equationsoftworks/Radiance
https://github.com/fardeen-ahmed/Bug-bounty-Writeups
https://github.com/gh1mau/nse
https://github.com/gibran-abdillah/CVE-2023-23752
https://github.com/gunzf0x/CVE-2023-23752
https://github.com/hadrian3689/CVE-2023-23752_Joomla
https://github.com/haxor1337x/Mass-Checker-CVE-2023-23752
https://github.com/hktalent/TOP
https://github.com/ibaiw/joomla_CVE-2023-23752
https://github.com/ifacker/CVE-2023-23752-Joomla
https://github.com/imnewbie1/JoomlaDB
https://github.com/izj007/wechat
https://github.com/k0valskia/CVE-2023-23752
https://github.com/k8gege/Ladon
https://github.com/karthikuj/CVE-2023-23752-Docker
https://github.com/keyuan15/CVE-2023-23752
https://github.com/lainonz/CVE-2023-23752
https://github.com/luck-ying/Goby2.0-POC
https://github.com/luck-ying/Library-POC
https://github.com/malionnn/-Joomla-v4.2.8---Divulgation-d-informations-non-authentifi-es
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/r3dston3/CVE-2023-23752
https://github.com/raystr-atearedteam/CVE2023-23752
https://github.com/shellvik/CVE-2023-23752
https://github.com/soryecker/HScan
https://github.com/sponkmonk/Ladon_english_update
https://github.com/svaltheim/CVE-2023-23752
https://github.com/sw0rd1ight/CVE-2023-23752
https://github.com/thecybertix/One-Liner-Collections
https://github.com/trganda/dockerv
https://github.com/txuswashere/OSCP
https://github.com/wangking1/CVE-2023-23752-poc
https://github.com/wibuheker/Joomla-CVE-2023-23752
https://github.com/wy876/POC
https://github.com/xingchennb/POC-
https://github.com/yTxZx/CVE-2023-23752
https://github.com/yusinomy/CVE-2023-23752
https://github.com/z3n70/CVE-2023-23752", "No PoCs from references."], ["2023", "CVE-2023-24132", "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet.", "No PoCs found on GitHub currently.", "https://oxnan.com/posts/WifiBasic_wepkey3_5g_DoS"], ["2023", "CVE-2023-23851", "SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-6124", "Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e"], ["2023", "CVE-2023-21954", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-50879", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43999", "An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0568", "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-49381", "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.", "No PoCs found on GitHub currently.", "https://github.com/cui2shark/cms/blob/main/CSRF%20exists%20at%20the%20modification%20point%20of%20the%20custom%20table.md"], ["2023", "CVE-2023-51787", "An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak.", "https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3802", "A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Controller/Ajaxfileupload.ashx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235070 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.235070"], ["2023", "CVE-2023-40762", "User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"], ["2023", "CVE-2023-37192", "Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html
https://www.youtube.com/watch?v=oEl4M1oZim0"], ["2023", "CVE-2023-47102", "UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.", "https://github.com/nitipoom-jar/CVE-2023-47102
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/quantiano/cve-2023-47102", "https://quantiano.github.io/cve-2023-47102/"], ["2023", "CVE-2023-3490", "SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"], ["2023", "CVE-2023-45007", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto plugin <=\u00a01.2.8 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45396", "An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.", "No PoCs found on GitHub currently.", "https://github.com/strik3r0x1/Vulns/blob/main/(IDOR)%20leads%20to%20events%20profiles%20access%20-%20Elenos.md"], ["2023", "CVE-2023-1595", "A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223663.", "https://github.com/karimhabush/cyberowl", "https://github.com/1610349395/novel-plus-v3.6.2----Background-SQL-Injection-Vulnerability-/blob/main/novel-plus%20v3.6.2%20--%20Background%20SQL%20Injection%20Vulnerability.md"], ["2023", "CVE-2023-23583", "Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.", "https://github.com/EGI-Federation/SVG-advisories
https://github.com/Mav3r1ck0x1/CVE-2023-23583-Reptar-
https://github.com/blazcode/INTEL-SA-00950
https://github.com/giterlizzi/secdb-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/speed47/spectre-meltdown-checker", "No PoCs from references."], ["2023", "CVE-2023-45016", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1584", "A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30472", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeShop URL Shortener by MyThemeShop plugin <=\u00a01.0.17 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-3710", "Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).", "https://github.com/CwEeR313/CVE-2023-3710
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/vpxuser/CVE-2023-3710-POC", "https://www.honeywell.com/us/en/product-security"], ["2023", "CVE-2023-29089", "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172292/Shannon-Baseband-Negative-Size-Memcpy-Out-Of-Bounds-Read.html"], ["2023", "CVE-2023-43988", "An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50868", "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", "https://github.com/GitHubForSnap/knot-resolver-gael
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/marklogic/marklogic-docker", "No PoCs from references."], ["2023", "CVE-2023-23900", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <=\u00a06.8.8 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-35086", "It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. An unauthenticated remote attacker without privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tin-z/CVE-2023-35086-POC
https://github.com/tin-z/tin-z", "No PoCs from references."], ["2023", "CVE-2023-49001", "An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.", "https://github.com/actuator/com.gurry.kvbrowser
https://github.com/actuator/cve
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/actuator/com.gurry.kvbrowser/blob/main/CWE-94.md"], ["2023", "CVE-2023-1916", "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.", "No PoCs found on GitHub currently.", "https://gitlab.com/libtiff/libtiff/-/issues/537"], ["2023", "CVE-2023-6075", "A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944.", "https://github.com/scumdestroy/scumdestroy", "No PoCs from references."], ["2023", "CVE-2023-51547", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support \u2013 WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support \u2013 WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4030", "A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.", "https://github.com/Appropriate-Solutions-Inc/cachenvd", "No PoCs from references."], ["2023", "CVE-2023-21945", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-24123", "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.", "No PoCs found on GitHub currently.", "https://oxnan.com/posts/WifiBasic_wepauth_DoS"], ["2023", "CVE-2023-1856", "A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.224995"], ["2023", "CVE-2023-50928", "\"Sandbox Accounts for Events\" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39240", "It is identified a format string vulnerability in ASUS RT-AX56U V2\u2019s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.", "https://github.com/ShielderSec/poc", "No PoCs from references."], ["2023", "CVE-2023-1755", "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "https://github.com/punggawacybersecurity/CVE-List", "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"], ["2023", "CVE-2023-40930", "Skyworth 3.0 OS is vulnerable to Directory Traversal.", "https://github.com/NSnidie/CVE-2023-40930
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-45047", "Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <=\u00a00.7.4 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1644", "A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1644"], ["2023", "CVE-2023-39351", "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq"], ["2023", "CVE-2023-47142", "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4121", "A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/izj007/wechat", "https://github.com/torres14852/cve/blob/main/upload.md"], ["2023", "CVE-2023-26137", "All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.", "https://github.com/dellalibera/dellalibera", "https://gist.github.com/dellalibera/666d67165830ded052a1ede2d2c0b02a
https://security.snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-5665554"], ["2023", "CVE-2023-21854", "Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Core Components). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales Offline. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sales Offline accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-42627", "Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1947", "A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://gitee.com/misak7in/cve/blob/master/taocms.md"], ["2023", "CVE-2023-0528", "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219597 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.219597"], ["2023", "CVE-2023-29209", "XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the legacy notification activity macro. This macro is installed by default in XWiki. The vulnerability can be exploited via every wiki page that is editable including the user's profile, but also with just view rights using the HTMLConverter that is part of the CKEditor integration which is bundled with XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.", "No PoCs found on GitHub currently.", "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9pc2-x9qf-7j2q"], ["2023", "CVE-2023-26077", "Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.", "https://github.com/vulerols/msiner", "No PoCs from references."], ["2023", "CVE-2023-1704", "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f"], ["2023", "CVE-2023-39211", "Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30563", "A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51984", "D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-7208", "A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Knighthana/YABWF
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/unpWn4bL3/iot-security/blob/main/13.md"], ["2023", "CVE-2023-20759", "In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07634601.", "https://github.com/Resery/Resery
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26255", "An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu & Themes\" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.", "https://github.com/0x7eTeam/CVE-2023-26256
https://github.com/Nian-Stars/CVE-2023-26255-6
https://github.com/aodsec/CVE-2023-26256
https://github.com/jcad123/CVE-2023-26256
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tucommenceapousser/CVE-2023-26255-Exp", "https://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26255.md"], ["2023", "CVE-2023-24350", "D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.", "No PoCs found on GitHub currently.", "https://github.com/1160300418/Vuls/tree/main/D-Link/DIR-605L/03"], ["2023", "CVE-2023-28347", "An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner.", "No PoCs found on GitHub currently.", "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories"], ["2023", "CVE-2023-3423", "Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/dd19c7d0-70f1-4d86-a552-611dfa8e0139"], ["2023", "CVE-2023-30741", "Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-0949", "Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/ef87be4e-493b-4ee9-9738-44c55b8acc19"], ["2023", "CVE-2023-27079", "Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package", "No PoCs found on GitHub currently.", "https://github.com/B2eFly/Router/blob/main/Tenda/G103/2.md"], ["2023", "CVE-2023-32495", "Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.", "No PoCs found on GitHub currently.", "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"], ["2023", "CVE-2023-51674", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42405", "SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().", "No PoCs found on GitHub currently.", "https://github.com/fit2cloud/rackshift/issues/79"], ["2023", "CVE-2023-42794", "Incomplete Cleanup vulnerability in Apache Tomcat.The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full.Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.", "https://github.com/muneebaashiq/MBProjects", "No PoCs from references."], ["2023", "CVE-2023-24181", "LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.", "No PoCs found on GitHub currently.", "https://github.com/ABB-EL/external-vulnerability-disclosures/security/advisories/GHSA-9gqg-pp5p-q9hg"], ["2023", "CVE-2023-33468", "KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.", "https://github.com/Sharpe-nl/CVEs", "No PoCs from references."], ["2023", "CVE-2023-44109", "Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-37170", "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1"], ["2023", "CVE-2023-51765", "sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.", "https://github.com/eeenvik1/CVE-2023-51764
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hannob/smtpsmug
https://github.com/sagredo-dev/qmail", "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"], ["2023", "CVE-2023-4183", "A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.236218"], ["2023", "CVE-2023-35075", "Mattermost fails to use\u00a0 innerText /\u00a0textContent\u00a0when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-44018", "Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function.", "https://github.com/aixiao0621/Tenda", "https://github.com/aixiao0621/Tenda/blob/main/AC10U/10/0.md"], ["2023", "CVE-2023-20708", "In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Resery/Resery", "No PoCs from references."], ["2023", "CVE-2023-27168", "An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34319", "The fix for XSA-423 added logic to Linux'es netback driver to deal witha frontend splitting a packet in a way such that not all of the headerswould come in one piece. Unfortunately the logic introduced theredidn't account for the extreme case of the entire packet being splitinto as many pieces as permitted by the protocol, yet still beingsmaller than the area that's specially dealt with to keep all (possible)headers together. Such an unusual packet would therefore trigger abuffer overrun in the driver.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"], ["2023", "CVE-2023-32615", "A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771"], ["2023", "CVE-2023-39062", "Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.", "https://github.com/afine-com/CVE-2023-39062
https://github.com/afine-com/research
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-47271", "PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176255/PKP-WAL-3.4.0-3-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2023/Dec/23"], ["2023", "CVE-2023-30481", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <=\u00a03.2.4 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23421", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/171866/Microsoft-Windows-Kernel-Transactional-Registry-Key-Rename-Issues.html"], ["2023", "CVE-2023-32755", "e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45234", "EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", "https://github.com/quarkslab/pixiefail", "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"], ["2023", "CVE-2023-1437", "All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39122", "BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).", "No PoCs found on GitHub currently.", "https://github.com/DojoSecurity/BMC-Control-M-Unauthenticated-SQL-Injection"], ["2023", "CVE-2023-3532", "Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to 0.70.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.dev/bounties/ebd2428a-e2cb-480e-ba37-dd89ad62cf1b"], ["2023", "CVE-2023-34259", "Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.", "No PoCs found on GitHub currently.", "https://seclists.org/fulldisclosure/2023/Jul/15"], ["2023", "CVE-2023-4352", "Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174669/Chrome-Read-Only-Property-Overwrite.html"], ["2023", "CVE-2023-40656", "A reflected XSS vulnerability was discovered in the Quickform component for Joomla.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26043", "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.", "No PoCs found on GitHub currently.", "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8"], ["2023", "CVE-2023-21920", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-49124", "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42753", "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
https://seclists.org/oss-sec/2023/q3/216
https://www.openwall.com/lists/oss-security/2023/09/22/10"], ["2023", "CVE-2023-5339", "Mattermost Desktop\u00a0fails to set an appropriate log level during initial run after fresh installation\u00a0resulting in logging all keystrokes\u00a0including password entry\u00a0being logged.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31938", "SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.", "https://github.com/DiliLearngent/BugReport", "No PoCs from references."], ["2023", "CVE-2023-1730", "The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2023", "CVE-2023-45133", "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.", "https://github.com/ViniMortinho/Babel-vulner-vel-a-execucao-arbitraria-de-codigo-ao-compilar-codigo-malicioso-especificamente-criado
https://github.com/azu/babel-traversal-eval-issue
https://github.com/seal-community/patches", "No PoCs from references."], ["2023", "CVE-2023-40955", "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component.", "No PoCs found on GitHub currently.", "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/2"], ["2023", "CVE-2023-3635", "GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.", "https://github.com/jenkinsci/defensics-plugin", "https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/"], ["2023", "CVE-2023-39365", "Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22"], ["2023", "CVE-2023-48308", "Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38398", "Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <=\u00a02.0.1 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2788", "Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.", "No PoCs found on GitHub currently.", "https://mattermost.com/security-updates/"], ["2023", "CVE-2023-4284", "The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40716", "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] \u00a0in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4115", "A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html"], ["2023", "CVE-2023-21860", "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26103", "Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server.", "https://github.com/dellalibera/dellalibera", "https://security.snyk.io/vuln/SNYK-RUST-DENO-3315970"], ["2023", "CVE-2023-24397", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <=\u00a01.0.11 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6381", "Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2699", "A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.", "https://github.com/tht1997/tht1997", "https://vuldb.com/?id.228980"], ["2023", "CVE-2023-4395", "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/60e38563-7ac8-4a13-ac04-2980cc48b0da"], ["2023", "CVE-2023-3967", "Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40596", "In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.", "https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4004", "A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"], ["2023", "CVE-2023-21971", "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).", "https://github.com/Avento/CVE-2023-21971_Analysis
https://github.com/nomi-sec/PoC-in-GitHub", "https://www.oracle.com/security-alerts/cpuapr2023.html
https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-24117", "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet.", "No PoCs found on GitHub currently.", "https://oxnan.com/posts/WifiBasic_wepauth_5g_DoS"], ["2023", "CVE-2023-28100", "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hartwork/antijack
https://github.com/karimhabush/cyberowl", "https://marc.info/?l=oss-security&m=167879021709955&w=2"], ["2023", "CVE-2023-1761", "Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2023", "CVE-2023-32792", "Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23777", "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30697", "An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47067", "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40904", "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5368", "On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1621", "An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address.", "No PoCs found on GitHub currently.", "https://gitlab.com/gitlab-org/gitlab/-/issues/399774"], ["2023", "CVE-2023-30446", "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361.", "No PoCs found on GitHub currently.", "https://www.ibm.com/support/pages/node/7010557"], ["2023", "CVE-2023-26152", "All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/lirantal/1f7021703a2065ecaf9ec9e06a3a346d
https://security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341"], ["2023", "CVE-2023-21831", "Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Academic Advisement. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Academic Advisement accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-23934", "Werkzeug is a comprehensive WSGI web application library. Browsers may allow \"nameless\" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.", "https://github.com/ARPSyndicate/cvemon
https://github.com/HotDB-Community/HotDB-Engine
https://github.com/SenhorDosSonhos1/projeto-voluntario-lacrei", "No PoCs from references."], ["2023", "CVE-2023-42642", "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38058", "An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.This issue affects OTRS: from 8.0.X before 8.0.35.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2448", "The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.", "https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"], ["2023", "CVE-2023-36368", "An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.", "https://github.com/Sedar2024/Sedar", "No PoCs from references."], ["2023", "CVE-2023-25119", "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716"], ["2023", "CVE-2023-23415", "Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability", "https://github.com/ARPSyndicate/cvemon
https://github.com/CVEDB/PoC-List
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/amitdubey1921/CVE-2023-23415
https://github.com/amitdubey1921/CVE-2023-23416
https://github.com/hktalent/TOP
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-39287", "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.", "https://github.com/SYNgularity1/mitel-exploits", "No PoCs from references."], ["2023", "CVE-2023-47094", "A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21982", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-30967", "Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.", "No PoCs found on GitHub currently.", "https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79"], ["2023", "CVE-2023-1891", "The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting", "https://github.com/ARPSyndicate/cvemon", "https://wpscan.com/vulnerability/4e5d993f-cc20-4b5f-b4c8-c13004151828"], ["2023", "CVE-2023-6263", "An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440.\u00a0It was possible to add a fake VMS server to NxCloud by using the exact\u00a0identification of a legitimate VMS server. As result, it was possible to\u00a0retrieve authorization headers from legitimate users when the\u00a0legitimate client connects to the fake VMS server.", "No PoCs found on GitHub currently.", "https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing"], ["2023", "CVE-2023-31699", "ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.", "No PoCs found on GitHub currently.", "https://github.com/ChurchCRM/CRM/issues/6471"], ["2023", "CVE-2023-31448", "A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-37144", "Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.", "No PoCs found on GitHub currently.", "https://github.com/DaDong-G/Vulnerability_info/blob/main/ac10_command_injection/Readme.md"], ["2023", "CVE-2023-4226", "Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-4226"], ["2023", "CVE-2023-1543", "Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/f82388d6-dfc3-4fbc-bea6-eb40cf5b2683"], ["2023", "CVE-2023-28322", "An information disclosure vulnerability exists in curl https://github.com/awest25/Curl-Security-Evaluation
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-3446", "Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of thosechecks confirms that the modulus ('p' parameter) is not too large. Trying to usea very large modulus is slow and OpenSSL will not normally use a modulus whichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parametersthat have been supplied. Some of those checks use the supplied modulus valueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "https://github.com/adegoodyer/kubernetes-admin-toolkit
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39147", "An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173878/Uvdesk-1.1.3-Shell-Upload.html"], ["2023", "CVE-2023-1452", "A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/gpac/gpac/issues/2386"], ["2023", "CVE-2023-47354", "An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent", "https://github.com/actuator/com.bdrm.superreboot
https://github.com/actuator/cve", "https://github.com/actuator/com.bdrm.superreboot/blob/main/CWE-925.md"], ["2023", "CVE-2023-52429", "dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40534", "When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42431", "Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49246", "Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21893", "Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-4277", "The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24364", "Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel.", "No PoCs found on GitHub currently.", "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip"], ["2023", "CVE-2023-31419", "A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.", "https://github.com/muneebaashiq/MBProjects
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419
https://github.com/u238/Elasticsearch-CVE-2023-31419", "https://www.elastic.co/community/security"], ["2023", "CVE-2023-25399", "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/vin01/bogus-cves", "No PoCs from references."], ["2023", "CVE-2023-32670", "Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version, which could allow a local attacker with basic privileges to execute a malicious payload through the \"[name]=image.jpg\" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23504", "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code with kernel privileges.", "https://github.com/ARPSyndicate/cvemon
https://github.com/adamdoupe/adamd-pocs
https://github.com/houjingyi233/macOS-iOS-system-security
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/zeroc00I/CVE-2023-23504", "No PoCs from references."], ["2023", "CVE-2023-39007", "/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.", "No PoCs found on GitHub currently.", "https://logicaltrust.net/blog/2023/08/opnsense.html"], ["2023", "CVE-2023-3786", "A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://seclists.org/fulldisclosure/2023/Jul/40
https://www.vulnerability-lab.com/get_content.php?id=2323"], ["2023", "CVE-2023-47185", "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments \u2014 wpDiscuz plugin <=\u00a07.6.11 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3417", "Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30775", "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "No PoCs found on GitHub currently.", "https://gitlab.com/libtiff/libtiff/-/issues/464"], ["2023", "CVE-2023-52367", "Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29912", "H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/S1TusiR1n"], ["2023", "CVE-2023-27492", "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter.", "No PoCs found on GitHub currently.", "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2"], ["2023", "CVE-2023-27703", "The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface.", "https://github.com/happy0717/CVE-2023-27703
https://github.com/jiayy/android_vuln_poc-exp
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-5484", "Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50262", "Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself.php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images.When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request.Version 2.0.4 contains a fix for this issue.", "No PoCs found on GitHub currently.", "https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2"], ["2023", "CVE-2023-3219", "The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173992/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.html"], ["2023", "CVE-2023-3188", "Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/0d0d526a-1c39-4e6a-b081-d3914468e495"], ["2023", "CVE-2023-39598", "Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.", "No PoCs found on GitHub currently.", "https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c"], ["2023", "CVE-2023-46776", "Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <=\u00a01.5 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48967", "Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data.", "No PoCs found on GitHub currently.", "https://github.com/noear/solon/issues/226"], ["2023", "CVE-2023-29580", "yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.", "https://github.com/z1r00/fuzz_vuln", "https://github.com/yasm/yasm/issues/215
https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/yasm_expr_create/readmd.md"], ["2023", "CVE-2023-38565", "A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-2035", "A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file signup.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225913 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.225913"], ["2023", "CVE-2023-48827", "Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/176036"], ["2023", "CVE-2023-33252", "iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.", "https://github.com/ARPSyndicate/cvemon
https://github.com/BeosinBlockchainSecurity/Security-Incident-Reports", "No PoCs from references."], ["2023", "CVE-2023-49448", "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.", "No PoCs found on GitHub currently.", "https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20deletion%20point%20of%20navigation%20management.md"], ["2023", "CVE-2023-4539", "Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2.", "https://github.com/defragmentator/mitmsqlproxy", "No PoCs from references."], ["2023", "CVE-2023-34432", "A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27643", "An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library", "No PoCs found on GitHub currently.", "https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27643/CVE%20detail.md"], ["2023", "CVE-2023-41056", "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46935", "eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.", "No PoCs found on GitHub currently.", "https://github.com/weng-xianhu/eyoucms/issues/55"], ["2023", "CVE-2023-3248", "The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-37849", "A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://heegong.github.io/posts/Local-privilege-escalation-in-Panda-Dome-VPN-for-Windows-Installer/"], ["2023", "CVE-2023-46824", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <=\u00a01.7.14 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5847", "Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/tns-2023-37"], ["2023", "CVE-2023-22037", "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-0021", "Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-4428", "Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4568", "PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2023-31"], ["2023", "CVE-2023-46667", "An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server\u2019s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.", "No PoCs found on GitHub currently.", "https://www.elastic.co/community/security"], ["2023", "CVE-2023-33203", "The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.", "No PoCs found on GitHub currently.", "https://bugzilla.suse.com/show_bug.cgi?id=1210685
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9"], ["2023", "CVE-2023-25814", "metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the system to read arbitrary files on the filesystem of the server so long as the server process itself has permission to read the requested files. This issue has been addressed in version 2.7.1. All users are advised to upgrade. There are no known workarounds for this issue.", "No PoCs found on GitHub currently.", "https://github.com/metersphere/metersphere/security/advisories/GHSA-fwc3-5h55-mh2j"], ["2023", "CVE-2023-29491", "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "https://github.com/ARPSyndicate/cvemon
https://github.com/seal-community/patches
https://github.com/yo-yo-yo-jbo/yo-yo-yo-jbo.github.io", "http://www.openwall.com/lists/oss-security/2023/04/19/11"], ["2023", "CVE-2023-44762", "A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-44762_ConcreteCMS-Reflected-XSS---Tags", "https://github.com/sromanhu/ConcreteCMS-Reflected-XSS---Tags"], ["2023", "CVE-2023-43102", "An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-25717", "Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/netlas-io/netlas-dorks", "https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/"], ["2023", "CVE-2023-5595", "Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/gandalf4a/crash_report", "https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e"], ["2023", "CVE-2023-3308", "A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.", "No PoCs found on GitHub currently.", "https://github.com/NanKeXXX/selfVuln_poc/blob/main/whaleal%3Aicefrog/icefrog_1.1.8_RCE.md"], ["2023", "CVE-2023-3099", "A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/i900008/vulndb/blob/main/kylinos_vul4.md"], ["2023", "CVE-2023-31124", "c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36847", "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrityfor a certain part of the file system, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/devmehedi101/bugbounty-CVE-Report
https://github.com/r3dcl1ff/CVE-2023-36844_Juniper_RCE
https://github.com/securi3ytalent/bugbounty-CVE-Report
https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844", "http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html"], ["2023", "CVE-2023-2246", "A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.", "https://github.com/Alexander-Gan/Exploits", "http://packetstormsecurity.com/files/172182/Online-Pizza-Ordering-System-1.0-Shell-Upload.html"], ["2023", "CVE-2023-46445", "An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a \"Rogue Extension Negotiation.\"", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5"], ["2023", "CVE-2023-43320", "An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html"], ["2023", "CVE-2023-25475", "Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <=\u00a04.3 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43260", "Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.", "No PoCs found on GitHub currently.", "https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13"], ["2023", "CVE-2023-5566", "The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50011", "PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.", "https://github.com/capture0x/My-CVE", "https://packetstormsecurity.com/files/175924/PopojiCMS-2.0.1-Remote-Command-Execution.html"], ["2023", "CVE-2023-50380", "XML External Entity injection in apache ambari versions <= 2.7.7,\u00a0Users are recommended to upgrade to version 2.7.8, which fixes this issue.More Details:Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation.This vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2023", "CVE-2023-27570", "The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie.", "No PoCs found on GitHub currently.", "https://security.profileo.com/cve/eo_tags_2023-27569-27570/"], ["2023", "CVE-2023-2097", "A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability.", "https://github.com/Acaard/HTB-PC
https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves
https://github.com/karimhabush/cyberowl", "https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%206.pdf"], ["2023", "CVE-2023-44400", "Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.", "No PoCs found on GitHub currently.", "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"], ["2023", "CVE-2023-38487", "HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one.When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/` API endpoint. The `` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed.Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database.This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`.", "No PoCs found on GitHub currently.", "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-7494-7hcf-vxpg"], ["2023", "CVE-2023-24488", "Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway\u202f\u00a0in allows and attacker to perform cross site scripting", "https://github.com/Abo5/CVE-2023-24488
https://github.com/Abo5/dumpxss
https://github.com/LazyySec/CVE-2023-24488
https://github.com/NSTCyber/CVE-2023-24488-SIEM-Sigma-Rule
https://github.com/SirBugs/CVE-2023-24488-PoC
https://github.com/XRSec/AWVS-Update
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/codeb0ss/cve-2023-24488
https://github.com/crankyyash/Citrix-Gateway-Reflected-Cross-Site-Scripting-XSS
https://github.com/lazysec0x21/CVE-2023-24488
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/raytheon0x21/CVE-2023-24488
https://github.com/securitycipher/CVE-2023-24488
https://github.com/xalgord/My-Methodologies", "No PoCs from references."], ["2023", "CVE-2023-40009", "Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <=\u00a01.4.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36816", "2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3.", "No PoCs found on GitHub currently.", "https://github.com/Bubka/2FAuth/security/advisories/GHSA-cwhq-2mcq-pp9q"], ["2023", "CVE-2023-2186", "On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.", "No PoCs found on GitHub currently.", "https://www.trellix.com/en-us/about/newsroom/stories/research/industrial-and-manufacturing-cves.html"], ["2023", "CVE-2023-38596", "The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.", "https://github.com/trailofbits/publications", "No PoCs from references."], ["2023", "CVE-2023-29573", "Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component.", "https://github.com/z1r00/fuzz_vuln", "https://github.com/axiomatic-systems/Bento4/issues/840
https://github.com/z1r00/fuzz_vuln/blob/main/Bento4/mp4info/readme.md"], ["2023", "CVE-2023-0312", "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"], ["2023", "CVE-2023-30188", "Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.", "https://github.com/merrychap/POC-onlyoffice", "No PoCs from references."], ["2023", "CVE-2023-4818", "PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.\u00a0The attacker must have physical USB access to the device in order to exploit this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.stmcyber.com/pax-pos-cves-2023/"], ["2023", "CVE-2023-49969", "Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer.", "https://github.com/geraldoalcantara/CVE-2023-49969
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-34610", "An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.", "No PoCs found on GitHub currently.", "https://github.com/jdereg/json-io/issues/169"], ["2023", "CVE-2023-34581", "Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/172559/Service-Provider-Management-System-1.0-SQL-Injection.html
https://vulners.com/packetstorm/PACKETSTORM:172559
https://www.exploit-db.com/exploits/51482"], ["2023", "CVE-2023-38904", "A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.", "https://github.com/capture0x/My-CVE", "https://www.exploit-db.com/exploits/51576"], ["2023", "CVE-2023-50291", "Insufficiently Protected Credentials vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had \"password\" contained in the name.There are a number of sensitive system properties, such as \"basicauth\" and \"aws.secretKey\" do not contain \"password\", thus their values were published via the \"/admin/info/properties\" endpoint.This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.This /admin/info/properties endpoint is protected under the \"config-read\" permission.Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the \"config-read\" permission.Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue.A single option now controls hiding Java system property for all endpoints, \"-Dsolr.hiddenSysProps\".By default all known sensitive properties are hidden (including \"-Dbasicauth\"), as well as any property with a name containing \"secret\" or \"password\".Users who cannot upgrade can also use the following Java system property to fix the issue:\u00a0 '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5477", "Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34750", "bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.", "No PoCs found on GitHub currently.", "https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability"], ["2023", "CVE-2023-38844", "SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.", "No PoCs found on GitHub currently.", "https://nexacybersecurity.blogspot.com/2024/02/journey-finding-vulnerabilities-in-pmb-library-management-system.html"], ["2023", "CVE-2023-4958", "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23128", "** DISPUTED **Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.", "https://github.com/ARPSyndicate/cvemon
https://github.com/hktalent/TOP
https://github.com/l00neyhacker/CVE-2023-23128", "No PoCs from references."], ["2023", "CVE-2023-31035", "NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34853", "Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/risuxx/CVE-2023-34853", "No PoCs from references."], ["2023", "CVE-2023-5933", "An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.", "https://github.com/0xfschott/CVE-search", "No PoCs from references."], ["2023", "CVE-2023-2050", "A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225935.", "No PoCs found on GitHub currently.", "https://github.com/E1CHO/cve_hub/blob/main/Advanced%20Online%20Voting%20System/Advanced%20Online%20Voting%20System%20-%20vuln%204.pdf"], ["2023", "CVE-2023-20046", "A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.

