diff --git a/2004/CVE-2004-2687.md b/2004/CVE-2004-2687.md index e50183686e..5db921360b 100644 --- a/2004/CVE-2004-2687.md +++ b/2004/CVE-2004-2687.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/CVEDB/awesome-cve-repo - https://github.com/H3xL00m/distccd_rce_CVE-2004-2687 - https://github.com/Kr1tz3x3/HTB-Writeups +- https://github.com/N3rdyN3xus/distccd_rce_CVE-2004-2687 - https://github.com/Patrick122333/4240project - https://github.com/SecGen/SecGen - https://github.com/Sp3c73rSh4d0w/distccd_rce_CVE-2004-2687 diff --git a/2006/CVE-2006-6417.md b/2006/CVE-2006-6417.md new file mode 100644 index 0000000000..53a670a606 --- /dev/null +++ b/2006/CVE-2006-6417.md @@ -0,0 +1,17 @@ +### [CVE-2006-6417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6417) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. + +### POC + +#### Reference +- http://securityreason.com/securityalert/2006 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2447.md b/2007/CVE-2007-2447.md index e3b57c0e4b..677719aa4d 100644 --- a/2007/CVE-2007-2447.md +++ b/2007/CVE-2007-2447.md @@ -41,6 +41,7 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote - https://github.com/Ki11i0n4ir3/Sambaster - https://github.com/Kr1tz3x3/HTB-Writeups - https://github.com/MikeRega7/CVE-2007-2447-RCE +- https://github.com/N3rdyN3xus/CVE-2007-2447 - https://github.com/Nosferatuvjr/Samba-Usermap-exploit - https://github.com/Patrick122333/4240project - https://github.com/SamHackingArticles/CVE-2007-2447 diff --git a/2008/CVE-2008-4250.md b/2008/CVE-2008-4250.md index c77edc1780..b5810c5235 100644 --- a/2008/CVE-2008-4250.md +++ b/2008/CVE-2008-4250.md @@ -32,6 +32,7 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP - https://github.com/H3xL00m/MS08-067 - https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups - https://github.com/Kuromesi/Py4CSKG +- https://github.com/N3rdyN3xus/MS08-067 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API - https://github.com/SexyBeast233/SecBooks - https://github.com/Sp3c73rSh4d0w/MS08-067 diff --git a/2009/CVE-2009-2265.md b/2009/CVE-2009-2265.md index faa3032f8d..58d744c8da 100644 --- a/2009/CVE-2009-2265.md +++ b/2009/CVE-2009-2265.md @@ -25,6 +25,7 @@ Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow r - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/H3xL00m/CVE-2009-2265 +- https://github.com/N3rdyN3xus/CVE-2009-2265 - https://github.com/Sp3c73rSh4d0w/CVE-2009-2265 - https://github.com/c0d3cr4f73r/CVE-2009-2265 - https://github.com/crypticdante/CVE-2009-2265 diff --git a/2010/CVE-2010-1028.md b/2010/CVE-2010-1028.md index 5440fb19c2..273b5dc157 100644 --- a/2010/CVE-2010-1028.md +++ b/2010/CVE-2010-1028.md @@ -12,6 +12,7 @@ Integer overflow in the decompression functionality in the Web Open Fonts Format #### Reference - http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/ - http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/ +- http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html - https://bugzilla.mozilla.org/show_bug.cgi?id=552216 #### Github diff --git a/2011/CVE-2011-1249.md b/2011/CVE-2011-1249.md index 61a3d67cc2..0c013385e9 100644 --- a/2011/CVE-2011-1249.md +++ b/2011/CVE-2011-1249.md @@ -22,6 +22,7 @@ The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and S - https://github.com/Cruxer8Mech/Idk - https://github.com/H3xL00m/CVE-2011-1249 - https://github.com/Madusanka99/OHTS +- https://github.com/N3rdyN3xus/CVE-2011-1249 - https://github.com/Sp3c73rSh4d0w/CVE-2011-1249 - https://github.com/c0d3cr4f73r/CVE-2011-1249 - https://github.com/crypticdante/CVE-2011-1249 diff --git a/2017/CVE-2017-20103.md b/2017/CVE-2017-20103.md index 5f61538a16..acbe598235 100644 --- a/2017/CVE-2017-20103.md +++ b/2017/CVE-2017-20103.md @@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in Kama Click Counter Plug #### Reference - http://seclists.org/fulldisclosure/2017/Feb/67 +- https://vuldb.com/?id.97335 #### Github No PoCs found on GitHub currently. diff --git a/2017/CVE-2017-7615.md b/2017/CVE-2017-7615.md index ec3313bb10..f43dc670fe 100644 --- a/2017/CVE-2017-7615.md +++ b/2017/CVE-2017-7615.md @@ -15,6 +15,7 @@ MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin - https://www.exploit-db.com/exploits/41890/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2018/CVE-2018-17463.md b/2018/CVE-2018-17463.md index 3eb4923983..7227cf1768 100644 --- a/2018/CVE-2018-17463.md +++ b/2018/CVE-2018-17463.md @@ -17,6 +17,7 @@ Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 al - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Uniguri/CVE-1day +- https://github.com/Uniguri/CVE-nday - https://github.com/changelog2020/JSEChalls - https://github.com/ernestang98/win-exploits - https://github.com/hwiwonl/dayone diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index c127ffcb1d..4b96734bfb 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -2490,6 +2490,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/William-f-12/FTCTest - https://github.com/WindsorHSRobotics/team-20514_2021-2022 - https://github.com/WinstonCrosby/CooperCode2023 +- https://github.com/WishingWell13-Forks/FtcRobotController-Freight-Frenzy-Lessons - https://github.com/WishingWell13/FtcRobotController-Freight-Frenzy-Lessons - https://github.com/WlhsRobotics/FtcRobotController-master - https://github.com/WoEN239/CENTERSTAGE-WoEN @@ -2860,6 +2861,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/demotivate/rizzlords-robotics - https://github.com/demotivate/swagbots - https://github.com/denwan20/FTC-programming +- https://github.com/derekriter08/technohuskies10309_2022 - https://github.com/derryfieldftc/FightingCougarsRobotController - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/devsamuelv/Offseason-Code-Dualshock diff --git a/2019/CVE-2019-16353.md b/2019/CVE-2019-16353.md new file mode 100644 index 0000000000..2ecfedcab7 --- /dev/null +++ b/2019/CVE-2019-16353.md @@ -0,0 +1,17 @@ +### [CVE-2019-16353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16353) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/boofish/ICS3Fuzzer + diff --git a/2019/CVE-2019-2025.md b/2019/CVE-2019-2025.md index cdf69aa28a..9b10841eb8 100644 --- a/2019/CVE-2019-2025.md +++ b/2019/CVE-2019-2025.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/Clock-Skew/EndPointX - https://github.com/Sec20-Paper310/Paper310 - https://github.com/jltxgcy/CVE_2019_2025_EXP - https://github.com/kdn111/linux-kernel-exploitation diff --git a/2019/CVE-2019-2215.md b/2019/CVE-2019-2215.md index 81fcf04352..613a311c57 100644 --- a/2019/CVE-2019-2215.md +++ b/2019/CVE-2019-2215.md @@ -20,6 +20,7 @@ A use-after-free in binder.c allows an elevation of privilege from an applicatio - https://github.com/ATorNinja/CVE-2019-2215 - https://github.com/Al1ex/LinuxEelvation - https://github.com/Byte-Master-101/CVE-2019-2215 +- https://github.com/Clock-Skew/EndPointX - https://github.com/CrackerCat/Rootsmart-v2.0 - https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections - https://github.com/DimitriFourny/cve-2019-2215 diff --git a/2020/CVE-2020-0423.md b/2020/CVE-2020-0423.md index 131c9c3571..723ad46209 100644 --- a/2020/CVE-2020-0423.md +++ b/2020/CVE-2020-0423.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/Clock-Skew/EndPointX - https://github.com/Swordfish-Security/awesome-android-security - https://github.com/TinyNiko/android_bulletin_notes - https://github.com/alphaSeclab/sec-daily-2020 diff --git a/2020/CVE-2020-0796.md b/2020/CVE-2020-0796.md index 0639a19a31..6bf99327b4 100644 --- a/2020/CVE-2020-0796.md +++ b/2020/CVE-2020-0796.md @@ -102,6 +102,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve - https://github.com/HernanRodriguez1/Dorks-Shodan-2023 - https://github.com/IAreKyleW00t/SMBGhosts - https://github.com/IFccTeR/1_UP_files +- https://github.com/IFunFox/1_UP_files - https://github.com/IvanVoronov/0day - https://github.com/JERRY123S/all-poc - https://github.com/Jacob10s/SMBGHOST_EXPLOIT diff --git a/2020/CVE-2020-17530.md b/2020/CVE-2020-17530.md index 607a328899..8a2550af54 100644 --- a/2020/CVE-2020-17530.md +++ b/2020/CVE-2020-17530.md @@ -76,6 +76,7 @@ Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may - https://github.com/pctF/vulnerable-app - https://github.com/phil-fly/CVE-2020-17530 - https://github.com/readloud/Awesome-Stars +- https://github.com/secpool2000/CVE-2020-17530 - https://github.com/sobinge/nuclei-templates - https://github.com/superlink996/chunqiuyunjingbachang - https://github.com/trganda/starrlist diff --git a/2020/CVE-2020-36646.md b/2020/CVE-2020-36646.md index fece31babd..f31a4a23e7 100644 --- a/2020/CVE-2020-36646.md +++ b/2020/CVE-2020-36646.md @@ -13,5 +13,6 @@ A vulnerability classified as problematic has been found in MediaArea ZenLib up No PoCs from references. #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/Live-Hack-CVE/CVE-2020-36646 diff --git a/2020/CVE-2020-8617.md b/2020/CVE-2020-8617.md index 625490d8f4..acc49b2cfc 100644 --- a/2020/CVE-2020-8617.md +++ b/2020/CVE-2020-8617.md @@ -26,6 +26,7 @@ Using a specially-crafted message, an attacker may potentially cause a BIND serv - https://github.com/Zhivarev/13-01-hw - https://github.com/balabit-deps/balabit-os-9-bind9-libs - https://github.com/developer3000S/PoC-in-GitHub +- https://github.com/gothburz/cve-2020-8617 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/knqyf263/CVE-2020-8617 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2021/CVE-2021-20587.md b/2021/CVE-2021-20587.md index 2c4cc05b32..5bef3efc7c 100644 --- a/2021/CVE-2021-20587.md +++ b/2021/CVE-2021-20587.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/Live-Hack-CVE/CVE-2021-20587 +- https://github.com/boofish/ICS3Fuzzer diff --git a/2021/CVE-2021-20588.md b/2021/CVE-2021-20588.md index d8c302bb85..9b547e16b2 100644 --- a/2021/CVE-2021-20588.md +++ b/2021/CVE-2021-20588.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/Live-Hack-CVE/CVE-2021-20588 +- https://github.com/boofish/ICS3Fuzzer diff --git a/2021/CVE-2021-26084.md b/2021/CVE-2021-26084.md index 50de71aede..17f212de81 100644 --- a/2021/CVE-2021-26084.md +++ b/2021/CVE-2021-26084.md @@ -43,6 +43,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top +- https://github.com/CrackerCat/CVE-2021-26084 - https://github.com/FDlucifer/firece-fish - https://github.com/GhostTroops/TOP - https://github.com/GlennPegden2/cve-2021-26084-confluence diff --git a/2021/CVE-2021-29297.md b/2021/CVE-2021-29297.md new file mode 100644 index 0000000000..ddddd87728 --- /dev/null +++ b/2021/CVE-2021-29297.md @@ -0,0 +1,17 @@ +### [CVE-2021-29297](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29297) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll". + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/boofish/ICS3Fuzzer + diff --git a/2021/CVE-2021-29298.md b/2021/CVE-2021-29298.md new file mode 100644 index 0000000000..46f136d441 --- /dev/null +++ b/2021/CVE-2021-29298.md @@ -0,0 +1,17 @@ +### [CVE-2021-29298](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29298) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll". + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/boofish/ICS3Fuzzer + diff --git a/2021/CVE-2021-3156.md b/2021/CVE-2021-3156.md index 10d0f858fc..c47afe9101 100644 --- a/2021/CVE-2021-3156.md +++ b/2021/CVE-2021-3156.md @@ -113,6 +113,7 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/Spektrainfiniti/MP +- https://github.com/Technetium1/stars - https://github.com/TheFlash2k/CVE-2021-3156 - https://github.com/TheSerialiZator/CTF-2021 - https://github.com/Threekiii/Awesome-POC diff --git a/2021/CVE-2021-34527.md b/2021/CVE-2021-34527.md index 00483c6e2f..93476ae706 100644 --- a/2021/CVE-2021-34527.md +++ b/2021/CVE-2021-34527.md @@ -67,6 +67,7 @@ - https://github.com/AdamAmicro/CAHard - https://github.com/AdamPumphrey/PowerShell - https://github.com/AleHelp/Windows-Pentesting-cheatsheet +- https://github.com/Alfesito/windows_hardening - https://github.com/Alssi-consulting/HardeningKitty - https://github.com/Amaranese/CVE-2021-34527 - https://github.com/Ascotbe/Kernelhub diff --git a/2021/CVE-2021-36260.md b/2021/CVE-2021-36260.md index 6160543271..aa41db528c 100644 --- a/2021/CVE-2021-36260.md +++ b/2021/CVE-2021-36260.md @@ -30,6 +30,7 @@ A command injection vulnerability in the web server of some Hikvision product. D - https://github.com/Aiminsun/CVE-2021-36260 - https://github.com/ArrestX/--POC - https://github.com/Awrrays/FrameVul +- https://github.com/CVEDB/awesome-cve-repo - https://github.com/Cuerz/CVE-2021-36260 - https://github.com/Fans0n-Fan/Awesome-IoT-exp - https://github.com/Haoke98/NetEye diff --git a/2021/CVE-2021-3929.md b/2021/CVE-2021-3929.md index 09039fd5cb..9d69caebc6 100644 --- a/2021/CVE-2021-3929.md +++ b/2021/CVE-2021-3929.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/QiuhaoLi/CVE-2021-3929-3947 - https://github.com/SYRTI/POC_to_review +- https://github.com/Technetium1/stars - https://github.com/WhooAmii/POC_to_review - https://github.com/k0mi-tg/CVE-POC - https://github.com/lemon-mint/stars diff --git a/2021/CVE-2021-4034.md b/2021/CVE-2021-4034.md index 821c8f8a35..28bcf46843 100644 --- a/2021/CVE-2021-4034.md +++ b/2021/CVE-2021-4034.md @@ -161,6 +161,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/Taillan/TryHackMe - https://github.com/Tanmay-N/CVE-2021-4034 - https://github.com/TanmoyG1800/CVE-2021-4034 +- https://github.com/Technetium1/stars - https://github.com/TheJoyOfHacking/berdav-CVE-2021-4034 - https://github.com/TheSermux/CVE-2021-4034 - https://github.com/Threekiii/Awesome-POC diff --git a/2021/CVE-2021-40444.md b/2021/CVE-2021-40444.md index 5379bca57e..067a36c52b 100644 --- a/2021/CVE-2021-40444.md +++ b/2021/CVE-2021-40444.md @@ -93,6 +93,7 @@ - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Panopticon-Project/panopticon-WizardSpider +- https://github.com/Phuong39/CVE-2021-40444-CAB - https://github.com/S3N4T0R-0X0/APT28-Adversary-Simulation - https://github.com/SYRTI/POC_to_review - https://github.com/SirElmard/ethical_hacking diff --git a/2021/CVE-2021-46901.md b/2021/CVE-2021-46901.md new file mode 100644 index 0000000000..83e966229c --- /dev/null +++ b/2021/CVE-2021-46901.md @@ -0,0 +1,17 @@ +### [CVE-2021-46901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46901) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2022/CVE-2022-0847.md b/2022/CVE-2022-0847.md index 60b0b7bec8..b719f14c3d 100644 --- a/2022/CVE-2022-0847.md +++ b/2022/CVE-2022-0847.md @@ -124,6 +124,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/T4t4ru/CVE-2022-0847 - https://github.com/Tanq16/link-hub +- https://github.com/Technetium1/stars - https://github.com/Threekiii/Awesome-POC - https://github.com/Trickhish/automated_privilege_escalation - https://github.com/Turzum/ps-lab-cve-2022-0847 diff --git a/2022/CVE-2022-1015.md b/2022/CVE-2022-1015.md index 9a6a15703d..36ec4b49ae 100644 --- a/2022/CVE-2022-1015.md +++ b/2022/CVE-2022-1015.md @@ -27,6 +27,7 @@ A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of t - https://github.com/SYRTI/POC_to_review - https://github.com/TurtleARM/CVE-2023-0179-PoC - https://github.com/Uniguri/CVE-1day +- https://github.com/Uniguri/CVE-nday - https://github.com/WhooAmii/POC_to_review - https://github.com/XiaozaYa/CVE-Recording - https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits diff --git a/2022/CVE-2022-20421.md b/2022/CVE-2022-20421.md index 378378bcd6..8a8ed84df8 100644 --- a/2022/CVE-2022-20421.md +++ b/2022/CVE-2022-20421.