Update Mon Apr 15 10:07:45 UTC 2024

trickest · Apr 15, 2024 · 28e2d6d · 28e2d6d
1 parent efb0cfb
commit 28e2d6d
Show file tree

Hide file tree

Showing 50 changed files with 706 additions and 7 deletions.
diff --git a/2020/CVE-2020-11774.md b/2020/CVE-2020-11774.md
@@ -0,0 +1,17 @@
+### [CVE-2020-11774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11774)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000061756/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2018-0522
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2020/CVE-2020-1416.md b/2020/CVE-2020-1416.md
@@ -0,0 +1,23 @@
+### [CVE-2020-1416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1416)
+![](https://img.shields.io/static/v1?label=Product&message=Azure%20Storage%20Explorer&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202017%20version%2015.9%20(includes%2015.0%20-%2015.8)&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202019%20version%2016.4%20(includes%2016.0%20-%2016.3)&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202019%20version%2016.6%20(includes%2016.0%20-%2016.5)&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202019&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=TypeScript&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Visual%20Studio%20Code&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen)
+
+### Description
+
+An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/xjr1300/first-step-of-python
+
diff --git a/2021/CVE-2021-41042.md b/2021/CVE-2021-41042.md
@@ -0,0 +1,17 @@
+### [CVE-2021-41042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41042)
+![](https://img.shields.io/static/v1?label=Product&message=Eclipse%20Lyo&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%201.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611&color=brighgreen)
+
+### Description
+
+In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/eclipse/lyo
+
diff --git a/2022/CVE-2022-27642.md b/2022/CVE-2022-27642.md
@@ -0,0 +1,17 @@
+### [CVE-2022-27642](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27642)
+![](https://img.shields.io/static/v1?label=Product&message=R6700v3&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%3A%20Incorrect%20Authorization&color=brighgreen)
+
+### Description
+
+This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-27647.md b/2022/CVE-2022-27647.md
@@ -0,0 +1,17 @@
+### [CVE-2022-27647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27647)
+![](https://img.shields.io/static/v1?label=Product&message=R6700v3&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
+
+### Description
+
+This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-0399.md b/2024/CVE-2024-0399.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0399)
+![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Customers%20Manager&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%2029.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-0902.md b/2024/CVE-2024-0902.md
@@ -0,0 +1,17 @@
+### [CVE-2024-0902](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0902)
+![](https://img.shields.io/static/v1?label=Product&message=Fancy%20Product%20Designer&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.1.81%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/fd53e40a-516b-47b9-b495-321774432367/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1204.md b/2024/CVE-2024-1204.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1204)
+![](https://img.shields.io/static/v1?label=Product&message=Meta%20Box%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.9.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)
+
+### Description
+
+The Meta Box  WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts.
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/03191b00-0b05-42db-9ce2-fc525981b6c9/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1306.md b/2024/CVE-2024-1306.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1306)
+![](https://img.shields.io/static/v1?label=Product&message=Smart%20Forms%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.94%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Smart Forms  WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk.
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/c7ce2649-b2b0-43f4-994d-07b1023405e9/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1307.md b/2024/CVE-2024-1307.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1307)
+![](https://img.shields.io/static/v1?label=Product&message=Smart%20Forms%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.94%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+The Smart Forms  WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/bbc6cebd-e9bf-4b08-a474-f9312b3c0947/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1310.md b/2024/CVE-2024-1310.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1310)
+![](https://img.shields.io/static/v1?label=Product&message=WooCommerce&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)
+
+### Description
+
+The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/a7735feb-876e-461c-9a56-ea6067faf277/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1488.md b/2024/CVE-2024-1488.md
@@ -3,7 +3,10 @@
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Extended%20Update%20Support&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=unbound&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)

diff --git a/2024/CVE-2024-1655.md b/2024/CVE-2024-1655.md
@@ -0,0 +1,21 @@
+### [CVE-2024-1655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1655)
+![](https://img.shields.io/static/v1?label=Product&message=ExpertWiFi%20EBM63&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=ExpertWiFi%20EBM68&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=RT-AX57%20Go&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=earlier%20%3C%203.0.0.6.102_44384%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=earlier%3C%203.0.0.6.102_22188%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=earlier%3C%203.0.0.6.102_32645%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
+
+### Description
+
+Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1660.md b/2024/CVE-2024-1660.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1660)
+![](https://img.shields.io/static/v1?label=Product&message=Top%20Bar&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/5bd16f84-22bf-4170-b65c-08caf67d0005/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1712.md b/2024/CVE-2024-1712.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1712)
+![](https://img.shields.io/static/v1?label=Product&message=Carousel%20Slider&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/23805a61-9fcd-4744-a60d-05c8cb43ee01/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1746.md b/2024/CVE-2024-1746.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1746](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1746)
+![](https://img.shields.io/static/v1?label=Product&message=Testimonial%20Slider&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.8%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/5f35572a-4129-4fe0-a465-d25f4c3b4419/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1754.md b/2024/CVE-2024-1754.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1754)
+![](https://img.shields.io/static/v1?label=Product&message=NPS%20computy&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/c061e792-e37a-4cf6-b46b-ff111c5a5c84/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1755.md b/2024/CVE-2024-1755.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1755)
+![](https://img.shields.io/static/v1?label=Product&message=NPS%20computy&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/481a376b-55be-4afa-94f5-c3cf8a88b8d1/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1846.md b/2024/CVE-2024-1846.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1846](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1846)
+![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Tabs&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/ea2a8420-4b0e-4efb-a0c6-ceea996dae5a/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-1849.md b/2024/CVE-2024-1849.md
@@ -0,0 +1,17 @@
+### [CVE-2024-1849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1849)
+![](https://img.shields.io/static/v1?label=Product&message=WP%20Customer%20Reviews&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.7.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen)
+
+### Description
+
+The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/e6d9fe28-def6-4f25-9967-a77f91899bfe/
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-21447.md b/2024/CVE-2024-21447.md
@@ -11,7 +11,7 @@
 ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4291%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2402%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2899%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3435%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3447%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3447%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.830%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%3A%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen)

diff --git a/2024/CVE-2024-23334.md b/2024/CVE-2024-23334.md
@@ -15,6 +15,7 @@ aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
 #### Github
 - https://github.com/Ostorlab/KEV
 - https://github.com/jhonnybonny/CVE-2024-23334
+- https://github.com/marl-ot/DevSecOps-2024
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/ox1111/CVE-2024-23334
 - https://github.com/sxyrxyy/aiohttp-exploit-CVE-2024-23334-certstream

diff --git a/2024/CVE-2024-27198.md b/2024/CVE-2024-27198.md
@@ -32,6 +32,7 @@ No PoCs from references.
 - https://github.com/johe123qwe/github-trending
 - https://github.com/juev/links
 - https://github.com/labesterOct/CVE-2024-27198
+- https://github.com/marl-ot/DevSecOps-2024
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/passwa11/CVE-2024-27198-RCE
 - https://github.com/rampantspark/CVE-2024-27198