This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.

There are workarounds that address this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/orangecertcc/security-research/security/advisories/GHSA-j7p3-gjw6-pp4r
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h"], ["2023", "CVE-2023-33237", "TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.", "https://github.com/3sjay/vulns", "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"], ["2023", "CVE-2023-48842", "D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.", "https://github.com/creacitysec/CVE-2023-48842
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-29734", "An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.", "No PoCs found on GitHub currently.", "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29734/CVE%20detail.md"], ["2023", "CVE-2023-0155", "An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown", "No PoCs found on GitHub currently.", "https://gitlab.com/gitlab-org/gitlab/-/issues/387638"], ["2023", "CVE-2023-6459", "Mattermost is grouping calls in\u00a0the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1239", "Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/3a22c609-d2d8-4613-815d-58f5990b8bd8"], ["2023", "CVE-2023-34457", "MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4"], ["2023", "CVE-2023-46950", "Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43076", "Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52302", "Nullptr in paddle.nextafter\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md"], ["2023", "CVE-2023-1379", "A vulnerability was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file addmem.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223127.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Vinalti/cve-badge.li", "No PoCs from references."], ["2023", "CVE-2023-6519", "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.This issue affects M\u0130A-MED: before 1.0.7.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2110", "Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via \"app://local/\". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-2110/"], ["2023", "CVE-2023-46713", "An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5873", "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.", "https://github.com/tht1997/tht1997", "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce"], ["2023", "CVE-2023-46482", "SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2281", "When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.", "No PoCs found on GitHub currently.", "https://mattermost.com/security-updates/"], ["2023", "CVE-2023-36880", "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31272", "A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1765"], ["2023", "CVE-2023-22003", "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-0015", "In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-46602", "In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a.", "https://github.com/xsscx/xnuimagefuzzer", "https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53"], ["2023", "CVE-2023-5962", "A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2390", "A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/10"], ["2023", "CVE-2023-27974", "** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that \"Auto-fill on page load\" is not enabled by default.", "No PoCs found on GitHub currently.", "https://flashpoint.io/blog/bitwarden-password-pilfering/"], ["2023", "CVE-2023-48813", "Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.", "No PoCs found on GitHub currently.", "https://github.com/slims/slims9_bulian/issues/217"], ["2023", "CVE-2023-52213", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review \u2013 AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review \u2013 AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34797", "Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information.", "https://github.com/WhiteBearVN/CWX-Registration-Broken-Access-Control", "No PoCs from references."], ["2023", "CVE-2023-36692", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin <=\u00a00.6.11 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-25632", "The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5721", "It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50256", "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-20157", "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.", "No PoCs found on GitHub currently.", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"], ["2023", "CVE-2023-31223", "Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.", "No PoCs found on GitHub currently.", "https://excellium-services.com/cert-xlm-advisory/cve-2023-31223/"], ["2023", "CVE-2023-22052", "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-0044", "If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-6548", "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface.", "https://github.com/Ostorlab/KEV
https://github.com/jake-44/Research
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-21388", "In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45498", "VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html
http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html
http://seclists.org/fulldisclosure/2023/Oct/31
https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/"], ["2023", "CVE-2023-6869", "A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2363", "A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639.", "No PoCs found on GitHub currently.", "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Resort_Reservation_System-SQL-Injection-1.md"], ["2023", "CVE-2023-38773", "SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.", "https://github.com/0x72303074/CVE-Disclosures", "No PoCs from references."], ["2023", "CVE-2023-0266", "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.\u00a0SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit\u00a056b88b50565cd8b946a2d00b0c83927b7ebb055e", "https://github.com/ARPSyndicate/cvemon
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/xairy/linux-kernel-exploitation", "No PoCs from references."], ["2023", "CVE-2023-34867", "Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c.", "No PoCs found on GitHub currently.", "https://github.com/jerryscript-project/jerryscript/issues/5084"], ["2023", "CVE-2023-33104", "Transient DOS while processing PDU Release command with a parameter PDU ID out of range.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-35799", "Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.", "No PoCs found on GitHub currently.", "https://advisories.stormshield.eu/2023-022/"], ["2023", "CVE-2023-28868", "Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://herolab.usd.de/en/security-advisories/usd-2022-0002/"], ["2023", "CVE-2023-36822", "Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it's removed before the plugin installation. Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal. This vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on. Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss.", "No PoCs found on GitHub currently.", "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-vr8x-74pm-6vj7"], ["2023", "CVE-2023-20235", "A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.

This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.", "No PoCs found on GitHub currently.", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn"], ["2023", "CVE-2023-2223", "The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173726/WordPress-Login-Rebuilder-Cross-Site-Scripting.html"], ["2023", "CVE-2023-38633", "A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=\".?../../../../../../../../../../etc/passwd\" in an xi:include element.", "https://github.com/20142995/sectool
https://github.com/Loginsoft-Research/Linux-Exploit-Detection
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/bakery312/Vulhub-Reproduce", "http://seclists.org/fulldisclosure/2023/Jul/43
https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/"], ["2023", "CVE-2023-0326", "An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.", "No PoCs found on GitHub currently.", "https://gitlab.com/gitlab-org/gitlab/-/issues/388132"], ["2023", "CVE-2023-33044", "Transient DOS in Data modem while handling TLB control messages from the Network.", "https://github.com/asset-group/5ghoul-5g-nr-attacks", "No PoCs from references."], ["2023", "CVE-2023-34927", "Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.", "No PoCs found on GitHub currently.", "https://github.com/casdoor/casdoor/issues/1531"], ["2023", "CVE-2023-34624", "An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.", "No PoCs found on GitHub currently.", "https://github.com/amplafi/htmlcleaner/issues/13"], ["2023", "CVE-2023-52031", "TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.", "No PoCs found on GitHub currently.", "https://815yang.github.io/2023/12/04/a3700r/TOTOlink%20A3700R_UploadFirmwareFile/"], ["2023", "CVE-2023-43345", "Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-43345-Quick-CMS-Stored-XSS---Pages-Content", "https://github.com/sromanhu/CVE-2023-43345-Quick-CMS-Stored-XSS---Pages-Content"], ["2023", "CVE-2023-6929", "EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.", "No PoCs found on GitHub currently.", "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05"], ["2023", "CVE-2023-34735", "Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection.", "No PoCs found on GitHub currently.", "https://github.com/prismbreak/vulnerabilities/issues/4"], ["2023", "CVE-2023-36630", "In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.", "https://github.com/netlas-io/netlas-dorks", "https://github.com/yunaranyancat/poc-dump/blob/main/cloudpanel/README.md"], ["2023", "CVE-2023-45758", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione Trasparente plugin <=\u00a08.0.2 versions.", "https://github.com/parkttule/parkttule", "No PoCs from references."], ["2023", "CVE-2023-6838", "Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42138", "Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36933", "In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly.", "https://github.com/KushGuptaRH/MOVEit-Response
https://github.com/curated-intel/MOVEit-Transfer", "No PoCs from references."], ["2023", "CVE-2023-29456", "URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34836", "A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sahiloj/CVE-2023-34836", "No PoCs from references."], ["2023", "CVE-2023-27896", "In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-5880", "When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers \u201cGarage Door Control Module Setup\u201d page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious\u00a0code with client side Java Script and/or HTML into the users' web browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51198", "An issue in the permission and access control components within ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to gain escalate privileges.", "https://github.com/16yashpatel/CVE-2023-51198
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-26768", "Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Marsman1996/pocs", "https://github.com/liblouis/liblouis/issues/1301"], ["2023", "CVE-2023-25690", "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like:RewriteEngine onRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]ProxyPassReverse /here/ http://example.com:8080/Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.", "https://github.com/0xsyr0/OSCP
https://github.com/ARPSyndicate/cvemon
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/EGI-Federation/SVG-advisories
https://github.com/GhostTroops/TOP
https://github.com/H4lo/awesome-IoT-security-article
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/SirElmard/ethical_hacking
https://github.com/bioly230/THM_Skynet
https://github.com/dhmosfunk/CVE-2023-25690-POC
https://github.com/dhmosfunk/dhmosfunk
https://github.com/hktalent/TOP
https://github.com/karimhabush/cyberowl
https://github.com/kgwanjala/oscp-cheatsheet
https://github.com/lions2012/Penetration_Testing_POC
https://github.com/mawinkler/c1-ws-ansible
https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/nuPacaChi/-CVE-2021-44790
https://github.com/oscpname/OSCP_cheat
https://github.com/revanmalang/OSCP
https://github.com/tbachvarova/linux-apache-fix-mod_rewrite-spaceInURL
https://github.com/thanhlam-attt/CVE-2023-25690
https://github.com/txuswashere/OSCP
https://github.com/xhref/OSCP
https://github.com/xonoxitron/cpe2cve", "http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html"], ["2023", "CVE-2023-52060", "A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.", "https://github.com/Tanguy-Boisset/CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2023-52060/README.md"], ["2023", "CVE-2023-43314", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0\u00a0could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38961", "Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.", "No PoCs found on GitHub currently.", "https://github.com/jerryscript-project/jerryscript/issues/5092"], ["2023", "CVE-2023-5412", "The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", "https://github.com/RandomRobbieBF/CVE-2023-5412
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-27404", "A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20433)", "https://github.com/ARPSyndicate/cvemon
https://github.com/dhn/dhn", "No PoCs from references."], ["2023", "CVE-2023-22371", "An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1703"], ["2023", "CVE-2023-38672", "FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md"], ["2023", "CVE-2023-29506", "XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.", "No PoCs found on GitHub currently.", "https://jira.xwiki.org/browse/XWIKI-20335"], ["2023", "CVE-2023-5890", "Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/b60e6e1f-e44d-4b11-acf8-b0548b915686"], ["2023", "CVE-2023-27785", "An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Marsman1996/pocs", "No PoCs from references."], ["2023", "CVE-2023-50175", "Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.", "https://github.com/a-zara-n/a-zara-n", "No PoCs from references."], ["2023", "CVE-2023-5402", "A CWE-269: Improper Privilege Management vulnerability exists that could cause a remotecode execution when the transfer command is used over the network.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38971", "Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.", "No PoCs found on GitHub currently.", "https://panda002.hashnode.dev/badaso-version-297-has-xss-vulnerability-in-add-ranks"], ["2023", "CVE-2023-32369", "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.", "https://github.com/houjingyi233/macOS-iOS-system-security
https://github.com/yo-yo-yo-jbo/yo-yo-yo-jbo.github.io", "No PoCs from references."], ["2023", "CVE-2023-21118", "In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004", "https://github.com/Satheesh575555/frameworks_native_AOSP10_r33_CVE-2023-21118
https://github.com/Trinadh465/frameworks_native_AOSP-10_r33_CVE-2023-21118
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-45748", "Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <=\u00a03.1.4 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36620", "An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup=\"false\" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.", "No PoCs found on GitHub currently.", "https://seclists.org/fulldisclosure/2023/Jul/12"], ["2023", "CVE-2023-50035", "PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of \"password\" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38831", "RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.", "https://github.com/80r1ng/CVE-2023-38831-EXP
https://github.com/Ahmed1Al/CVE-2023-38831-winrar-exploit
https://github.com/Awrrays/Pentest-Tips
https://github.com/BeniB3astt/CVE-2023-38831_ReverseShell_Winrar
https://github.com/BeniBeastt/CVE-2023-38831_ReverseShell_Winrar
https://github.com/BoredHackerBlog/winrar_CVE-2023-38831_lazy_poc
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
https://github.com/Fa1c0n35/CVE-2023-38831-winrar-exploit
https://github.com/FlyingPeg/Redteam_Havoc_C2_Framework_Report
https://github.com/GOTonyGO/CVE-2023-38831-winrar
https://github.com/Garck3h/cve-2023-38831
https://github.com/GhostTroops/TOP
https://github.com/Ghostasky/ALLStarRepo
https://github.com/HACK-THE-WORLD/DailyMorningReading
https://github.com/HDCE-inc/CVE-2023-38831
https://github.com/IMHarman/CVE-2023-38831
https://github.com/IR-HuntGuardians/CVE-2023-38831-HUNT
https://github.com/K3rnel-Dev/WinrarExploit
https://github.com/Maalfer/CVE-2023-38831_ReverseShell_Winrar-RCE
https://github.com/Malwareman007/CVE-2023-38831
https://github.com/Marco-zcl/POC
https://github.com/Mich-ele/CVE-2023-38831-winrar
https://github.com/MorDavid/CVE-2023-38831-Winrar-Exploit-Generator-POC
https://github.com/MortySecurity/CVE-2023-38831-Exploit-and-Detection
https://github.com/MyStuffYT/CVE-2023-38831-POC
https://github.com/Nielk74/CVE-2023-38831
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/PascalAsch/CVE-2023-38831-KQL
https://github.com/PudgyDragon/IOCs
https://github.com/SpamixOfficial/CVE-2023-38831
https://github.com/SugiB3o/Keylog_CVE2023-38831
https://github.com/T0ngMystic/Vulnerability_List
https://github.com/Threekiii/CVE
https://github.com/ZonghaoLi777/githubTrending
https://github.com/ahmed-fa7im/CVE-2023-38831-winrar-expoit-simple-Poc
https://github.com/akhomlyuk/cve-2023-38831
https://github.com/ameerpornillos/CVE-2023-38831-WinRAR-Exploit
https://github.com/an040702/CVE-2023-38831
https://github.com/aneasystone/github-trending
https://github.com/asepsaepdin/CVE-2023-38831
https://github.com/b1tg/CVE-2023-38831-winrar-exploit
https://github.com/b1tg/b1tg
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/deepinstinct/UAC-0099-Targeting_UA
https://github.com/delivr-to/detections
https://github.com/elefantesagradodeluzinfinita/cve-2023-38831
https://github.com/elefantesagradodeluzinfinita/elefantesagradodeluzinfinita
https://github.com/h3xecute/SideCopy-Exploits-CVE-2023-38831
https://github.com/hktalent/TOP
https://github.com/ignis-sec/CVE-2023-38831-RaRCE
https://github.com/johe123qwe/github-trending
https://github.com/kehrijksen/CVE-2023-38831
https://github.com/knight0x07/WinRAR-Code-Execution-Vulnerability-CVE-2023-38831
https://github.com/kun-g/Scraping-Github-trending
https://github.com/malvika-thakur/CVE-2023-38831
https://github.com/mkonate19/POC-WINRAR
https://github.com/my-elliot/CVE-2023-38831-winrar-expoit-simple-Poc
https://github.com/nhman-python/CVE-2023-38831
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/r1yaz/r1yaz
https://github.com/r1yaz/winDED
https://github.com/ruycr4ft/CVE-2023-38831
https://github.com/s4m98/winrar-cve-2023-38831-poc-gen
https://github.com/sadnansakin/Winrar_0-day_RCE_Exploitation
https://github.com/tanjiti/sec_profile
https://github.com/tanwar29/CVE
https://github.com/thegr1ffyn/CVE-2023-38831
https://github.com/wy876/POC
https://github.com/xaitax/WinRAR-CVE-2023-38831
https://github.com/xingchennb/POC-
https://github.com/xk-mt/WinRAR-Vulnerability-recurrence-tutorial
https://github.com/yj94/Yj_learning
https://github.com/z3r0sw0rd/CVE-2023-38831-PoC", "http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.html
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/"], ["2023", "CVE-2023-34725", "An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174553/TECHView-LA5570-Wireless-Gateway-1.0.19_T53-Traversal-Privilege-Escalation.html
https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725"], ["2023", "CVE-2023-33145", "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0227", "Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/af3101d7-fea6-463a-b7e4-a48be219e31b"], ["2023", "CVE-2023-2322", "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67"], ["2023", "CVE-2023-34937", "A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "No PoCs found on GitHub currently.", "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34937.md"], ["2023", "CVE-2023-38623", "Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2233", "An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.com/gitlab-org/gitlab/-/issues/408359"], ["2023", "CVE-2023-45659", "Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability.", "https://github.com/sev-hack/sev-hack", "https://github.com/engelsystem/engelsystem/security/advisories/GHSA-f6mm-3v2h-jm6x"], ["2023", "CVE-2023-50124", "Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner.", "No PoCs found on GitHub currently.", "https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices"], ["2023", "CVE-2023-41250", "In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43355", "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user", "https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user
https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user"], ["2023", "CVE-2023-34634", "Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/radman404/CVE-2023-34634", "http://packetstormsecurity.com/files/173825/GreenShot-1.2.10-Arbitrary-Code-Execution.html
http://packetstormsecurity.com/files/174222/Greenshot-1.3.274-Deserialization-Command-Execution.html
https://greenshot.atlassian.net/browse/BUG-3061
https://www.exploit-db.com/exploits/51633"], ["2023", "CVE-2023-52161", "The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21398", "In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38763", "SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.", "https://github.com/0x72303074/CVE-Disclosures", "No PoCs from references."], ["2023", "CVE-2023-46570", "An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.", "https://github.com/gandalf4a/crash_report", "https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6
https://github.com/radareorg/radare2/issues/22333"], ["2023", "CVE-2023-5981", "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "https://github.com/bartvoet/assignment-ehb-security-review-adamlenez
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27997", "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Aicks/FortiGate-CVE-2023-27997
https://github.com/BishopFox/CVE-2023-27997-check
https://github.com/Cyb3rEnthusiast/CVE-2023-27997
https://github.com/Guest-user1/sploits
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/Pik-sec/cve-2023-27997
https://github.com/TechinsightsPro/ShodanFortiOS
https://github.com/Threekiii/CVE
https://github.com/awchjimmy/CVE-2023-27997-tutorial
https://github.com/bollwarm/SecToolSet
https://github.com/delsploit/CVE-2023-27997
https://github.com/f1tao/awesome-iot-security-resource
https://github.com/gysf666/CVE-2023-27997-test
https://github.com/hheeyywweellccoommee/CVE-2023-27997-POC-FortiOS-SSL-VPN-buffer-overflow-vulnerability-ssijz
https://github.com/hheeyywweellccoommee/CVE-2023-27997-test-nleyl
https://github.com/imbas007/CVE-2023-27997-Check
https://github.com/l0n-b3cca/exploit_choom
https://github.com/lexfo/xortigate-cve-2023-27997
https://github.com/lions2012/Penetration_Testing_POC
https://github.com/m474r5/CVE-2023-27997-POC
https://github.com/m474r5/CVE-2023-27997-findings
https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/puckiestyle/cve-2023-27997
https://github.com/rio128128/CVE-2023-27997-POC
https://github.com/todb-cisa/kev-cwes", "No PoCs from references."], ["2023", "CVE-2023-50246", "jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc"], ["2023", "CVE-2023-27727", "Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.", "No PoCs found on GitHub currently.", "https://github.com/nginx/njs/issues/617"], ["2023", "CVE-2023-44954", "Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Ciber-Mike/BigTree_CMS-Stored_XSS-Developer_Settings/blob/main/README.md"], ["2023", "CVE-2023-0054", "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d"], ["2023", "CVE-2023-22042", "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.3-12.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-33336", "Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.", "No PoCs found on GitHub currently.", "https://inf0seq.github.io/cve/2023/04/30/Cross-site-scripting-(XSS)-in-Sophos-Web-Appliance-4.1.1-0.9.html"], ["2023", "CVE-2023-31233", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <=\u00a01.0.2 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-5832", "Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/afee3726-571f-416e-bba5-0828c815f5df"], ["2023", "CVE-2023-0285", "The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/adf09e29-baf5-4426-a281-6763c107d348"], ["2023", "CVE-2023-44486", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0114", "A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The identifier of this vulnerability is VDB-217592.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.217592"], ["2023", "CVE-2023-33276", "The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a \"404 - Not Found\" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).", "No PoCs found on GitHub currently.", "https://www.syss.de/en/responsible-disclosure-policy
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-016.txt"], ["2023", "CVE-2023-20007", "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials.