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/0xkol/badspin - https://github.com/ARPSyndicate/cvemon +- https://github.com/Clock-Skew/EndPointX - https://github.com/johe123qwe/github-trending - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/xairy/linux-kernel-exploitation diff --git a/2022/CVE-2022-32947.md b/2022/CVE-2022-32947.md index ed546a14f0..75ed58ef6e 100644 --- a/2022/CVE-2022-32947.md +++ b/2022/CVE-2022-32947.md @@ -16,6 +16,7 @@ The issue was addressed with improved memory handling. This issue is fixed in iO No PoCs from references. #### Github +- https://github.com/Technetium1/stars - https://github.com/asahilina/agx-exploit - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2022/CVE-2022-46449.md b/2022/CVE-2022-46449.md new file mode 100644 index 0000000000..f096c4ee6e --- /dev/null +++ b/2022/CVE-2022-46449.md @@ -0,0 +1,17 @@ +### [CVE-2022-46449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46449) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2022/CVE-2022-46689.md b/2022/CVE-2022-46689.md index 71122e4593..d9732562a6 100644 --- a/2022/CVE-2022-46689.md +++ b/2022/CVE-2022-46689.md @@ -45,6 +45,7 @@ A race condition was addressed with additional validation. This issue is fixed i - https://github.com/PureKFD/PureKFD - https://github.com/PureKFD/PureKFDRepo - https://github.com/Smile1024me/Cowabunga +- https://github.com/Technetium1/stars - https://github.com/Thyssenkrupp234/ra1nm8 - https://github.com/ZZY3312/KFDFontOverwrite-M1 - https://github.com/ahkecha/McDirty diff --git a/2023/CVE-2023-0210.md b/2023/CVE-2023-0210.md index 695b365fba..50e683b34e 100644 --- a/2023/CVE-2023-0210.md +++ b/2023/CVE-2023-0210.md @@ -15,5 +15,5 @@ A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to c - https://www.openwall.com/lists/oss-security/2023/01/04/1 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2023/CVE-2023-20938.md b/2023/CVE-2023-20938.md index adeef59756..809904313b 100644 --- a/2023/CVE-2023-20938.md +++ b/2023/CVE-2023-20938.md @@ -13,6 +13,7 @@ In binder_transaction_buffer_release of binder.c, there is a possible use after No PoCs from references. #### Github +- https://github.com/Clock-Skew/EndPointX - https://github.com/IamAlch3mist/Awesome-Android-Vulnerability-Research - https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-3079.md b/2023/CVE-2023-3079.md index aa38835f3c..a0f81c5f74 100644 --- a/2023/CVE-2023-3079.md +++ b/2023/CVE-2023-3079.md @@ -20,6 +20,7 @@ Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote a - https://github.com/RENANZG/My-Forensics - https://github.com/Threekiii/CVE - https://github.com/Uniguri/CVE-1day +- https://github.com/Uniguri/CVE-nday - https://github.com/ZonghaoLi777/githubTrending - https://github.com/aneasystone/github-trending - https://github.com/johe123qwe/github-trending diff --git a/2023/CVE-2023-47470.md b/2023/CVE-2023-47470.md index d94047c286..a333952ceb 100644 --- a/2023/CVE-2023-47470.md +++ b/2023/CVE-2023-47470.md @@ -14,5 +14,5 @@ Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210 - https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael@niedermayer.cc/ #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2023/CVE-2023-4762.md b/2023/CVE-2023-4762.md index 4e644d8b63..cc9a15b9d4 100644 --- a/2023/CVE-2023-4762.md +++ b/2023/CVE-2023-4762.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Uniguri/CVE-1day +- https://github.com/Uniguri/CVE-nday - https://github.com/buptsb/CVE-2023-4762 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/sherlocksecurity/CVE-2023-4762-Code-Review diff --git a/2023/CVE-2023-48014.md b/2023/CVE-2023-48014.md index d37c52afb6..75ef571491 100644 --- a/2023/CVE-2023-48014.md +++ b/2023/CVE-2023-48014.md @@ -13,5 +13,5 @@ GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflo - https://github.com/gpac/gpac/issues/2613 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2023/CVE-2023-7050.md b/2023/CVE-2023-7050.md new file mode 100644 index 0000000000..242f3b743a --- /dev/null +++ b/2023/CVE-2023-7050.md @@ -0,0 +1,17 @@ +### [CVE-2023-7050](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7050) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Notes%20Sharing%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.248737 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7054.md b/2023/CVE-2023-7054.md index abd4bfc263..644ce86312 100644 --- a/2023/CVE-2023-7054.md +++ b/2023/CVE-2023-7054.md @@ -10,7 +10,7 @@ A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has ### POC #### Reference -No PoCs from references. +- https://vuldb.com/?id.248741 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-7111.md b/2023/CVE-2023-7111.md index 24b16804b8..ab762e888b 100644 --- a/2023/CVE-2023-7111.md +++ b/2023/CVE-2023-7111.md @@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, was found in code-projects Li #### Reference - https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-3.md +- https://vuldb.com/?id.249006 #### Github - https://github.com/h4md153v63n/CVEs diff --git a/2023/CVE-2023-7193.md b/2023/CVE-2023-7193.md new file mode 100644 index 0000000000..bb50162042 --- /dev/null +++ b/2023/CVE-2023-7193.md @@ -0,0 +1,17 @@ +### [CVE-2023-7193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7193) +![](https://img.shields.io/static/v1?label=Product&message=Bookmark&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Controls&color=brighgreen) + +### Description + +A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://vuldb.com/?id.249395 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0030.md b/2024/CVE-2024-0030.md index e33b8cdbca..684b917a75 100644 --- a/2024/CVE-2024-0030.md +++ b/2024/CVE-2024-0030.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0517.md b/2024/CVE-2024-0517.md index 019f0af248..a0b0335a13 100644 --- a/2024/CVE-2024-0517.md +++ b/2024/CVE-2024-0517.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/Uniguri/CVE-1day +- https://github.com/Uniguri/CVE-nday - https://github.com/ret2eax/exploits - https://github.com/rycbar77/V8Exploits - https://github.com/sploitem/v8-writeups diff --git a/2024/CVE-2024-1086.md b/2024/CVE-2024-1086.md index 105399874e..33f9631b71 100644 --- a/2024/CVE-2024-1086.md +++ b/2024/CVE-2024-1086.md @@ -30,6 +30,7 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon - https://github.com/Notselwyn/notselwyn - https://github.com/SenukDias/OSCP_cheat - https://github.com/Snoopy-Sec/Localroot-ALL-CVE +- https://github.com/Technetium1/stars - https://github.com/TigerIsMyPet/KernelExploit - https://github.com/YgorAlberto/ygoralberto.github.io - https://github.com/Zombie-Kaiser/Zombie-Kaiser diff --git a/2024/CVE-2024-21302.md b/2024/CVE-2024-21302.md index d5317960b8..6604e3d780 100644 --- a/2024/CVE-2024-21302.md +++ b/2024/CVE-2024-21302.md @@ -20,7 +20,7 @@ ### Description -Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. +Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn..Microsoft is developing a security update to mitigate this vulnerability, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022 , and a subset of Azure Virtual Machines (VM) SKUs with a Windows based guestOS supporting VBS.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 07th, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section of this CVE to protect their systems.Recommended Actions:The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.Audit File System - Windows 10 | Microsoft LearnApply a basic audit policy on a file or folder - Windows 10 | Microsoft LearnAuditing sensitive privileges used to identify access, modification, or replacement of VBS related files could help indicacte attempts to exploit this vulnerability.Audit Sensitive Privilege Use - Windows 10 | Microsoft LearnProtect your Azure tenant by investigating administrators and users flagged for risky sign-ins and rotating their credentials.Investigate risk Microsoft Entra ID Protection - Microsoft Entra ID Protection | Microsoft LearnEnabling Multi-Factor Authentication can also help alleviate concerns about compromised accounts or exposure.Enforce multifactor... ### POC diff --git a/2024/CVE-2024-23708.md b/2024/CVE-2024-23708.md new file mode 100644 index 0000000000..022a367b46 --- /dev/null +++ b/2024/CVE-2024-23708.md @@ -0,0 +1,17 @@ +### [CVE-2024-23708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23708) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-25897.md b/2024/CVE-2024-25897.md index 230874ca73..ce5814f7bd 100644 --- a/2024/CVE-2024-25897.md +++ b/2024/CVE-2024-25897.md @@ -13,5 +13,5 @@ ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) - https://github.com/ChurchCRM/CRM/issues/6856 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-29039.md b/2024/CVE-2024-29039.md new file mode 100644 index 0000000000..047598b89c --- /dev/null +++ b/2024/CVE-2024-29039.md @@ -0,0 +1,17 @@ +### [CVE-2024-29039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29039) +![](https://img.shields.io/static/v1?label=Product&message=tpm2-tools&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%205.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-807%3A%20Reliance%20on%20Untrusted%20Inputs%20in%20a%20Security%20Decision&color=brighgreen) + +### Description + +tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7. + +### POC + +#### Reference +- https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-h4q6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-29040.md b/2024/CVE-2024-29040.md new file mode 100644 index 0000000000..6830cb05d9 --- /dev/null +++ b/2024/CVE-2024-29040.md @@ -0,0 +1,17 @@ +### [CVE-2024-29040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29040) +![](https://img.shields.io/static/v1?label=Product&message=tpm2-tss&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0. + +### POC + +#### Reference +- https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-837m-jw3m-h9p6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-29181.md b/2024/CVE-2024-29181.md new file mode 100644 index 0000000000..141dbfb9fe --- /dev/null +++ b/2024/CVE-2024-29181.md @@ -0,0 +1,17 @@ +### [CVE-2024-29181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29181) +![](https://img.shields.io/static/v1?label=Product&message=strapi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.19.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%3A%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch. + +### POC + +#### Reference +- https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-29318.md b/2024/CVE-2024-29318.md new file mode 100644 index 0000000000..bfc0d2a70e --- /dev/null +++ b/2024/CVE-2024-29318.md @@ -0,0 +1,17 @@ +### [CVE-2024-29318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29318) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code. + +### POC + +#### Reference +- https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-29318 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-29319.md b/2024/CVE-2024-29319.md new file mode 100644 index 0000000000..06e5edacb5 --- /dev/null +++ b/2024/CVE-2024-29319.md @@ -0,0 +1,17 @@ +### [CVE-2024-29319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29319) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls. + +### POC + +#### Reference +- https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-29319 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-29390.md b/2024/CVE-2024-29390.md index 64bfee5877..c37c2f5942 100644 --- a/2024/CVE-2024-29390.md +++ b/2024/CVE-2024-29390.md @@ -10,7 +10,7 @@ Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains ### POC #### Reference -No PoCs from references. +- https://github.com/CyberSentryX/CVE_Hunting/blob/main/CVE-2024-29390/README.md #### Github - https://github.com/CyberSentryX/CVE_Hunting diff --git a/2024/CVE-2024-3094.md b/2024/CVE-2024-3094.md index bf3a529456..bbaacaa273 100644 --- a/2024/CVE-2024-3094.md +++ b/2024/CVE-2024-3094.md @@ -48,6 +48,7 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers - https://github.com/ScrimForever/CVE-2024-3094 - https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits - https://github.com/Simplifi-ED/CVE-2024-3094-patcher +- https://github.com/Technetium1/stars - https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker - https://github.com/Thiagocsoaresbh/heroku-test - https://github.com/Yuma-Tsushima07/CVE-2024-3094 diff --git a/2024/CVE-2024-34580.md b/2024/CVE-2024-34580.md index cc8ee8246a..1186708054 100644 --- a/2024/CVE-2024-34580.md +++ b/2024/CVE-2024-34580.md @@ -5,11 +5,12 @@ ### Description -** DISPUTED ** Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault." +** DISPUTED ** Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to configure XML Security for C++ securely. Even when avoiding this particular issue, any use of this library would need considerable additional code and a deep understanding of the standards and protocols involved to arrive at a secure implementation for any particular use case. We recommend against continued direct use of this library. ### POC #### Reference +- https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/3726671873/Santuario - https://www.sonatype.com/blog/the-exploited-ivanti-connect-ssrf-vulnerability-stems-from-xmltooling-oss-library #### Github diff --git a/2024/CVE-2024-37085.md b/2024/CVE-2024-37085.md index 4c67dc8dc7..26f464c45e 100644 --- a/2024/CVE-2024-37085.md +++ b/2024/CVE-2024-37085.md @@ -18,4 +18,5 @@ No PoCs from references. - https://github.com/gokupwn/pushMyResources - https://github.com/h0bbel/h0bbel - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-37382.md b/2024/CVE-2024-37382.md new file mode 100644 index 0000000000..4d9d347ddf --- /dev/null +++ b/2024/CVE-2024-37382.md @@ -0,0 +1,17 @@ +### [CVE-2024-37382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37382) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. + +### POC + +#### Reference +- https://www.abinitio.com/en/security-advisories/ab-2024-003/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37568.md b/2024/CVE-2024-37568.md index dbbb8064ee..5311e3594a 100644 --- a/2024/CVE-2024-37568.md +++ b/2024/CVE-2024-37568.md @@ -11,6 +11,7 @@ lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys #### Reference - https://github.com/lepture/authlib/issues/654 +- https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-lepture-authlib-cve-2024-37568 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3768.md b/2024/CVE-2024-3768.md index 2fbd485f8a..4b56df6e97 100644 --- a/2024/CVE-2024-3768.md +++ b/2024/CVE-2024-3768.md @@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, has been found in PHPGurukul/ #### Reference - https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%204.md +- https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_b.md - https://vuldb.com/?id.260615 #### Github diff --git a/2024/CVE-2024-38077.md b/2024/CVE-2024-38077.md new file mode 100644 index 0000000000..33cd63b4be --- /dev/null +++ b/2024/CVE-2024-38077.md @@ -0,0 +1,41 @@ +### [CVE-2024-38077](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38077) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7159%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6054%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2582%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1009%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22769%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24975%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22074%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xMarcio/cve +- https://github.com/TrojanAZhen/Self_Back +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-39643.md b/2024/CVE-2024-39643.md new file mode 100644 index 0000000000..6475904ef3 --- /dev/null +++ b/2024/CVE-2024-39643.md @@ -0,0 +1,17 @@ +### [CVE-2024-39643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39643) +![](https://img.shields.io/static/v1?label=Product&message=RegistrationMagic&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39646.md b/2024/CVE-2024-39646.md new file mode 100644 index 0000000000..eb7adda67d --- /dev/null +++ b/2024/CVE-2024-39646.md @@ -0,0 +1,17 @@ +### [CVE-2024-39646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39646) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20404%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Reflected XSS.This issue affects Custom 404 Pro: from n/a through 3.11.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39647.md b/2024/CVE-2024-39647.md new file mode 100644 index 0000000000..cb036588d6 --- /dev/null +++ b/2024/CVE-2024-39647.md @@ -0,0 +1,17 @@ +### [CVE-2024-39647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39647) +![](https://img.shields.io/static/v1?label=Product&message=Message%20Filter%20for%20Contact%20Form%207&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.1.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39648.md b/2024/CVE-2024-39648.md new file mode 100644 index 0000000000..f0c968e15b --- /dev/null +++ b/2024/CVE-2024-39648.md @@ -0,0 +1,17 @@ +### [CVE-2024-39648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39648) +![](https://img.shields.io/static/v1?label=Product&message=Eventin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39649.md b/2024/CVE-2024-39649.md new file mode 100644 index 0000000000..8a245c94d1 --- /dev/null +++ b/2024/CVE-2024-39649.md @@ -0,0 +1,17 @@ +### [CVE-2024-39649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39649) +![](https://img.shields.io/static/v1?label=Product&message=Essential%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.26. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39652.md b/2024/CVE-2024-39652.md new file mode 100644 index 0000000000..edac396ce3 --- /dev/null +++ b/2024/CVE-2024-39652.md @@ -0,0 +1,17 @@ +### [CVE-2024-39652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39652) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20PDF%20Vouchers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39655.md b/2024/CVE-2024-39655.md new file mode 100644 index 0000000000..b711529096 --- /dev/null +++ b/2024/CVE-2024-39655.md @@ -0,0 +1,17 @@ +### [CVE-2024-39655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39655) +![](https://img.shields.io/static/v1?label=Product&message=LiquidPoll%20%E2%80%93%20Advanced%20Polls%20for%20Creators%20and%20Brands&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands.This issue affects LiquidPoll – Advanced Polls for Creators and Brands: from n/a through 3.3.77. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39656.md b/2024/CVE-2024-39656.md new file mode 100644 index 0000000000..035115a802 --- /dev/null +++ b/2024/CVE-2024-39656.md @@ -0,0 +1,17 @@ +### [CVE-2024-39656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39656) +![](https://img.shields.io/static/v1?label=Product&message=Tin%20Canny%20Reporting%20for%20LearnDash&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Tin Canny Reporting for LearnDash allows Reflected XSS.This issue affects Tin Canny Reporting for LearnDash: from n/a through 4.3.0.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39659.md b/2024/CVE-2024-39659.md new file mode 100644 index 0000000000..eddc0f8867 --- /dev/null +++ b/2024/CVE-2024-39659.md @@ -0,0 +1,17 @@ +### [CVE-2024-39659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39659) +![](https://img.shields.io/static/v1?label=Product&message=WP-PostRatings&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39660.md b/2024/CVE-2024-39660.md new file mode 100644 index 0000000000..778b7a193a --- /dev/null +++ b/2024/CVE-2024-39660.md @@ -0,0 +1,17 @@ +### [CVE-2024-39660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39660) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Engine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jordy Meow Photo Engine allows Stored XSS.This issue affects Photo Engine: from n/a through 6.3.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39661.md b/2024/CVE-2024-39661.md new file mode 100644 index 0000000000..3258aae1ed --- /dev/null +++ b/2024/CVE-2024-39661.md @@ -0,0 +1,17 @@ +### [CVE-2024-39661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39661) +![](https://img.shields.io/static/v1?label=Product&message=Kubio%20AI%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ExtendThemes Kubio AI Page Builder.This issue affects Kubio AI Page Builder: from n/a through 2.2.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39663.md b/2024/CVE-2024-39663.md new file mode 100644 index 0000000000..10354c43d6 --- /dev/null +++ b/2024/CVE-2024-39663.md @@ -0,0 +1,17 @@ +### [CVE-2024-39663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39663) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Fast%20Total%20Search&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.68.232. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39665.md b/2024/CVE-2024-39665.md new file mode 100644 index 0000000000..eafee83963 --- /dev/null +++ b/2024/CVE-2024-39665.md @@ -0,0 +1,17 @@ +### [CVE-2024-39665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39665) +![](https://img.shields.io/static/v1?label=Product&message=Filter%20%26%20Grids&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YMC Filter & Grids allows Stored XSS.This issue affects Filter & Grids: from n/a through 2.9.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39668.md b/2024/CVE-2024-39668.md new file mode 100644 index 0000000000..a9cd4fa390 --- /dev/null +++ b/2024/CVE-2024-39668.md @@ -0,0 +1,17 @@ +### [CVE-2024-39668](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39668) +![](https://img.shields.io/static/v1?label=Product&message=Extensions%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.This issue affects Extensions for Elementor: from n/a through 2.0.31. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-40422.md b/2024/CVE-2024-40422.md index 66178e6878..4a81e5af6d 100644 --- a/2024/CVE-2024-40422.md +++ b/2024/CVE-2024-40422.md @@ -13,5 +13,6 @@ The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stition No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-40720.md b/2024/CVE-2024-40720.md new file mode 100644 index 0000000000..23399b3c78 --- /dev/null +++ b/2024/CVE-2024-40720.md @@ -0,0 +1,17 @@ +### [CVE-2024-40720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40720) +![](https://img.shields.io/static/v1?label=Product&message=TCBServiSign%20Windows%20Version&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.24.0318%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-40721.md b/2024/CVE-2024-40721.md new file mode 100644 index 0000000000..8b917f81b1 --- /dev/null +++ b/2024/CVE-2024-40721.md @@ -0,0 +1,17 @@ +### [CVE-2024-40721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40721) +![](https://img.shields.io/static/v1?label=Product&message=TCBServiSign%20Windows%20Version&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.24.0318%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-40722.md b/2024/CVE-2024-40722.md new file mode 100644 index 0000000000..b20eef62ee --- /dev/null +++ b/2024/CVE-2024-40722.md @@ -0,0 +1,17 @@ +### [CVE-2024-40722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40722) +![](https://img.shields.io/static/v1?label=Product&message=TCBServiSign%20Windows%20Version&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.24.0318%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-40723.md b/2024/CVE-2024-40723.md new file mode 100644 index 0000000000..8bbf93dc4b --- /dev/null +++ b/2024/CVE-2024-40723.md @@ -0,0 +1,17 @@ +### [CVE-2024-40723](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40723) +![](https://img.shields.io/static/v1?label=Product&message=HWATAIServiSign%20Windows%20Version&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.24.0219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41113.md b/2024/CVE-2024-41113.md index 23cb14012d..83369f9520 100644 --- a/2024/CVE-2024-41113.md +++ b/2024/CVE-2024-41113.md @@ -10,6 +10,9 @@ streamlit-geospatial is a streamlit multipage app for geospatial applications. P ### POC #### Reference +- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388 +- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L390-L393 +- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L395 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ #### Github diff --git a/2024/CVE-2024-41114.md b/2024/CVE-2024-41114.md index 00ece5920c..6be1188a2f 100644 --- a/2024/CVE-2024-41114.md +++ b/2024/CVE-2024-41114.md @@ -10,6 +10,8 @@ streamlit-geospatial is a streamlit multipage app for geospatial applications. P ### POC #### Reference +- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L430 +- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L435 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ #### Github diff --git a/2024/CVE-2024-41127.md b/2024/CVE-2024-41127.md index 19bb564f91..b35d3e0892 100644 --- a/2024/CVE-2024-41127.md +++ b/2024/CVE-2024-41127.md @@ -10,6 +10,7 @@ Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnera ### POC #### Reference +- https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9 - https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype #### Github diff --git a/2024/CVE-2024-41129.md b/2024/CVE-2024-41129.md new file mode 100644 index 0000000000..a219e60512 --- /dev/null +++ b/2024/CVE-2024-41129.md @@ -0,0 +1,17 @@ +### [CVE-2024-41129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41129) +![](https://img.shields.io/static/v1?label=Product&message=operator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.0.0%2C%20%3C%202.15.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%3A%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) + +### Description + +The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0. + +### POC + +#### Reference +- https://github.com/canonical/operator/security/advisories/GHSA-hcmv-jmqh-fjgm + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41353.md b/2024/CVE-2024-41353.md new file mode 100644 index 0000000000..5d3e50e6b1 --- /dev/null +++ b/2024/CVE-2024-41353.md @@ -0,0 +1,17 @@ +### [CVE-2024-41353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41353) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php + +### POC + +#### Reference +- https://github.com/phpipam/phpipam/issues/4147 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41357.md b/2024/CVE-2024-41357.md new file mode 100644 index 0000000000..02b07638d7 --- /dev/null +++ b/2024/CVE-2024-41357.md @@ -0,0 +1,17 @@ +### [CVE-2024-41357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41357) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. + +### POC + +#### Reference +- https://github.com/phpipam/phpipam/issues/4149 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41376.md b/2024/CVE-2024-41376.md new file mode 100644 index 0000000000..7278b11199 --- /dev/null +++ b/2024/CVE-2024-41376.md @@ -0,0 +1,17 @@ +### [CVE-2024-41376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41376) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. + +### POC + +#### Reference +- https://github.com/zyx0814/dzzoffice/issues/252 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41440.md b/2024/CVE-2024-41440.md new file mode 100644 index 0000000000..2c1204960d --- /dev/null +++ b/2024/CVE-2024-41440.md @@ -0,0 +1,21 @@ +### [CVE-2024-41440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41440) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. + +### POC + +#### Reference +- https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32 +- https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc +- https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc/sample18.png +- https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.assets/image-20240530225208577.png +- https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41466.md b/2024/CVE-2024-41466.md index 380fb6d82d..b74d64e9a6 100644 --- a/2024/CVE-2024-41466.md +++ b/2024/CVE-2024-41466.md @@ -10,7 +10,7 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow v ### POC #### Reference -No PoCs from references. +- https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/NatStaticSetting/README.md #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-41468.md b/2024/CVE-2024-41468.md index 6661c5016f..68f3fd7435 100644 --- a/2024/CVE-2024-41468.md +++ b/2024/CVE-2024-41468.md @@ -10,7 +10,7 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili ### POC #### Reference -No PoCs from references. +- https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/exeCommand/README.md #### Github - https://github.com/ibaiw/2024Hvv diff --git a/2024/CVE-2024-41473.md b/2024/CVE-2024-41473.md index d7364d2927..68618067f1 100644 --- a/2024/CVE-2024-41473.md +++ b/2024/CVE-2024-41473.md @@ -10,7 +10,7 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili ### POC #### Reference -No PoCs from references. +- https://github.com/iotresearch/iot-vuln/tree/main/Tenda/FH1201/WriteFacMac #### Github - https://github.com/ibaiw/2024Hvv diff --git a/2024/CVE-2024-41628.md b/2024/CVE-2024-41628.md index 866b9cb1ca..88674b33d9 100644 --- a/2024/CVE-2024-41628.md +++ b/2024/CVE-2024-41628.md @@ -13,5 +13,6 @@ Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1 No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-41677.md b/2024/CVE-2024-41677.md new file mode 100644 index 0000000000..a275ede5b3 --- /dev/null +++ b/2024/CVE-2024-41677.md @@ -0,0 +1,17 @@ +### [CVE-2024-41677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41677) +![](https://img.shields.io/static/v1?label=Product&message=qwik&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%40builder.io%2Fqwik%3A%20%3C%201.7.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` file. It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). This has been resolved in qwik version 1.6.0 and @builder.io/qwik version 1.7.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/QwikDev/qwik/security/advisories/GHSA-2rwj-7xq8-4gx4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41800.md b/2024/CVE-2024-41800.md new file mode 100644 index 0000000000..140d4d07af --- /dev/null +++ b/2024/CVE-2024-41800.md @@ -0,0 +1,17 @@ +### [CVE-2024-41800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41800) +![](https://img.shields.io/static/v1?label=Product&message=cms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%205.0.0-beta.1%2C%20%3C%205.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%3A%20Improper%20Authentication&color=brighgreen) + +### Description + +Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3. + +### POC + +#### Reference +- https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41808.md b/2024/CVE-2024-41808.md new file mode 100644 index 0000000000..77c07776f6 --- /dev/null +++ b/2024/CVE-2024-41808.md @@ -0,0 +1,17 @@ +### [CVE-2024-41808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41808) +![](https://img.shields.io/static/v1?label=Product&message=openobserve&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.9.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim's account provided they meet the exploitation steps. As of time of publication, no patched version is available. + +### POC + +#### Reference +- https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41810.md b/2024/CVE-2024-41810.md new file mode 100644 index 0000000000..c21a56b269 --- /dev/null +++ b/2024/CVE-2024-41810.md @@ -0,0 +1,18 @@ +### [CVE-2024-41810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41810) +![](https://img.shields.io/static/v1?label=Product&message=twisted&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%2024.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-80%3A%20Improper%20Neutralization%20of%20Script-Related%20HTML%20Tags%20in%20a%20Web%20Page%20(Basic%20XSS)&color=brighgreen) + +### Description + +Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1. + +### POC + +#### Reference +- https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41813.md b/2024/CVE-2024-41813.md new file mode 100644 index 0000000000..2f50fc5f1c --- /dev/null +++ b/2024/CVE-2024-41813.md @@ -0,0 +1,17 @@ +### [CVE-2024-41813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41813) +![](https://img.shields.io/static/v1?label=Product&message=txtdot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%201.4.0%2C%20%3C%201.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the `/proxy` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue. + +### POC + +#### Reference +- https://github.com/TxtDot/txtdot/security/advisories/GHSA-4c78-229v-hf6m + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41816.md b/2024/CVE-2024-41816.md new file mode 100644 index 0000000000..39a482b742 --- /dev/null +++ b/2024/CVE-2024-41816.md @@ -0,0 +1,17 @@ +### [CVE-2024-41816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41816) +![](https://img.shields.io/static/v1?label=Product&message=Cooked&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/XjSv/Cooked/security/advisories/GHSA-3gw3-2qjq-xqjj + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41910.md b/2024/CVE-2024-41910.md index fe488a7590..543359b681 100644 --- a/2024/CVE-2024-41910.md +++ b/2024/CVE-2024-41910.md @@ -5,7 +5,7 @@ ### Description -A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XXS vulnerabilities in the version of JavaScript used. +A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used. ### POC diff --git a/2024/CVE-2024-41942.md b/2024/CVE-2024-41942.md new file mode 100644 index 0000000000..a2ddb65c79 --- /dev/null +++ b/2024/CVE-2024-41942.md @@ -0,0 +1,17 @@ +### [CVE-2024-41942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41942) +![](https://img.shields.io/static/v1?label=Product&message=jupyterhub&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-274%3A%20Improper%20Handling%20of%20Insufficient%20Privileges&color=brighgreen) + +### Description + +JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users.In effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41955.md b/2024/CVE-2024-41955.md new file mode 100644 index 0000000000..02e71df845 --- /dev/null +++ b/2024/CVE-2024-41955.md @@ -0,0 +1,17 @@ +### [CVE-2024-41955](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41955) +![](https://img.shields.io/static/v1?label=Product&message=Mobile-Security-Framework-MobSF&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.0.