This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the web-based management process to restart, resulting in a DoS condition.", "https://github.com/Live-Hack-CVE/CVE-2023-20007", "No PoCs from references."], ["2023", "CVE-2023-2380", "A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/17"], ["2023", "CVE-2023-6789", "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.", "https://github.com/kaje11/CVEs", "No PoCs from references."], ["2023", "CVE-2023-26999", "An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.", "No PoCs found on GitHub currently.", "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/"], ["2023", "CVE-2023-50306", "IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52203", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52192", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43177", "CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.", "https://github.com/Ostorlab/KEV
https://github.com/Y4tacker/JavaSec
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/the-emmons/CVE-2023-43177", "https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/"], ["2023", "CVE-2023-1369", "A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects the function 0x82730088 in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875.", "https://github.com/ARPSyndicate/cvemon
https://github.com/karimhabush/cyberowl
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1369"], ["2023", "CVE-2023-28508", "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process.", "No PoCs found on GitHub currently.", "https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/"], ["2023", "CVE-2023-35968", "Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788"], ["2023", "CVE-2023-5760", "A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.", "No PoCs found on GitHub currently.", "https://support.norton.com/sp/static/external/tools/security-advisories.html"], ["2023", "CVE-2023-27776", "A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.", "https://github.com/ARPSyndicate/cvemon
https://github.com/lohyt/Persistent-Cross-Site-Scripting-found-in-Online-Jewellery-Store-from-Sourcecodester-website.", "No PoCs from references."], ["2023", "CVE-2023-48611", "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52312", "Nullptr dereference in paddle.crop\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md"], ["2023", "CVE-2023-0394", "A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.", "No PoCs found on GitHub currently.", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17"], ["2023", "CVE-2023-0005", "A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.", "No PoCs found on GitHub currently.", "https://security.paloaltonetworks.com/CVE-2023-0005"], ["2023", "CVE-2023-48912", "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.", "No PoCs found on GitHub currently.", "https://github.com/Tiamat-ron/cms/blob/main/There%20is%20a%20csrf%20in%20the%20article%20management%20modification%20section.md"], ["2023", "CVE-2023-22013", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-20116", "A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.", "No PoCs found on GitHub currently.", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD"], ["2023", "CVE-2023-2291", "Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.", "No PoCs found on GitHub currently.", "https://tenable.com/security/research/tra-2023-16"], ["2023", "CVE-2023-5863", "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"], ["2023", "CVE-2023-2100", "A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves", "No PoCs from references."], ["2023", "CVE-2023-6449", "The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29724", "The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.", "No PoCs found on GitHub currently.", "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29724/CVE%20detail.md"], ["2023", "CVE-2023-20056", "A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to cause an affected device to reload spontaneously, resulting in a DoS condition.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-27935", "The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution.", "https://github.com/houjingyi233/macOS-iOS-system-security", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1676"], ["2023", "CVE-2023-50357", "A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36542", "Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.", "https://github.com/nbxiglk0/nbxiglk0", "http://seclists.org/fulldisclosure/2023/Jul/43"], ["2023", "CVE-2023-52252", "Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.", "No PoCs found on GitHub currently.", "https://harkenzo.tlstickle.com/2023-03-17-UR-Web-Triggerable-RCE/
https://www.exploit-db.com/exploits/51309"], ["2023", "CVE-2023-29827", "** DISPUTED ** ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.", "No PoCs found on GitHub currently.", "https://github.com/mde/ejs/issues/720"], ["2023", "CVE-2023-1229", "Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-35828", "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.", "https://github.com/Trinadh465/linux-4.19.72_CVE-2023-35828
https://github.com/nidhi7598/linux-4.19.72_CVE-2023-35828
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-47628", "DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx"], ["2023", "CVE-2023-30349", "JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.", "No PoCs found on GitHub currently.", "https://github.com/jflyfox/jfinal_cms/issues/54"], ["2023", "CVE-2023-52155", "A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint.", "No PoCs found on GitHub currently.", "https://nexacybersecurity.blogspot.com/2024/02/journey-finding-vulnerabilities-in-pmb-library-management-system.html"], ["2023", "CVE-2023-25434", "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.", "https://github.com/13579and2468/Wei-fuzz", "https://gitlab.com/libtiff/libtiff/-/issues/519"], ["2023", "CVE-2023-34843", "Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.", "https://github.com/0x783kb/Security-operation-book
https://github.com/Imahian/CVE-2023-34843
https://github.com/hheeyywweellccoommee/CVE-2023-34843-illrj
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rootd4ddy/CVE-2023-34843", "No PoCs from references."], ["2023", "CVE-2023-31025", "NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-37529", "A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.", "https://github.com/kaje11/CVEs", "No PoCs from references."], ["2023", "CVE-2023-24758", "libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.", "No PoCs found on GitHub currently.", "https://github.com/strukturag/libde265/issues/383"], ["2023", "CVE-2023-0302", "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e"], ["2023", "CVE-2023-38617", "Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html"], ["2023", "CVE-2023-46404", "PCRS <= 3.11 (d0de1e) \u201cQuestions\u201d page and \u201cCode editor\u201d page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/windecks/CVE-2023-46404", "https://github.com/windecks/CVE-2023-46404"], ["2023", "CVE-2023-2196", "A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.", "https://github.com/jenkinsci/codedx-plugin", "No PoCs from references."], ["2023", "CVE-2023-36806", "Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users.", "No PoCs found on GitHub currently.", "https://herolab.usd.de/security-advisories/usd-2023-0020/"], ["2023", "CVE-2023-20211", "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by authenticating to the application as a user with read-only or higher privileges and sending crafted HTTP requests to an affected system. A successful exploit could allow the attacker to read or modify data in the underlying database or elevate their privileges.", "No PoCs found on GitHub currently.", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-injection-g6MbwH2"], ["2023", "CVE-2023-20180", "A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50110", "TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.", "No PoCs found on GitHub currently.", "https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/357"], ["2023", "CVE-2023-43361", "Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/xiph/vorbis-tools/issues/41"], ["2023", "CVE-2023-34600", "Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.", "https://github.com/costacoco/Adiscon
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-49979", "A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.", "https://github.com/geraldoalcantara/CVE-2023-49979
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-23078", "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.", "No PoCs found on GitHub currently.", "https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator"], ["2023", "CVE-2023-30198", "Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173136/PrestaShop-Winbiz-Payment-Improper-Limitation.html"], ["2023", "CVE-2023-46987", "SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.", "No PoCs found on GitHub currently.", "https://blog.csdn.net/weixin_72610998/article/details/133420747?spm=1001.2014.3001.5501"], ["2023", "CVE-2023-50001", "Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.", "No PoCs found on GitHub currently.", "https://github.com/GD008/TENDA/blob/main/w30e/tenda_w30e_upgradeMeshOnline/w30e_upgradeMeshOnline.md"], ["2023", "CVE-2023-48796", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.The information exposed to unauthorized actors may include sensitive data such as database credentials.Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file```management:\u00a0 endpoints:\u00a0 \u00a0 web:\u00a0 \u00a0 \u00a0 exposure:\u00a0 \u00a0 \u00a0 \u00a0 include: health,metrics,prometheus```This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2.Users are recommended to upgrade to version 3.0.2, which fixes the issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23169", "Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal.", "https://github.com/S4nshine/CVE-2023-23169
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/S4nshine/CVE-2023-23169"], ["2023", "CVE-2023-37578", "Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt conversion utility.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24709", "An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.", "https://github.com/ARPSyndicate/cvemon
https://github.com/DRAGOWN/Injection-vulnerability-in-Paradox-Security-Systems-IPR512-CVE-2023-24709-PoC
https://github.com/SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512
https://github.com/SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512-CVE-2023-24709-PoC
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/171783/Paradox-Security-Systems-IPR512-Denial-Of-Service.html
https://github.com/SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512
https://github.com/sunktitanic/Injection-vulnerability-in-Paradox-Security-Systems-IPR512"], ["2023", "CVE-2023-38497", "Cargo downloads the Rust project\u2019s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.", "https://github.com/lucas-cauhe/cargo-perm
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-2316", "Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via \"typora://app/\". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-2316/"], ["2023", "CVE-2023-2087", "The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/izj007/wechat", "No PoCs from references."], ["2023", "CVE-2023-36917", "SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim\u2019s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim\u2019s account.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-38646", "Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.", "https://github.com/0utl4nder/Another-Metabase-RCE-CVE-2023-38646
https://github.com/0xrobiul/CVE-2023-38646
https://github.com/20142995/sectool
https://github.com/Anekant-Singhai/Exploits
https://github.com/AnvithLobo/CVE-2023-38646
https://github.com/Any3ite/cve-2023-38646-metabase-ReverseShell
https://github.com/Awrrays/FrameVul
https://github.com/Boogipop/MetabaseRceTools
https://github.com/CN016/Metabase-H2-CVE-2023-38646-
https://github.com/Chocapikk/CVE-2023-38646
https://github.com/DarkFunct/CVE_Exploits
https://github.com/Ego1stoo/CVE-2023-38646
https://github.com/LazyySec/CVE-2023-38646
https://github.com/Loginsoft-Research/Linux-Exploit-Detection
https://github.com/Mrunalkaran/CVE-2023-38646
https://github.com/MzzdToT/HAC_Bored_Writing
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/Pumpkin-Garden/POC_Metabase_CVE-2023-38646
https://github.com/Pyr0sec/CVE-2023-38646
https://github.com/Red4mber/CVE-2023-38646
https://github.com/SUT0L/CVE-2023-38646
https://github.com/Shisones/MetabaseRCE_CVE-2023-38646
https://github.com/SrcVme50/Analytics
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/CVE
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/UserConnecting/Exploit-CVE-2023-38646-Metabase
https://github.com/Xuxfff/CVE-2023-38646-Poc
https://github.com/Zenmovie/CVE-2023-38646
https://github.com/acesoyeo/METABASE-RCE-CVE-2023-38646-
https://github.com/adriyansyah-mf/metabase
https://github.com/alexandre-pecorilla/CVE-2023-38646
https://github.com/asepsaepdin/CVE-2023-38646
https://github.com/bakery312/Vulhub-Reproduce
https://github.com/birdm4nw/CVE-2023-38646
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/fidjiw/CVE-2023-38646-POC
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/getdrive/PoC
https://github.com/ggjkjk/1444
https://github.com/gobysec/Research
https://github.com/hadrian3689/metabase_preauth_rce
https://github.com/hheeyywweellccoommee/CVE-2023-38646-glwax
https://github.com/hheeyywweellccoommee/CVE-2023-38646-hmoje
https://github.com/hheeyywweellccoommee/CVE-2023-38646-suynl
https://github.com/hktalent/bug-bounty
https://github.com/ibaiw/2023Hvv
https://github.com/iluaster/getdrive_PoC
https://github.com/j0yb0y0h/CVE-2023-38646
https://github.com/joaoviictorti/CVE-2023-38646
https://github.com/junnythemarksman/CVE-2023-38646
https://github.com/kh4sh3i/CVE-2023-38646
https://github.com/lazysec0x21/CVE-2023-38646
https://github.com/m3m0o/metabase-pre-auth-rce-poc
https://github.com/massco99/Analytics-htb-Rce
https://github.com/nenandjabhata/CTFs-Journey
https://github.com/nickswink/CVE-2023-38646
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/passwa11/2023Hvv_
https://github.com/passwa11/CVE-2023-38646
https://github.com/raytheon0x21/CVE-2023-38646
https://github.com/robotmikhro/CVE-2023-38646
https://github.com/securezeron/CVE-2023-38646
https://github.com/shamo0/CVE-2023-38646-PoC
https://github.com/threatHNTR/CVE-2023-38646
https://github.com/xxRON-js/Collaborator-like
https://github.com/yxl2001/CVE-2023-38646", "http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html
http://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html"], ["2023", "CVE-2023-29532", "A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server.*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1806394"], ["2023", "CVE-2023-46455", "In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.", "https://github.com/cyberaz0r/GL.iNet-Multiple-Vulnerabilities", "No PoCs from references."], ["2023", "CVE-2023-30258", "Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.", "https://github.com/gy741/CVE-2023-30258-setup
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html
https://eldstal.se/advisories/230327-magnusbilling.html"], ["2023", "CVE-2023-36754", "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", "https://github.com/sudo-jtcsec/CVE", "No PoCs from references."], ["2023", "CVE-2023-48866", "A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.", "https://github.com/nitipoom-jar/CVE-2023-48866
https://github.com/nomi-sec/PoC-in-GitHub", "https://nitipoom-jar.github.io/CVE-2023-48866/"], ["2023", "CVE-2023-33213", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields \u2013 wpView plugin <=\u00a01.3.0 versions.", "https://github.com/Otwooo/Otwooo
https://github.com/bshyuunn/Otwooo
https://github.com/bshyuunn/bshyuunn", "No PoCs from references."], ["2023", "CVE-2023-25804", "Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using a payload `../../../../../tmp/test111_dev`. This issue has been fixed in version 6.3.5.0.", "https://github.com/Sim4n6/Sim4n6", "No PoCs from references."], ["2023", "CVE-2023-5917", "A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.", "https://github.com/CP04042K/CVE
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2074", "A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226052.", "No PoCs found on GitHub currently.", "https://github.com/E1CHO/cve_hub/blob/main/Online%20Traffic%20Offense%20Management%20System/Online%20Traffic%20Offense%20Management%20System%20-%20vuln%202.pdf
https://vuldb.com/?id.226052"], ["2023", "CVE-2023-49798", "OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49409", "Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.", "No PoCs found on GitHub currently.", "https://github.com/GD008/TENDA/blob/main/AX3/tenda_AX3_telnet/AX3_telnet.md"], ["2023", "CVE-2023-39708", "A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.", "https://github.com/Arajawat007/CVE-2023-39708
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-3318", "A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://kr1shna4garwal.github.io/posts/cve-poc-2023/#cve-2023-3318"], ["2023", "CVE-2023-46974", "Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yte121/CVE-2023-46974", "https://github.com/yte121/CVE-2023-46974/
https://youtu.be/5oVfJHT_-Ys"], ["2023", "CVE-2023-36576", "Windows Kernel Information Disclosure Vulnerability", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175659/Windows-Kernel-Containerized-Registry-Escape.html"], ["2023", "CVE-2023-25707", "Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <=\u00a01.5.12 versions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/yaudahbanh/CVE-Archive", "No PoCs from references."], ["2023", "CVE-2023-52266", "ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.", "https://github.com/Halcy0nic/Trophies
https://github.com/skinnyrad/Trophies", "https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766
https://github.com/hongliuliao/ehttp/issues/38"], ["2023", "CVE-2023-5754", "Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.", "No PoCs found on GitHub currently.", "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"], ["2023", "CVE-2023-27742", "IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.", "https://github.com/G37SYS73M/CVE-2023-27742
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/G37SYS73M/CVE-2023-27742"], ["2023", "CVE-2023-37859", "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49549", "An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.", "No PoCs found on GitHub currently.", "https://github.com/cesanta/mjs/issues/251"], ["2023", "CVE-2023-22027", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-5857", "Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38435", "An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack.Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.", "No PoCs found on GitHub currently.", "http://seclists.org/fulldisclosure/2023/Jul/43"], ["2023", "CVE-2023-29741", "An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.", "No PoCs found on GitHub currently.", "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29741/CVE%20detail.md"], ["2023", "CVE-2023-33242", "Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.", "https://github.com/d0rb/CVE-2023-33242
https://github.com/dcar2121/Acme
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/fireblocks-labs/zengo-lindell17-exploit-poc
https://www.fireblocks.com/blog/lindell17-abort-vulnerability-technical-report/"], ["2023", "CVE-2023-48837", "Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176048"], ["2023", "CVE-2023-50332", "Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention.", "https://github.com/a-zara-n/a-zara-n", "No PoCs from references."], ["2023", "CVE-2023-29842", "ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175105/ChurchCRM-4.5.4-SQL-Injection.html
https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md
https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.py"], ["2023", "CVE-2023-39619", "ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.", "No PoCs found on GitHub currently.", "https://gist.github.com/6en6ar/712a4c1eab0324f15e09232c77ea08f8"], ["2023", "CVE-2023-37808", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/TraiLeR2/Unquoted-Service-Path-in-the-Wondershare-Dr.Fone-13.1.5", "No PoCs from references."], ["2023", "CVE-2023-3198", "The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "https://github.com/truocphan/VulnBox", "No PoCs from references."], ["2023", "CVE-2023-41106", "An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46865", "/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.", "https://github.com/asylumdx/Crater-CVE-2023-46865-RCE
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/asylumdx/Crater-CVE-2023-46865-RCE
https://github.com/crater-invoice/crater/issues/1267
https://notes.netbytesec.com/2023/11/post-auth-rce-in-crater-invoice.html"], ["2023", "CVE-2023-27482", "homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.", "https://github.com/ARPSyndicate/cvemon", "https://github.com/elttam/publications/blob/master/writeups/home-assistant/supervisor-authentication-bypass-advisory.md
https://www.elttam.com/blog/pwnassistant/"], ["2023", "CVE-2023-25616", "In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object\u00a0execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-48674", "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27810", "H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/ipqos_lanip_editlist"], ["2023", "CVE-2023-5806", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: before v1.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46766", "Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4469", "The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49689", "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'JobId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-35391", "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/r3volved/CVEAggregate", "No PoCs from references."], ["2023", "CVE-2023-40464", "Several versions ofALEOS, including ALEOS 4.16.0, use a hardcodedSSL certificate andprivate key. An attacker with access to these itemscould potentiallyperform a man in the middle attack between theACEManager clientand ACEManager server.", "No PoCs found on GitHub currently.", "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"], ["2023", "CVE-2023-21883", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-30765", "\u200bDelta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.", "https://github.com/0xfml/CVE-2023-30765
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-39017", "** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.", "No PoCs found on GitHub currently.", "https://github.com/quartz-scheduler/quartz/issues/943"], ["2023", "CVE-2023-23514", "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/171359/XNU-NFSSVC-Root-Check-Bypass-Use-After-Free.html
http://seclists.org/fulldisclosure/2023/Mar/21"], ["2023", "CVE-2023-2868", "A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives).\u00a0The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.\u00a0This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.", "https://github.com/IRB0T/IOC
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/PudgyDragon/IOCs
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/cashapp323232/CVE-2023-2868CVE-2023-2868
https://github.com/cfielding-r7/poc-cve-2023-2868
https://github.com/getdrive/PoC
https://github.com/hheeyywweellccoommee/CVE-2023-2868-lchvp
https://github.com/iluaster/getdrive_PoC
https://github.com/krmxd/CVE-2023-2868
https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-41708", "References to the \"app loader\" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html"], ["2023", "CVE-2023-25158", "GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.", "https://github.com/IGSIND/Qualys
https://github.com/dr-cable-tv/Geoserver-CVE-2023-25157
https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-2928", "A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083.", "https://github.com/CN016/DedeCMS-getshell-CVE-2023-2928-
https://github.com/nomi-sec/PoC-in-GitHub", "https://vuldb.com/?id.230083"], ["2023", "CVE-2023-30625", "rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173837/Rudder-Server-SQL-Injection-Remote-Code-Execution.html
https://securitylab.github.com/advisories/GHSL-2022-097_rudder-server/"], ["2023", "CVE-2023-1442", "A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.223287"], ["2023", "CVE-2023-23454", "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", "https://github.com/ARPSyndicate/cvemon
https://github.com/alopresto/epss_api_demo
https://github.com/alopresto6m/epss_api_demo", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12"], ["2023", "CVE-2023-49256", "It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24234", "A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.", "No PoCs found on GitHub currently.", "https://medium.com/@0x2bit/inventory-management-system-multiple-stored-xss-vulnerability-b296365065b"], ["2023", "CVE-2023-6222", "IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks", "No PoCs found on GitHub currently.", "https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1/view?usp=sharing"], ["2023", "CVE-2023-46139", "KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps.", "No PoCs found on GitHub currently.", "https://github.com/tiann/KernelSU/security/advisories/GHSA-86cp-3prf-pwqq"], ["2023", "CVE-2023-22629", "An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html
https://f20.be/cves/titan-ftp-vulnerabilities
https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf"], ["2023", "CVE-2023-25049", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/yaudahbanh/CVE-Archive", "No PoCs from references."], ["2023", "CVE-2023-2839", "Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f"], ["2023", "CVE-2023-3456", "Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3687", "A vulnerability was found in Bylancer QuickVCard 2.1. It has been rated as critical. This issue affects some unknown processing of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be initiated remotely. The identifier VDB-234233 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.234233"], ["2023", "CVE-2023-45210", "Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-25109", "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716"], ["2023", "CVE-2023-2979", "A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211.", "No PoCs found on GitHub currently.", "https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be"], ["2023", "CVE-2023-31518", "A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.", "https://github.com/manba-bryant/record", "No PoCs from references."], ["2023", "CVE-2023-31689", "In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution.", "No PoCs found on GitHub currently.", "https://github.com/vedees/wcms/issues/15"], ["2023", "CVE-2023-32872", "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607.", "https://github.com/Resery/Resery", "No PoCs from references."], ["2023", "CVE-2023-6273", "Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1881", "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.", "https://github.com/punggawacybersecurity/CVE-List", "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344"], ["2023", "CVE-2023-42470", "The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.", "https://github.com/actuator/cve
https://github.com/actuator/imou
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/actuator/cve/blob/main/CVE-2023-42470
https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md
https://github.com/actuator/imou/blob/main/poc.apk"], ["2023", "CVE-2023-40575", "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", "No PoCs found on GitHub currently.", "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c6vw-92h9-5w9v"], ["2023", "CVE-2023-21992", "Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Administer Workforce). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-26360", "Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/getdrive/PoC
https://github.com/iluaster/getdrive_PoC
https://github.com/karimhabush/cyberowl
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/yosef0x01/CVE-2023-26360", "http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html"], ["2023", "CVE-2023-3734", "Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21722", ".NET Framework Denial of Service Vulnerability", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-30456", "An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8"], ["2023", "CVE-2023-1631", "A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224013 was assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1631"], ["2023", "CVE-2023-2458", "Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)", "https://github.com/zhchbin/zhchbin", "No PoCs from references."], ["2023", "CVE-2023-42652", "In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6051", "An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.com/gitlab-org/gitlab/-/issues/431345"], ["2023", "CVE-2023-23924", "Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.", "https://github.com/ARPSyndicate/cvemon
https://github.com/hktalent/TOP
https://github.com/k0mi-tg/CVE-POC
https://github.com/manas3c/CVE-POC
https://github.com/motikan2010/CVE-2023-23924
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/zeverse/CVE-2023-23924-sample", "https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg"], ["2023", "CVE-2023-24047", "An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm.", "No PoCs found on GitHub currently.", "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/"], ["2023", "CVE-2023-26142", "All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.", "https://github.com/dellalibera/dellalibera", "https://gist.github.com/dellalibera/9247769cc90ed96c0d72ddbcba88c65c
https://security.snyk.io/vuln/SNYK-UNMANAGED-CROW-5665556"], ["2023", "CVE-2023-40757", "User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"], ["2023", "CVE-2023-42483", "A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system.", "https://github.com/xairy/linux-kernel-exploitation", "No PoCs from references."], ["2023", "CVE-2023-1872", "A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"], ["2023", "CVE-2023-21961", "Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hyperion Essbase Administration Services executes to compromise Oracle Hyperion Essbase Administration Services. While the vulnerability is in Oracle Hyperion Essbase Administration Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-40586", "OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1.", "No PoCs found on GitHub currently.", "https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h"], ["2023", "CVE-2023-48198", "A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies.", "https://github.com/nitipoom-jar/CVE-2023-48198
https://github.com/nomi-sec/PoC-in-GitHub", "https://nitipoom-jar.github.io/CVE-2023-48198"], ["2023", "CVE-2023-22899", "Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.", "No PoCs found on GitHub currently.", "https://breakingthe3ma.app
https://breakingthe3ma.app/files/Threema-PST22.pdf"], ["2023", "CVE-2023-31979", "Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.", "No PoCs found on GitHub currently.", "https://github.com/petewarden/catdoc/issues/9"], ["2023", "CVE-2023-47077", "Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32782", "A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42811", "aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.", "No PoCs found on GitHub currently.", "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq"], ["2023", "CVE-2023-39264", "By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users.\u00a0This vulnerability exists in Apache Superset versions up to and including 2.1.0.", "https://github.com/msegoviag/msegoviag", "No PoCs from references."], ["2023", "CVE-2023-3765", "Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76"], ["2023", "CVE-2023-21773", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/ARPSyndicate/cvemon
https://github.com/SirCryptic/PoC", "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html"], ["2023", "CVE-2023-45063", "Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <=\u00a01.1.5 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6000", "The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-35362", "Windows Clip Service Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26113", "Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js.", "No PoCs found on GitHub currently.", "https://github.com/kobezzza/Collection/issues/27
https://security.snyk.io/vuln/SNYK-JS-COLLECTIONJS-3185148"], ["2023", "CVE-2023-21870", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-4294", "The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.", "https://github.com/b0marek/CVE-2023-4294
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-2798", "Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.", "https://github.com/HtmlUnit/htmlunit", "No PoCs from references."], ["2023", "CVE-2023-24156", "A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.", "No PoCs found on GitHub currently.", "https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/recvSlaveUpgstatus/recvSlaveUpgstatus.md"], ["2023", "CVE-2023-21930", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-51532", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3625", "A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This vulnerability affects unknown code of the file /Duty/AjaxHandle/Write/UploadFile.ashx of the component Duty Write-UploadFile. The manipulation of the argument Filedata leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-233578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/MoeMion233/cve/blob/main/1.md"], ["2023", "CVE-2023-30547", "vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.", "https://github.com/Af7eR9l0W/HTB-Codify
https://github.com/Cur1iosity/CVE-2023-30547
https://github.com/Maladra/Write-Up-Codify
https://github.com/karimhabush/cyberowl
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rvizx/CVE-2023-30547
https://github.com/user0x1337/CVE-2023-30547", "https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244
https://github.com/patriksimek/vm2/security/advisories/GHSA-ch3r-j5x3-6q2m"], ["2023", "CVE-2023-32442", "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. A shortcut may be able to modify sensitive Shortcuts app settings.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-28141", "An NTFS Junction condition exists in the Qualys Cloud Agentfor Windows platform in versions before 4.8.0.31. Attackers may write files toarbitrary locations via a local attack vector. This allows attackers to assumethe privileges of the process, and they may delete or otherwise on unauthorizedfiles, allowing for the potential modification or deletion of sensitive fileslimited only to that specific directory/file object. This vulnerability isbounded to the time of installation/uninstallation and can only be exploited locally.At the time of this disclosure, versions before 4.0 areclassified as End of Life.", "No PoCs found on GitHub currently.", "https://www.qualys.com/security-advisories/"], ["2023", "CVE-2023-1720", "Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-1720/"], ["2023", "CVE-2023-0848", "A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.221147"], ["2023", "CVE-2023-50559", "An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.", "No PoCs found on GitHub currently.", "https://github.com/OpenXiangShan/XiangShan/issues/2534"], ["2023", "CVE-2023-47321", "Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the \"Porlet Deployer\" which allows administrators to deploy .WAR portlets.", "https://github.com/RhinoSecurityLabs/CVEs", "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47321"], ["2023", "CVE-2023-24251", "WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js.", "No PoCs found on GitHub currently.", "https://github.com/Cutegod/CMS_0_day/issues/2"], ["2023", "CVE-2023-32846", "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861).", "https://github.com/asset-group/5ghoul-5g-nr-attacks", "No PoCs from references."], ["2023", "CVE-2023-30943", "The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.", "https://github.com/Chocapikk/CVE-2023-30943
https://github.com/d0rb/CVE-2023-30943
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-44008", "File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44008"], ["2023", "CVE-2023-33569", "Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user.", "https://github.com/izj007/wechat", "No PoCs from references."], ["2023", "CVE-2023-24080", "A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.", "https://github.com/ARPSyndicate/cvemon
https://github.com/SirCryptic/resetryder", "No PoCs from references."], ["2023", "CVE-2023-49373", "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.", "No PoCs found on GitHub currently.", "https://github.com/li-yu320/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20broadcast%20image.md"], ["2023", "CVE-2023-51775", "The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.", "No PoCs found on GitHub currently.", "https://bitbucket.org/b_c/jose4j/issues/212"], ["2023", "CVE-2023-4193", "A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.", "No PoCs found on GitHub currently.", "https://github.com/Yesec/Resort-Reservation-System/blob/main/SQL%20Injection%20in%20view_fee.php/vuln.md"], ["2023", "CVE-2023-4202", "Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2023/Aug/13
https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series/"], ["2023", "CVE-2023-30803", "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.", "No PoCs found on GitHub currently.", "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4"], ["2023", "CVE-2023-30700", "PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30491", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <=\u00a02.1.8 versions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/LOURC0D3/LOURC0D3", "No PoCs from references."], ["2023", "CVE-2023-28097", "OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.", "https://github.com/karimhabush/cyberowl", "https://opensips.org/pub/audit-2022/opensips-audit-technical-report-full.pdf"], ["2023", "CVE-2023-23571", "An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1696"], ["2023", "CVE-2023-0908", "A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-0908"], ["2023", "CVE-2023-43668", "Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,\u00a0some sensitive params checks will be bypassed, like \"autoDeserizalize\",\"allowLoadLocalInfile\".....\u00a0\u00a0Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.[1]\u00a0 https://github.com/apache/inlong/pull/8604", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nbxiglk0/nbxiglk0", "No PoCs from references."], ["2023", "CVE-2023-27178", "An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.", "https://github.com/izj007/wechat", "No PoCs from references."], ["2023", "CVE-2023-1476", "A use-after-free flaw was found in the Linux kernel\u2019s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0819", "Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef"], ["2023", "CVE-2023-27069", "A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field.", "https://github.com/ARPSyndicate/cvemon", "https://www.edoardoottavianelli.it/CVE-2023-27069/
https://www.youtube.com/watch?v=Ryuz1gymiw8"], ["2023", "CVE-2023-20598", "An improper privilege management in the AMD Radeon\u2122\u00a0Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.", "https://github.com/hfiref0x/KDU", "No PoCs from references."], ["2023", "CVE-2023-33478", "RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.", "No PoCs found on GitHub currently.", "https://github.com/remoteclinic/RemoteClinic/issues/22"], ["2023", "CVE-2023-49262", "The authentication mechanism can be bypassed by overflowing the value of the Cookie \"authentication\" field, provided there is an active user session.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51664", "tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade.", "No PoCs found on GitHub currently.", "https://github.com/tj-actions/changed-files/security/advisories/GHSA-mcph-m25j-8j63"], ["2023", "CVE-2023-6356", "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4253", "The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26245", "An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves", "No PoCs from references."], ["2023", "CVE-2023-33538", "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .", "https://github.com/d4n-sec/d4n-sec.github.io", "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md"], ["2023", "CVE-2023-3433", "The \"nickname\" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1536", "Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/538207f4-f805-419a-a314-51716643f05e"], ["2023", "CVE-2023-6174", "SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1817", "Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-49291", "tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/research/github-actions-untrusted-input"], ["2023", "CVE-2023-49100", "Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-11.html"], ["2023", "CVE-2023-26067", "Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).", "https://github.com/CharonDefalt/printer-exploit-toronto
https://github.com/RosePwns/Lexmark-RCE
https://github.com/horizon3ai/CVE-2023-26067
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html"], ["2023", "CVE-2023-21904", "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-51506", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WPCS \u2013 WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS \u2013 WordPress Currency Switcher Professional: from n/a through 1.2.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4071", "Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29188", "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-3580", "Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/4eed53ca-06c2-43aa-aea8-c03ea5f13ce4"], ["2023", "CVE-2023-23702", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <=\u00a01.1.7 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1714", "Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.", "https://github.com/ForceFledgling/CVE-2023-1714
https://github.com/nomi-sec/PoC-in-GitHub", "https://starlabs.sg/advisories/23/23-1714/"], ["2023", "CVE-2023-21747", "Windows Kernel Elevation of Privilege Vulnerability", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/170933/Windows-Kernel-Dangling-Registry-Link-Node-Use-After-Free.html"], ["2023", "CVE-2023-39341", "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition.
Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure \u03c7 versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://www.sourcenext.com/support/i/2023/230718_01"], ["2023", "CVE-2023-1654", "Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14"], ["2023", "CVE-2023-33959", "notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.", "https://github.com/anhtranquang/deps-with-cve
https://github.com/anhtranquang/unused-deps-with-cve
https://github.com/dattq88/PoC-unused-deps-with-cve
https://github.com/scan-demo/deps-with-cve
https://github.com/scan-demo/unused-deps-with-cve
https://github.com/sec-scan-demo/deps-with-cve
https://github.com/sec-scan-demo/unused-deps-with-cve", "No PoCs from references."], ["2023", "CVE-2023-50829", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3.", "https://github.com/parkttule/parkttule", "No PoCs from references."], ["2023", "CVE-2023-42637", "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-35356", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/174115/Microsoft-Windows-Kernel-Arbitrary-Read.html
http://packetstormsecurity.com/files/174118/Microsoft-Windows-Kernel-Security-Descriptor-Use-After-Free.html
http://packetstormsecurity.com/files/176451/Microsoft-Windows-Registry-Predefined-Keys-Privilege-Escalation.html"], ["2023", "CVE-2023-49040", "An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.", "No PoCs found on GitHub currently.", "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/form_fast_setting_internet_set.md"], ["2023", "CVE-2023-21844", "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26127", "All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JS-N158-3183746"], ["2023", "CVE-2023-3852", "A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/upload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-235204.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6125", "Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/a9462f1e-9746-4380-8228-533ff2f64691"], ["2023", "CVE-2023-24133", "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.", "No PoCs found on GitHub currently.", "https://oxnan.com/posts/WifiBasic_wepkey_5g_DoS"], ["2023", "CVE-2023-21955", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-3640", "A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/pray77/CVE-2023-3640
https://github.com/shakyaraj9569/Documentation", "No PoCs from references."], ["2023", "CVE-2023-1745", "A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.", "https://github.com/10cks/10cks
https://github.com/10cksYiqiyinHangzhouTechnology/10cksYiqiyinHangzhouTechnology
https://github.com/ARPSyndicate/cvemon", "https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc
https://youtu.be/7bh2BQOqxFo"], ["2023", "CVE-2023-45146", "XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://securitylab.github.com/advisories/GHSL-2023-052_XXL-RPC/"], ["2023", "CVE-2023-3491", "Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"], ["2023", "CVE-2023-3700", "Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21716", "Microsoft Word Remote Code Execution Vulnerability", "https://github.com/0xsyr0/OSCP
https://github.com/ARPSyndicate/cvemon
https://github.com/CKevens/CVE-2023-21716-POC
https://github.com/CVEDB/PoC-List
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/DevAkabari/CVE-2024-21413
https://github.com/FeatherStark/CVE-2023-21716
https://github.com/JMousqueton/CVE-2023-21716
https://github.com/KayCHENvip/vulnerability-poc
https://github.com/MojithaR/CVE-2023-21716-EXPLOIT.py
https://github.com/SirElmard/ethical_hacking
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/CVE
https://github.com/Xnuvers007/CVE-2023-21716
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/dshabani96/CVE-2024-21413
https://github.com/duy-31/CVE-2024-21413
https://github.com/gyaansastra/CVE-2023-21716
https://github.com/hktalent/TOP
https://github.com/hv0l/CVE-2023-21716_exploit
https://github.com/izj007/wechat
https://github.com/jake-44/Research
https://github.com/karimhabush/cyberowl
https://github.com/kgwanjala/oscp-cheatsheet
https://github.com/labesterOct/CVE-2024-21413
https://github.com/maldev866/WordExp_CVE_2023_21716
https://github.com/mikesxrs/CVE-2023-21716_YARA_Results
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/oscpname/OSCP_cheat
https://github.com/r00tb1t/CVE-2024-21413-POC
https://github.com/revanmalang/OSCP
https://github.com/tib36/PhishingBook
https://github.com/xhref/OSCP", "No PoCs from references."], ["2023", "CVE-2023-1594", "A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223662 is the identifier assigned to this vulnerability.", "https://github.com/karimhabush/cyberowl", "https://github.com/OYyunshen/Poc/blob/main/Novel-PlusV3.6.2Sqli.pdf
https://vuldb.com/?id.223662"], ["2023", "CVE-2023-45006", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsole WooODT Lite \u2013 WooCommerce Order Delivery or Pickup with Date Time Location plugin <=\u00a02.4.6 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1605", "Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2"], ["2023", "CVE-2023-6065", "The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code", "No PoCs found on GitHub currently.", "https://drive.google.com/file/d/1w83xWsVLS_gCpQy4LDwbjNK9JaB87EEf/view?usp=sharing"], ["2023", "CVE-2023-1906", "A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.", "No PoCs found on GitHub currently.", "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247"], ["2023", "CVE-2023-49380", "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.", "No PoCs found on GitHub currently.", "https://github.com/cui2shark/cms/blob/main/There%20is%20a%20CSRF%20at%20the%20deletion%20point%20of%20the%20friendship%20link.md"], ["2023", "CVE-2023-37202", "Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1834711"], ["2023", "CVE-2023-40763", "User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"], ["2023", "CVE-2023-0569", "Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/81b1e1da-10dd-435e-94ae-4bdd41df6df9"], ["2023", "CVE-2023-43998", "An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29099", "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <=\u00a04.20.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33868", "The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28104", "`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-28295", "Microsoft Publisher Remote Code Execution Vulnerability", "https://github.com/em1ga3l/cve-msrc-extractor", "No PoCs from references."], ["2023", "CVE-2023-23773", "Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://tetraburst.com/"], ["2023", "CVE-2023-32407", "A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.", "https://github.com/gergelykalman/CVE-2023-32407-a-macOS-TCC-bypass-in-Metal
https://github.com/houjingyi233/macOS-iOS-system-security
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-47063", "Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40592", "In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the \u201c/app/search/table\u201d web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21975", "Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Customers Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Customers Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Customers Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-24282", "An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.", "No PoCs found on GitHub currently.", "https://www.cryptnetix.com/blog/2023/01/19/Polycom-Trio-Vulnerability-Disclosure.html"], ["2023", "CVE-2023-6105", "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2023-35"], ["2023", "CVE-2023-6294", "The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42497", "Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0798", "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "https://github.com/ARPSyndicate/cvemon
https://github.com/peng-hui/CarpetFuzz
https://github.com/waugustus/CarpetFuzz
https://github.com/waugustus/waugustus", "https://gitlab.com/libtiff/libtiff/-/issues/492"], ["2023", "CVE-2023-0549", "A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-4hwx-678w-9cp5"], ["2023", "CVE-2023-50858", "Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51437", "Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.2.11 Pulsar users should upgrade to at least 2.11.3.3.0 Pulsar users should upgrade to at least 3.0.2.3.1 Pulsar users should upgrade to at least 3.1.1.Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3823", "In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as\u00a0ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr"], ["2023", "CVE-2023-4140", "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40743", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through \"ServiceFactory.getService\" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to \"ServiceFactory.getService\", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.", "https://github.com/junxiant/xnat-aws-monailabel", "No PoCs from references."], ["2023", "CVE-2023-21835", "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "https://github.com/ARPSyndicate/cvemon
https://github.com/gdams/openjdk-cve-parser", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26156", "Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system.

**Note:**

An attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver.", "No PoCs found on GitHub currently.", "https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18
https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539"], ["2023", "CVE-2023-42646", "In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3720", "The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files (including HTML containing JS code for users with the unfiltered_html capability) on their behalf.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28155", "** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/ARPSyndicate/cvemon
https://github.com/HotDB-Community/HotDB-Engine
https://github.com/azu/request-filtering-agent
https://github.com/trong0dn/eth-todo-list", "No PoCs from references."], ["2023", "CVE-2023-3631", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3932", "An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.", "No PoCs found on GitHub currently.", "https://gitlab.com/gitlab-org/gitlab/-/issues/417594"], ["2023", "CVE-2023-4051", "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1821884"], ["2023", "CVE-2023-21924", "Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Health Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-4111", "A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173927/PHPJabbers-Bus-Reservation-System-1.1-Cross-Site-Scripting.html
http://packetstormsecurity.com/files/173945/PHPJabbers-Bus-Reservation-System-1.1-SQL-Injection.html"], ["2023", "CVE-2023-37273", "Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing `docker compose run auto-gpt` in the repo root uses a different docker-compose.yml file from the one suggested in the official docker set up instructions. The docker-compose.yml file located in the repo root mounts itself into the docker container without write protection. This means that if malicious custom python code is executed via the `execute_python_file` and `execute_python_code` commands, it can overwrite the docker-compose.yml file and abuse it to gain control of the host system the next time Auto-GPT is started. The issue has been patched in version 0.4.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26107", "All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JS-SKETCHSVG-3167969"], ["2023", "CVE-2023-21864", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-24393", "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <=\u00a01.6 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6014", "An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4"], ["2023", "CVE-2023-20899", "VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39361", "Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/Threekiii/CVE
https://github.com/netlas-io/netlas-dorks", "https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg"], ["2023", "CVE-2023-45077", "A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.", "No PoCs found on GitHub currently.", "https://support.lenovo.com/us/en/product_security/LEN-141775"], ["2023", "CVE-2023-1674", "A vulnerability was found in SourceCodester School Registration and Fee System 1.0 and classified as critical. This issue affects some unknown processing of the file /bilal final/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224231.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.224231"], ["2023", "CVE-2023-32516", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation plugin <=\u00a02.3.6 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26325", "The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.", "https://github.com/ARPSyndicate/cvemon
https://github.com/JoshuaMart/JoshuaMart", "https://www.tenable.com/security/research/tra-2023-2"], ["2023", "CVE-2023-40530", "Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49242", "Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32837", "In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175665/mtk-jpeg-Driver-Out-Of-Bounds-Read-Write.html"], ["2023", "CVE-2023-39143", "PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).", "https://github.com/codeb0ss/CVE-2023-39143
https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/nvn1729/advisories", "https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/"], ["2023", "CVE-2023-51947", "Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3553", "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.dev/bounties/857f002a-2794-4807-aa5d-2f340de01870"], ["2023", "CVE-2023-47350", "Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.", "https://github.com/mechaneus/mechaneus.github.io", "https://mechaneus.github.io/CVE-2023-47350.html"], ["2023", "CVE-2023-30631", "Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.\u00a0 The configuration option\u00a0proxy.config.http.push_method_enabled didn't function.\u00a0 However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.8.x users should upgrade to 8.1.7 or later versions9.x users should upgrade to 9.2.1 or later versions", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1687", "A vulnerability classified as problematic has been found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file LoginRegistration.php?a=register_user. The manipulation of the argument Fullname leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224244.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.224244"], ["2023", "CVE-2023-39003", "OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.", "No PoCs found on GitHub currently.", "https://logicaltrust.net/blog/2023/08/opnsense.html"], ["2023", "CVE-2023-3413", "An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3782", "DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response", "No PoCs found on GitHub currently.", "https://research.jfrog.com/vulnerabilities/okhttp-client-brotli-dos/"], ["2023", "CVE-2023-33518", "emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.", "No PoCs found on GitHub currently.", "https://github.com/emoncms/emoncms/issues/1856"], ["2023", "CVE-2023-4273", "A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.", "https://github.com/kherrick/lobsters
https://github.com/xairy/linux-kernel-exploitation", "No PoCs from references."], ["2023", "CVE-2023-51704", "An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6376", "Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.", "https://github.com/qwell/disorder-in-the-court", "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"], ["2023", "CVE-2023-49093", "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0", "No PoCs found on GitHub currently.", "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7"], ["2023", "CVE-2023-33409", "Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.", "https://github.com/Thirukrishnan/CVE-2023-33409
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/Thirukrishnan/CVE-2023-33409"], ["2023", "CVE-2023-33798", "A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.", "No PoCs found on GitHub currently.", "https://github.com/anhdq201/netbox/issues/13"], ["2023", "CVE-2023-30963", "A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.", "No PoCs found on GitHub currently.", "https://palantir.safebase.us/?tcuUid=3c6b63b7-fb67-4202-a94a-9c83515efb8a"], ["2023", "CVE-2023-21986", "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 5.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-6267", "A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45204", "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1407", "A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223111.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-27389", "Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).", "https://github.com/ARPSyndicate/cvemon
https://github.com/Sylon001/Sylon001
https://github.com/Sylon001/contec_japan", "No PoCs from references."], ["2023", "CVE-2023-27018", "Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.", "No PoCs found on GitHub currently.", "https://github.com/DrizzlingSun/Tenda/blob/main/AC10/7/7.md"], ["2023", "CVE-2023-0928", "Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-34329", "AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.", "https://github.com/EGI-Federation/SVG-advisories", "No PoCs from references."], ["2023", "CVE-2023-37140", "ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().", "No PoCs found on GitHub currently.", "https://github.com/chakra-core/ChakraCore/issues/6885"], ["2023", "CVE-2023-4222", "Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-4222"], ["2023", "CVE-2023-24331", "Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.", "No PoCs found on GitHub currently.", "https://github.com/caoyebo/CVE/tree/main/Dlink%20816%20-%20CVE-2023-24331"], ["2023", "CVE-2023-38039", "When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API.However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and eventually cause curl to run out of heap memory.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2429", "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"], ["2023", "CVE-2023-3846", "A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173691/mooDating-1.2-Cross-Site-Scripting.html"], ["2023", "CVE-2023-4125", "Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/85bfd18f-8d3b-4154-8b7b-1f8fcf704e28"], ["2023", "CVE-2023-21850", "Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26133", "All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JS-PROGRESSBARJS-3184152"], ["2023", "CVE-2023-6020", "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/83dd8619-6dc3-4c98-8f1b-e620fedcd1f6"], ["2023", "CVE-2023-39355", "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hvwj-vmg6-2f5h"], ["2023", "CVE-2023-1640", "A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1640"], ["2023", "CVE-2023-32522", "A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2023-17"], ["2023", "CVE-2023-21753", "Event Tracing for Windows Information Disclosure Vulnerability", "https://github.com/ARPSyndicate/cvemon
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-3745", "A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.", "https://github.com/p1ay8y3ar/crashdatas", "No PoCs from references."], ["2023", "CVE-2023-5249", "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system\u2019s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31908", "Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort.", "https://github.com/EJueon/EJueon", "https://github.com/jerryscript-project/jerryscript/issues/5067"], ["2023", "CVE-2023-39184", "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1491", "A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1491"], ["2023", "CVE-2023-42860", "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.", "https://github.com/kohnakagawa/kohnakagawa", "No PoCs from references."], ["2023", "CVE-2023-45103", "Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <=\u00a02.8.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47397", "WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.", "No PoCs found on GitHub currently.", "https://liotree.github.io/2023/webid.html"], ["2023", "CVE-2023-3906", "An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51683", "Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26073", "An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the extended emergency number list.", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/171380/Shannon-Baseband-NrmmMsgCodec-Extended-Emergency-Number-List-Heap-Buffer-Overflow.html"], ["2023", "CVE-2023-21910", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-37307", "In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html"], ["2023", "CVE-2023-35193", "An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782"], ["2023", "CVE-2023-49285", "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/MegaManSec/Squid-Security-Audit", "No PoCs from references."], ["2023", "CVE-2023-49114", "A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some\u00a0specific pre-conditions are met.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://seclists.org/fulldisclosure/2024/Mar/10
https://r.sec-consult.com/qognify"], ["2023", "CVE-2023-41998", "Arcserve UDP prior to 9.2 contained a vulnerability in the\u00a0com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2023-37"], ["2023", "CVE-2023-2569", "A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,elevation of privilege, and potentially kernel execution when a malicious actor with local useraccess crafts a script/program using an IOCTL call in the Foxboro.sys driver.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4174", "A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.", "https://github.com/codeb0ss/CVE-2023-4174
https://github.com/d0rb/CVE-2023-4174
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html"], ["2023", "CVE-2023-3817", "Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. After fixingCVE-2023-3446 it was discovered that a large q parameter value can also triggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the \"-check\" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "https://github.com/adegoodyer/kubernetes-admin-toolkit
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/ksoclabs/image-vulnerability-search
https://github.com/tquizzle/clamav-alpine", "http://seclists.org/fulldisclosure/2023/Jul/43"], ["2023", "CVE-2023-35082", "An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.", "https://github.com/Chocapikk/CVE-2023-35082
https://github.com/Ostorlab/KEV
https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-6071", "An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.", "No PoCs found on GitHub currently.", "https://kcm.trellix.com/corporate/index?page=content&id=SB10413"], ["2023", "CVE-2023-1912", "The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin's settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/171824/WordPress-Limit-Login-Attempts-1.7.1-Cross-Site-Scripting.html"], ["2023", "CVE-2023-2478", "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.", "https://github.com/Threekiii/CVE", "No PoCs from references."], ["2023", "CVE-2023-41889", "SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0.", "https://github.com/Sim4n6/Sim4n6", "https://github.com/shirasagi/shirasagi/security/advisories/GHSA-xr45-c2jv-2v9r"], ["2023", "CVE-2023-5218", "Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5189", "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48369", "Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45012", "Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23607", "erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.", "No PoCs found on GitHub currently.", "https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq"], ["2023", "CVE-2023-40874", "DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.", "https://github.com/DiliLearngent/BugReport
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47117", "Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. In addition, Label Studio had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes. This vulnerability has been addressed in commit `f931d9d129` which is included in the 1.9.2post0 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "https://github.com/elttam/publications", "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6hjj-gq77-j4qw"], ["2023", "CVE-2023-45152", "Engelsystem is a shift planning system for chaos events. A Blind SSRF in the \"Import schedule\" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.", "https://github.com/sev-hack/sev-hack", "https://github.com/engelsystem/engelsystem/security/advisories/GHSA-jj9g-75wf-6ppf"], ["2023", "CVE-2023-28130", "Local user may lead to privilege escalation using Gaia Portal hostnames page.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2023/Aug/4
http://seclists.org/fulldisclosure/2023/Jul/43"], ["2023", "CVE-2023-39244", "DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32433", "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-3654", "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request.\u00a0This vulnerability can be triggered by an HTTP endpoint exposed to the network.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38128", "An out-of-bounds write vulnerability exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"], ["2023", "CVE-2023-21941", "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-24127", "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet.", "No PoCs found on GitHub currently.", "https://oxnan.com/posts/WifiBasic_wepkey1_DoS"], ["2023", "CVE-2023-23565", "An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.", "https://github.com/Orange-Cyberdefense/CVE-repository", "https://github.com/Orange-Cyberdefense/CVE-repository
https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_geomatika_isigeoweb.md"], ["2023", "CVE-2023-30485", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider \u2013 Avartan Slider Lite plugin <=\u00a01.5.3 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-22609", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "https://github.com/13579and2468/Wei-fuzz", "No PoCs from references."], ["2023", "CVE-2023-31478", "An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.", "No PoCs found on GitHub currently.", "https://github.com/gl-inet/CVE-issues/blob/main/3.215/SSID_Key_Disclosure.md"], ["2023", "CVE-2023-37174", "GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.", "No PoCs found on GitHub currently.", "https://github.com/gpac/gpac/issues/2505"], ["2023", "CVE-2023-4187", "Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/14941381-b669-4756-94fc-cce172472f8b"], ["2023", "CVE-2023-4216", "The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51761", "In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6082", "The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6313", "A vulnerability was found in SourceCodester URL Shortener 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Long URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246139.", "No PoCs found on GitHub currently.", "https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/url-shortener.md"], ["2023", "CVE-2023-6253", "A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html
http://seclists.org/fulldisclosure/2023/Nov/14
https://r.sec-consult.com/fortra"], ["2023", "CVE-2023-35131", "Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.", "https://github.com/kip93/kip93", "No PoCs from references."], ["2023", "CVE-2023-46059", "Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/reflected_XSS_in_editservice.md"], ["2023", "CVE-2023-52448", "In the Linux kernel, the following vulnerability has been resolved:gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dumpSyzkaller has reported a NULL pointer dereference when accessingrgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creatingrgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check ingfs2_rgrp_dump() to prevent that.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32751", "Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability.", "No PoCs found on GitHub currently.", "https://www.redteam-pentesting.de/advisories/rt-sa-2023-004/
https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses"], ["2023", "CVE-2023-28252", "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "https://github.com/726232111/CVE-2023-28252
https://github.com/ARPSyndicate/cvemon
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/CalegariMindSec/HTB_Writeups
https://github.com/Danasuley/CVE-2023-28252-
https://github.com/GhostTroops/TOP
https://github.com/Malwareman007/CVE-2023-28252
https://github.com/Network-Sec/bin-tools-pub
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/aneasystone/github-trending
https://github.com/bkstephen/Compiled-PoC-Binary-For-CVE-2023-28252
https://github.com/duck-sec/CVE-2023-28252-Compiled-exe
https://github.com/fortra/CVE-2023-28252
https://github.com/hheeyywweellccoommee/CVE-2023-28252-djtiu
https://github.com/hheeyywweellccoommee/CVE-2023-28252-vseik
https://github.com/hktalent/TOP
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/whitfieldsdad/cisa_kev
https://github.com/zengzzzzz/golang-trending-archive
https://github.com/zhaoxiaoha/github-trending", "http://packetstormsecurity.com/files/174668/Windows-Common-Log-File-System-Driver-clfs.sys-Privilege-Escalation.html"], ["2023", "CVE-2023-45230", "EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.", "https://github.com/quarkslab/pixiefail", "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"], ["2023", "CVE-2023-3536", "A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41728", "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rescue Themes Rescue Shortcodes plugin <=\u00a02.5 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28343", "OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.", "https://github.com/ARPSyndicate/cvemon
https://github.com/gobysec/CVE-2023-28343
https://github.com/hba343434/CVE-2023-28343
https://github.com/karimhabush/cyberowl
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/superzerosec/CVE-2023-28343
https://github.com/superzerosec/poc-exploit-index", "http://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html
https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md"], ["2023", "CVE-2023-6342", "Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable \"pay for print\" feature was removed on or around 2023-11-01.", "https://github.com/qwell/disorder-in-the-court", "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"], ["2023", "CVE-2023-31429", "Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as \u201cchassisdistribute\u201d, \u201creboot\u201d, \u201crasman\u201d, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26311", "A remote code execution vulnerability in the webview component of OPPO Store app.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6202", "Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user\u00a0to get their information (e.g. name, surname, nickname) via Mattermost Boards.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49276", "Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-v4v2-8h88-65qj"], ["2023", "CVE-2023-35160", "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.", "No PoCs found on GitHub currently.", "https://jira.xwiki.org/browse/XWIKI-20343"], ["2023", "CVE-2023-32491", "Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.", "No PoCs found on GitHub currently.", "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"], ["2023", "CVE-2023-3567", "A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.", "https://github.com/nidhi7598/linux-4.1.15_CVE-2023-3567
https://github.com/nidhi7598/linux-4.19.72_CVE-2023-3567", "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"], ["2023", "CVE-2023-2908", "A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.", "No PoCs found on GitHub currently.", "https://gitlab.com/libtiff/libtiff/-/merge_requests/479"], ["2023", "CVE-2023-41668", "Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=\u00a01.1.2 versions.", "https://github.com/hackintoanetwork/hackintoanetwork", "No PoCs from references."], ["2023", "CVE-2023-25178", "Controller may be loaded with malicious firmware which could enable remote code execution", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29862", "An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.", "https://github.com/Duke1410/CVE", "No PoCs from references."], ["2023", "CVE-2023-50312", "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5966", "An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/pedrojosenavasperez/cve-2023-5966", "No PoCs from references."], ["2023", "CVE-2023-2394", "A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/14"], ["2023", "CVE-2023-0291", "The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.", "https://github.com/ARPSyndicate/cvemon
https://github.com/MrTuxracer/advisories", "https://packetstormsecurity.com/files/171011/wpqsm808-xsrf.txt"], ["2023", "CVE-2023-4698", "Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.", "https://github.com/mnqazi/CVE-2023-4698
https://github.com/nomi-sec/PoC-in-GitHub", "https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654"], ["2023", "CVE-2023-5826", "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.", "No PoCs found on GitHub currently.", "https://github.com/Cubi123123123/cve/blob/main/NS-ASG-sql-list_onlineuser.md
https://vuldb.com/?id.243716"], ["2023", "CVE-2023-27830", "TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.", "No PoCs found on GitHub currently.", "https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce"], ["2023", "CVE-2023-22056", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-0040", "Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted data into HTTP header field values without prior sanitisation. Common use-cases here might be to place usernames from a database into HTTP header fields. This vulnerability allows attackers to inject new HTTP header fields, or entirely new requests, into the data stream. This can cause requests to be understood very differently by the remote server than was intended. In general, this is unlikely to result in data disclosure, but it can result in a number of logical errors and other misbehaviours.", "https://github.com/dellalibera/dellalibera", "No PoCs from references."], ["2023", "CVE-2023-29922", "PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.", "https://github.com/1820112015/CVE-2023-29923
https://github.com/CKevens/CVE-2023-29923-Scan
https://github.com/CN016/Powerjob-CVE-2023-29922-
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-52357", "Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48654", "One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\\SYSTEM.", "No PoCs found on GitHub currently.", "https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension/"], ["2023", "CVE-2023-50252", "php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `` tag that references an `` tag, it merges the attributes from the `` tag to the `` tag. The problem pops up especially when the `href` attribute from the `` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr"], ["2023", "CVE-2023-5725", "A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3229", "Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/31f48ca1-e5e8-436f-b779-cad597759170"], ["2023", "CVE-2023-37828", "A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39639", "LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs.", "No PoCs found on GitHub currently.", "https://security.friendsofpresta.org/modules/2023/08/31/leoblog.html"], ["2023", "CVE-2023-46954", "SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.", "https://github.com/jakedmurphy1/CVE-2023-46954
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-50343", "HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3338", "A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.", "https://github.com/TurtleARM/CVE-2023-3338-DECPwn
https://github.com/aneasystone/github-trending
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/xairy/linux-kernel-exploitation", "https://seclists.org/oss-sec/2023/q2/276"], ["2023", "CVE-2023-37939", "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in\u00a0FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of\u00a0files or folders excluded from malware scanning.", "https://github.com/sT0wn-nl/CVEs", "No PoCs from references."], ["2023", "CVE-2023-2054", "A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positions_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225939.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.225939"], ["2023", "CVE-2023-2114", "The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.", "https://github.com/ARPSyndicate/cvemon
https://github.com/SchmidAlex/nex-forms_SQL-Injection
https://github.com/SchmidAlex/nex-forms_SQL-Injection-CVE-2023-2114
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-36884", "Windows Search Remote Code Execution Vulnerability", "https://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/ToddMaxey/CVE-2023-36884
https://github.com/aleff-github/my-flipper-shits
https://github.com/bkzk/cisco-email-filters
https://github.com/deepinstinct/Storm0978-RomCom-Campaign
https://github.com/delivr-to/detections
https://github.com/jakabakos/CVE-2023-36884-MS-Office-HTML-RCE
https://github.com/leoambrus/CheckersNomisec
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/or2me/CVE-2023-36884_patcher
https://github.com/raresteak/CVE-2023-36884
https://github.com/ridsoliveira/Fix-CVE-2023-36884
https://github.com/tarraschk/CVE-2023-36884-Checker
https://github.com/whitfieldsdad/cisa_kev
https://github.com/xaitax/cisa-catalog-known-vulnerabilities
https://github.com/zerosorai/CVE-2023-36884", "http://seclists.org/fulldisclosure/2023/Jul/43"], ["2023", "CVE-2023-34981", "A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-22007", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-38504", "Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.", "https://github.com/bdragon-org/dependabot-create-pull-requests-from-rules-2", "No PoCs from references."], ["2023", "CVE-2023-38695", "cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52306", "FPE in paddle.lerp\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md"], ["2023", "CVE-2023-52097", "Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploitation of this vulnerability may affect service confidentiality.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38996", "An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command.", "https://github.com/RNPG/CVEs", "https://gist.github.com/RNPG/53b579da330ba896aa8dc2d901e5e400"], ["2023", "CVE-2023-36787", "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5774", "The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "No PoCs found on GitHub currently.", "https://drive.google.com/file/d/1zXWW545ktCznO36k90AN0APhTz8ky-gG/view?usp=sharing
https://www.wordfence.com/threat-intel/vulnerabilities/id/33c2756d-c300-479f-b3aa-8f22c3a70278?source=cve"], ["2023", "CVE-2023-2336", "Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14"], ["2023", "CVE-2023-29452", "Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field \u201cAttribution text\u201d when selected \u201cOther\u201d Tile provider.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34832", "TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172989/TP-Link-Archer-AX10-EU-_V1.2_230220-Buffer-Overflow.html"], ["2023", "CVE-2023-24729", "Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the address parameter in the user profile update function.", "No PoCs found on GitHub currently.", "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip"], ["2023", "CVE-2023-40039", "An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.", "https://github.com/actuator/cve", "No PoCs from references."], ["2023", "CVE-2023-43250", "XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.", "https://github.com/mrtouch93/exploits", "http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2023/Oct/15"], ["2023", "CVE-2023-5556", "Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.dev/bounties/a3ee0f98-6898-41ae-b1bd-242a03a73d1b"], ["2023", "CVE-2023-38965", "Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html"], ["2023", "CVE-2023-52064", "Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.", "No PoCs found on GitHub currently.", "https://github.com/wuzhicms/wuzhicms/issues/208"], ["2023", "CVE-2023-47488", "Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nitipoom-jar/CVE-2023-47488
https://github.com/nomi-sec/PoC-in-GitHub", "https://bugplorer.github.io/cve-xss-itop/
https://nitipoom-jar.github.io/CVE-2023-47488/"], ["2023", "CVE-2023-4879", "Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/7df6b167-3c39-4563-9b8a-33613e25cf27"], ["2023", "CVE-2023-23009", "Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.", "https://github.com/PhilipM-eu/ikepoke", "No PoCs from references."], ["2023", "CVE-2023-27892", "Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet.", "No PoCs found on GitHub currently.", "https://blog.inhq.net/posts/keepkey-CVE-2023-27892/"], ["2023", "CVE-2023-31285", "An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html
http://seclists.org/fulldisclosure/2023/May/14"], ["2023", "CVE-2023-46475", "A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.", "https://github.com/elementalSec/CVE-Disclosures", "https://github.com/elementalSec/CVE-Disclosures/blob/main/ZentaoPMS/CVE-2023-46475/CVE-2023-46475%20-%20Cross-Site%20Scripting%20(Stored).md"], ["2023", "CVE-2023-38666", "Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.", "No PoCs found on GitHub currently.", "https://github.com/axiomatic-systems/Bento4/issues/784"], ["2023", "CVE-2023-22365", "An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1711"], ["2023", "CVE-2023-40068", "Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.", "https://github.com/20142995/sectool", "No PoCs from references."], ["2023", "CVE-2023-5995", "An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.com/gitlab-org/gitlab/-/issues/425361"], ["2023", "CVE-2023-33291", "In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172476/eBankIT-6-Arbitrary-OTP-Generation.html"], ["2023", "CVE-2023-52175", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin: from n/a through 5.1.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43201", "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.", "No PoCs found on GitHub currently.", "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md"], ["2023", "CVE-2023-50070", "Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/geraldoalcantara/CVE-2023-50070
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-36665", "\"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.", "https://github.com/JGedff/Firebase-NodeJs
https://github.com/git-kick/ioBroker.e3dc-rscp
https://github.com/seal-community/patches", "https://www.code-intelligence.com/blog/cve-protobufjs-prototype-pollution-cve-2023-36665"], ["2023", "CVE-2023-30369", "Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.", "No PoCs found on GitHub currently.", "https://github.com/2205794866/Tenda/blob/main/AC15/3.md"], ["2023", "CVE-2023-34620", "An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.", "No PoCs found on GitHub currently.", "https://github.com/hjson/hjson-java/issues/24"], ["2023", "CVE-2023-43341", "Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-43341-Evolution-Reflected-XSS---Installation-Connection-", "https://github.com/sromanhu/CVE-2023-43341-Evolution-Reflected-XSS---Installation-Connection-
https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Connection-"], ["2023", "CVE-2023-27451", "Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <=\u00a05.1.0.2 versions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Universe1122/Universe1122", "No PoCs from references."], ["2023", "CVE-2023-20231", "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.