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) + +### Description + +Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5. + +### POC + +#### Reference +- https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41957.md b/2024/CVE-2024-41957.md index 579f6c0da4..e12992a8a3 100644 --- a/2024/CVE-2024-41957.md +++ b/2024/CVE-2024-41957.md @@ -13,5 +13,5 @@ Vim is an open source command line text editor. Vim < v9.1.0647 has double free - https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-41965.md b/2024/CVE-2024-41965.md new file mode 100644 index 0000000000..286e5bd536 --- /dev/null +++ b/2024/CVE-2024-41965.md @@ -0,0 +1,17 @@ +### [CVE-2024-41965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41965) +![](https://img.shields.io/static/v1?label=Product&message=vim&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%209.1.0648%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648. + +### POC + +#### Reference +- https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42005.md b/2024/CVE-2024-42005.md index 4c6f174aee..6f63a586f7 100644 --- a/2024/CVE-2024-42005.md +++ b/2024/CVE-2024-42005.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-42152.md b/2024/CVE-2024-42152.md new file mode 100644 index 0000000000..54a7ec63ed --- /dev/null +++ b/2024/CVE-2024-42152.md @@ -0,0 +1,17 @@ +### [CVE-2024-42152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42152) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%202f3c22b1d3d7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:nvmet: fix a possible leak when destroy a ctrl during qp establishmentIn nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL weknow that a ctrl was allocated (in the admin connect request handler)and we need to release pending AERs, clear ctrl->sqs and sq->ctrl(for nvme-loop primarily), and drop the final reference on the ctrl.However, a small window is possible where nvmet_sq_destroy starts (asa result of the client giving up and disconnecting) concurrently withthe nvme admin connect cmd (which may be in an early stage). But *before*kill_and_confirm of sq->ref (i.e. the admin connect managed to get an sqlive reference). In this case, sq->ctrl was allocated however after it wascaptured in a local variable in nvmet_sq_destroy.This prevented the final reference drop on the ctrl.Solve this by re-capturing the sq->ctrl after all inflight request hascompleted, where for sure sq->ctrl reference is final, and move forwardbased on that.This issue was observed in an environment with many hosts connectingmultiple ctrls simoutanuosly, creating a delay in allocating a ctrlleading up to this race window. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42354.md b/2024/CVE-2024-42354.md new file mode 100644 index 0000000000..47c2798f12 --- /dev/null +++ b/2024/CVE-2024-42354.md @@ -0,0 +1,17 @@ +### [CVE-2024-42354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42354) +![](https://img.shields.io/static/v1?label=Product&message=shopware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%206.5.8.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1 and 6.5.8.13, the processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42355.md b/2024/CVE-2024-42355.md new file mode 100644 index 0000000000..95b595b18e --- /dev/null +++ b/2024/CVE-2024-42355.md @@ -0,0 +1,17 @@ +### [CVE-2024-42355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42355) +![](https://img.shields.io/static/v1?label=Product&message=shopware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%206.5.8.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1336%3A%20Improper%20Neutralization%20of%20Special%20Elements%20Used%20in%20a%20Template%20Engine&color=brighgreen) + +### Description + +Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42356.md b/2024/CVE-2024-42356.md new file mode 100644 index 0000000000..3bf5ed19a5 --- /dev/null +++ b/2024/CVE-2024-42356.md @@ -0,0 +1,17 @@ +### [CVE-2024-42356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42356) +![](https://img.shields.io/static/v1?label=Product&message=shopware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%206.5.8.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1336%3A%20Improper%20Neutralization%20of%20Special%20Elements%20Used%20in%20a%20Template%20Engine&color=brighgreen) + +### Description + +Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. The function can be called also from Twig and as the second parameter allows any callable, it's possible to call from Twig any statically callable PHP function/method. It's not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42357.md b/2024/CVE-2024-42357.md new file mode 100644 index 0000000000..8c9cd329ef --- /dev/null +++ b/2024/CVE-2024-42357.md @@ -0,0 +1,17 @@ +### [CVE-2024-42357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42357) +![](https://img.shields.io/static/v1?label=Product&message=shopware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%206.6.0.0%2C%20%3C%3D%206.6.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43044.md b/2024/CVE-2024-43044.md index cf42f502ca..0d54533def 100644 --- a/2024/CVE-2024-43044.md +++ b/2024/CVE-2024-43044.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-5226.md b/2024/CVE-2024-5226.md new file mode 100644 index 0000000000..aaecc05985 --- /dev/null +++ b/2024/CVE-2024-5226.md @@ -0,0 +1,17 @@ +### [CVE-2024-5226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5226) +![](https://img.shields.io/static/v1?label=Product&message=Fuse%20Social%20Floating%20Sidebar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.4.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-5668.md b/2024/CVE-2024-5668.md new file mode 100644 index 0000000000..aa2390295c --- /dev/null +++ b/2024/CVE-2024-5668.md @@ -0,0 +1,17 @@ +### [CVE-2024-5668](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5668) +![](https://img.shields.io/static/v1?label=Product&message=Lightbox%20%26%20Modal%20Popup%20WordPress%20Plugin%20%E2%80%93%20FooBox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.7.28%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-5975.md b/2024/CVE-2024-5975.md index 2e7aa0e0d3..ea4fb05cce 100644 --- a/2024/CVE-2024-5975.md +++ b/2024/CVE-2024-5975.md @@ -13,5 +13,5 @@ The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise a - https://wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-6133.md b/2024/CVE-2024-6133.md new file mode 100644 index 0000000000..29f64c81bf --- /dev/null +++ b/2024/CVE-2024-6133.md @@ -0,0 +1,17 @@ +### [CVE-2024-6133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6133) +![](https://img.shields.io/static/v1?label=Product&message=wp-cart-for-digital-products&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.5.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fd613e1e-557c-4383-a3e9-4c14bc0be0c5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6136.md b/2024/CVE-2024-6136.md new file mode 100644 index 0000000000..758da8fa8b --- /dev/null +++ b/2024/CVE-2024-6136.md @@ -0,0 +1,18 @@ +### [CVE-2024-6136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6136) +![](https://img.shields.io/static/v1?label=Product&message=wp-cart-for-digital-products&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.5.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7d85cfe4-4878-4530-ba78-7cfe33f3a8d5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6158.md b/2024/CVE-2024-6158.md new file mode 100644 index 0000000000..0c988bf027 --- /dev/null +++ b/2024/CVE-2024-6158.md @@ -0,0 +1,19 @@ +### [CVE-2024-6158](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6158) +![](https://img.shields.io/static/v1?label=Product&message=Category%20Posts%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=term-and-category-based-posts-widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.9.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.9.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8adb219f-f0a6-4e87-8626-db26e300c220/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6254.md b/2024/CVE-2024-6254.md new file mode 100644 index 0000000000..acdf6f719b --- /dev/null +++ b/2024/CVE-2024-6254.md @@ -0,0 +1,17 @@ +### [CVE-2024-6254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6254) +![](https://img.shields.io/static/v1?label=Product&message=Brizy%20%E2%80%93%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms intended for public use as another user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. On sites where unfiltered_html is enabled, this can lead to the admin unknowingly adding a Stored Cross-Site Scripting payload. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6552.md b/2024/CVE-2024-6552.md new file mode 100644 index 0000000000..64e883c147 --- /dev/null +++ b/2024/CVE-2024-6552.md @@ -0,0 +1,17 @@ +### [CVE-2024-6552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6552) +![](https://img.shields.io/static/v1?label=Product&message=Booking%20for%20Appointments%20and%20Events%20Calendar%20%E2%80%93%20Amelia&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6824.md b/2024/CVE-2024-6824.md new file mode 100644 index 0000000000..509c836c69 --- /dev/null +++ b/2024/CVE-2024-6824.md @@ -0,0 +1,17 @@ +### [CVE-2024-6824](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6824) +![](https://img.shields.io/static/v1?label=Product&message=Premium%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.10.38%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6869.md b/2024/CVE-2024-6869.md new file mode 100644 index 0000000000..c8183b30d2 --- /dev/null +++ b/2024/CVE-2024-6869.md @@ -0,0 +1,17 @@ +### [CVE-2024-6869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6869) +![](https://img.shields.io/static/v1?label=Product&message=Falang%20multilanguage%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.52%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete translations and expose the administrator email address. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6987.md b/2024/CVE-2024-6987.md new file mode 100644 index 0000000000..e34d431155 --- /dev/null +++ b/2024/CVE-2024-6987.md @@ -0,0 +1,17 @@ +### [CVE-2024-6987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6987) +![](https://img.shields.io/static/v1?label=Product&message=Orchid%20Store&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.5.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchid_store_activate_plugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate the Addonify Floating Cart For WooCommerce plugin if it is installed. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7008.md b/2024/CVE-2024-7008.md index 458f936e39..7badb1305c 100644 --- a/2024/CVE-2024-7008.md +++ b/2024/CVE-2024-7008.md @@ -13,5 +13,5 @@ Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected - https://starlabs.sg/advisories/24/24-7008/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-7150.md b/2024/CVE-2024-7150.md new file mode 100644 index 0000000000..797252f044 --- /dev/null +++ b/2024/CVE-2024-7150.md @@ -0,0 +1,17 @@ +### [CVE-2024-7150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7150) +![](https://img.shields.io/static/v1?label=Product&message=Slider%20by%2010Web%20%E2%80%93%20Responsive%20Image%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.2.57%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7272.md b/2024/CVE-2024-7272.md new file mode 100644 index 0000000000..434778d04f --- /dev/null +++ b/2024/CVE-2024-7272.md @@ -0,0 +1,19 @@ +### [CVE-2024-7272](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7272) +![](https://img.shields.io/static/v1?label=Product&message=FFmpeg&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. + +### POC + +#### Reference +- https://ffmpeg.org/ +- https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc5 +- https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7335.md b/2024/CVE-2024-7335.md index 29818cdb1d..d8e75cbade 100644 --- a/2024/CVE-2024-7335.md +++ b/2024/CVE-2024-7335.md @@ -13,5 +13,5 @@ A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/getSaveConfig.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7336.md b/2024/CVE-2024-7336.md index f9d53a5b12..668897aadd 100644 --- a/2024/CVE-2024-7336.md +++ b/2024/CVE-2024-7336.md @@ -13,5 +13,5 @@ A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/loginauth.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7337.md b/2024/CVE-2024-7337.md index ba072fa86c..e506543045 100644 --- a/2024/CVE-2024-7337.md +++ b/2024/CVE-2024-7337.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, has been found in TOTOLINK EX - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/loginauth.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7338.md b/2024/CVE-2024-7338.md index 91cf8885a1..d7acad0b78 100644 --- a/2024/CVE-2024-7338.md +++ b/2024/CVE-2024-7338.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/setParentalRules.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7350.md b/2024/CVE-2024-7350.md new file mode 100644 index 0000000000..b2c97abf01 --- /dev/null +++ b/2024/CVE-2024-7350.md @@ -0,0 +1,17 @@ +### [CVE-2024-7350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7350) +![](https://img.shields.io/static/v1?label=Product&message=Appointment%20Booking%20Calendar%20Plugin%20and%20Scheduling%20Plugin%20%E2%80%93%20BookingPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.1.6%3C%3D%201.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7359.md b/2024/CVE-2024-7359.md index e3da682c7b..80569fd1ce 100644 --- a/2024/CVE-2024-7359.md +++ b/2024/CVE-2024-7359.md @@ -14,5 +14,5 @@ A vulnerability was found in SourceCodester Tracking Monitoring Management Syste - https://vuldb.com/?id.273338 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7360.md b/2024/CVE-2024-7360.md index 6036d683d9..ca2d994085 100644 --- a/2024/CVE-2024-7360.md +++ b/2024/CVE-2024-7360.md @@ -13,5 +13,5 @@ A vulnerability classified as problematic has been found in SourceCodester Track - https://gist.github.com/topsky979/ac97a335ed9fcf4eefe3c952928a6d0e #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7361.md b/2024/CVE-2024-7361.md index 32d00fb7f5..2513f409e8 100644 --- a/2024/CVE-2024-7361.md +++ b/2024/CVE-2024-7361.md @@ -13,5 +13,5 @@ A vulnerability classified as critical was found in SourceCodester Tracking Moni - https://gist.github.com/topsky979/f01eca07fce854bf5de96588126cdd7e #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7362.md b/2024/CVE-2024-7362.md index 00af244a75..daf7cffa02 100644 --- a/2024/CVE-2024-7362.md +++ b/2024/CVE-2024-7362.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, has been found in SourceCodes - https://gist.github.com/topsky979/96f43bd9f1477a56d1c8f8e08f0e5449 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7363.md b/2024/CVE-2024-7363.md index e4e54b3f39..ea6812979c 100644 --- a/2024/CVE-2024-7363.md +++ b/2024/CVE-2024-7363.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as critical, was found in SourceCodester T - https://gist.github.com/topsky979/69455a114e8718af6c611c86fbdc78b5 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7364.md b/2024/CVE-2024-7364.md index 3616720932..174f6c612d 100644 --- a/2024/CVE-2024-7364.md +++ b/2024/CVE-2024-7364.md @@ -13,5 +13,5 @@ A vulnerability has been found in SourceCodester Tracking Monitoring Management - https://gist.github.com/topsky979/b507afabd4e3da39e7eca6103435ba3a #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7365.md b/2024/CVE-2024-7365.md index a637175958..59d138e51b 100644 --- a/2024/CVE-2024-7365.md +++ b/2024/CVE-2024-7365.md @@ -13,5 +13,5 @@ A vulnerability was found in SourceCodester Tracking Monitoring Management Syste - https://gist.github.com/topsky979/18a15150a99566009476d918d79a0bf9 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7366.md b/2024/CVE-2024-7366.md index 9af1653884..c4c9f95a8d 100644 --- a/2024/CVE-2024-7366.md +++ b/2024/CVE-2024-7366.md @@ -13,5 +13,5 @@ A vulnerability was found in SourceCodester Tracking Monitoring Management Syste - https://gist.github.com/topsky979/c0efd2f3e6e146eb9e110e5e63cb5fbb #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7449.md b/2024/CVE-2024-7449.md index 9ab4235d9b..b0d66a7b35 100644 --- a/2024/CVE-2024-7449.md +++ b/2024/CVE-2024-7449.md @@ -11,6 +11,7 @@ A vulnerability, which was classified as critical, was found in itsourcecode Pla #### Reference - https://github.com/DeepMountains/Mirage/blob/main/CVE11-1.md +- https://vuldb.com/?submit.383859 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7454.md b/2024/CVE-2024-7454.md index a9df157006..1f87cfaeda 100644 --- a/2024/CVE-2024-7454.md +++ b/2024/CVE-2024-7454.md @@ -10,7 +10,7 @@ A vulnerability, which was classified as critical, has been found in SourceCodes ### POC #### Reference -No PoCs from references. +- https://github.com/lche511/cve/blob/main/sql.md #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7486.md b/2024/CVE-2024-7486.md new file mode 100644 index 0000000000..f663762f9a --- /dev/null +++ b/2024/CVE-2024-7486.md @@ -0,0 +1,17 @@ +### [CVE-2024-7486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7486) +![](https://img.shields.io/static/v1?label=Product&message=MultiPurpose&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7490.md b/2024/CVE-2024-7490.md new file mode 100644 index 0000000000..9754d96b06 --- /dev/null +++ b/2024/CVE-2024-7490.md @@ -0,0 +1,18 @@ +### [CVE-2024-7490](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7490) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Software%20Framework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option.This issue affects Advanced Software Framework: through 3.52.0.2574.ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7492.md b/2024/CVE-2024-7492.md new file mode 100644 index 0000000000..865ee5d708 --- /dev/null +++ b/2024/CVE-2024-7492.md @@ -0,0 +1,17 @@ +### [CVE-2024-7492](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7492) +![](https://img.shields.io/static/v1?label=Product&message=MainWP%20Child%20Reports&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7528.md b/2024/CVE-2024-7528.md new file mode 100644 index 0000000000..0f4808d77a --- /dev/null +++ b/2024/CVE-2024-7528.md @@ -0,0 +1,20 @@ +### [CVE-2024-7528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7528) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20129%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use-after-free%20in%20IndexedDB&color=brighgreen) + +### Description + +Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7548.md b/2024/CVE-2024-7548.md new file mode 100644 index 0000000000..7660a7245c --- /dev/null +++ b/2024/CVE-2024-7548.md @@ -0,0 +1,17 @@ +### [CVE-2024-7548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7548) +![](https://img.shields.io/static/v1?label=Product&message=LearnPress%20%E2%80%93%20WordPress%20LMS%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.2.6.9.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7551.md b/2024/CVE-2024-7551.md new file mode 100644 index 0000000000..cac492bc24 --- /dev/null +++ b/2024/CVE-2024-7551.md @@ -0,0 +1,17 @@ +### [CVE-2024-7551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7551) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Path%20Traversal&color=brighgreen) + +### Description + +A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE9-1.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7560.md b/2024/CVE-2024-7560.md new file mode 100644 index 0000000000..dd3b8532f9 --- /dev/null +++ b/2024/CVE-2024-7560.md @@ -0,0 +1,17 @@ +### [CVE-2024-7560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7560) +![](https://img.shields.io/static/v1?label=Product&message=News%20Flash&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7561.md b/2024/CVE-2024-7561.md new file mode 100644 index 0000000000..12ed90a528 --- /dev/null +++ b/2024/CVE-2024-7561.md @@ -0,0 +1,17 @@ +### [CVE-2024-7561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7561) +![](https://img.shields.io/static/v1?label=Product&message=The%20Next&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpeden_post_meta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7578.md b/2024/CVE-2024-7578.md index 531743426d..792f083a40 100644 --- a/2024/CVE-2024-7578.md +++ b/2024/CVE-2024-7578.md @@ -10,7 +10,7 @@ A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has ### POC #### Reference -No PoCs from references. +- https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7579.md b/2024/CVE-2024-7579.md index 2820c909e8..2ed5bbcc38 100644 --- a/2024/CVE-2024-7579.md +++ b/2024/CVE-2024-7579.md @@ -10,7 +10,7 @@ A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has ### POC #### Reference -No PoCs from references. +- https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7580.md b/2024/CVE-2024-7580.md index 0a9a308794..a81da20a90 100644 --- a/2024/CVE-2024-7580.md +++ b/2024/CVE-2024-7580.md @@ -10,7 +10,7 @@ A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has ### POC #### Reference -No PoCs from references. +- https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7581.md b/2024/CVE-2024-7581.md index 5dceb481cd..e60eb3bcda 100644 --- a/2024/CVE-2024-7581.md +++ b/2024/CVE-2024-7581.md @@ -10,7 +10,7 @@ A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. ### POC #### Reference -No PoCs from references. +- https://github.com/BeaCox/IoT_vuln/tree/main/tenda/A301/WifiBasicSet_bof #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7582.md b/2024/CVE-2024-7582.md new file mode 100644 index 0000000000..3d192f8395 --- /dev/null +++ b/2024/CVE-2024-7582.md @@ -0,0 +1,17 @@ +### [CVE-2024-7582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7582) +![](https://img.shields.io/static/v1?label=Product&message=i22&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0.3(4687)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalAccessCodeAuth + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7583.md b/2024/CVE-2024-7583.md new file mode 100644 index 0000000000..34030e46c6 --- /dev/null +++ b/2024/CVE-2024-7583.md @@ -0,0 +1,17 @@ +### [CVE-2024-7583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7583) +![](https://img.shields.io/static/v1?label=Product&message=i22&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0.3(4687)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalOneKeyAuth + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7584.md b/2024/CVE-2024-7584.md new file mode 100644 index 0000000000..97d1819175 --- /dev/null +++ b/2024/CVE-2024-7584.md @@ -0,0 +1,17 @@ +### [CVE-2024-7584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7584) +![](https://img.shields.io/static/v1?label=Product&message=i22&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0.3(4687)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalPhoneAuth + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7585.md b/2024/CVE-2024-7585.md new file mode 100644 index 0000000000..5236aae2e2 --- /dev/null +++ b/2024/CVE-2024-7585.md @@ -0,0 +1,17 @@ +### [CVE-2024-7585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7585) +![](https://img.shields.io/static/v1?label=Product&message=i22&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0.3(4687)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalWebAuth + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7613.md b/2024/CVE-2024-7613.md new file mode 100644 index 0000000000..0881575bb2 --- /dev/null +++ b/2024/CVE-2024-7613.md @@ -0,0 +1,17 @@ +### [CVE-2024-7613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7613) +![](https://img.shields.io/static/v1?label=Product&message=FH1206&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.0.8(8155)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/GstDhcpSetSer_bof%26injection + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7614.md b/2024/CVE-2024-7614.md new file mode 100644 index 0000000000..482675ce4d --- /dev/null +++ b/2024/CVE-2024-7614.md @@ -0,0 +1,17 @@ +### [CVE-2024-7614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7614) +![](https://img.shields.io/static/v1?label=Product&message=FH1206&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.0.8(8155)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/qossetting_bof + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7615.md b/2024/CVE-2024-7615.md new file mode 100644 index 0000000000..67e47f7f83 --- /dev/null +++ b/2024/CVE-2024-7615.md @@ -0,0 +1,17 @@ +### [CVE-2024-7615](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7615) +![](https://img.shields.io/static/v1?label=Product&message=FH1206&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/Safe_Client_or_Url_or_Mac_Filter_bof + +#### Github +No PoCs found on GitHub currently. + diff --git a/github.txt b/github.txt index d790dbdf82..8cf5181e17 100644 --- a/github.txt +++ b/github.txt @@ -1201,6 +1201,7 @@ CVE-2004-2687 - https://github.com/CVEDB/PoC-List CVE-2004-2687 - https://github.com/CVEDB/awesome-cve-repo CVE-2004-2687 - https://github.com/H3xL00m/distccd_rce_CVE-2004-2687 CVE-2004-2687 - https://github.com/Kr1tz3x3/HTB-Writeups +CVE-2004-2687 - https://github.com/N3rdyN3xus/distccd_rce_CVE-2004-2687 CVE-2004-2687 - https://github.com/Patrick122333/4240project CVE-2004-2687 - https://github.com/SecGen/SecGen CVE-2004-2687 - https://github.com/Sp3c73rSh4d0w/distccd_rce_CVE-2004-2687 @@ -2086,6 +2087,7 @@ CVE-2007-2447 - https://github.com/Ki11i0n4ir3/CVE-2007-2447 CVE-2007-2447 - https://github.com/Ki11i0n4ir3/Sambaster CVE-2007-2447 - https://github.com/Kr1tz3x3/HTB-Writeups CVE-2007-2447 - https://github.com/MikeRega7/CVE-2007-2447-RCE +CVE-2007-2447 - https://github.com/N3rdyN3xus/CVE-2007-2447 CVE-2007-2447 - https://github.com/Nosferatuvjr/Samba-Usermap-exploit CVE-2007-2447 - https://github.com/Patrick122333/4240project CVE-2007-2447 - https://github.com/SamHackingArticles/CVE-2007-2447 @@ -3112,6 +3114,7 @@ CVE-2008-4250 - https://github.com/Cruxer8Mech/Idk CVE-2008-4250 - https://github.com/H3xL00m/MS08-067 CVE-2008-4250 - https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups CVE-2008-4250 - https://github.com/Kuromesi/Py4CSKG +CVE-2008-4250 - https://github.com/N3rdyN3xus/MS08-067 CVE-2008-4250 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API CVE-2008-4250 - https://github.com/SexyBeast233/SecBooks CVE-2008-4250 - https://github.com/Sp3c73rSh4d0w/MS08-067 @@ -3925,6 +3928,7 @@ CVE-2009-2265 - https://github.com/Anekant-Singhai/Exploits CVE-2009-2265 - https://github.com/CVEDB/PoC-List CVE-2009-2265 - https://github.com/CVEDB/awesome-cve-repo CVE-2009-2265 - https://github.com/H3xL00m/CVE-2009-2265 +CVE-2009-2265 - https://github.com/N3rdyN3xus/CVE-2009-2265 CVE-2009-2265 - https://github.com/Sp3c73rSh4d0w/CVE-2009-2265 CVE-2009-2265 - https://github.com/c0d3cr4f73r/CVE-2009-2265 CVE-2009-2265 - https://github.com/crypticdante/CVE-2009-2265 @@ -6910,6 +6914,7 @@ CVE-2011-1249 - https://github.com/CVEDB/awesome-cve-repo CVE-2011-1249 - https://github.com/Cruxer8Mech/Idk CVE-2011-1249 - https://github.com/H3xL00m/CVE-2011-1249 CVE-2011-1249 - https://github.com/Madusanka99/OHTS +CVE-2011-1249 - https://github.com/N3rdyN3xus/CVE-2011-1249 CVE-2011-1249 - https://github.com/Sp3c73rSh4d0w/CVE-2011-1249 CVE-2011-1249 - https://github.com/c0d3cr4f73r/CVE-2011-1249 CVE-2011-1249 - https://github.com/crypticdante/CVE-2011-1249 @@ -40969,6 +40974,7 @@ CVE-2017-7614 - https://github.com/siddharthraopotukuchi/trivy CVE-2017-7614 - https://github.com/simiyo/trivy CVE-2017-7614 - https://github.com/t31m0/Vulnerability-Scanner-for-Containers CVE-2017-7614 - https://github.com/umahari/security +CVE-2017-7615 - https://github.com/20142995/nuclei-templates CVE-2017-7615 - https://github.com/20142995/sectool CVE-2017-7615 - https://github.com/ARPSyndicate/cvemon CVE-2017-7615 - https://github.com/ARPSyndicate/kenzer-templates @@ -49781,6 +49787,7 @@ CVE-2018-17463 - https://github.com/ARPSyndicate/cvemon CVE-2018-17463 - https://github.com/Ostorlab/KEV CVE-2018-17463 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2018-17463 - https://github.com/Uniguri/CVE-1day +CVE-2018-17463 - https://github.com/Uniguri/CVE-nday CVE-2018-17463 - https://github.com/changelog2020/JSEChalls CVE-2018-17463 - https://github.com/ernestang98/win-exploits CVE-2018-17463 - https://github.com/hwiwonl/dayone @@ -62919,6 +62926,7 @@ CVE-2019-11358 - https://github.com/William-McGonagle/Maincode-2021 CVE-2019-11358 - https://github.com/William-f-12/FTCTest CVE-2019-11358 - https://github.com/WindsorHSRobotics/team-20514_2021-2022 CVE-2019-11358 - https://github.com/WinstonCrosby/CooperCode2023 +CVE-2019-11358 - https://github.com/WishingWell13-Forks/FtcRobotController-Freight-Frenzy-Lessons CVE-2019-11358 - https://github.com/WishingWell13/FtcRobotController-Freight-Frenzy-Lessons CVE-2019-11358 - https://github.com/WlhsRobotics/FtcRobotController-master CVE-2019-11358 - https://github.com/WoEN239/CENTERSTAGE-WoEN @@ -63289,6 +63297,7 @@ CVE-2019-11358 - https://github.com/delmarrobotics/delmarFTC CVE-2019-11358 - https://github.com/demotivate/rizzlords-robotics CVE-2019-11358 - https://github.com/demotivate/swagbots CVE-2019-11358 - https://github.com/denwan20/FTC-programming +CVE-2019-11358 - https://github.com/derekriter08/technohuskies10309_2022 CVE-2019-11358 - https://github.com/derryfieldftc/FightingCougarsRobotController CVE-2019-11358 - https://github.com/developer3000S/PoC-in-GitHub CVE-2019-11358 - https://github.com/devsamuelv/Offseason-Code-Dualshock @@ -68820,6 +68829,7 @@ CVE-2019-16349 - https://github.com/Marsman1996/pocs CVE-2019-16350 - https://github.com/Marsman1996/pocs CVE-2019-16351 - https://github.com/Marsman1996/pocs CVE-2019-16352 - https://github.com/Marsman1996/pocs +CVE-2019-16353 - https://github.com/boofish/ICS3Fuzzer CVE-2019-1636 - https://github.com/alphaSeclab/sec-daily-2019 CVE-2019-1636 - https://github.com/b9q/EAOrigin_remote_code CVE-2019-16370 - https://github.com/ARPSyndicate/cvemon @@ -71514,6 +71524,7 @@ CVE-2019-20224 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-20224 - https://github.com/jweny/pocassistdb CVE-2019-20224 - https://github.com/mhaskar/CVE-2019-20224 CVE-2019-2025 - https://github.com/ARPSyndicate/cvemon +CVE-2019-2025 - https://github.com/Clock-Skew/EndPointX CVE-2019-2025 - https://github.com/Sec20-Paper310/Paper310 CVE-2019-2025 - https://github.com/jltxgcy/CVE_2019_2025_EXP CVE-2019-2025 - https://github.com/kdn111/linux-kernel-exploitation @@ -71793,6 +71804,7 @@ CVE-2019-2215 - https://github.com/ARPSyndicate/cvemon CVE-2019-2215 - https://github.com/ATorNinja/CVE-2019-2215 CVE-2019-2215 - https://github.com/Al1ex/LinuxEelvation CVE-2019-2215 - https://github.com/Byte-Master-101/CVE-2019-2215 +CVE-2019-2215 - https://github.com/Clock-Skew/EndPointX CVE-2019-2215 - https://github.com/CrackerCat/Rootsmart-v2.0 CVE-2019-2215 - https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections CVE-2019-2215 - https://github.com/DimitriFourny/cve-2019-2215 @@ -76593,6 +76605,7 @@ CVE-2020-0421 - https://github.com/nanopathi/system_core_AOSP10_r33_CVE-2020-042 CVE-2020-0421 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2020-0422 - https://github.com/TinyNiko/android_bulletin_notes CVE-2020-0423 - https://github.com/ARPSyndicate/cvemon +CVE-2020-0423 - https://github.com/Clock-Skew/EndPointX CVE-2020-0423 - https://github.com/Swordfish-Security/awesome-android-security CVE-2020-0423 - https://github.com/TinyNiko/android_bulletin_notes CVE-2020-0423 - https://github.com/alphaSeclab/sec-daily-2020 @@ -77831,6 +77844,7 @@ CVE-2020-0796 - https://github.com/Hatcat123/my_stars CVE-2020-0796 - https://github.com/HernanRodriguez1/Dorks-Shodan-2023 CVE-2020-0796 - https://github.com/IAreKyleW00t/SMBGhosts CVE-2020-0796 - https://github.com/IFccTeR/1_UP_files +CVE-2020-0796 - https://github.com/IFunFox/1_UP_files CVE-2020-0796 - https://github.com/IvanVoronov/0day CVE-2020-0796 - https://github.com/JERRY123S/all-poc CVE-2020-0796 - https://github.com/Jacob10s/SMBGHOST_EXPLOIT @@ -86122,6 +86136,7 @@ CVE-2020-17530 - https://github.com/pangyu360es/CVE-2020-17530 CVE-2020-17530 - https://github.com/pctF/vulnerable-app CVE-2020-17530 - https://github.com/phil-fly/CVE-2020-17530 CVE-2020-17530 - https://github.com/readloud/Awesome-Stars +CVE-2020-17530 - https://github.com/secpool2000/CVE-2020-17530 CVE-2020-17530 - https://github.com/sobinge/nuclei-templates CVE-2020-17530 - https://github.com/superlink996/chunqiuyunjingbachang CVE-2020-17530 - https://github.com/trganda/starrlist @@ -92186,6 +92201,7 @@ CVE-2020-36642 - https://github.com/Live-Hack-CVE/CVE-2020-36642 CVE-2020-36643 - https://github.com/Live-Hack-CVE/CVE-2020-36643 CVE-2020-36644 - https://github.com/Live-Hack-CVE/CVE-2020-36644 CVE-2020-36645 - https://github.com/Live-Hack-CVE/CVE-2020-36645 +CVE-2020-36646 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2020-36646 - https://github.com/Live-Hack-CVE/CVE-2020-36646 CVE-2020-36647 - https://github.com/Live-Hack-CVE/CVE-2020-36647 CVE-2020-36648 - https://github.com/Live-Hack-CVE/CVE-2020-36648 @@ -95492,6 +95508,7 @@ CVE-2020-8617 - https://github.com/Z0fhack/Goby_POC CVE-2020-8617 - https://github.com/Zhivarev/13-01-hw CVE-2020-8617 - https://github.com/balabit-deps/balabit-os-9-bind9-libs CVE-2020-8617 - https://github.com/developer3000S/PoC-in-GitHub +CVE-2020-8617 - https://github.com/gothburz/cve-2020-8617 CVE-2020-8617 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-8617 - https://github.com/knqyf263/CVE-2020-8617 CVE-2020-8617 - https://github.com/nomi-sec/PoC-in-GitHub @@ -99072,7 +99089,9 @@ CVE-2021-20572 - https://github.com/STMCyber/CVEs CVE-2021-20573 - https://github.com/STMCyber/CVEs CVE-2021-20574 - https://github.com/STMCyber/CVEs CVE-2021-20587 - https://github.com/Live-Hack-CVE/CVE-2021-20587 +CVE-2021-20587 - https://github.com/boofish/ICS3Fuzzer CVE-2021-20588 - https://github.com/Live-Hack-CVE/CVE-2021-20588 +CVE-2021-20588 - https://github.com/boofish/ICS3Fuzzer