This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.

Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2227", "Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/351f9055-2008-4af0-b820-01ff66678bf3"], ["2023", "CVE-2023-29543", "An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.", "https://github.com/googleprojectzero/fuzzilli", "No PoCs from references."], ["2023", "CVE-2023-6529", "The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5843", "The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.", "https://github.com/codeb0ss/CVE-2023-5843-PoC
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31242", "An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769"], ["2023", "CVE-2023-27855", "In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-22033", "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-25950", "HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.", "https://github.com/dhmosfunk/HTTP3ONSTEROIDS
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-0025", "SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-25653", "node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default \"fallback\" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service (DoS) condition, due to a possible infinite loop in an internal calculation. For some ECC operations, this condition is triggered randomly; for others, it can be triggered by malicious input. The issue has been patched in version 2.2.0. Since this issue is only present in the \"fallback\" crypto implementation, it can be avoided by ensuring that either WebCrypto or the Node `crypto` module is available in the JS environment where `node-jose` is being run.", "https://github.com/seal-community/patches", "No PoCs from references."], ["2023", "CVE-2023-1349", "A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.222842"], ["2023", "CVE-2023-28528", "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172458/IBM-AIX-7.2-inscout-Privilege-Escalation.html"], ["2023", "CVE-2023-35808", "An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174300/SugarCRM-12.2.0-Shell-Upload.html
http://seclists.org/fulldisclosure/2023/Aug/26"], ["2023", "CVE-2023-43297", "An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-25482", "Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <=\u00a01.1.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34467", "XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.", "No PoCs found on GitHub currently.", "https://jira.xwiki.org/browse/XWIKI-20333"], ["2023", "CVE-2023-27587", "ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.", "https://github.com/ARPSyndicate/cvemon
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sec-fx/CVE-2023-27587-PoC
https://github.com/vagnerd/CVE-2023-27587-PoC", "No PoCs from references."], ["2023", "CVE-2023-36562", "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5591", "SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090"], ["2023", "CVE-2023-46663", "Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.", "No PoCs found on GitHub currently.", "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"], ["2023", "CVE-2023-31302", "Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field.", "No PoCs found on GitHub currently.", "https://herolab.usd.de/en/security-advisories/usd-2022-0056/"], ["2023", "CVE-2023-25810", "Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-wh8j-xr66-f296"], ["2023", "CVE-2023-33196", "Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.", "No PoCs found on GitHub currently.", "https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5"], ["2023", "CVE-2023-44766", "** DISPUTED ** A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-44766_ConcreteCMS-Stored-XSS---SEO", "https://github.com/sromanhu/ConcreteCMS-Stored-XSS---SEO"], ["2023", "CVE-2023-29495", "Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.", "https://github.com/another1024/another1024", "No PoCs from references."], ["2023", "CVE-2023-38470", "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.", "https://github.com/adegoodyer/kubernetes-admin-toolkit", "No PoCs from references."], ["2023", "CVE-2023-45898", "The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.", "No PoCs found on GitHub currently.", "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.4"], ["2023", "CVE-2023-46772", "Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27804", "H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/DelvsList"], ["2023", "CVE-2023-22062", "Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-48963", "Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.", "No PoCs found on GitHub currently.", "https://github.com/daodaoshao/vul_tenda_i6_1"], ["2023", "CVE-2023-29584", "mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp.", "https://github.com/z1r00/fuzz_vuln", "https://github.com/enzo1982/mp4v2/issues/30
https://github.com/z1r00/fuzz_vuln/blob/main/mp4v2/heap-buffer-overflow/MP4GetVideoProfileLevel/readme.md"], ["2023", "CVE-2023-1318", "Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.", "https://github.com/indevi0us/indevi0us", "https://huntr.dev/bounties/e58b38e0-4897-4bb0-84e8-a7ad8efab338"], ["2023", "CVE-2023-29916", "H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/rkpbC1Jgh"], ["2023", "CVE-2023-52363", "Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-44974", "An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.", "https://github.com/yangliukk/emlog", "No PoCs from references."], ["2023", "CVE-2023-36473", "Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27707", "SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.", "https://github.com/Srpopty/Corax", "https://srpopty.github.io/2023/02/27/DedeCMS-V5.7.160-Backend-SQLi-group/"], ["2023", "CVE-2023-27496", "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).", "No PoCs found on GitHub currently.", "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5"], ["2023", "CVE-2023-50266", "Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/"], ["2023", "CVE-2023-5711", "The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5480", "Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46871", "GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.", "No PoCs found on GitHub currently.", "https://gist.github.com/ReturnHere/d0899bb03b8f5e8fae118f2b76888486
https://github.com/gpac/gpac/issues/2658"], ["2023", "CVE-2023-52223", "Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite \u2013 WooCommerce integration.This issue affects MailerLite \u2013 WooCommerce integration: from n/a through 2.0.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27647", "An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.", "No PoCs found on GitHub currently.", "https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27647/CVE%20detail.md"], ["2023", "CVE-2023-46931", "GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.", "No PoCs found on GitHub currently.", "https://github.com/gpac/gpac/issues/2664"], ["2023", "CVE-2023-1258", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html"], ["2023", "CVE-2023-25841", "There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 \u2013 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48823", "A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176030"], ["2023", "CVE-2023-38421", "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-34585", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/vin01/bogus-cves", "No PoCs from references."], ["2023", "CVE-2023-34614", "An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.", "No PoCs found on GitHub currently.", "https://bitbucket.org/jmarsden/jsonij/issues/7/stack-overflow-error-caused-by-jsonij"], ["2023", "CVE-2023-44987", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <=\u00a02.0.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41270", "** UNSUPPPORTED WHEN ASSIGNED ** Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools.", "No PoCs found on GitHub currently.", "https://www.slideshare.net/fuguet/smold-tv-old-smart
https://www.youtube.com/watch?v=MdIT4mPTX3s"], ["2023", "CVE-2023-5473", "Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36480", "The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36812", "OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.", "https://github.com/ErikWynter/opentsdb_key_cmd_injection
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/174570/OpenTSDB-2.4.1-Unauthenticated-Command-Injection.html
https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9"], ["2023", "CVE-2023-46781", "Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <=\u00a01.5 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0316", "Path Traversal: '\\..\\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.", "https://github.com/ARPSyndicate/cvemon
https://github.com/kos0ng/CVEs", "https://huntr.dev/bounties/c190e42a-4806-47aa-aa1e-ff5d6407e244"], ["2023", "CVE-2023-38603", "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.", "https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-34917", "Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.", "No PoCs found on GitHub currently.", "https://github.com/fuge/cms/issues/3"], ["2023", "CVE-2023-31031", "NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38743", "Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.", "https://github.com/PetrusViet/CVE-2023-38743
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-6859", "A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32258", "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34754", "bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.", "No PoCs found on GitHub currently.", "https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability"], ["2023", "CVE-2023-43235", "D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.", "No PoCs found on GitHub currently.", "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/823G/SetWifiDownSettings/1.md"], ["2023", "CVE-2023-38840", "Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.", "https://github.com/markuta/bw-dump
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/bitwarden/clients/pull/5813
https://github.com/markuta/bw-dump
https://redmaple.tech/blogs/2023/extract-bitwarden-vault-passwords/"], ["2023", "CVE-2023-41330", "knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page.## IssueOn March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as the `$filename` parameter in the `prepareOutput()` function. In the original vulnerability, a file name with a `phar://` wrapper could be sent to the `fileExists()` function, equivalent to the `file_exists()` PHP function. This allowed users to trigger a deserialization on arbitrary PHAR files. To fix this issue, the string is now passed to the `strpos()` function and if it starts with `phar://`, an exception is raised. However, PHP wrappers being case insensitive, this patch can be bypassed using `PHAR://` instead of `phar://`. A successful exploitation of this vulnerability allows executing arbitrary code and accessing the underlying filesystem. The attacker must be able to upload a file and the server must be running a PHP version prior to 8. This issue has been addressed in commit `d3b742d61a` which has been included in version 1.4.3. Users are advised to upgrade. Users unable to upgrade should ensure that only trusted users may submit data to the `AbstractGenerator->generate(...)` function.", "No PoCs found on GitHub currently.", "https://github.com/KnpLabs/snappy/security/advisories/GHSA-92rv-4j2h-8mjj
https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc"], ["2023", "CVE-2023-34645", "jfinal CMS 5.1.0 has an arbitrary file read vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/jflyfox/jfinal_cms/issues/57"], ["2023", "CVE-2023-5422", "The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements.This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.", "https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2242", "A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227.", "No PoCs found on GitHub currently.", "https://docs.google.com/document/d/1GZt9MKB2K-nDrg0cnrnU6_z9wDd9xPE-YJbPV2Qgqg4/edit"], ["2023", "CVE-2023-28949", "IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26758", "Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService.", "No PoCs found on GitHub currently.", "https://www.swascan.com/it/security-advisory-sme-up-erp/"], ["2023", "CVE-2023-28809", "Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"], ["2023", "CVE-2023-42299", "Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.", "No PoCs found on GitHub currently.", "https://github.com/OpenImageIO/oiio/issues/3840"], ["2023", "CVE-2023-31060", "Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.", "No PoCs found on GitHub currently.", "https://cybir.com/2023/cve/poc-repetier-server-140/"], ["2023", "CVE-2023-46501", "An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.", "https://github.com/Cyber-Wo0dy/CVE-2023-46501
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-2302", "The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "No PoCs found on GitHub currently.", "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita"], ["2023", "CVE-2023-2093", "A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves
https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-48881", "A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.", "https://github.com/DiliLearngent/BugReport", "No PoCs from references."], ["2023", "CVE-2023-34494", "NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.", "No PoCs found on GitHub currently.", "https://github.com/emqx/nanomq/issues/1180"], ["2023", "CVE-2023-48782", "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46993", "In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.", "No PoCs found on GitHub currently.", "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md"], ["2023", "CVE-2023-27574", "ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.", "https://github.com/NSEcho/vos", "No PoCs from references."], ["2023", "CVE-2023-6808", "The Booking for Appointments and Events Calendar \u2013 Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32209", "A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1767194"], ["2023", "CVE-2023-0217", "An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Tuttu7/Yum-command
https://github.com/a23au/awe-base-images
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/stkcat/awe-base-images", "No PoCs from references."], ["2023", "CVE-2023-38702", "Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7mjh-73q3-c3fc"], ["2023", "CVE-2023-26599", "XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.", "https://github.com/sT0wn-nl/CVEs", "No PoCs from references."], ["2023", "CVE-2023-28819", "Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32219", "A Mazda model (2015-2016) can be unlocked via an unspecified method.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves", "No PoCs from references."], ["2023", "CVE-2023-5572", "Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.", "https://github.com/l0kihardt/l0kihardt", "https://huntr.dev/bounties/db649f1b-8578-4ef0-8df3-d320ab33f1be"], ["2023", "CVE-2023-43274", "Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.", "https://github.com/nu11secur1ty/CVE-nu11secur1ty", "No PoCs from references."], ["2023", "CVE-2023-25461", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <=\u00a02.5.0 versions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/yaudahbanh/CVE-Archive", "No PoCs from references."], ["2023", "CVE-2023-27424", "Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <=\u00a01.59 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36750", "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.", "https://github.com/sudo-jtcsec/CVE", "No PoCs from references."], ["2023", "CVE-2023-45638", "Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <=\u00a03.1.9 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33035", "Memory corruption while invoking callback function of AFE from ADSP.", "https://github.com/Moonshieldgru/Moonshieldgru", "No PoCs from references."], ["2023", "CVE-2023-46451", "Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sajaljat/CVE-2023-46451", "https://github.com/sajaljat/CVE-2023-46451
https://youtu.be/f8B3_m5YfqI"], ["2023", "CVE-2023-31130", "c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular \"0::00:00:00/2\" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28848", "user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.", "No PoCs found on GitHub currently.", "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-52hv-xw32-wf7f"], ["2023", "CVE-2023-2343", "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.", "https://github.com/khanhchauminh/khanhchauminh", "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2"], ["2023", "CVE-2023-36942", "A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com"], ["2023", "CVE-2023-27535", "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "https://github.com/1g-v/DevSec_Docker_lab
https://github.com/L-ivan7/-.-DevSec_Docker
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41320", "GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.", "https://github.com/Guilhem7/CVE_2023_41320
https://github.com/Orange-Cyberdefense/CVE-repository", "No PoCs from references."], ["2023", "CVE-2023-32308", "anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for errors before adjusting invoice sorting order. Because of this, it was possible to craft a POST request with malicious SQL for Time Tracker database. This issue has been fixed in version 1.22.11.5781. Users are advised to upgrade. Users unable to upgrade may insert an additional check for errors in a condition before calling `ttGroupHelper::getActiveInvoices()` in invoices.php.", "https://github.com/indevi0us/indevi0us", "No PoCs from references."], ["2023", "CVE-2023-5463", "A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://drive.google.com/drive/folders/1mpRxWOPjxVS980r0qu1IY_Hf0irKO-cu"], ["2023", "CVE-2023-46892", "The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature).", "No PoCs found on GitHub currently.", "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219"], ["2023", "CVE-2023-38910", "CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.", "No PoCs found on GitHub currently.", "https://github.com/desencrypt/CVE/blob/main/CVE-2023-38910/Readme.md"], ["2023", "CVE-2023-44997", "Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <=\u00a04.1 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-22081", "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-44694", "D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_rce_%20mailrecvview.md"], ["2023", "CVE-2023-0306", "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"], ["2023", "CVE-2023-2203", "A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.", "https://github.com/em1ga3l/cve-publicationdate-extractor", "No PoCs from references."], ["2023", "CVE-2023-36802", "Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability", "https://github.com/4zur-0312/CVE-2023-36802
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/EvilGreys/DROPPER
https://github.com/GhostTroops/TOP
https://github.com/Nero22k/cve-2023-36802
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/Threekiii/CVE
https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802
https://github.com/hktalent/TOP
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sampsonv/github-trending
https://github.com/tanjiti/sec_profile
https://github.com/x0rb3l/CVE-2023-36802-MSKSSRV-LPE
https://github.com/zengzzzzz/golang-trending-archive", "No PoCs from references."], ["2023", "CVE-2023-26488", "OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.", "https://github.com/davidlpoole/eth-erc20-governance", "No PoCs from references."], ["2023", "CVE-2023-48730", "A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1882"], ["2023", "CVE-2023-34426", "A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1766"], ["2023", "CVE-2023-43147", "PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.", "https://github.com/MinoTauro2020/CVE-2023-43147
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/MinoTauro2020/CVE-2023-43147/"], ["2023", "CVE-2023-44824", "An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29745", "An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.", "No PoCs found on GitHub currently.", "https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29745/CVE%20detail.md"], ["2023", "CVE-2023-38431", "An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48833", "A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176042"], ["2023", "CVE-2023-33246", "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .", "https://github.com/0xKayala/CVE-2023-33246
https://github.com/20142995/sectool
https://github.com/ARPSyndicate/cvemon
https://github.com/CKevens/CVE-2023-33246
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/Devil0ll/CVE-2023-33246
https://github.com/I5N0rth/CVE-2023-33246
https://github.com/KayCHENvip/vulnerability-poc
https://github.com/Le1a/CVE-2023-33246
https://github.com/Loginsoft-Research/Linux-Exploit-Detection
https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT
https://github.com/Malayke/CVE-2023-37582_EXPLOIT
https://github.com/MkJos/CVE-2023-33246_RocketMQ_RCE_EXP
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/SuperZero/CVE-2023-33246
https://github.com/Threekiii/Awesome-Exploit
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/CVE
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/aneasystone/github-trending
https://github.com/bakery312/Vulhub-Reproduce
https://github.com/cr1me0/rocketMq_RCE
https://github.com/d0rb/CVE-2023-33246
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/hheeyywweellccoommee/CVE-2023-33246-dgjfd
https://github.com/hheeyywweellccoommee/CVE-2023-33246-rnkku
https://github.com/hktalent/TOP
https://github.com/hktalent/bug-bounty
https://github.com/hxysaury/saury-vulnhub
https://github.com/izj007/wechat
https://github.com/johe123qwe/github-trending
https://github.com/k8gege/Ladon
https://github.com/liang2kl/iot-exploits
https://github.com/luelueking/Java-CVE-Lists
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/r3volved/CVEAggregate
https://github.com/sponkmonk/Ladon_english_update
https://github.com/v0ita/rocketMq_RCE
https://github.com/vulncheck-oss/fetch-broker-conf
https://github.com/vulncheck-oss/go-exploit
https://github.com/yizhimanpadewoniu/CVE-2023-33246-Copy", "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"], ["2023", "CVE-2023-2021", "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.", "https://github.com/tht1997/tht1997", "https://huntr.dev/bounties/2e31082d-7aeb-46ff-84d6-9561758e3bf0"], ["2023", "CVE-2023-6568", "Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlflow prior to 2.9.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709"], ["2023", "CVE-2023-38571", "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.", "https://github.com/gergelykalman/CVE-2023-38571-a-macOS-TCC-bypass-in-Music-and-TV
https://github.com/houjingyi233/macOS-iOS-system-security
https://github.com/jp-cpe/retrieve-cvss-scores
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-22072", "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2023", "CVE-2023-31192", "An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768"], ["2023", "CVE-2023-46762", "Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36463", "Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't (fully) sanitized after submission. This issue has been addressed in commit `77e04f4af` which is included in the `1.0.0b1.1.2` release. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/jucktnich/meldekarten-generator/security/advisories/GHSA-f2gp-85cr-vgj7"], ["2023", "CVE-2023-34566", "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/rk8hQf5rh"], ["2023", "CVE-2023-25583", "Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1723"], ["2023", "CVE-2023-52373", "Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29906", "H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.", "No PoCs found on GitHub currently.", "https://hackmd.io/@0dayResearch/rk1uu20Jh"], ["2023", "CVE-2023-35909", "Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41013", "Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the \"p4\" field.", "No PoCs found on GitHub currently.", "https://medium.com/@katikitala.sushmitha078/cve-2023-41013-789841dcad91"], ["2023", "CVE-2023-27606", "Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <=\u00a01.4.6 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43116", "A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md"], ["2023", "CVE-2023-1219", "Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/171795/Chrome-base-debug-ActivityUserData-ActivityUserData-Heap-Buffer-Overflow.html"], ["2023", "CVE-2023-1188", "A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is the function 0x222018 in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360.", "https://github.com/ARPSyndicate/cvemon
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1188"], ["2023", "CVE-2023-35818", "An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.", "No PoCs found on GitHub currently.", "https://espressif.com"], ["2023", "CVE-2023-29714", "Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.", "No PoCs found on GitHub currently.", "https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/Datasheet/EN/Vade_Secure_DS_Gateway_EN.pdf"], ["2023", "CVE-2023-27905", "Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Rajchowdhury420/Secure-or-Break-Jenkins
https://github.com/gquere/pwn_jenkins
https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-46673", "It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/muneebaashiq/MBProjects", "https://www.elastic.co/community/security"], ["2023", "CVE-2023-22023", "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-20126", "A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.", "https://github.com/fullspectrumdev/RancidCrisco
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-5853", "Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1359", "A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-27746", "BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.", "https://github.com/eyJhb/blackvue-cve-2023
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-34537", "A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.", "https://github.com/ARPSyndicate/cvemon
https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-48621", "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36735", "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41254", "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.", "https://github.com/iCMDdev/iCMDdev", "No PoCs from references."], ["2023", "CVE-2023-50120", "MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.", "No PoCs found on GitHub currently.", "https://github.com/gpac/gpac/issues/2698"], ["2023", "CVE-2023-40138", "In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "No PoCs found on GitHub currently.", "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33"], ["2023", "CVE-2023-34933", "A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "No PoCs found on GitHub currently.", "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34933.md"], ["2023", "CVE-2023-0332", "A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.218472"], ["2023", "CVE-2023-33281", "** DISPUTED ** The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves", "No PoCs from references."], ["2023", "CVE-2023-38767", "SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.", "https://github.com/0x72303074/CVE-Disclosures", "No PoCs from references."], ["2023", "CVE-2023-46574", "An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.", "https://github.com/Marco-zcl/POC
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/wy876/POC
https://github.com/xingchennb/POC-", "https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md"], ["2023", "CVE-2023-37688", "Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/rt122001/CVES/blob/main/CVE-2023-37688.txt"], ["2023", "CVE-2023-23299", "The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.", "No PoCs found on GitHub currently.", "https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23299.md"], ["2023", "CVE-2023-49809", "Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4978", "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4"], ["2023", "CVE-2023-36675", "An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27501", "SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-5517", "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect ;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/marklogic/marklogic-docker", "No PoCs from references."], ["2023", "CVE-2023-5686", "Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.", "https://github.com/gandalf4a/crash_report", "https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0"], ["2023", "CVE-2023-41085", "When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38864", "An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.", "No PoCs found on GitHub currently.", "https://github.com/TTY-flag/my_iot_vul/tree/main/COMFAST/CF-XR11/Command_Inject3"], ["2023", "CVE-2023-4869", "A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://skypoc.wordpress.com/2023/09/05/vuln1/"], ["2023", "CVE-2023-30268", "CLTPHP <=6.0 is vulnerable to Improper Input Validation.", "No PoCs found on GitHub currently.", "https://github.com/HuBenLab/HuBenVulList/blob/main/CLTPHP6.0%20Improper%20Input%20Validation%202.md"], ["2023", "CVE-2023-27781", "jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c.", "No PoCs found on GitHub currently.", "https://github.com/tjko/jpegoptim/issues/132"], ["2023", "CVE-2023-36764", "Microsoft SharePoint Server Elevation of Privilege Vulnerability", "https://github.com/netlas-io/netlas-dorks", "No PoCs from references."], ["2023", "CVE-2023-52074", "FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.", "No PoCs found on GitHub currently.", "https://github.com/zouyang0714/cms/blob/main/1.md"], ["2023", "CVE-2023-38975", "* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component.", "No PoCs found on GitHub currently.", "https://github.com/qdrant/qdrant/issues/2268"], ["2023", "CVE-2023-29693", "H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad.", "No PoCs found on GitHub currently.", "https://github.com/Stevenbaga/fengsha/blob/main/H3C/GR-1200W/SetTftpUpgrad.md"], ["2023", "CVE-2023-38676", "Nullptr in paddle.dot\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "No PoCs found on GitHub currently.", "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md"], ["2023", "CVE-2023-5894", "Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/aba3ba5b-aa6b-4076-b663-4237b4a0761d"], ["2023", "CVE-2023-27882", "A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1733"], ["2023", "CVE-2023-31295", "CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.", "No PoCs found on GitHub currently.", "https://herolab.usd.de/en/security-advisories/usd-2022-0053/"], ["2023", "CVE-2023-36624", "Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.", "No PoCs found on GitHub currently.", "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-004.txt
https://www.syss.de/pentest-blog/root-zugang-zu-smarthome-server-loxone-miniserver-go-gen-2-syss-2023-004/-012/-013"], ["2023", "CVE-2023-5546", "ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/obelia01/CVE-2023-5546", "No PoCs from references."], ["2023", "CVE-2023-43240", "D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.", "No PoCs found on GitHub currently.", "https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/ipportFilter/1.md"], ["2023", "CVE-2023-30328", "An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use.", "No PoCs found on GitHub currently.", "https://github.com/rand0mIdas/randomideas/blob/main/ShimoVPN.md
https://raw.githubusercontent.com/rand0mIdas/randomideas/main/ShimoVPN.md?token=GHSAT0AAAAAACA3WX4SPH2YYOCWGV6LLVSGZBIEKEQ"], ["2023", "CVE-2023-4408", "The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/marklogic/marklogic-docker", "No PoCs from references."], ["2023", "CVE-2023-0001", "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Vinalti/cve-badge.li
https://github.com/jeremymonk21/Vulnerability-Management-and-SIEM-Implementation-Project
https://github.com/morpheuslord/CVE-llm_dataset", "No PoCs from references."], ["2023", "CVE-2023-22017", "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-5764", "A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48615", "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29963", "S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.", "No PoCs found on GitHub currently.", "https://github.com/superjock1988/debug/blob/main/s-cms_rce.md"], ["2023", "CVE-2023-3268", "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36546", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://securitycafe.ro/2023/06/19/dll-hijacking-finding-vulnerabilities-in-pestudio-9-52/"], ["2023", "CVE-2023-20052", "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:

A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.