CVE-2021-20594 - https://github.com/NozomiNetworks/blackhat23-melsoft CVE-2021-20597 - https://github.com/NozomiNetworks/blackhat23-melsoft CVE-2021-20598 - https://github.com/NozomiNetworks/blackhat23-melsoft @@ -103257,6 +103276,7 @@ CVE-2021-26084 - https://github.com/CLincat/vulcat CVE-2021-26084 - https://github.com/CVEDB/PoC-List CVE-2021-26084 - https://github.com/CVEDB/awesome-cve-repo CVE-2021-26084 - https://github.com/CVEDB/top +CVE-2021-26084 - https://github.com/CrackerCat/CVE-2021-26084 CVE-2021-26084 - https://github.com/FDlucifer/firece-fish CVE-2021-26084 - https://github.com/GhostTroops/TOP CVE-2021-26084 - https://github.com/GlennPegden2/cve-2021-26084-confluence @@ -105878,6 +105898,8 @@ CVE-2021-29267 - https://github.com/soosmile/POC CVE-2021-29267 - https://github.com/trhacknon/Pocingit CVE-2021-29267 - https://github.com/zecool/cve CVE-2021-29280 - https://github.com/deadlysnowman3308/upgraded-ARP-Poisoning +CVE-2021-29297 - https://github.com/boofish/ICS3Fuzzer +CVE-2021-29298 - https://github.com/boofish/ICS3Fuzzer CVE-2021-29302 - https://github.com/EdgeSecurityTeam/Vulnerability CVE-2021-29302 - https://github.com/liyansong2018/CVE CVE-2021-29302 - https://github.com/liyansong2018/firmware-analysis-plus @@ -107597,6 +107619,7 @@ CVE-2021-3156 - https://github.com/SenukDias/OSCP_cheat CVE-2021-3156 - https://github.com/SexyBeast233/SecBooks CVE-2021-3156 - https://github.com/SirElmard/ethical_hacking CVE-2021-3156 - https://github.com/Spektrainfiniti/MP +CVE-2021-3156 - https://github.com/Technetium1/stars CVE-2021-3156 - https://github.com/TheFlash2k/CVE-2021-3156 CVE-2021-3156 - https://github.com/TheSerialiZator/CTF-2021 CVE-2021-3156 - https://github.com/Threekiii/Awesome-POC @@ -109697,6 +109720,7 @@ CVE-2021-34527 - https://github.com/ARPSyndicate/cvemon CVE-2021-34527 - https://github.com/AdamAmicro/CAHard CVE-2021-34527 - https://github.com/AdamPumphrey/PowerShell CVE-2021-34527 - https://github.com/AleHelp/Windows-Pentesting-cheatsheet +CVE-2021-34527 - https://github.com/Alfesito/windows_hardening CVE-2021-34527 - https://github.com/Alssi-consulting/HardeningKitty CVE-2021-34527 - https://github.com/Amaranese/CVE-2021-34527 CVE-2021-34527 - https://github.com/Ascotbe/Kernelhub @@ -110867,6 +110891,7 @@ CVE-2021-36260 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-36260 - https://github.com/Aiminsun/CVE-2021-36260 CVE-2021-36260 - https://github.com/ArrestX/--POC CVE-2021-36260 - https://github.com/Awrrays/FrameVul +CVE-2021-36260 - https://github.com/CVEDB/awesome-cve-repo CVE-2021-36260 - https://github.com/Cuerz/CVE-2021-36260 CVE-2021-36260 - https://github.com/Fans0n-Fan/Awesome-IoT-exp CVE-2021-36260 - https://github.com/Haoke98/NetEye @@ -112412,6 +112437,7 @@ CVE-2021-3929 - https://github.com/ARPSyndicate/cvemon CVE-2021-3929 - https://github.com/NaInSec/CVE-PoC-in-GitHub CVE-2021-3929 - https://github.com/QiuhaoLi/CVE-2021-3929-3947 CVE-2021-3929 - https://github.com/SYRTI/POC_to_review +CVE-2021-3929 - https://github.com/Technetium1/stars CVE-2021-3929 - https://github.com/WhooAmii/POC_to_review CVE-2021-3929 - https://github.com/k0mi-tg/CVE-POC CVE-2021-3929 - https://github.com/lemon-mint/stars @@ -112959,6 +112985,7 @@ CVE-2021-4034 - https://github.com/TW-D/PwnKit-Vulnerability_CVE-2021-4034 CVE-2021-4034 - https://github.com/Taillan/TryHackMe CVE-2021-4034 - https://github.com/Tanmay-N/CVE-2021-4034 CVE-2021-4034 - https://github.com/TanmoyG1800/CVE-2021-4034 +CVE-2021-4034 - https://github.com/Technetium1/stars CVE-2021-4034 - https://github.com/TheJoyOfHacking/berdav-CVE-2021-4034 CVE-2021-4034 - https://github.com/TheSermux/CVE-2021-4034 CVE-2021-4034 - https://github.com/Threekiii/Awesome-POC @@ -113382,6 +113409,7 @@ CVE-2021-40444 - https://github.com/NaInSec/CVE-PoC-in-GitHub CVE-2021-40444 - https://github.com/Ostorlab/KEV CVE-2021-40444 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2021-40444 - https://github.com/Panopticon-Project/panopticon-WizardSpider +CVE-2021-40444 - https://github.com/Phuong39/CVE-2021-40444-CAB CVE-2021-40444 - https://github.com/S3N4T0R-0X0/APT28-Adversary-Simulation CVE-2021-40444 - https://github.com/SYRTI/POC_to_review CVE-2021-40444 - https://github.com/SirElmard/ethical_hacking @@ -120373,6 +120401,7 @@ CVE-2021-46870 - https://github.com/skintigh/defcon27_badge_sdr CVE-2021-46877 - https://github.com/scordero1234/java_sec_demo-main CVE-2021-46877 - https://github.com/seal-community/patches CVE-2021-46894 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2021-46901 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2021-46905 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2021-46906 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2021-46907 - https://github.com/NaInSec/CVE-LIST @@ -121678,6 +121707,7 @@ CVE-2022-0847 - https://github.com/SnailDev/github-hot-hub CVE-2022-0847 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE CVE-2022-0847 - https://github.com/T4t4ru/CVE-2022-0847 CVE-2022-0847 - https://github.com/Tanq16/link-hub +CVE-2022-0847 - https://github.com/Technetium1/stars CVE-2022-0847 - https://github.com/Threekiii/Awesome-POC CVE-2022-0847 - https://github.com/Trickhish/automated_privilege_escalation CVE-2022-0847 - https://github.com/Turzum/ps-lab-cve-2022-0847 @@ -122153,6 +122183,7 @@ CVE-2022-1015 - https://github.com/NaInSec/CVE-PoC-in-GitHub CVE-2022-1015 - https://github.com/SYRTI/POC_to_review CVE-2022-1015 - https://github.com/TurtleARM/CVE-2023-0179-PoC CVE-2022-1015 - https://github.com/Uniguri/CVE-1day +CVE-2022-1015 - https://github.com/Uniguri/CVE-nday CVE-2022-1015 - https://github.com/WhooAmii/POC_to_review CVE-2022-1015 - https://github.com/XiaozaYa/CVE-Recording CVE-2022-1015 - https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits @@ -123694,6 +123725,7 @@ CVE-2022-20413 - https://github.com/whoforget/CVE-POC CVE-2022-20413 - https://github.com/youwizard/CVE-POC CVE-2022-20421 - https://github.com/0xkol/badspin CVE-2022-20421 - https://github.com/ARPSyndicate/cvemon +CVE-2022-20421 - https://github.com/Clock-Skew/EndPointX CVE-2022-20421 - https://github.com/johe123qwe/github-trending CVE-2022-20421 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-20421 - https://github.com/xairy/linux-kernel-exploitation @@ -135776,6 +135808,7 @@ CVE-2022-32942 - https://github.com/ARPSyndicate/cvemon CVE-2022-32945 - https://github.com/ARPSyndicate/cvemon CVE-2022-32945 - https://github.com/diego-acc/NVD-Scratching CVE-2022-32945 - https://github.com/diegosanzmartin/NVD-Scratching +CVE-2022-32947 - https://github.com/Technetium1/stars CVE-2022-32947 - https://github.com/asahilina/agx-exploit CVE-2022-32947 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-32948 - https://github.com/0x36/weightBufs @@ -141781,6 +141814,7 @@ CVE-2022-46416 - https://github.com/BossSecuLab/Vulnerability_Reporting CVE-2022-46440 - https://github.com/ARPSyndicate/cvemon CVE-2022-46440 - https://github.com/keepinggg/poc CVE-2022-46443 - https://github.com/ARPSyndicate/cvemon +CVE-2022-46449 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2022-4645 - https://github.com/ARPSyndicate/cvemon CVE-2022-4645 - https://github.com/peng-hui/CarpetFuzz CVE-2022-4645 - https://github.com/waugustus/CarpetFuzz @@ -141873,6 +141907,7 @@ CVE-2022-46689 - https://github.com/ManoChina/MacDirtyCowDemo CVE-2022-46689 - https://github.com/PureKFD/PureKFD CVE-2022-46689 - https://github.com/PureKFD/PureKFDRepo CVE-2022-46689 - https://github.com/Smile1024me/Cowabunga +CVE-2022-46689 - https://github.com/Technetium1/stars CVE-2022-46689 - https://github.com/Thyssenkrupp234/ra1nm8 CVE-2022-46689 - https://github.com/ZZY3312/KFDFontOverwrite-M1 CVE-2022-46689 - https://github.com/ahkecha/McDirty @@ -142468,6 +142503,7 @@ CVE-2023-0179 - https://github.com/whoforget/CVE-POC CVE-2023-0179 - https://github.com/xairy/linux-kernel-exploitation CVE-2023-0179 - https://github.com/youwizard/CVE-POC CVE-2023-0189 - https://github.com/EGI-Federation/SVG-advisories +CVE-2023-0210 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-0214 - https://github.com/ARPSyndicate/cvemon CVE-2023-0215 - https://github.com/ARPSyndicate/cvemon CVE-2023-0215 - https://github.com/FairwindsOps/bif @@ -143727,6 +143763,7 @@ CVE-2023-20933 - https://github.com/Trinadh465/frameworks_av_CVE-2023-20933 CVE-2023-20933 - https://github.com/hshivhare67/platform_frameworks_av_AOSP10_r33_CVE-2023-20933 CVE-2023-20933 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-20937 - https://github.com/ARPSyndicate/cvemon +CVE-2023-20938 - https://github.com/Clock-Skew/EndPointX CVE-2023-20938 - https://github.com/IamAlch3mist/Awesome-Android-Vulnerability-Research CVE-2023-20938 - https://github.com/xairy/linux-kernel-exploitation CVE-2023-2094 - https://github.com/1-tong/vehicle_cves @@ -147723,6 +147760,7 @@ CVE-2023-3079 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-3079 - https://github.com/RENANZG/My-Forensics CVE-2023-3079 - https://github.com/Threekiii/CVE CVE-2023-3079 - https://github.com/Uniguri/CVE-1day +CVE-2023-3079 - https://github.com/Uniguri/CVE-nday CVE-2023-3079 - https://github.com/ZonghaoLi777/githubTrending CVE-2023-3079 - https://github.com/aneasystone/github-trending CVE-2023-3079 - https://github.com/johe123qwe/github-trending @@ -153874,6 +153912,7 @@ CVE-2023-47460 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-47464 - https://github.com/HadessCS/CVE-2023-47464 CVE-2023-47464 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-47465 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-47470 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-47488 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-47488 - https://github.com/nitipoom-jar/CVE-2023-47488 CVE-2023-47488 - https://github.com/nomi-sec/PoC-in-GitHub @@ -153898,6 +153937,7 @@ CVE-2023-4759 - https://github.com/refactorfirst/RefactorFirst CVE-2023-47612 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4762 - https://github.com/Ostorlab/KEV CVE-2023-4762 - https://github.com/Uniguri/CVE-1day +CVE-2023-4762 - https://github.com/Uniguri/CVE-nday CVE-2023-4762 - https://github.com/buptsb/CVE-2023-4762 CVE-2023-4762 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-4762 - https://github.com/sherlocksecurity/CVE-2023-4762-Code-Review @@ -153963,6 +154003,7 @@ CVE-2023-47997 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-47997 - https://github.com/thelastede/FreeImage-cve-poc CVE-2023-4800 - https://github.com/b0marek/CVE-2023-4800 CVE-2023-4800 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-48014 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-48022 - https://github.com/0x656565/CVE-2023-48022 CVE-2023-48022 - https://github.com/google/tsunami-security-scanner-plugins CVE-2023-48022 - https://github.com/jakabakos/ShadowRay-RCE-PoC-CVE-2023-48022 @@ -161069,6 +161110,7 @@ CVE-2024-0015 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-0023 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-0029 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0030 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-0030 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-0031 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0032 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0033 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -161320,6 +161362,7 @@ CVE-2024-0490 - https://github.com/Tropinene/Yscanner CVE-2024-0490 - https://github.com/tanjiti/sec_profile CVE-2024-0511 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0517 - https://github.com/Uniguri/CVE-1day +CVE-2024-0517 - https://github.com/Uniguri/CVE-nday CVE-2024-0517 - https://github.com/ret2eax/exploits CVE-2024-0517 - https://github.com/rycbar77/V8Exploits CVE-2024-0517 - https://github.com/sploitem/v8-writeups @@ -161620,6 +161663,7 @@ CVE-2024-1086 - https://github.com/Notselwyn/exploits CVE-2024-1086 - https://github.com/Notselwyn/notselwyn CVE-2024-1086 - https://github.com/SenukDias/OSCP_cheat CVE-2024-1086 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE +CVE-2024-1086 - https://github.com/Technetium1/stars CVE-2024-1086 - https://github.com/TigerIsMyPet/KernelExploit CVE-2024-1086 - https://github.com/YgorAlberto/ygoralberto.github.io CVE-2024-1086 - https://github.com/Zombie-Kaiser/Zombie-Kaiser @@ -163940,6 +163984,7 @@ CVE-2024-23692 - https://github.com/wjlin0/poc-doc CVE-2024-23692 - https://github.com/wy876/POC CVE-2024-2370 - https://github.com/NaInSec/CVE-LIST CVE-2024-2370 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-23708 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-23721 - https://github.com/NaInSec/CVE-LIST CVE-2024-23722 - https://github.com/alexcote1/CVE-2024-23722-poc CVE-2024-23722 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -165250,6 +165295,7 @@ CVE-2024-2588 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25885 - https://github.com/salvatore-abello/salvatore-abello CVE-2024-2589 - https://github.com/NaInSec/CVE-LIST CVE-2024-2589 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-25897 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-2590 - https://github.com/NaInSec/CVE-LIST CVE-2024-2590 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25902 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -167860,6 +167906,7 @@ CVE-2024-3094 - https://github.com/SOC-SC/XZ-Response CVE-2024-3094 - https://github.com/ScrimForever/CVE-2024-3094 CVE-2024-3094 - https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits CVE-2024-3094 - https://github.com/Simplifi-ED/CVE-2024-3094-patcher +CVE-2024-3094 - https://github.com/Technetium1/stars CVE-2024-3094 - https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker CVE-2024-3094 - https://github.com/Thiagocsoaresbh/heroku-test CVE-2024-3094 - https://github.com/Yuma-Tsushima07/CVE-2024-3094 @@ -169295,10 +169342,12 @@ CVE-2024-37084 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37085 - https://github.com/gokupwn/pushMyResources CVE-2024-37085 - https://github.com/h0bbel/h0bbel CVE-2024-37085 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-37085 - https://github.com/tanjiti/sec_profile CVE-2024-3714 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37147 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-37253 - https://github.com/20142995/nuclei-templates CVE-2024-3727 - https://github.com/EGI-Federation/SVG-advisories +CVE-2024-37287 - https://github.com/tanjiti/sec_profile CVE-2024-3729 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-37305 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-37309 - https://github.com/chnzzh/OpenSSL-CVE-lib @@ -169371,6 +169420,9 @@ CVE-2024-3806 - https://github.com/tanjiti/sec_profile CVE-2024-3806 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc CVE-2024-3807 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3807 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc +CVE-2024-38077 - https://github.com/0xMarcio/cve +CVE-2024-38077 - https://github.com/TrojanAZhen/Self_Back +CVE-2024-38077 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38100 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38100 - https://github.com/tanjiti/sec_profile CVE-2024-38112 - https://github.com/thepcn3rd/goAdventures @@ -169421,6 +169473,7 @@ CVE-2024-3858 - https://github.com/zhangjiahui-buaa/MasterThesis CVE-2024-3867 - https://github.com/c4cnm/CVE-2024-3867 CVE-2024-3867 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3868 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38693 - https://github.com/20142995/nuclei-templates CVE-2024-3874 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-3875 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-3875 - https://github.com/helloyhrr/IoT_vulnerability @@ -169489,6 +169542,26 @@ CVE-2024-3957 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3958 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3961 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39614 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-39641 - https://github.com/20142995/nuclei-templates +CVE-2024-39642 - https://github.com/20142995/nuclei-templates +CVE-2024-39643 - https://github.com/20142995/nuclei-templates +CVE-2024-39646 - https://github.com/20142995/nuclei-templates +CVE-2024-39647 - https://github.com/20142995/nuclei-templates +CVE-2024-39648 - https://github.com/20142995/nuclei-templates +CVE-2024-39649 - https://github.com/20142995/nuclei-templates +CVE-2024-39651 - https://github.com/20142995/nuclei-templates +CVE-2024-39652 - https://github.com/20142995/nuclei-templates +CVE-2024-39653 - https://github.com/20142995/nuclei-templates +CVE-2024-39655 - https://github.com/20142995/nuclei-templates +CVE-2024-39656 - https://github.com/20142995/nuclei-templates +CVE-2024-39658 - https://github.com/20142995/nuclei-templates +CVE-2024-39659 - https://github.com/20142995/nuclei-templates +CVE-2024-39660 - https://github.com/20142995/nuclei-templates +CVE-2024-39661 - https://github.com/20142995/nuclei-templates +CVE-2024-39663 - https://github.com/20142995/nuclei-templates +CVE-2024-39664 - https://github.com/20142995/nuclei-templates +CVE-2024-39665 - https://github.com/20142995/nuclei-templates +CVE-2024-39668 - https://github.com/20142995/nuclei-templates CVE-2024-3967 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39670 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39671 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169571,10 +169644,12 @@ CVE-2024-4040 - https://github.com/wy876/POC CVE-2024-4040 - https://github.com/wy876/wiki CVE-2024-4040 - https://github.com/zgimszhd61/cve-exploit-collection-scanner CVE-2024-4042 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-40422 - https://github.com/20142995/nuclei-templates CVE-2024-40422 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40492 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40498 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-40498 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-40500 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40506 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40507 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40508 - https://github.com/nomi-sec/PoC-in-GitHub @@ -169595,6 +169670,10 @@ CVE-2024-4064 - https://github.com/helloyhrr/IoT_vulnerability CVE-2024-4065 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4066 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4068 - https://github.com/seal-community/patches +CVE-2024-40720 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-40721 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-40722 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-40723 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-40725 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40725 - https://github.com/tanjiti/sec_profile CVE-2024-40784 - https://github.com/gandalf4a/crash_report @@ -169662,11 +169741,13 @@ CVE-2024-41551 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4156 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41570 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4162 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41628 - https://github.com/20142995/nuclei-templates CVE-2024-41628 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4163 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4164 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-41640 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4165 - https://github.com/LaPhilosophie/IoT-vulnerable +CVE-2024-41651 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4166 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-41662 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41662 - https://github.com/nomi-sec/PoC-in-GitHub @@ -169696,7 +169777,9 @@ CVE-2024-41942 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41943 - https://github.com/alessio-romano/Sfoffo-Pentesting-Notes CVE-2024-41943 - https://github.com/alessio-romano/alessio-romano CVE-2024-41946 - https://github.com/lifeparticle/Ruby-Cheatsheet +CVE-2024-41957 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41958 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-41965 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41989 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4199 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41990 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169704,6 +169787,7 @@ CVE-2024-41991 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41995 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4200 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42005 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42005 - https://github.com/tanjiti/sec_profile CVE-2024-42010 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4202 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4203 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169719,6 +169803,7 @@ CVE-2024-42055 - https://github.com/jinsonvarghese/jinsonvarghese CVE-2024-4207 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4208 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4210 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42152 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42233 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42234 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42235 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169790,6 +169875,7 @@ CVE-2024-4300 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4301 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43044 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43044 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-43044 - https://github.com/tanjiti/sec_profile CVE-2024-43045 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43111 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4313 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170146,6 +170232,7 @@ CVE-2024-5048 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5049 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5050 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5051 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5057 - https://github.com/20142995/nuclei-templates CVE-2024-5067 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5072 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5074 - https://github.com/20142995/nuclei-templates @@ -170180,6 +170267,7 @@ CVE-2024-5217 - https://github.com/Ostorlab/KEV CVE-2024-5217 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5218 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5220 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5226 - https://github.com/20142995/nuclei-templates CVE-2024-5229 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5246 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5273 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170234,6 +170322,7 @@ CVE-2024-5653 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5654 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5655 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5663 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5668 - https://github.com/20142995/nuclei-templates CVE-2024-5670 - https://github.com/tanjiti/sec_profile CVE-2024-5678 - https://github.com/0x41424142/qualyspy CVE-2024-5678 - https://github.com/Dashrath158/CVE-Management-App-using-Flask @@ -170275,6 +170364,7 @@ CVE-2024-5947 - https://github.com/komodoooo/Some-things CVE-2024-5947 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5961 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5973 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5975 - https://github.com/20142995/nuclei-templates CVE-2024-5991 - https://github.com/wolfSSL/Arduino-wolfSSL CVE-2024-5991 - https://github.com/wolfSSL/wolfssl CVE-2024-6027 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170305,6 +170395,7 @@ CVE-2024-6206 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6222 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6243 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6244 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6254 - https://github.com/20142995/nuclei-templates CVE-2024-6265 - https://github.com/truonghuuphuc/CVE CVE-2024-6270 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6271 - https://github.com/Jokergazaa/zero-click-exploits @@ -170354,6 +170445,7 @@ CVE-2024-6522 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-65230 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6529 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6536 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-6552 - https://github.com/20142995/nuclei-templates CVE-2024-6553 - https://github.com/20142995/nuclei-templates CVE-2024-6571 - https://github.com/20142995/nuclei-templates CVE-2024-6589 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170386,8 +170478,10 @@ CVE-2024-6782 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6782 - https://github.com/wy876/POC CVE-2024-6802 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6807 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6824 - https://github.com/20142995/nuclei-templates CVE-2024-6836 - https://github.com/20142995/nuclei-templates CVE-2024-6865 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6869 - https://github.com/20142995/nuclei-templates CVE-2024-6890 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6891 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6893 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170408,6 +170502,8 @@ CVE-2024-6969 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6970 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6972 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6975 - https://github.com/chnzzh/OpenSSL-CVE-lib +CVE-2024-6987 - https://github.com/20142995/nuclei-templates +CVE-2024-7008 - https://github.com/20142995/nuclei-templates CVE-2024-7027 - https://github.com/20142995/nuclei-templates CVE-2024-7047 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7057 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170417,6 +170513,7 @@ CVE-2024-7081 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7091 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7120 - https://github.com/Ostorlab/KEV CVE-2024-7120 - https://github.com/komodoooo/Some-things +CVE-2024-7150 - https://github.com/20142995/nuclei-templates CVE-2024-7160 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7212 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7213 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170431,14 +170528,27 @@ CVE-2024-7297 - https://github.com/JoshuaMart/JoshuaMart CVE-2024-7317 - https://github.com/20142995/nuclei-templates CVE-2024-7317 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7332 - https://github.com/20142995/nuclei-templates +CVE-2024-7335 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7336 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7337 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7338 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7339 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-7339 - https://github.com/tanjiti/sec_profile CVE-2024-7340 - https://github.com/20142995/nuclei-templates +CVE-2024-7350 - https://github.com/20142995/nuclei-templates CVE-2024-7353 - https://github.com/20142995/nuclei-templates CVE-2024-7353 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7355 - https://github.com/20142995/nuclei-templates CVE-2024-7355 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7357 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7359 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7360 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7361 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7362 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7363 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7364 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7365 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7366 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7383 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7395 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7396 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170474,19 +170584,25 @@ CVE-2024-7469 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7470 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7484 - https://github.com/20142995/nuclei-templates CVE-2024-7485 - https://github.com/20142995/nuclei-templates +CVE-2024-7486 - https://github.com/20142995/nuclei-templates CVE-2024-7490 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7492 - https://github.com/20142995/nuclei-templates CVE-2024-7502 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7521 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7528 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7529 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7532 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7533 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7534 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7535 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7536 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7548 - https://github.com/20142995/nuclei-templates CVE-2024-7550 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7552 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7553 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7554 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7560 - https://github.com/20142995/nuclei-templates +CVE-2024-7561 - https://github.com/20142995/nuclei-templates CVE-2024-7578 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7579 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7580 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/references.txt b/references.txt index e53a4b914c..1cc80d1d8f 100644 --- a/references.txt +++ b/references.txt @@ -5691,6 +5691,7 @@ CVE-2006-6407 - http://www.quantenblog.net/security/virus-scanner-bypass CVE-2006-6408 - http://www.quantenblog.net/security/virus-scanner-bypass CVE-2006-6409 - http://www.quantenblog.net/security/virus-scanner-bypass CVE-2006-6410 - https://www.exploit-db.com/exploits/2264 +CVE-2006-6417 - http://securityreason.com/securityalert/2006 CVE-2006-6418 - http://www.netragard.com/pdfs/research/HP-TRU64-LIBPTHREAD-20060811.txt CVE-2006-6421 - http://securityreason.com/securityalert/2005 CVE-2006-6426 - https://www.exploit-db.com/exploits/2898 @@ -17438,6 +17439,7 @@ CVE-2010-10011 - https://www.exploit-db.com/exploits/15445 CVE-2010-1003 - http://www.coresecurity.com/content/efront-php-file-inclusion CVE-2010-1028 - http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/ CVE-2010-1028 - http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/ +CVE-2010-1028 - http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html CVE-2010-1028 - https://bugzilla.mozilla.org/show_bug.cgi?id=552216 CVE-2010-1029 - http://www.exploit-db.com/exploits/11567 CVE-2010-1044 - http://packetstormsecurity.org/1002-exploits/oputils_5-sql.txt @@ -45659,6 +45661,7 @@ CVE-2017-20101 - http://seclists.org/fulldisclosure/2017/Feb/58 CVE-2017-20101 - https://youtu.be/Xc6Jg9I7Pj4 CVE-2017-20102 - https://www.vulnerability-lab.com/get_content.php?id=2033 CVE-2017-20103 - http://seclists.org/fulldisclosure/2017/Feb/67 +CVE-2017-20103 - https://vuldb.com/?id.97335 CVE-2017-20104 - http://seclists.org/bugtraq/2017/Feb/39 CVE-2017-20104 - https://vuldb.com/?id.97252 CVE-2017-20105 - http://seclists.org/bugtraq/2017/Feb/40 @@ -95921,8 +95924,10 @@ CVE-2023-7039 - https://github.com/Stitch3612/cve/blob/main/rce.md CVE-2023-7040 - https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20read.md CVE-2023-7041 - https://github.com/g1an123/POC/blob/main/Unauthorized%20file%20overwrite.md CVE-2023-7045 - https://gitlab.com/gitlab-org/gitlab/-/issues/436358 +CVE-2023-7050 - https://vuldb.com/?id.248737 CVE-2023-7051 - https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_delete_notes.md CVE-2023-7052 - https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_profile_notes.md +CVE-2023-7054 - https://vuldb.com/?id.248741 CVE-2023-7059 - https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/school-visitors-log-e-book.md CVE-2023-7060 - https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fjc8-223c-qgqr CVE-2023-7074 - https://wpscan.com/vulnerability/7906c349-97b0-4d82-aef0-97a1175ae88e/ @@ -95950,6 +95955,7 @@ CVE-2023-7109 - https://github.com/h4md153v63n/CVEs/blob/main/Library-Management CVE-2023-7109 - https://vuldb.com/?id.249004 CVE-2023-7110 - https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-2.md CVE-2023-7111 - https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-3.md +CVE-2023-7111 - https://vuldb.com/?id.249006 CVE-2023-7115 - https://wpscan.com/vulnerability/6ddd1a9e-3f96-4020-9b2b-f818a4d5ba58/ CVE-2023-7123 - https://medium.com/@2839549219ljk/medicine-tracking-system-sql-injection-7b0dde3a82a4 CVE-2023-7124 - https://github.com/h4md153v63n/CVEs/blob/main/E-commerce_Site/E-commerce_Site-Reflected_Cross_Site_Scripting.md @@ -95999,6 +96005,7 @@ CVE-2023-7178 - https://medium.com/@heishou/libsystem-foreground-sql-injection-v CVE-2023-7179 - https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-a98949964faf CVE-2023-7180 - https://github.com/Bobjones7/cve/blob/main/sql.md CVE-2023-7181 - https://vuldb.com/?id.249368 +CVE-2023-7193 - https://vuldb.com/?id.249395 