This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.", "https://github.com/ARPSyndicate/cvemon
https://github.com/CVEDB/awesome-cve-repo
https://github.com/cY83rR0H1t/CVE-2023-20052
https://github.com/cbk914/clamav-scan
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/halon/changelog
https://github.com/nokn0wthing/CVE-2023-20052
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-4548", "A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/174344/SPA-Cart-eCommerce-CMS-1.9.0.3-SQL-Injection.html"], ["2023", "CVE-2023-0050", "An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Threekiii/CVE
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/wh-gov/CVE-2023-0050", "No PoCs from references."], ["2023", "CVE-2023-38545", "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxyhandshake.When curl is asked to pass along the host name to the SOCKS5 proxy to allowthat to resolve the address instead of it getting done by curl itself, themaximum length that host name can be is 255 bytes.If the host name is detected to be longer, curl switches to local nameresolving and instead passes on the resolved address only. Due to this bug,the local variable that means \"let the host resolve the name\" could get thewrong value during a slow SOCKS5 handshake, and contrary to the intention,copy the too long host name to the target buffer instead of copying just theresolved address there.The target buffer being a heap based buffer, and the host name coming from theURL that curl has been told to operate with.", "https://github.com/JosephYostos/Vulnerability-Management-remediation-with-Talon-
https://github.com/KONNEKTIO/konnekt-docs
https://github.com/UTsweetyfish/CVE-2023-38545
https://github.com/alex-grandson/docker-python-example
https://github.com/bcdannyboy/CVE-2023-38545
https://github.com/d0rb/CVE-2023-38545
https://github.com/dbrugman/CVE-2023-38545-POC
https://github.com/fatmo666/CVE-2023-38545-libcurl-SOCKS5-heap-buffer-overflow
https://github.com/imfht/CVE-2023-38545
https://github.com/izj007/wechat
https://github.com/kherrick/lobsters
https://github.com/mayur-esh/vuln-liners
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/vanigori/CVE-2023-38545-sample", "No PoCs from references."], ["2023", "CVE-2023-29631", "PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.", "No PoCs found on GitHub currently.", "https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmsslider.html"], ["2023", "CVE-2023-48947", "An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.", "No PoCs found on GitHub currently.", "https://github.com/openlink/virtuoso-opensource/issues/1179"], ["2023", "CVE-2023-22046", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-46756", "Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3239", "A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20obtain%20the%20web%20directory%20path%20and%20other%20information%20leaked%20.md"], ["2023", "CVE-2023-41136", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS.This issue affects Simple Long Form: from n/a through 2.2.2.", "https://github.com/parkttule/parkttule", "No PoCs from references."], ["2023", "CVE-2023-34552", "In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.", "https://github.com/infobyte/ezviz_lan_rce", "No PoCs from references."], ["2023", "CVE-2023-36517", "Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <=\u00a02.6.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-52207", "Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49468", "Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.", "No PoCs found on GitHub currently.", "https://github.com/strukturag/libde265/issues/432"], ["2023", "CVE-2023-0110", "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", "https://github.com/ARPSyndicate/cvemon
https://github.com/emotest1/cve_2023_0110
https://github.com/emotest1/emo_emo", "No PoCs from references."], ["2023", "CVE-2023-33272", "An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind).", "https://github.com/dtssec/CVE-Disclosures
https://github.com/l4rRyxz/CVE-Disclosures", "https://github.com/l4rRyxz/CVE-Disclosures/blob/main/CVE-2023-33272.md"], ["2023", "CVE-2023-2384", "A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.227662"], ["2023", "CVE-2023-46587", "Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.", "No PoCs found on GitHub currently.", "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"], ["2023", "CVE-2023-4317", "An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40685", "Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-46389", "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"], ["2023", "CVE-2023-46018", "SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \\allows attackers to run arbitrary SQL commands via 'remail' parameter.", "https://github.com/ersinerenler/CVE-2023-46018-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability
https://github.com/ersinerenler/Code-Projects-Blood-Bank-1.0
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/ersinerenler/CVE-2023-46018-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability"], ["2023", "CVE-2023-41678", "A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36319", "File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.", "https://github.com/Lowalu/CVE-2023-36319
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-39167", "In\u00a0SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data.", "No PoCs found on GitHub currently.", "https://seclists.org/fulldisclosure/2023/Nov/5"], ["2023", "CVE-2023-28353", "An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.", "No PoCs found on GitHub currently.", "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories"], ["2023", "CVE-2023-1532", "Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/171959/Chrome-media-mojom-VideoFrame-Missing-Validation.html"], ["2023", "CVE-2023-2858", "NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-41738", "Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-36259", "Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31439", "** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "https://github.com/kastel-security/Journald", "https://github.com/systemd/systemd/pull/28885"], ["2023", "CVE-2023-24344", "D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.", "No PoCs found on GitHub currently.", "https://github.com/1160300418/Vuls/tree/main/D-Link/DIR-605L/webpage_Vuls/01"], ["2023", "CVE-2023-6352", "The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.", "https://github.com/qwell/disorder-in-the-court", "No PoCs from references."], ["2023", "CVE-2023-4257", "Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.", "https://github.com/0xdea/advisories
https://github.com/hnsecurity/vulns", "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j"], ["2023", "CVE-2023-32842", "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848).", "https://github.com/asset-group/5ghoul-5g-nr-attacks", "No PoCs from references."], ["2023", "CVE-2023-3526", "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
http://seclists.org/fulldisclosure/2023/Aug/12"], ["2023", "CVE-2023-47325", "Silverpeas Core 6.3.1 administrative \"Bin\" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.", "https://github.com/RhinoSecurityLabs/CVEs", "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47325"], ["2023", "CVE-2023-39136", "An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file.", "No PoCs found on GitHub currently.", "https://blog.ostorlab.co/zip-packages-exploitation.html
https://github.com/ZipArchive/ZipArchive/issues/680"], ["2023", "CVE-2023-32741", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175654/WordPress-Contact-Form-To-Any-API-1.1.2-SQL-Injection.html"], ["2023", "CVE-2023-25139", "sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.", "https://github.com/ARPSyndicate/cvemon
https://github.com/ortelius/ms-compitem-crud
https://github.com/ortelius/ms-dep-pkg-cud
https://github.com/ortelius/ms-dep-pkg-r
https://github.com/ortelius/ms-sbom-export
https://github.com/ortelius/ms-scorecard
https://github.com/ortelius/ms-textfile-crud", "No PoCs from references."], ["2023", "CVE-2023-52458", "In the Linux kernel, the following vulnerability has been resolved:block: add check that partition length needs to be aligned with block sizeBefore calling add partition or resize partition, there is no checkon whether the length is aligned with the logical block size.If the logical block size of the disk is larger than 512 bytes,then the partition size maybe not the multiple of the logical block size,and when the last sector is read, bio_truncate() will adjust the bio size,resulting in an IO error if the size of the read command is smaller thanthe logical block size.If integrity data is supported, this will alsoresult in a null pointer dereference when calling bio_integrity_free.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2949", "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"], ["2023", "CVE-2023-36348", "POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173278/POS-Codekop-2.0-Shell-Upload.html
https://www.youtube.com/watch?v=Ge0zqY0sGiQ
https://yuyudhn.github.io/pos-codekop-vulnerability/"], ["2023", "CVE-2023-30704", "Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47265", "Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG.\u00a0This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users.Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28302", "Microsoft Message Queuing Denial of Service Vulnerability", "https://github.com/TayoG/44con2023-resources
https://github.com/clearbluejar/44con2023-resources
https://github.com/clearbluejar/recon2023-resources
https://github.com/timeisflowing/recon2023-resources", "No PoCs from references."], ["2023", "CVE-2023-39076", "Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system.", "No PoCs found on GitHub currently.", "https://blog.dhjeong.kr/posts/vuln/202307/gm-chevrolet/
https://blog.jhyeon.dev/posts/vuln/202307/gm-chevrolet/"], ["2023", "CVE-2023-49377", "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.", "No PoCs found on GitHub currently.", "https://github.com/cui2shark/cms/blob/main/Modification%20of%20CSRF%20in%20Label%20Management.md"], ["2023", "CVE-2023-24084", "ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.", "https://github.com/2lambda123/Windows10Exploits
https://github.com/nu11secur1ty/CVE-nu11secur1ty
https://github.com/nu11secur1ty/Windows10Exploits", "No PoCs from references."], ["2023", "CVE-2023-6303", "A vulnerability was found in CSZCMS 1.3.0. It has been classified as problematic. This affects an unknown part of the file /admin/settings/ of the component Site Settings Page. The manipulation of the argument Additional Meta Tag with the input
https://github.com/hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-4197", "Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.", "No PoCs found on GitHub currently.", "https://starlabs.sg/advisories/23/23-4197"], ["2023", "CVE-2023-51771", "In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI.", "https://github.com/Halcy0nic/Trophies
https://github.com/skinnyrad/Trophies", "https://github.com/starnight/MicroHttpServer/issues/8"], ["2023", "CVE-2023-37164", "Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.", "https://github.com/capture0x/My-CVE
https://github.com/ilqarli27/CVE-2023-37164
https://github.com/nomi-sec/PoC-in-GitHub", "https://www.exploit-db.com/exploits/51529"], ["2023", "CVE-2023-31468", "An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The \"%PROGRAMFILES(X86)%\\INOSOFT GmbH\" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html
https://www.exploit-db.com/exploits/51682"], ["2023", "CVE-2023-46298", "Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.", "https://github.com/valentin-panov/nextjs-no-cache-issue", "No PoCs from references."], ["2023", "CVE-2023-40924", "SolarView Compact < 6.00 is vulnerable to Directory Traversal.", "https://github.com/Yobing1/CVE-2023-40924
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-32423", "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.", "https://github.com/ulexec/Exploits", "No PoCs from references."], ["2023", "CVE-2023-39254", "Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42821", "The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.", "No PoCs found on GitHub currently.", "https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2"], ["2023", "CVE-2023-1741", "A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224629 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.224629"], ["2023", "CVE-2023-45142", "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"], ["2023", "CVE-2023-23854", "SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-40627", "A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38138", "A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/afine-com/research", "No PoCs from references."], ["2023", "CVE-2023-1902", "The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23914", "A cleartext transmission of sensitive information vulnerability exists in curl https://github.com/1g-v/DevSec_Docker_lab
https://github.com/ARPSyndicate/cvemon
https://github.com/L-ivan7/-.-DevSec_Docker
https://github.com/a23au/awe-base-images
https://github.com/ctflearner/Learn365
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/stkcat/awe-base-images", "No PoCs from references."], ["2023", "CVE-2023-37206", "Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1813299"], ["2023", "CVE-2023-40767", "User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"], ["2023", "CVE-2023-3704", "The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3495", "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32563", "An unauthenticated attacker could achieve the code execution through a RemoteControl server.", "https://github.com/mayur-esh/vuln-liners", "No PoCs from references."], ["2023", "CVE-2023-39314", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <=\u00a03.30.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1590", "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223655.", "https://github.com/karimhabush/cyberowl", "https://blog.csdn.net/weixin_43864034/article/details/129730106"], ["2023", "CVE-2023-5199", "The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47016", "radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.", "https://github.com/gandalf4a/crash_report", "https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa
https://github.com/radareorg/radare2/issues/22349"], ["2023", "CVE-2023-3615", "Mattermost iOS app fails\u00a0to properly\u00a0validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.", "https://github.com/aapooksman/certmitm", "No PoCs from references."], ["2023", "CVE-2023-30577", "AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3"], ["2023", "CVE-2023-45113", "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39194", "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48268", "Mattermost fails to\u00a0limit the amount of data extracted from compressed archives during board import in Mattermost Boards\u00a0allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by\u00a0importing a board using a specially crafted zip (zip bomb).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31918", "Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.", "https://github.com/EJueon/EJueon", "https://github.com/jerryscript-project/jerryscript/issues/5064"], ["2023", "CVE-2023-5319", "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"], ["2023", "CVE-2023-2579", "The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.", "https://github.com/0xn4d/poc-cve-xss-inventory-press-plugin
https://github.com/daniloalbuqrque/poc-cve-xss-inventory-press-plugin
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/daniloalbuqrque/poc-cve-xss-inventory-press-plugin"], ["2023", "CVE-2023-1813", "Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-49295", "quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24166", "Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.", "No PoCs found on GitHub currently.", "https://github.com/DrizzlingSun/Tenda/blob/main/AC18/2/2.md"], ["2023", "CVE-2023-21900", "Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 4.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-4075", "Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51693", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through 2.0.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42633", "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49044", "Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.", "No PoCs found on GitHub currently.", "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/form_fast_setting_wifi_set.md"], ["2023", "CVE-2023-35352", "Windows Remote Desktop Security Feature Bypass Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24026", "In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.", "https://github.com/sixgroup-security/CVE", "No PoCs from references."], ["2023", "CVE-2023-26123", "Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscripten_run_script function.

**Note:** This vulnerability is present only when compiling raylib for PLATFORM_WEB. All the other Desktop/Mobile/Embedded platforms are not affected.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-UNMANAGED-RAYSAN5RAYLIB-5421188"], ["2023", "CVE-2023-21840", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/ARPSyndicate/cvemon", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-51442", "Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key \"not so secret\". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.", "No PoCs found on GitHub currently.", "https://github.com/navidrome/navidrome/security/advisories/GHSA-wq59-4q6r-635r"], ["2023", "CVE-2023-4135", "A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3856", "A vulnerability, which was classified as problematic, has been found in phpscriptpoint Ecommerce 1.15. Affected by this issue is some unknown functionality of the file /blog-single.php. The manipulation of the argument slug leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235208. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2439", "The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "No PoCs found on GitHub currently.", "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"], ["2023", "CVE-2023-38029", "Saho\u2019s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5259", "A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-240868.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/RCEraser/cve/blob/main/ForU-CMS.md"], ["2023", "CVE-2023-23646", "Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery \u2013 WordPress Gallery plugin <=\u00a01.4.9 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47251", "In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html
http://seclists.org/fulldisclosure/2023/Nov/13
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/"], ["2023", "CVE-2023-3452", "The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.", "https://github.com/leoanggal1/CVE-2023-3452-PoC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-0938", "A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon", "https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20SQL%20Injection%201.md"], ["2023", "CVE-2023-50429", "IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/orangecertcc/security-research/security/advisories/GHSA-mc3w-rv8p-f9xf"], ["2023", "CVE-2023-33559", "A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.", "https://github.com/ninj4c0d3r/OcoMon-Research
https://github.com/ninj4c0d3r/ninj4c0d3r", "No PoCs from references."], ["2023", "CVE-2023-35055", "A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761"], ["2023", "CVE-2023-6337", "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.Fixed in\u00a0Vault 1.15.4, 1.14.8, 1.13.12.", "https://github.com/bbhorrigan/Vaulthcsec
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-37150", "Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in \"/admin/index.php?page=categories\" Category item.", "No PoCs found on GitHub currently.", "https://www.chtsecurity.com/news/57fd2fe6-11d9-421d-9087-88b4d5090452"], ["2023", "CVE-2023-32876", "In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612.", "https://github.com/Resery/Resery", "No PoCs from references."], ["2023", "CVE-2023-24261", "A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.", "No PoCs found on GitHub currently.", "https://justinapplegate.me/2023/glinet-CVE-2023-24261/"], ["2023", "CVE-2023-6277", "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.", "https://github.com/PromptFuzz/PromptFuzz
https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.com/libtiff/libtiff/-/issues/614"], ["2023", "CVE-2023-1885", "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2023", "CVE-2023-40571", "weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3980", "Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/6eb3cb9a-5c78-451f-ae76-0b1e62fe5e54"], ["2023", "CVE-2023-21996", "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-33788", "A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.", "No PoCs found on GitHub currently.", "https://github.com/anhdq201/netbox/issues/3"], ["2023", "CVE-2023-0878", "Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/a892caf7-b8c2-4638-8cee-eb779d51066a"], ["2023", "CVE-2023-50569", "Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf
https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73"], ["2023", "CVE-2023-27008", "A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.", "https://github.com/ARPSyndicate/cvemon", "https://plantplants213607121.wordpress.com/2023/02/16/atutor-2-2-1-cross-site-scripting-via-the-token-body-parameter/"], ["2023", "CVE-2023-27399", "A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346)", "https://github.com/ARPSyndicate/cvemon
https://github.com/dhn/dhn", "No PoCs from references."], ["2023", "CVE-2023-21504", "Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.", "https://github.com/N3vv/N3vv", "No PoCs from references."], ["2023", "CVE-2023-3683", "A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument search_term leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45185", "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.", "https://github.com/afine-com/CVE-2023-45185
https://github.com/afine-com/research
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-39293", "A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system.", "https://github.com/SYNgularity1/mitel-exploits", "No PoCs from references."], ["2023", "CVE-2023-43609", "In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27119", "WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.", "No PoCs found on GitHub currently.", "https://github.com/WebAssembly/wabt/issues/1990"], ["2023", "CVE-2023-3403", "The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.", "https://github.com/20142995/sectool", "No PoCs from references."], ["2023", "CVE-2023-32664", "A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795"], ["2023", "CVE-2023-49083", "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://www.openwall.com/lists/oss-security/2023/11/29/2
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97"], ["2023", "CVE-2023-1994", "GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-4263", "Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver", "https://github.com/0xdea/advisories
https://github.com/hnsecurity/vulns", "http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf"], ["2023", "CVE-2023-3891", "Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system", "No PoCs found on GitHub currently.", "https://fluidattacks.com/advisories/aerosmith"], ["2023", "CVE-2023-21887", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "https://github.com/netlas-io/netlas-dorks
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/zwxxb/CVE-2023-21887", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-24230", "A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.", "No PoCs found on GitHub currently.", "https://medium.com/@0x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a"], ["2023", "CVE-2023-45245", "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1446", "A vulnerability classified as problematic was found in Watchdog Anti-Virus 1.4.214.0. Affected by this vulnerability is the function 0x80002004/0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223291.", "https://github.com/ARPSyndicate/cvemon
https://github.com/karimhabush/cyberowl
https://github.com/zeze-zeze/WindowsKernelVuln", "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1446"], ["2023", "CVE-2023-27059", "A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.", "No PoCs found on GitHub currently.", "https://github.com/ChurchCRM/CRM/issues/6450"], ["2023", "CVE-2023-6004", "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49070", "Pre-auth RCE in Apache Ofbiz 18.12.09.It's due to XML-RPC\u00a0no longer maintained\u00a0still present.This issue affects Apache OFBiz: before 18.12.10.\u00a0Users are recommended to upgrade to version 18.12.10", "https://github.com/0xrobiul/CVE-2023-49070
https://github.com/0xsyr0/OSCP
https://github.com/Chocapikk/CVE-2023-51467
https://github.com/D0g3-8Bit/OFBiz-Attack
https://github.com/Jake123otte1/BadBizness-CVE-2023-51467
https://github.com/Marco-zcl/POC
https://github.com/Ostorlab/KEV
https://github.com/Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467
https://github.com/Rishi-45/Bizness-Machine-htb
https://github.com/SrcVme50/Bizness
https://github.com/Threekiii/CVE
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/UserConnecting/Exploit-CVE-2023-49070-and-CVE-2023-51467-Apache-OFBiz
https://github.com/Y4tacker/JavaSec
https://github.com/abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC
https://github.com/bakery312/Vulhub-Reproduce
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass
https://github.com/mintoolkit/mint
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/slimtoolkit/slim
https://github.com/tanjiti/sec_profile
https://github.com/txuswashere/OSCP
https://github.com/wy876/POC
https://github.com/xingchennb/POC-
https://github.com/yukselberkay/CVE-2023-49070_CVE-2023-51467", "http://packetstormsecurity.com/files/176323/Apache-OFBiz-18.12.09-Remote-Code-Execution.html"], ["2023", "CVE-2023-37263", "Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.", "No PoCs found on GitHub currently.", "https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc"], ["2023", "CVE-2023-21874", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-26117", "Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045"], ["2023", "CVE-2023-3862", "A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Box Handler. The manipulation of the argument comment leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. VDB-235214 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4101", "The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3761", "A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.234446
https://youtu.be/bMJwSCps0Lc"], ["2023", "CVE-2023-40801", "The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn", "No PoCs found on GitHub currently.", "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/sub_451784"], ["2023", "CVE-2023-33969", "Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.", "No PoCs found on GitHub currently.", "https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9"], ["2023", "CVE-2023-33829", "A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.", "https://github.com/CKevens/CVE-2023-33829-POC
https://github.com/n3gox/CVE-2023-33829
https://github.com/nomi-sec/PoC-in-GitHub", "http://packetstormsecurity.com/files/172588/SCM-Manager-1.60-Cross-Site-Scripting.html
https://github.com/n3gox/Stored-XSS-on-SCM-Manager-1.60"], ["2023", "CVE-2023-49130", "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24152", "A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.", "https://github.com/fullwaywang/QlRules", "https://github.com/Double-q1015/CVE-vulns/blob/main/totolink_t8/meshSlaveUpdate/meshSlaveUpdate.md"], ["2023", "CVE-2023-21934", "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-4041", "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects \"Standalone\" and \"Application\" versions of Gecko Bootloader.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-3922", "An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51536", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms \u2013 WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms \u2013 WordPress Form Builder: from n/a through 1.1.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0448", "The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/JoshuaMart/JoshuaMart", "https://www.tenable.com/security/research/tra-2023-3"], ["2023", "CVE-2023-1936", "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://gitlab.com/gitlab-org/gitlab/-/issues/405150"], ["2023", "CVE-2023-26146", "All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered.", "https://github.com/dellalibera/dellalibera
https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/dellalibera/c53448135480cbe12257c4b413a90d20
https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730766"], ["2023", "CVE-2023-21825", "Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Supplier Management). Supported versions that are affected are 12.2.6-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupplier Portal accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujan2023.html"], ["2023", "CVE-2023-40753", "There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"], ["2023", "CVE-2023-4150", "The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50848", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29338", "Visual Studio Code Spoofing Vulnerability", "https://github.com/gbdixg/PSMDE", "No PoCs from references."], ["2023", "CVE-2023-40850", "netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway.", "https://github.com/flyyue2001/cve", "No PoCs from references."], ["2023", "CVE-2023-3730", "Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39320", "The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the \"go\" command was executed within the module. This applies to modules downloaded using the \"go\" command from the module proxy, as well as modules downloaded directly using VCS software.", "https://github.com/ayrustogaru/cve-2023-39320
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-1635", "A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/BigTiger2020/2023/blob/main/XSS.md"], ["2023", "CVE-2023-47073", "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21666", "Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172664/Qualcomm-Adreno-KGSL-Data-Leakage.html"], ["2023", "CVE-2023-28285", "Microsoft Office Remote Code Execution Vulnerability", "https://github.com/2lambda123/CVE-mitre
https://github.com/ARPSyndicate/cvemon
https://github.com/nu11secur1ty/CVE-mitre", "http://packetstormsecurity.com/files/173127/Microsoft-Office-Remote-Code-Execution.html
http://packetstormsecurity.com/files/173140/Microsoft-365-MSO-2305-Build-16.0.16501.20074-Remote-Code-Execution.html"], ["2023", "CVE-2023-1775", "When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.", "No PoCs found on GitHub currently.", "https://mattermost.com/security-updates/"], ["2023", "CVE-2023-0419", "The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", "No PoCs found on GitHub currently.", "https://wpscan.com/vulnerability/5ccfee43-920d-4613-b976-2ea8966696ba"], ["2023", "CVE-2023-0788", "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2023", "CVE-2023-1876", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/15b06488-5849-47ce-aaf4-81d4c3c202e2"], ["2023", "CVE-2023-42487", "Soundminer \u2013 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-23860", "SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-21965", "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpuapr2023.html"], ["2023", "CVE-2023-4381", "Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/666c2617-e3e9-4955-9c97-2f8ed5262cc3"], ["2023", "CVE-2023-4010", "A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.", "https://github.com/wanrenmi/a-usb-kernel-bug", "No PoCs from references."], ["2023", "CVE-2023-6837", "Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning.\u00a0In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the \"Prompt for username, password and consent\" option. * A service provider that uses the above IDP for federated authentication and has the \"Assert identity using mapped local subject identifier\" flag enabled.Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP.When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45757", "Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page.An attacker that can send http request to bRPC server with rpcz enabled can\u00a0inject arbitrary XSS code to the builtin rpcz page.Solution\u00a0(choose one of three):1. upgrade to bRPC > 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:\u00a0 https://github.com/apache/brpc/pull/2411 3. disable rpcz feature", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-39441", "Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and\u00a0Apache Airflow before 2.7.0 are affected by the\u00a0Validation of OpenSSL Certificate vulnerability.The default SSL context with SSL library did not check a server's X.509\u00a0certificate.\u00a0 Instead, the code accepted any certificate, which could\u00a0result in the disclosure of mail server credentials or mail contents\u00a0when the client connects to an attacker in a MITM position.Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability", "https://github.com/chnzzh/OpenSSL-CVE-lib", "No PoCs from references."], ["2023", "CVE-2023-4932", "SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions\u00a09.4_M7 and\u00a09.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.", "https://github.com/afine-com/research
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4631", "The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.", "https://github.com/b0marek/CVE-2023-4631
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-42137", "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.The attacker must have shell access to the device in order to exploit this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://blog.stmcyber.com/pax-pos-cves-2023/"], ["2023", "CVE-2023-34839", "A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sahiloj/CVE-2023-34839", "No PoCs from references."], ["2023", "CVE-2023-0238", "Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29459", "The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.", "https://github.com/MrTuxracer/advisories", "http://packetstormsecurity.com/files/172701/FC-Red-Bull-Salzburg-App-5.1.9-R-Improper-Authorization.html"], ["2023", "CVE-2023-29519", "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the \"property\" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.2, 15.0-rc-1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://jira.xwiki.org/browse/XWIKI-20364"], ["2023", "CVE-2023-26767", "Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Marsman1996/pocs", "https://github.com/liblouis/liblouis/issues/1292"], ["2023", "CVE-2023-51197", "An issue discovered in shell command execution in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows an attacker to run arbitrary commands and cause other impacts.", "https://github.com/16yashpatel/CVE-2023-51197
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-35687", "In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/pazhanivel07/frameworks_av_AOSP_10_r33_CVE-2023-35687_CVE-2023-35679", "No PoCs from references."], ["2023", "CVE-2023-23002", "In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "No PoCs found on GitHub currently.", "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3"], ["2023", "CVE-2023-6977", "This vulnerability enables malicious users to read sensitive files on the server.", "No PoCs found on GitHub currently.", "https://huntr.com/bounties/fe53bf71-3687-4711-90df-c26172880aaf"], ["2023", "CVE-2023-1385", "Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.This issue affects:Amazon Fire TV Stick 3rd gen\u00a0versions prior to 6.2.9.5.Insignia TV with FireOS\u00a07.6.3.3.", "No PoCs found on GitHub currently.", "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/"], ["2023", "CVE-2023-4872", "A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239357 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://skypoc.wordpress.com/2023/09/05/vuln1/"], ["2023", "CVE-2023-26864", "SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.", "No PoCs found on GitHub currently.", "https://friends-of-presta.github.io/security-advisories/modules/2023/01/17/smplredirectionsmanager.html"], ["2023", "CVE-2023-32267", "A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28764", "SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-39410", "When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1105", "External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/4089a63f-cffd-42f3-b8d8-e80b6bd9c80f"], ["2023", "CVE-2023-6866", "TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1294", "A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222648.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-21387", "In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-37990", "Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <=\u00a02.1.4 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30362", "Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.", "No PoCs found on GitHub currently.", "https://github.com/obgm/libcoap/issues/1063"], ["2023", "CVE-2023-34868", "Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.", "No PoCs found on GitHub currently.", "https://github.com/jerryscript-project/jerryscript/issues/5083"], ["2023", "CVE-2023-28867", "In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.", "https://github.com/ARPSyndicate/cvemon
https://github.com/srchen1987/springcloud-distributed-transaction", "No PoCs from references."], ["2023", "CVE-2023-45805", "pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9
https://peps.python.org/pep-0440/#post-release-spelling"], ["2023", "CVE-2023-24773", "Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.", "No PoCs found on GitHub currently.", "https://github.com/funadmin/funadmin/issues/4"], ["2023", "CVE-2023-51257", "An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.", "No PoCs found on GitHub currently.", "https://github.com/jasper-software/jasper/issues/367"], ["2023", "CVE-2023-40123", "In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "No PoCs found on GitHub currently.", "https://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74fa54a12a04255d6a183baa9"], ["2023", "CVE-2023-4720", "Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad"], ["2023", "CVE-2023-47840", "Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.", "https://github.com/RandomRobbieBF/CVE-2023-47840
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-34928", "A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.", "https://github.com/MzzdToT/HAC_Bored_Writing
https://github.com/izj007/wechat", "https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34928.md"], ["2023", "CVE-2023-29548", "A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1822754"], ["2023", "CVE-2023-0329", "The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175639/Elementor-Website-Builder-SQL-Injection.html"], ["2023", "CVE-2023-24930", "Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability", "https://github.com/kohnakagawa/kohnakagawa", "No PoCs from references."], ["2023", "CVE-2023-30222", "An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com"], ["2023", "CVE-2023-51075", "hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.", "No PoCs found on GitHub currently.", "https://github.com/dromara/hutool/issues/3421"], ["2023", "CVE-2023-4693", "An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.", "https://github.com/Jurij-Ivastsuk/WAXAR-shim-review
https://github.com/NaverCloudPlatform/shim-review
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/rhboot/shim-review
https://github.com/vathpela/shim-review", "No PoCs from references."], ["2023", "CVE-2023-35765", "PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24411", "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/netlas-io/netlas-dorks", "No PoCs from references."], ["2023", "CVE-2023-24780", "Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.", "https://github.com/ARPSyndicate/cvemon
https://github.com/csffs/CVE-2023-24775-and-CVE-2023-24780
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/funadmin/funadmin/issues/6"], ["2023", "CVE-2023-33269", "An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).", "https://github.com/dtssec/CVE-Disclosures
https://github.com/l4rRyxz/CVE-Disclosures", "https://github.com/l4rRyxz/CVE-Disclosures/blob/main/CVE-2023-33269.md"], ["2023", "CVE-2023-34409", "In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.", "No PoCs found on GitHub currently.", "https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1/"], ["2023", "CVE-2023-1267", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-45464", "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.", "https://github.com/Luwak-IoT-Security/CVEs", "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20servDomain%20parameter%20leads%20to%20DOS.md"], ["2023", "CVE-2023-6895", "A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.", "https://github.com/FuBoLuSec/CVE-2023-6895
https://github.com/Marco-zcl/POC
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/nles-crt/CVE-2023-6895
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC
https://github.com/xingchennb/POC-", "No PoCs from references."], ["2023", "CVE-2023-35866", "** DISPUTED ** In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is \"asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker.\"", "https://github.com/ghsec/getEPSS
https://github.com/vin01/bogus-cves", "https://medium.com/@cybercitizen.tech/keepassxc-vulnerability-cve-2023-35866-dc7d447c4903"], ["2023", "CVE-2023-4990", "Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1327", "Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.", "https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-23331", "Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.", "https://github.com/ARPSyndicate/cvemon", "https://0xhunter20.medium.com/how-i-found-my-first-blind-sql-injection-cve-2023-23331-aef103a7f73c"], ["2023", "CVE-2023-3222", "Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user\u00b4s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50259", "Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.", "No PoCs found on GitHub currently.", "https://github.com/pymedusa/Medusa/security/advisories/GHSA-8mcr-vffr-jwxv
https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/"], ["2023", "CVE-2023-20158", "Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.", "No PoCs found on GitHub currently.", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv"], ["2023", "CVE-2023-4442", "A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been rated as critical. This issue affects some unknown processing of the file \\vm\\patient\\booking-complete.php. The manipulation of the argument userid/apponum/scheduleid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237563.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6547", "Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33238", "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.", "https://github.com/3sjay/vulns", "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"], ["2023", "CVE-2023-51024", "TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the \u2018tz\u2019 parameter of the setNtpCfg interface of the cstecgi .cgi.", "No PoCs found on GitHub currently.", "https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setNtpCfg-tz/"], ["2023", "CVE-2023-4553", "Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.AppBuilder configuration files are viewable by unauthenticated users.This issue affects AppBuilder: from 21.2 before 23.2.", "https://github.com/cxosmo/CVEs", "No PoCs from references."], ["2023", "CVE-2023-1236", "Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-34458", "mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30111", "Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).", "No PoCs found on GitHub currently.", "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip"], ["2023", "CVE-2023-47470", "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c", "No PoCs found on GitHub currently.", "https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael@niedermayer.cc/"], ["2023", "CVE-2023-4413", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Permission to access the file is limited to administrative users only by default.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40210", "Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <=\u00a04.5 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40181", "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.", "No PoCs found on GitHub currently.", "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8"], ["2023", "CVE-2023-37771", "Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.", "https://github.com/anky-123/CVE-2023-37771
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-35674", "In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/Thampakon/CVE-2023-35674
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-6516", "To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/marklogic/marklogic-docker", "No PoCs from references."], ["2023", "CVE-2023-20109", "A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.

This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details [\"#details\"] section of this advisory.", "https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors", "No PoCs from references."], ["2023", "CVE-2023-26493", "Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the `web-interface-check.yml` was subject to command injection. The `web-interface-check.yml` was triggered when a pull request was opened or updated and contained the user controllable field `(${{ github.head_ref }} \u2013 the name of the fork\u2019s branch)`. This would allow an attacker to take over the GitHub Runner and run custom commands (potentially stealing secrets such as GITHUB_TOKEN) and altering the repository. The workflow has since been removed for the repository. There are no actions required of users.", "No PoCs found on GitHub currently.", "https://securitylab.github.com/advisories/GHSL-2023-027_Engine_for_Cocos_Creator/"], ["2023", "CVE-2023-4485", "ARDEREG\u00a0\u200bSistema SCADA Central versions 2.203 and priorlogin page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes.", "https://github.com/Hritikpatel/InsecureTrust_Bank
https://github.com/Hritikpatel/SecureTrust_Bank
https://github.com/futehc/tust5", "No PoCs from references."], ["2023", "CVE-2023-4714", "A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Threekiii/Awesome-POC
https://github.com/d4n-sec/d4n-sec.github.io", "http://packetstormsecurity.com/files/174446/PlayTube-3.0.1-Information-Disclosure.html"], ["2023", "CVE-2023-32313", "vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `console.log` command. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. Users unable to upgrade may make the `inspect` method readonly with `vm.readonly(inspect)` after creating a vm.", "No PoCs found on GitHub currently.", "https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550
https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v"], ["2023", "CVE-2023-45672", "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch.", "No PoCs found on GitHub currently.", "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428
https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"], ["2023", "CVE-2023-30187", "An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.", "https://github.com/merrychap/POC-onlyoffice", "No PoCs from references."], ["2023", "CVE-2023-26801", "LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.", "No PoCs found on GitHub currently.", "https://github.com/winmt/my-vuls/tree/main/LB-LINK%20BL-AC1900%2C%20BL-WR9000%2C%20BL-X26%20and%20BL-LTE300%20Wireless%20Routers"], ["2023", "CVE-2023-46889", "Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it.", "No PoCs found on GitHub currently.", "https://www.kth.se/cs/nse/research/software-systems-architecture-and-security/projects/ethical-hacking-1.1279219"], ["2023", "CVE-2023-5478", "Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5538", "The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/juweihuitao/MpOperationLogs
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/juweihuitao/MpOperationLogs/"], ["2023", "CVE-2023-23127", "** DISPUTED **In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.", "https://github.com/ARPSyndicate/cvemon
https://github.com/hktalent/TOP
https://github.com/l00neyhacker/CVE-2023-23127", "No PoCs from references."], ["2023", "CVE-2023-39424", "A vulnerability in\u00a0RDPngFileUpload.dll, as used in the\u00a0IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials.", "No PoCs found on GitHub currently.", "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained"], ["2023", "CVE-2023-6852", "A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1131", "A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Zero-Yi7/Zero-Yi7", "https://vuldb.com/?id.222106"], ["2023", "CVE-2023-47637", "Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p"], ["2023", "CVE-2023-4654", "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/56432a75-af43-4b1a-9307-bd8de568351b"], ["2023", "CVE-2023-28853", "Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection attack to leak arbitrary attributes from LDAP database. This issue is fixed in versions 3.5.8, 4.0.4, and 4.1.2.", "No PoCs found on GitHub currently.", "http://www.openwall.com/lists/oss-security/2023/07/06/6
https://github.com/mastodon/mastodon/security/advisories/GHSA-38g9-pfm9-gfqv"], ["2023", "CVE-2023-45831", "Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP \u2013 Google AMP For WordPress plugin <=\u00a01.5.15 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4745", "A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. It has been rated as critical. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238634 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/Jacky-Y/vuls/blob/main/vul6.md"], ["2023", "CVE-2023-24656", "Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function.", "No PoCs found on GitHub currently.", "https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip"], ["2023", "CVE-2023-2249", "The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.", "https://github.com/ixiacom/CVE-2023-2249
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-24955", "Microsoft SharePoint Server Remote Code Execution Vulnerability", "https://github.com/Chocapikk/CVE-2023-29357
https://github.com/LuemmelSec/CVE-2023-29357
https://github.com/former-farmer/CVE-2023-24955-PoC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-6943", "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24815", "Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return \"/\" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38"], ["2023", "CVE-2023-45763", "Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <=\u00a02.9 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1160", "Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/3ce480dc-1b1c-4230-9287-0dc3b31c2f87"], ["2023", "CVE-2023-30096", "A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field.", "No PoCs found on GitHub currently.", "https://www.edoardoottavianelli.it/CVE-2023-30096/
https://www.youtube.com/watch?v=ZA7R001kE2w"], ["2023", "CVE-2023-46998", "Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/soy-oreocato/CVE-2023-46998", "https://github.com/soy-oreocato/CVE-2023-46998/"], ["2023", "CVE-2023-48418", "In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a\u00a0 \u00a0 possible way to access adb before SUW completion due to an insecure default\u00a0 \u00a0 value. This could lead to local escalation of privilege with no additional\u00a0 \u00a0 execution privileges needed. User interaction is not needed for\u00a0 \u00a0 exploitation", "https://github.com/fkie-cad/nvd-json-data-feeds", "http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html"], ["2023", "CVE-2023-2309", "The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2098", "A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226106 is the identifier assigned to this vulnerability.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves
https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-26613", "An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.", "No PoCs found on GitHub currently.", "https://github.com/726232111/VulIoT/tree/main/D-Link/DIR823G%20V1.0.2B05/excu_shell"], ["2023", "CVE-2023-51372", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar \u2013 WordPress Notification Bar allows Stored XSS.This issue affects HashBar \u2013 WordPress Notification Bar: from n/a through 1.4.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6700", "The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.", "https://github.com/RandomRobbieBF/CVE-2023-6700
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-24487", "Arbitrary file read\u00a0in Citrix ADC and Citrix Gateway", "https://github.com/crankyyash/Citrix-Gateway-Reflected-Cross-Site-Scripting-XSS", "No PoCs from references."], ["2023", "CVE-2023-28523", "IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-32020", "Windows DNS Spoofing Vulnerability", "https://github.com/em1ga3l/cve-msrc-extractor", "No PoCs from references."], ["2023", "CVE-2023-35943", "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.", "No PoCs found on GitHub currently.", "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq"], ["2023", "CVE-2023-21251", "In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.", "https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21251
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-3247", "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.", "No PoCs found on GitHub currently.", "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"], ["2023", "CVE-2023-47444", "An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.", "https://github.com/LeonardoE95/yt-it", "https://0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444/"], ["2023", "CVE-2023-52339", "In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/Matroska-Org/libebml/issues/147"], ["2023", "CVE-2023-22038", "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).", "No PoCs found on GitHub currently.", "https://www.oracle.com/security-alerts/cpujul2023.html"], ["2023", "CVE-2023-46728", "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.", "https://github.com/MegaManSec/Squid-Security-Audit
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-4427", "Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rycbar77/V8Exploits
https://github.com/sploitem/v8-writeups
https://github.com/tianstcht/CVE-2023-4427", "http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html"], ["2023", "CVE-2023-26431", "IPv4-mapped IPv6 addresses did not get recognized as \"local\" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html"], ["2023", "CVE-2023-49556", "Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.", "No PoCs found on GitHub currently.", "https://github.com/yasm/yasm/issues/250"], ["2023", "CVE-2023-51010", "An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking.", "https://github.com/firmianay/security-issues", "https://github.com/firmianay/security-issues/tree/main/app/com.sdjictec.qdmetro"], ["2023", "CVE-2023-47996", "An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.", "https://github.com/thelastede/FreeImage-cve-poc", "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996"], ["2023", "CVE-2023-37605", "Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.", "No PoCs found on GitHub currently.", "https://medium.com/@david_42/complex-password-vs-buffer-overflow-and-the-winner-is-decbc56db5e3"], ["2023", "CVE-2023-24474", "Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45893", "An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.", "No PoCs found on GitHub currently.", "https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45893.md"], ["2023", "CVE-2023-46668", "If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.", "No PoCs found on GitHub currently.", "https://www.elastic.co/community/security"], ["2023", "CVE-2023-25718", "** DISPUTED ** In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a \"fundamental lack of understanding of Authenticode code signing behavior.\"", "No PoCs found on GitHub currently.", "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/
https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity"], ["2023", "CVE-2023-1193", "A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-35803", "IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.", "https://github.com/lachlan2k/CVE-2023-35803
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-3096", "A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/i900008/vulndb/blob/main/kylinos_vul1.md"], ["2023", "CVE-2023-3307", "A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/ctflearner/Vulnerability/blob/main/MINICAL/minical.md"], ["2023", "CVE-2023-52368", "Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45510", "tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.", "No PoCs found on GitHub currently.", "https://github.com/justdan96/tsMuxer/issues/778"], ["2023", "CVE-2023-1313", "Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/f73eef49-004f-4b3b-9717-90525e65ba61"], ["2023", "CVE-2023-23305", "The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.", "No PoCs found on GitHub currently.", "https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23305.md"], ["2023", "CVE-2023-32071", "XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01.", "No PoCs found on GitHub currently.", "https://jira.xwiki.org/browse/XWIKI-20340"], ["2023", "CVE-2023-3187", "A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.", "https://github.com/ARPSyndicate/cvemon
https://github.com/ctflearner/ctflearner", "http://packetstormsecurity.com/files/172909/Teachers-Record-Management-System-1.0-Validation-Bypass.html
https://github.com/ctflearner/Vulnerability/blob/main/Teacher_Record_Management_System/trms.md"], ["2023", "CVE-2023-3216", "Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "https://github.com/em1ga3l/cve-msrc-extractor", "No PoCs from references."], ["2023", "CVE-2023-26460", "Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-37714", "Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic.", "No PoCs found on GitHub currently.", "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromRouteStatic/report.md"], ["2023", "CVE-2023-46779", "Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <=\u00a03.5.3251 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48828", "Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/176037"], ["2023", "CVE-2023-5959", "A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40335", "Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.This issue affects Cleverwise Daily Quotes: from n/a through 3.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-49447", "JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.", "No PoCs found on GitHub currently.", "https://github.com/ysuzhangbin/cms/blob/main/CSRF%20exists%20at%20the%20navigation%20management%20modification%20location.md"], ["2023", "CVE-2023-28432", "Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.", "https://github.com/0x783kb/Security-operation-book
https://github.com/20142995/Goby
https://github.com/20142995/sectool
https://github.com/ARPSyndicate/cvemon
https://github.com/AbelChe/evil_minio
https://github.com/Awrrays/FrameVul
https://github.com/C1ph3rX13/CVE-2023-28432
https://github.com/CHINA-china/MinIO_CVE-2023-28432_EXP
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/Chocapikk/CVE-2023-28432
https://github.com/Cuerz/CVE-2023-28432
https://github.com/Henry4E36/POCS
https://github.com/KayCHENvip/vulnerability-poc
https://github.com/LHXHL/Minio-CVE-2023-28432
https://github.com/Loginsoft-Research/Linux-Exploit-Detection
https://github.com/Majus527/MinIO_CVE-2023-28432
https://github.com/Mr-xn/CVE-2023-28432
https://github.com/MzzdToT/CVE-2023-28432
https://github.com/Okaytc/minio_unauth_check
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/Romanc9/Gui-poc-test
https://github.com/SrcVme50/Skyfall
https://github.com/TaroballzChen/CVE-2023-28432-metasploit-scanner
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/CVE
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/acheiii/CVE-2023-28432
https://github.com/atk7r/Taichi
https://github.com/bakery312/Vulhub-Reproduce
https://github.com/bingtangbanli/CVE-2023-28432
https://github.com/bingtangbanli/VulnerabilityTools
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/gmh5225/Awesome-ML-Security_
https://github.com/gobysec/CVE-2023-28432
https://github.com/h0ng10/CVE-2023-28432_docker
https://github.com/hktalent/TOP
https://github.com/izj007/wechat
https://github.com/komodoooo/Some-things
https://github.com/komodoooo/some-things
https://github.com/netuseradministrator/CVE-2023-28432
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/soxoj/information-disclosure-writeups-and-pocs
https://github.com/steponeerror/Cve-2023-28432-
https://github.com/trailofbits/awesome-ml-security
https://github.com/unam4/CVE-2023-28432-minio_update_rce
https://github.com/xk-mt/CVE-2023-28432
https://github.com/yTxZx/CVE-2023-28432
https://github.com/yuyongxr/minio_cve-2023-28432", "No PoCs from references."], ["2023", "CVE-2023-3356", "The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-25749", "Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111.", "No PoCs found on GitHub currently.", "https://bugzilla.mozilla.org/show_bug.cgi?id=1810705"], ["2023", "CVE-2023-52426", "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", "https://github.com/egorvozhzhov/docker-test
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-27042", "Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.", "No PoCs found on GitHub currently.", "https://github.com/hujianjie123/vuln/blob/main/Tenda/SetFirewallCfg/readme.md"], ["2023", "CVE-2023-20921", "In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132", "https://github.com/ARPSyndicate/cvemon
https://github.com/Trinadh465/frameworks_base_android-6.0.1_r22_CVE-2023-20921
https://github.com/nidhi7598/frameworks_base_AOSP_10_r33_CVE-2023-20921
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-31556", "podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.", "No PoCs found on GitHub currently.", "https://github.com/podofo/podofo/issues/66"], ["2023", "CVE-2023-38224", "Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/markyason/markyason.github.io", "No PoCs from references."], ["2023", "CVE-2023-4278", "The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/revan-ar/CVE-2023-4278", "http://packetstormsecurity.com/files/175007/WordPress-Masterstudy-LMS-3.0.17-Account-Creation.html"], ["2023", "CVE-2023-31416", "Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.", "No PoCs found on GitHub currently.", "https://www.elastic.co/community/security"], ["2023", "CVE-2023-2774", "A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.", "https://github.com/Vu1nT0tal/Vehicle-Security
https://github.com/VulnTotal-Team/Vehicle-Security
https://github.com/VulnTotal-Team/vehicle_cves", "No PoCs from references."], ["2023", "CVE-2023-41814", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications.\u00a0This issue affects Pandora FMS: from 700 through 774.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29010", "Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed.", "No PoCs found on GitHub currently.", "https://github.com/Budibase/budibase/security/advisories/GHSA-9xg2-9mcv-985p"], ["2023", "CVE-2023-0671", "Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de"], ["2023", "CVE-2023-2877", "The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.", "https://github.com/RandomRobbieBF/CVE-2023-2877
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-41717", "Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions.", "https://github.com/federella/CVE-2023-41717
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/federella/CVE-2023-41717"], ["2023", "CVE-2023-20861", "In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.", "https://github.com/ARPSyndicate/cvemon
https://github.com/fernandoreb/dependency-check-springboot
https://github.com/limo520/CVE-2023-20860
https://github.com/scordero1234/java_sec_demo-main", "No PoCs from references."], ["2023", "CVE-2023-27293", "Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users\u2019 cookies and force users to make actions without their knowledge.", "No PoCs found on GitHub currently.", "https://www.tenable.com/security/research/tra-2023-8"], ["2023", "CVE-2023-27102", "Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.", "No PoCs found on GitHub currently.", "https://github.com/strukturag/libde265/issues/393"], ["2023", "CVE-2023-3789", "A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235056.", "No PoCs found on GitHub currently.", "https://seclists.org/fulldisclosure/2023/Jul/36
https://www.vulnerability-lab.com/get_content.php?id=2286"], ["2023", "CVE-2023-39008", "A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.", "No PoCs found on GitHub currently.", "https://logicaltrust.net/blog/2023/08/opnsense.html"], ["2023", "CVE-2023-25116", "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716"], ["2023", "CVE-2023-33890", "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43492", "In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0863", "Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.", "https://github.com/neutrinoguy/awesome-ics-writeups", "No PoCs from references."], ["2023", "CVE-2023-7100", "A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248952.", "No PoCs found on GitHub currently.", "https://medium.com/@2839549219ljk/restaurant-table-booking-system-sql-injection-vulnerability-30708cfabe03"], ["2023", "CVE-2023-50572", "An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.", "https://github.com/danielpaval/spring-statemachine-demo", "No PoCs from references."], ["2023", "CVE-2023-27013", "Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.", "No PoCs found on GitHub currently.", "https://github.com/DrizzlingSun/Tenda/blob/main/AC10/2/2.md"], ["2023", "CVE-2023-36367", "An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.", "https://github.com/Sedar2024/Sedar", "No PoCs from references."], ["2023", "CVE-2023-39288", "A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.", "https://github.com/SYNgularity1/mitel-exploits", "No PoCs from references."], ["2023", "CVE-2023-49189", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: from n/a through 4.3.12.", "https://github.com/parkttule/parkttule", "No PoCs from references."], ["2023", "CVE-2023-4369", "Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/xdavidhu/awesome-google-vrp-writeups", "No PoCs from references."], ["2023", "CVE-2023-46066", "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay \u2013 Media Library Folders plugin <=\u00a01.6 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0760", "Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21"], ["2023", "CVE-2023-43800", "Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint `/v2/pkgs/tools/installed`. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this issue.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33793", "A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.", "No PoCs found on GitHub currently.", "https://github.com/anhdq201/netbox/issues/1"], ["2023", "CVE-2023-44023", "Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.", "https://github.com/aixiao0621/Tenda", "https://github.com/aixiao0621/Tenda/blob/main/AC10U/4/0.md"], ["2023", "CVE-2023-38335", "Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries \"always private\" - this is supposed to be an irreversible operation. However, due to implementation issues, \"always private\" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an \"irreversible operation\".", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html
http://seclists.org/fulldisclosure/2023/Jul/41
http://seclists.org/fulldisclosure/2023/Jul/43
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt"], ["2023", "CVE-2023-4229", "A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-48034", "An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.", "https://github.com/aprkr/CVE-2023-48034
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-7040", "A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20read.md"], ["2023", "CVE-2023-2826", "A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.229612"], ["2023", "CVE-2023-2696", "A vulnerability was found in SourceCodester Online Exam System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228977 was assigned to this vulnerability.", "https://github.com/tht1997/tht1997", "https://vuldb.com/?id.228977"], ["2023", "CVE-2023-2507", "CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.", "No PoCs found on GitHub currently.", "https://fluidattacks.com/advisories/maiden/"], ["2023", "CVE-2023-33760", "SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.", "https://github.com/twignet/splicecom", "https://github.com/twignet/splicecom"], ["2023", "CVE-2023-38286", "Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.", "https://github.com/fractal-visi0n/security-assessement
https://github.com/izj007/wechat
https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI", "https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI"], ["2023", "CVE-2023-0793", "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"], ["2023", "CVE-2023-44190", "An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016: * All versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions 22.2R1-EVO and later; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24118", "Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.", "No PoCs found on GitHub currently.", "https://oxnan.com/posts/WifiBasic_security_DoS"], ["2023", "CVE-2023-37369", "In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-47068", "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-30698", "Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33863", "SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2023/Jun/2