CVE-2023-7194 - https://wpscan.com/vulnerability/e20292af-939a-4cb1-91e4-5ff6aa0c7fbe CVE-2023-7198 - https://wpscan.com/vulnerability/75fbee63-d622-441f-8675-082907b0b1e6/ CVE-2023-7199 - https://wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3/ @@ -97844,6 +97851,8 @@ CVE-2024-29030 - https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-20 CVE-2024-29031 - https://securitylab.github.com/advisories/GHSL-2023-249_Meshery/ CVE-2024-29032 - https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7m CVE-2024-29038 - https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-5495-c38w-gr6f +CVE-2024-29039 - https://github.com/tpm2-software/tpm2-tools/security/advisories/GHSA-8rjm-5f5f-h4q6 +CVE-2024-29040 - https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-837m-jw3m-h9p6 CVE-2024-29042 - https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj CVE-2024-2907 - https://wpscan.com/vulnerability/d2588b47-a518-4cb2-a557-2c7eaffa17e4/ CVE-2024-2908 - https://wpscan.com/vulnerability/58c9e088-ed74-461a-b305-e217679f26c1/ @@ -97853,6 +97862,7 @@ CVE-2024-29150 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisorie CVE-2024-29156 - https://launchpad.net/bugs/2048114 CVE-2024-29179 - https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 CVE-2024-29180 - https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6 +CVE-2024-29181 - https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m CVE-2024-29183 - https://securitylab.github.com/advisories/GHSL-2023-253_openrasp CVE-2024-29186 - https://github.com/brefphp/bref/security/advisories/GHSA-j4hq-f63x-f39r CVE-2024-29187 - https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r @@ -97879,6 +97889,8 @@ CVE-2024-29302 - https://packetstormsecurity.com/files/177737/Task-Management-Sy CVE-2024-29303 - https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html CVE-2024-29309 - https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858 CVE-2024-29316 - https://nodebb.org/bounty/ +CVE-2024-29318 - https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-29318 +CVE-2024-29319 - https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-29319 CVE-2024-2932 - https://github.com/CveSecLook/cve/issues/3 CVE-2024-29338 - https://github.com/PWwwww123/cms/blob/main/1.md CVE-2024-2934 - https://github.com/BurakSevben/CVEs/blob/main/To%20Do%20List%20App/To%20Do%20List%20App%20-%20SQL%20Injection.md @@ -97894,6 +97906,7 @@ CVE-2024-29385 - https://github.com/songah119/Report/blob/main/CI-1.md CVE-2024-29385 - https://www.dlink.com/en/security-bulletin/ CVE-2024-29386 - https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/ CVE-2024-29387 - https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/ +CVE-2024-29390 - https://github.com/CyberSentryX/CVE_Hunting/blob/main/CVE-2024-29390/README.md CVE-2024-29392 - https://gist.github.com/phulelouch/48ee63a7c46078574f3b3dc9a739052c CVE-2024-29399 - https://github.com/ally-petitt/CVE-2024-29399 CVE-2024-29400 - https://github.com/Fr1ezy/RuoYi_info @@ -98551,6 +98564,7 @@ CVE-2024-34523 - https://github.com/piuppi/Proof-of-Concepts/blob/main/AChecker/ CVE-2024-34532 - https://github.com/luvsn/OdZoo/tree/main/exploits/query_deluxe CVE-2024-34533 - https://github.com/luvsn/OdZoo/tree/main/exploits/izi_data CVE-2024-34534 - https://github.com/luvsn/OdZoo/tree/main/exploits/text_commander +CVE-2024-34580 - https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/3726671873/Santuario CVE-2024-34580 - https://www.sonatype.com/blog/the-exploited-ivanti-connect-ssrf-vulnerability-stems-from-xmltooling-oss-library CVE-2024-34582 - https://github.com/silent6trinity/CVE-2024-34582 CVE-2024-34694 - https://github.com/lnbits/lnbits/security/advisories/GHSA-3j4h-h3fp-vwww @@ -98846,6 +98860,7 @@ CVE-2024-37308 - https://github.com/XjSv/Cooked/security/advisories/GHSA-9vfv-c9 CVE-2024-37309 - https://github.com/crate/crate/security/advisories/GHSA-x268-qpg6-w9g2 CVE-2024-37310 - https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96 CVE-2024-3735 - https://vuldb.com/?submit.311153 +CVE-2024-37382 - https://www.abinitio.com/en/security-advisories/ab-2024-003/ CVE-2024-37386 - https://advisories.stormshield.eu/2024-017 CVE-2024-37393 - https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393 CVE-2024-37407 - https://github.com/libarchive/libarchive/pull/2145 @@ -98859,6 +98874,7 @@ CVE-2024-3754 - https://wpscan.com/vulnerability/8c6f3e3e-3047-4446-a190-750a60c CVE-2024-3755 - https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/ CVE-2024-3756 - https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/ CVE-2024-37568 - https://github.com/lepture/authlib/issues/654 +CVE-2024-37568 - https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-lepture-authlib-cve-2024-37568 CVE-2024-37569 - https://www.youtube.com/watch?v=I9TQqfP5qzM CVE-2024-37619 - https://github.com/Hebing123/cve/issues/45 CVE-2024-37620 - https://github.com/Hebing123/cve/issues/46 @@ -98893,6 +98909,7 @@ CVE-2024-37673 - https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/m CVE-2024-37674 - https://github.com/MohamedAzizMSALLEMI/Moodle_Security/blob/main/CVE-2024-37674.md CVE-2024-37675 - https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37675.md CVE-2024-3768 - https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%204.md +CVE-2024-3768 - https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_b.md CVE-2024-3768 - https://vuldb.com/?id.260615 CVE-2024-3769 - https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20Authentication%20Bypass.md CVE-2024-3770 - https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20SQL%20Injection%20-%203.md @@ -99221,7 +99238,12 @@ CVE-2024-4111 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX CVE-2024-41112 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L373-L376 CVE-2024-41112 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L380 CVE-2024-41112 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41113 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388 +CVE-2024-41113 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L390-L393 +CVE-2024-41113 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L395 CVE-2024-41113 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41114 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L430 +CVE-2024-41114 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L435 CVE-2024-41114 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ CVE-2024-41115 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L488 CVE-2024-41115 - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L493 @@ -99234,7 +99256,9 @@ CVE-2024-41118 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-20 CVE-2024-41119 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ CVE-2024-4112 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/formSetVirtualSer.md CVE-2024-41120 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41127 - https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9 CVE-2024-41127 - https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype +CVE-2024-41129 - https://github.com/canonical/operator/security/advisories/GHSA-hcmv-jmqh-fjgm CVE-2024-4113 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/fromSetSysTime.md CVE-2024-41130 - https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-49q7-2jmh-92fp CVE-2024-4114 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/setSmartPowerManagement.md @@ -99255,10 +99279,13 @@ CVE-2024-4126 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W1 CVE-2024-4127 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/guestWifiRuleRefresh.md CVE-2024-41281 - https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_get_merge_mac.md CVE-2024-41333 - https://packetstormsecurity.com/files/179891/Tourism-Management-System-2.0-Cross-Site-Scripting.html +CVE-2024-41353 - https://github.com/phpipam/phpipam/issues/4147 CVE-2024-41354 - https://github.com/phpipam/phpipam/issues/4150 CVE-2024-41355 - https://github.com/phpipam/phpipam/issues/4151 +CVE-2024-41357 - https://github.com/phpipam/phpipam/issues/4149 CVE-2024-41373 - https://github.com/xjzzzxx/vulFound/blob/main/icecoder/icecoder8.1_PT.md CVE-2024-41375 - https://github.com/xjzzzxx/vulFound/blob/main/icecoder/icecoder8.1_xss1.md +CVE-2024-41376 - https://github.com/zyx0814/dzzoffice/issues/252 CVE-2024-41380 - https://github.com/microweber/microweber/issues/1111 CVE-2024-41381 - https://github.com/microweber/microweber/issues/1110 CVE-2024-4140 - https://github.com/rjbs/Email-MIME/issues/66 @@ -99280,6 +99307,11 @@ CVE-2024-41439 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/he CVE-2024-41439 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.assets/image-20240530192505615.png CVE-2024-41439 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.assets/image-20240531002753478.png CVE-2024-41439 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.md +CVE-2024-41440 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32 +CVE-2024-41440 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc +CVE-2024-41440 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc/sample18.png +CVE-2024-41440 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.assets/image-20240530225208577.png +CVE-2024-41440 - https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.md CVE-2024-4145 - https://wpscan.com/vulnerability/7d5b8764-c82d-4969-a707-f38b63bcadca/ CVE-2024-41459 - https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/QuickIndex/QuickIndex.md CVE-2024-41460 - https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/RouteStatic/README.md @@ -99287,6 +99319,9 @@ CVE-2024-41461 - https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/ CVE-2024-41462 - https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/DhcpListClient2/README.md CVE-2024-41463 - https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/addressNat/README.md CVE-2024-41464 - https://github.com/iotresearch/iot-vuln/tree/main/Tenda/FH1201/RouteStatic2 +CVE-2024-41466 - https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/NatStaticSetting/README.md +CVE-2024-41468 - https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/exeCommand/README.md +CVE-2024-41473 - https://github.com/iotresearch/iot-vuln/tree/main/Tenda/FH1201/WriteFacMac CVE-2024-4149 - https://wpscan.com/vulnerability/0256ec2a-f1a9-4110-9978-ee88f9e24237/ CVE-2024-41492 - https://gist.github.com/Swind1er/4176fdc25e415296904c9fb19e2f8293 CVE-2024-41597 - https://gist.github.com/DefensiumDevelopers/608be4d10b016dce0566925368a8b08c#file-cve-2024-41597-md @@ -99301,18 +99336,26 @@ CVE-2024-41668 - https://www.wizlynxgroup.com/security-research-advisories/vuln/ CVE-2024-4167 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md CVE-2024-41671 - https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7 CVE-2024-41672 - https://github.com/duckdb/duckdb/security/advisories/GHSA-w2gf-jxc9-pf2q +CVE-2024-41677 - https://github.com/QwikDev/qwik/security/advisories/GHSA-2rwj-7xq8-4gx4 CVE-2024-4168 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_4260F0.md CVE-2024-4169 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_42775C.md CVE-2024-4170 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md CVE-2024-4171 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromWizardHandle.md CVE-2024-4172 - https://github.com/bigbigbigbaby/cms2/blob/main/1.md CVE-2024-4180 - https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/ +CVE-2024-41800 - https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use +CVE-2024-41808 - https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j +CVE-2024-41810 - https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2 CVE-2024-41812 - https://github.com/TxtDot/txtdot/security/advisories/GHSA-4gj5-xj97-j8fp +CVE-2024-41813 - https://github.com/TxtDot/txtdot/security/advisories/GHSA-4c78-229v-hf6m +CVE-2024-41816 - https://github.com/XjSv/Cooked/security/advisories/GHSA-3gw3-2qjq-xqjj CVE-2024-41817 - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8 CVE-2024-41818 - https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v CVE-2024-41819 - https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3 CVE-2024-41945 - https://github.com/FuelLabs/fuels-ts/security/advisories/GHSA-3jcg-vx7f-j6qf +CVE-2024-41955 - https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4 CVE-2024-41957 - https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 +CVE-2024-41965 - https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f CVE-2024-4201 - https://gitlab.com/gitlab-org/gitlab/-/issues/458229 CVE-2024-42029 - https://github.com/hyprwm/xdg-desktop-portal-hyprland/issues/242 CVE-2024-42054 - https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd @@ -99730,7 +99773,10 @@ CVE-2024-6113 - https://github.com/wangyuan-ui/CVE/issues/3 CVE-2024-6114 - https://github.com/wangyuan-ui/CVE/issues/4 CVE-2024-6127 - https://vulncheck.com/advisories/empire-unauth-rce CVE-2024-6130 - https://wpscan.com/vulnerability/bbed2968-4bd6-49ae-bd61-8a1f751e7041/ +CVE-2024-6133 - https://wpscan.com/vulnerability/fd613e1e-557c-4383-a3e9-4c14bc0be0c5/ +CVE-2024-6136 - https://wpscan.com/vulnerability/7d85cfe4-4878-4530-ba78-7cfe33f3a8d5/ CVE-2024-6138 - https://wpscan.com/vulnerability/9ef2a8d8-39d5-45d3-95de-e7bac4b7382d/ +CVE-2024-6158 - https://wpscan.com/vulnerability/8adb219f-f0a6-4e87-8626-db26e300c220/ CVE-2024-6164 - https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ CVE-2024-6165 - https://wpscan.com/vulnerability/b9e6648a-9d19-4e73-ad6c-f727802d8dd5/ CVE-2024-6184 - https://github.com/L1OudFd8cl09/CVE/blob/main/11_06_2024_a.md @@ -99920,6 +99966,9 @@ CVE-2024-7223 - https://gist.github.com/topsky979/4c28743586769e73fe37007ed92cc1 CVE-2024-7224 - https://gist.github.com/topsky979/76bc2c8ce4871ad8bb60c52e47c4fb5b CVE-2024-7225 - https://github.com/Xu-Mingming/cve/blob/main/xss2.md CVE-2024-7226 - https://github.com/Xu-Mingming/cve/blob/main/CSRF2.md +CVE-2024-7272 - https://ffmpeg.org/ +CVE-2024-7272 - https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc5 +CVE-2024-7272 - https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc6 CVE-2024-7273 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md CVE-2024-7274 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md CVE-2024-7275 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-3.md @@ -99997,12 +100046,14 @@ CVE-2024-7444 - https://github.com/DeepMountains/Mirage/blob/main/CVE10-1.md CVE-2024-7445 - https://github.com/DeepMountains/Mirage/blob/main/CVE10-2.md CVE-2024-7446 - https://github.com/DeepMountains/Mirage/blob/main/CVE10-3.md CVE-2024-7449 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-1.md +CVE-2024-7449 - https://vuldb.com/?submit.383859 CVE-2024-7450 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-2.md CVE-2024-7451 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-3.md CVE-2024-7451 - https://vuldb.com/?submit.383864 CVE-2024-7452 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-4.md CVE-2024-7453 - https://github.com/Hebing123/cve/issues/65 CVE-2024-7453 - https://github.com/Hebing123/cve/issues/66 +CVE-2024-7454 - https://github.com/lche511/cve/blob/main/sql.md CVE-2024-7455 - https://github.com/Wumshi/cve/issues/3 CVE-2024-7458 - https://github.com/elunez/eladmin/issues/851 CVE-2024-7459 - https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cad @@ -100021,3 +100072,15 @@ CVE-2024-7499 - https://github.com/DeepMountains/zzz/blob/main/CVE1-4.md CVE-2024-7500 - https://github.com/DeepMountains/zzz/blob/main/CVE1-5.md CVE-2024-7505 - https://github.com/CveSecLook/cve/issues/56 CVE-2024-7506 - https://github.com/CveSecLook/cve/issues/57 +CVE-2024-7551 - https://github.com/DeepMountains/Mirage/blob/main/CVE9-1.md +CVE-2024-7578 - https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md +CVE-2024-7579 - https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md +CVE-2024-7580 - https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md +CVE-2024-7581 - https://github.com/BeaCox/IoT_vuln/tree/main/tenda/A301/WifiBasicSet_bof +CVE-2024-7582 - https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalAccessCodeAuth +CVE-2024-7583 - https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalOneKeyAuth +CVE-2024-7584 - https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalPhoneAuth +CVE-2024-7585 - https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalWebAuth +CVE-2024-7613 - https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/GstDhcpSetSer_bof%26injection +CVE-2024-7614 - https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/qossetting_bof +CVE-2024-7615 - https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/Safe_Client_or_Url_or_Mac_Filter_bof