https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt"], ["2023", "CVE-2023-20983", "In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569449", "https://github.com/ARPSyndicate/cvemon
https://github.com/davincifans123/pinduoduo_backdoor_demo", "No PoCs from references."], ["2023", "CVE-2023-5367", "A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34040", "In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.Specifically, an application is vulnerable when all of the following are true: * The user does not\u00a0configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topicBy default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.", "https://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040
https://github.com/Y4tacker/JavaSec
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/pyn3rd/CVE-2023-34040
https://github.com/tanjiti/sec_profile", "No PoCs from references."], ["2023", "CVE-2023-27231", "TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.", "No PoCs found on GitHub currently.", "https://github.com/Am1ngl/ttt/tree/main/31"], ["2023", "CVE-2023-5227", "Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"], ["2023", "CVE-2023-47128", "Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue.", "No PoCs found on GitHub currently.", "https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-xq59-7jf3-rjc6"], ["2023", "CVE-2023-30449", "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.", "No PoCs found on GitHub currently.", "https://www.ibm.com/support/pages/node/7010557"], ["2023", "CVE-2023-23638", "A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Armandhe-China/ApacheDubboSerialVuln
https://github.com/Awrrays/FrameVul
https://github.com/CKevens/CVE-2023-23638-Tools
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/Threekiii/CVE
https://github.com/Whoopsunix/PPPVULNS
https://github.com/X1r0z/CVE-2023-23638
https://github.com/X1r0z/Dubbo-RCE
https://github.com/Y4tacker/JavaSec
https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp
https://github.com/YYHYlh/Dubbo-Scan
https://github.com/hktalent/TOP
https://github.com/izj007/wechat
https://github.com/johe123qwe/github-trending
https://github.com/karimhabush/cyberowl
https://github.com/muneebaashiq/MBProjects
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/x3t2con/Rttools-2", "No PoCs from references."], ["2023", "CVE-2023-24058", "Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.", "https://github.com/Live-Hack-CVE/CVE-2023-24058", "No PoCs from references."], ["2023", "CVE-2023-40748", "PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the \"q\" parameter of index.php.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"], ["2023", "CVE-2023-2447", "The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link.", "No PoCs found on GitHub currently.", "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"], ["2023", "CVE-2023-50853", "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration \u2013 Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms.This issue affects Advanced Form Integration \u2013 Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31725", "yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.", "No PoCs found on GitHub currently.", "https://github.com/DaisyPo/fuzzing-vulncollect/tree/main/yasm/heap-use-after-free/nasm-pp.c:3878%20in%20expand_mmac_params
https://github.com/yasm/yasm/issues/221"], ["2023", "CVE-2023-29323", "ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.", "https://github.com/bioly230/THM_Skynet", "No PoCs from references."], ["2023", "CVE-2023-38057", "An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-40659", "A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33731", "Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sahiloj/CVE-2023-33731", "No PoCs from references."], ["2023", "CVE-2023-38146", "Windows Themes Remote Code Execution Vulnerability", "https://github.com/CalegariMindSec/HTB_Writeups
https://github.com/Durge5/ThemeBleedPy
https://github.com/Jnnshschl/CVE-2023-38146
https://github.com/Jnnshschl/ThemeBleedReverseShellDLL
https://github.com/Threekiii/CVE
https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/ankitosh/temp
https://github.com/gabe-k/themebleed
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile", "http://packetstormsecurity.com/files/176391/Themebleed-Windows-11-Themes-Arbitrary-Code-Execution.html"], ["2023", "CVE-2023-7233", "The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-34151", "A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://github.com/ImageMagick/ImageMagick/issues/6341"], ["2023", "CVE-2023-31937", "Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.", "https://github.com/DiliLearngent/BugReport", "No PoCs from references."], ["2023", "CVE-2023-36054", "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "https://github.com/adegoodyer/kubernetes-admin-toolkit
https://github.com/ecperth/check-aws-inspector", "No PoCs from references."], ["2023", "CVE-2023-27320", "Sudo before 1.9.13p2 has a double free in the per-command chroot feature.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-30789", "MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter.", "No PoCs found on GitHub currently.", "https://fluidattacks.com/advisories/napoli"], ["2023", "CVE-2023-43570", "A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.", "No PoCs found on GitHub currently.", "https://support.lenovo.com/us/en/product_security/LEN-141775"], ["2023", "CVE-2023-0981", "A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. Affected is an unknown function of the component Delete User. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221676.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-22997", "In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "No PoCs found on GitHub currently.", "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2"], ["2023", "CVE-2023-34011", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <=\u00a01.1.2 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33972", "Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2787", "Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.", "No PoCs found on GitHub currently.", "https://mattermost.com/security-updates/"], ["2023", "CVE-2023-2416", "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.", "No PoCs found on GitHub currently.", "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita"], ["2023", "CVE-2023-33671", "Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.", "https://github.com/DDizzzy79/Tenda-CVE
https://github.com/retr0reg/Tenda-CVE", "https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N4/README.md
https://github.com/DDizzzy79/Tenda-CVE/tree/main/AC8V4.0/N4"], ["2023", "CVE-2023-44310", "Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's \"Name\" text field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0513", "A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.219334"], ["2023", "CVE-2023-24009", "Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <=\u00a01.1 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-24398", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.", "https://github.com/ARPSyndicate/cvemon
https://github.com/yaudahbanh/CVE-Archive", "No PoCs from references."], ["2023", "CVE-2023-37278", "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31473", "An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.", "No PoCs found on GitHub currently.", "https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary_File_Read.md"], ["2023", "CVE-2023-41871", "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <=\u00a04.7.0 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-44017", "Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.", "https://github.com/aixiao0621/Tenda", "https://github.com/aixiao0621/Tenda/blob/main/AC10U/6/0.md"], ["2023", "CVE-2023-0585", "The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-22602", "When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`", "https://github.com/ARPSyndicate/cvemon
https://github.com/Threekiii/CVE", "No PoCs from references."], ["2023", "CVE-2023-5171", "During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.", "https://github.com/googleprojectzero/fuzzilli", "No PoCs from references."], ["2023", "CVE-2023-41772", "Win32k Elevation of Privilege Vulnerability", "https://github.com/R41N3RZUF477/CVE-2023-41772
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-36213", "SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.", "https://github.com/capture0x/My-CVE", "https://packetstormsecurity.com/files/172698/MotoCMS-3.4.3-SQL-Injection.html
https://www.exploit-db.com/exploits/51504"], ["2023", "CVE-2023-27167", "Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.", "No PoCs found on GitHub currently.", "https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.html"], ["2023", "CVE-2023-1578", "SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e"], ["2023", "CVE-2023-28319", "A use after free vulnerability exists in curl https://github.com/awest25/Curl-Security-Evaluation
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/jp-cpe/retrieve-cvss-scores", "No PoCs from references."], ["2023", "CVE-2023-25122", "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716"], ["2023", "CVE-2023-34256", "** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated \"When modifying the block device while it is mounted by the filesystem\" access.", "https://github.com/vin01/bogus-cves", "No PoCs from references."], ["2023", "CVE-2023-7134", "A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249137 was assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://medium.com/@2839549219ljk/medicine-tracking-system-rce-vulnerability-1f009165b915"], ["2023", "CVE-2023-52443", "In the Linux kernel, the following vulnerability has been resolved:apparmor: avoid crash when parsed profile name is emptyWhen processing a packed profile in unpack_profile() described like \"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}\"a string \":samba-dcerpcd\" is unpacked as a fully-qualified name and thenpassed to aa_splitn_fqname().aa_splitn_fqname() treats \":samba-dcerpcd\" as only containing a namespace.Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Lateraa_alloc_profile() crashes as the new profile name is NULL now.general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTIKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014RIP: 0010:strlen+0x1e/0xa0Call Trace: ? strlen+0x1e/0xa0 aa_policy_init+0x1bb/0x230 aa_alloc_profile+0xb1/0x480 unpack_profile+0x3bc/0x4960 aa_unpack+0x309/0x15e0 aa_replace_profiles+0x213/0x33c0 policy_update+0x261/0x370 profile_replace+0x20e/0x2a0 vfs_write+0x2af/0xe00 ksys_write+0x126/0x250 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 ---[ end trace 0000000000000000 ]---RIP: 0010:strlen+0x1e/0xa0It seems such behaviour of aa_splitn_fqname() is expected and checked inother places where it is called (e.g. aa_remove_profiles). Well, thereis an explicit comment \"a ns name without a following profile is allowed\"inside.AFAICS, nothing can prevent unpacked \"name\" to be in form like\":samba-dcerpcd\" - it is passed from userspace.Deny the whole profile set replacement in such case and inform user withEPROTO and an explaining message.Found by Linux Verification Center (linuxtesting.org).", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-20944", "In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558", "https://github.com/Trinadh465/frameworks_base_CVE-2023-20944
https://github.com/hshivhare67/platform_frameworks_base_AOSP10_r33_CVE-2023-20944
https://github.com/michalbednarski/TheLastBundleMismatch
https://github.com/nidhi7598/frameworks_base_AOSP_06_r22_core_CVE-2023-20944
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-31422", "An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.", "No PoCs found on GitHub currently.", "https://www.elastic.co/community/security"], ["2023", "CVE-2023-38350", "PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-22653", "An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1714"], ["2023", "CVE-2023-28348", "An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students.", "No PoCs found on GitHub currently.", "https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories"], ["2023", "CVE-2023-1529", "Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-25033", "Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <=\u00a04.5 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-25173", "containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well.This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `\"USER $USERNAME\"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.", "No PoCs found on GitHub currently.", "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"], ["2023", "CVE-2023-43766", "Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-2903", "A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "No PoCs found on GitHub currently.", "https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/NFine%20rapid%20development%20platform%20Role-GetGridJson%20has%20unauthorized%20access%20vulnerability.md
https://vuldb.com/?id.229977"], ["2023", "CVE-2023-5060", "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3"], ["2023", "CVE-2023-36093", "There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3", "No PoCs found on GitHub currently.", "https://github.com/weng-xianhu/eyoucms/issues/44"], ["2023", "CVE-2023-51978", "In PHPGurukul Art Gallery Management System v1.1, \"Update Artist Image\" functionality of \"imageid\" parameter is vulnerable to SQL Injection.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-6209", "Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal \"/../\" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.", "https://github.com/punggawacybersecurity/CVE-List", "No PoCs from references."], ["2023", "CVE-2023-46003", "I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.", "https://github.com/leekenghwa/CVE-2023-46003
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-2591", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.", "https://github.com/mnqazi/CVE-2023-2591
https://github.com/nomi-sec/PoC-in-GitHub", "https://huntr.dev/bounties/705f79f4-f5e3-41d7-82a5-f00441cd984b"], ["2023", "CVE-2023-38181", "Microsoft Exchange Server Spoofing Vulnerability", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0705", "Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-43865", "D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function.", "No PoCs found on GitHub currently.", "https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md"], ["2023", "CVE-2023-22482", "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD's configured OIDC provider. But Argo CD _does not_ validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD's configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token's `groups` claim, even though those groups were not intended to be used by Argo CD. This bug also increases the impact of a stolen token. If an attacker steals a valid token for a different audience, they can use it to access Argo CD. A patch for this vulnerability has been released in versions 2.6.0-rc3, 2.5.6, 2.4.19, and 2.3.13. There are no workarounds.", "https://github.com/ARPSyndicate/cvemon
https://github.com/Threekiii/CVE", "No PoCs from references."], ["2023", "CVE-2023-50735", "A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-45048", "Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <=\u00a05.00 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-42628", "Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's \u2018Content\u2019 text field.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26138", "All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \\r\\n (carriage return line feeds) characters and inject additional headers in the request sent.", "https://github.com/dellalibera/dellalibera", "https://gist.github.com/dellalibera/d2abd809f32ec6c61be1f41d80edf61b
https://security.snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-5665555"], ["2023", "CVE-2023-2422", "A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-50836", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31740", "There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.", "No PoCs found on GitHub currently.", "https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31740/Linksys_E2000_RCE.pdf"], ["2023", "CVE-2023-0527", "A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input \"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.", "https://github.com/ctflearner/ctflearner", "http://packetstormsecurity.com/files/172667/Online-Security-Guards-Hiring-System-1.0-Cross-Site-Scripting.html
https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md"], ["2023", "CVE-2023-41993", "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.", "https://github.com/0x06060606/CVE-2023-41993
https://github.com/Ibinou/Ty
https://github.com/IvanIVGrozny/IvanIVGrozny.github.io
https://github.com/J3Ss0u/CVE-2023-41993
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/ZonghaoLi777/githubTrending
https://github.com/aneasystone/github-trending
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hrtowii/cve-2023-41993-test
https://github.com/jafshare/GithubTrending
https://github.com/johe123qwe/github-trending
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/po6ix/POC-for-CVE-2023-41993
https://github.com/sampsonv/github-trending", "No PoCs from references."], ["2023", "CVE-2023-46361", "Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.", "No PoCs found on GitHub currently.", "https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/jbig2dec-SEGV/jbig2dec-SEGV.md"], ["2023", "CVE-2023-44264", "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed \u2013 Custom Feed plugin <=\u00a02.2.5 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29206", "XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29197", "guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\\n) into both the header names and values. While the specification states that \\r\\n\\r\\n is used to terminate the header list, many servers in the wild will also accept \\n\\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.", "https://github.com/DannyvdSluijs/DannyvdSluijs
https://github.com/deliciousbrains/wp-amazon-s3-and-cloudfront
https://github.com/deliciousbrains/wp-offload-ses-lite
https://github.com/elifesciences/github-repo-security-alerts
https://github.com/karimhabush/cyberowl", "No PoCs from references."], ["2023", "CVE-2023-42768", "When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26078", "Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.", "https://github.com/vulerols/msiner", "No PoCs from references."], ["2023", "CVE-2023-32469", "Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.", "https://github.com/another1024/another1024
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43795", "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.", "https://github.com/20142995/sectool", "No PoCs from references."], ["2023", "CVE-2023-25211", "Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.", "No PoCs found on GitHub currently.", "https://github.com/DrizzlingSun/Tenda/blob/main/AC5/2/2.md"], ["2023", "CVE-2023-31903", "GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.", "No PoCs found on GitHub currently.", "https://www.exploit-db.com/exploits/51052"], ["2023", "CVE-2023-5302", "A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability.", "https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/r0x5r/poc
https://github.com/r0x5r/r0x5r
https://github.com/rohit0x5/poc
https://github.com/rohit0x5/rohit0x5", "https://github.com/rohit0x5/poc/blob/main/cve_2"], ["2023", "CVE-2023-32578", "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Twinpictures Column-Matic plugin <=\u00a01.3.3 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-25091", "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716"], ["2023", "CVE-2023-29086", "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Min-SE header.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/172293/Shannon-Baseband-SIP-Min-SE-Header-Stack-Buffer-Overflow.html"], ["2023", "CVE-2023-51408", "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel \u2013 Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel \u2013 Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-51548", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS.This issue affects SlickNav Mobile Menu: from n/a through 1.9.2.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-33754", "The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.", "No PoCs found on GitHub currently.", "https://github.com/Alkatraz97/CVEs/blob/main/CVE-2023-33754.md"], ["2023", "CVE-2023-25240", "An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.", "https://github.com/nu11secur1ty/CVE-nu11secur1ty", "https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions"], ["2023", "CVE-2023-5353", "Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.dev/bounties/3b3bb4f1-1aea-4134-99eb-157f245fa752"], ["2023", "CVE-2023-45159", "1E Client installer can perform arbitrary file deletion on protected files.\u00a0\u00a0A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support portal that forces\u00a0the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.for v8.1 use hotfix Q23097for v8.4 use hotfix Q23105for v9.0 use hotfix Q23115for SaaS customers, use 1EClient v23.7 plus hotfix Q23121", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-29247", "Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.", "https://github.com/elifesciences/github-repo-security-alerts", "No PoCs from references."], ["2023", "CVE-2023-33744", "TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/173764/RoomCast-TA-2400-Cleartext-Private-Key-Improper-Access-Control.html"], ["2023", "CVE-2023-2523", "A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "https://github.com/Any3ite/CVE-2023-2523
https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/kuang-zy/2023-Weaver-pocs
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/zhaoyumi/WeaverExploit_All", "https://github.com/RCEraser/cve/blob/main/Weaver.md"], ["2023", "CVE-2023-31942", "Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php.", "https://github.com/DiliLearngent/BugReport", "No PoCs from references."], ["2023", "CVE-2023-34124", "The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.", "https://github.com/getdrive/PoC", "http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html"], ["2023", "CVE-2023-5192", "Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.", "https://github.com/fkie-cad/nvd-json-data-feeds", "https://huntr.dev/bounties/65c954f2-79c3-4672-8846-a3035e7a1db7"], ["2023", "CVE-2023-5203", "The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.", "https://github.com/20142995/sectool
https://github.com/tanjiti/sec_profile", "https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932"], ["2023", "CVE-2023-31802", "Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.", "https://github.com/msegoviag/discovered-vulnerabilities
https://github.com/msegoviag/msegoviag", "No PoCs from references."], ["2023", "CVE-2023-36161", "An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.", "https://github.com/Yashodhanvivek/Qubo_smart_switch_security_assessment", "No PoCs from references."], ["2023", "CVE-2023-25081", "Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables.", "No PoCs found on GitHub currently.", "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716"], ["2023", "CVE-2023-44365", "Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-43997", "An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-0566", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.", "https://github.com/ahmedvienna/CVEs-and-Vulnerabilities", "No PoCs from references."], ["2023", "CVE-2023-33595", "CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.", "No PoCs found on GitHub currently.", "https://github.com/python/cpython/issues/103824"], ["2023", "CVE-2023-31701", "TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.", "No PoCs found on GitHub currently.", "https://github.com/FirmRec/IoT-Vulns/blob/main/tp-link/postPlcJson/report.md"], ["2023", "CVE-2023-31490", "An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.", "No PoCs found on GitHub currently.", "https://github.com/FRRouting/frr/issues/13099"], ["2023", "CVE-2023-41892", "Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.", "https://github.com/Faelian/CraftCMS_CVE-2023-41892
https://github.com/LucaLeukert/HTB-Surveillance
https://github.com/Marco-zcl/POC
https://github.com/XRSec/AWVS-Update
https://github.com/acesoyeo/CVE-2023-41892
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/diegaccio/Craft-CMS-Exploit
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/wy876/POC
https://github.com/xingchennb/POC-
https://github.com/zaenhaxor/CVE-2023-41892", "http://packetstormsecurity.com/files/176303/Craft-CMS-4.4.14-Remote-Code-Execution.html"], ["2023", "CVE-2023-51698", "Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.", "https://github.com/febinrev/atril_cbt-inject-exploit", "No PoCs from references."], ["2023", "CVE-2023-51509", "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-26068", "Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html"], ["2023", "CVE-2023-1818", "Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)", "https://github.com/ARPSyndicate/cvemon
https://github.com/KirtiRamchandani/KirtiRamchandani", "No PoCs from references."], ["2023", "CVE-2023-29187", "A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.", "No PoCs found on GitHub currently.", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], ["2023", "CVE-2023-31610", "An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.", "https://github.com/Sedar2024/Sedar", "https://github.com/openlink/virtuoso-opensource/issues/1118"], ["2023", "CVE-2023-5312", "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-43226. Reason: This candidate is a reservation duplicate of CVE-2023-43226. Notes: All CVE users should reference CVE-2023-43226 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-31913", "Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.", "https://github.com/EJueon/EJueon", "https://github.com/jerryscript-project/jerryscript/issues/5061"], ["2023", "CVE-2023-43785", "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "https://github.com/AWSXXF/xorg_mirror_libx11
https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21608", "Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "https://github.com/ARPSyndicate/cvemon
https://github.com/CVEDB/PoC-List
https://github.com/CVEDB/awesome-cve-repo
https://github.com/CVEDB/top
https://github.com/GhostTroops/TOP
https://github.com/Malwareman007/CVE-2023-21608
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://github.com/PyterSmithDarkGhost/CVE-2023-21608-EXPLOIT
https://github.com/Threekiii/CVE
https://github.com/fardeen-ahmed/Bug-bounty-Writeups
https://github.com/hacksysteam/CVE-2023-21608
https://github.com/hktalent/TOP
https://github.com/k0mi-tg/CVE-POC
https://github.com/manas3c/CVE-POC
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-45058", "Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <=\u00a01.6.8 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-21748", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/ARPSyndicate/cvemon", "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html
http://packetstormsecurity.com/files/170949/Windows-Kernel-Registry-Virtualization-Incompatibility.html"], ["2023", "CVE-2023-5252", "The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-41451", "Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.", "https://github.com/RNPG/CVEs
https://github.com/fkie-cad/nvd-json-data-feeds", "https://gist.github.com/RNPG/062cfca2e293a0e7d24f5d55f8db3fde"], ["2023", "CVE-2023-31853", "Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.", "https://github.com/CalfCrusher/CVE-2023-31853
https://github.com/nomi-sec/PoC-in-GitHub", "https://github.com/CalfCrusher/CVE-2023-31853"], ["2023", "CVE-2023-34035", "Spring Security versions 5.8\u00a0prior to 5.8.5, 6.0\u00a0prior to 6.0.5,\u00a0and 6.1\u00a0prior to 6.1.2\u00a0could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String)\u00a0and multiple servlets, one of them being Spring MVC\u2019s DispatcherServlet.\u00a0(DispatcherServlet\u00a0is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC\u2019s DispatcherServlet) * The application uses requestMatchers(String)\u00a0to refer to endpoints that are not Spring MVC endpointsAn application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC\u2019s DispatcherServlet * The application uses requestMatchers(String)\u00a0only for Spring MVC endpoints", "https://github.com/AkagiYui/KenkoDrive
https://github.com/ax1sX/SpringSecurity
https://github.com/jzheaux/cve-2023-34035-mitigations
https://github.com/mouadk/CVE-2023-34035-Poc
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sarasa0310/wanted-pre-onboarding-backend", "No PoCs from references."], ["2023", "CVE-2023-33956", "Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application's security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "No PoCs found on GitHub currently.", "https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2"], ["2023", "CVE-2023-38022", "An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.", "No PoCs found on GitHub currently.", "https://jovanbulck.github.io/files/ccs19-tale.pdf"], ["2023", "CVE-2023-0537", "The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", "https://github.com/ARPSyndicate/cvemon", "No PoCs from references."], ["2023", "CVE-2023-26128", "All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.", "No PoCs found on GitHub currently.", "https://security.snyk.io/vuln/SNYK-JS-KEEPMODULELATEST-3157165"], ["2023", "CVE-2023-35359", "Windows Kernel Elevation of Privilege Vulnerability", "https://github.com/AabyssZG/AWD-Guide
https://github.com/Karmaz95/Karmaz95
https://github.com/Threekiii/CVE
https://github.com/afine-com/research", "http://packetstormsecurity.com/files/174528/Microsoft-Windows-Privilege-Escalation.html"], ["2023", "CVE-2023-42638", "In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-28218", "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability", "https://github.com/h1bAna/CVE-2023-28218
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-41673", "An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-5070", "The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.", "https://github.com/RandomRobbieBF/CVE-2023-5070
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-43776", "Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).", "https://github.com/SySS-Research/easy-password-recovery
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-7175", "A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability.", "No PoCs found on GitHub currently.", "https://medium.com/@heishou/libsystem-sql-injection-bb74915175fe"], ["2023", "CVE-2023-34217", "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.", "https://github.com/3sjay/vulns", "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"], ["2023", "CVE-2023-22492", "ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtain a valid access token only through a refresh token grant. When the locked or deactivated user\u2019s session was already terminated (\u201clogged out\u201d) then it was not possible to create a new session. Renewal of access token through a refresh token grant is limited to the configured amount of time (RefreshTokenExpiration). As a workaround, ensure the RefreshTokenExpiration in the OIDC settings of your instance is set according to your security requirements. This issue has been patched in versions 2.17.3 and 2.16.4.", "https://github.com/ARPSyndicate/cvemon
https://github.com/alopresto/epss_api_demo
https://github.com/alopresto6m/epss_api_demo", "No PoCs from references."], ["2023", "CVE-2023-33477", "In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.", "https://github.com/Skr11lex/CVE-2023-33477
https://github.com/nomi-sec/PoC-in-GitHub", "No PoCs from references."], ["2023", "CVE-2023-43875", "Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.", "https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation", "https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md
https://github.com/sromanhu/Subrion-CMS-Reflected-XSS---Installation/blob/main/README.md"], ["2023", "CVE-2023-38200", "A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-38191", "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename.", "No PoCs found on GitHub currently.", "https://herolab.usd.de/security-advisories/usd-2023-0012/"], ["2023", "CVE-2023-46382", "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.", "No PoCs found on GitHub currently.", "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"], ["2023", "CVE-2023-2610", "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d"], ["2023", "CVE-2023-6188", "A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735.", "No PoCs found on GitHub currently.", "https://vuldb.com/?id.245735"], ["2023", "CVE-2023-32818", "In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.", "https://github.com/Resery/Resery", "No PoCs from references."], ["2023", "CVE-2023-33537", "TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.", "No PoCs found on GitHub currently.", "https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/1/TL-WR940N_TL-WR841N_TL-WR740N_userRpm_FixMapCfgRpm.md"], ["2023", "CVE-2023-36252", "An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function.", "No PoCs found on GitHub currently.", "https://www.zeroscience.mk/en/vulnerabilities/"], ["2023", "CVE-2023-50447", "Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).", "No PoCs found on GitHub currently.", "https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/"], ["2023", "CVE-2023-41733", "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability\u00a0in YYDevelopment Back To The Top Button plugin <=\u00a02.1.5 versions.", "https://github.com/fkie-cad/nvd-json-data-feeds", "No PoCs from references."], ["2023", "CVE-2023-1539", "Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/b4df67f4-14ea-4051-97d4-26690c979a28"], ["2023", "CVE-2023-51828", "A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.", "No PoCs found on GitHub currently.", "https://nexacybersecurity.blogspot.com/2024/02/journey-finding-vulnerabilities-in-pmb-library-management-system.html"], ["2023", "CVE-2023-2942", "Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.", "No PoCs found on GitHub currently.", "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"], ["2023", "CVE-2023-7124", "A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument keyword with the input