diff --git a/2016/CVE-2016-1000109.md b/2016/CVE-2016-1000109.md index 0b4cf91e68..371415bad4 100644 --- a/2016/CVE-2016-1000109.md +++ b/2016/CVE-2016-1000109.md @@ -32,6 +32,7 @@ HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-1000110.md b/2016/CVE-2016-1000110.md index 57232937ac..af8079a491 100644 --- a/2016/CVE-2016-1000110.md +++ b/2016/CVE-2016-1000110.md @@ -33,6 +33,7 @@ The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_P - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-5385.md b/2016/CVE-2016-5385.md index 2f7fc2cce6..c69e91d6a5 100644 --- a/2016/CVE-2016-5385.md +++ b/2016/CVE-2016-5385.md @@ -43,6 +43,7 @@ PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-5386.md b/2016/CVE-2016-5386.md index 29e4eeb330..7d6ef6558b 100644 --- a/2016/CVE-2016-5386.md +++ b/2016/CVE-2016-5386.md @@ -36,6 +36,7 @@ The net/http package in Go through 1.6 does not attempt to address RFC 3875 sect - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-5387.md b/2016/CVE-2016-5387.md index 60185f9638..d95b5b4548 100644 --- a/2016/CVE-2016-5387.md +++ b/2016/CVE-2016-5387.md @@ -46,6 +46,7 @@ The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and theref - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/firatesatoglu/shodanSearch - https://github.com/gabomasi/reverse-proxy diff --git a/2016/CVE-2016-5388.md b/2016/CVE-2016-5388.md index 97af8c0f44..0e59baa4f4 100644 --- a/2016/CVE-2016-5388.md +++ b/2016/CVE-2016-5388.md @@ -36,6 +36,7 @@ Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-7478.md b/2016/CVE-2016-7478.md index 966d7f09ee..1a7403d1d9 100644 --- a/2016/CVE-2016-7478.md +++ b/2016/CVE-2016-7478.md @@ -11,6 +11,7 @@ Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, #### Reference - https://bugs.php.net/bug.php?id=73093 +- https://www.youtube.com/watch?v=LDcaPstAuPk #### Github - https://github.com/syadg123/pigat diff --git a/2016/CVE-2016-7479.md b/2016/CVE-2016-7479.md index 66b4adc2d3..49fea846e5 100644 --- a/2016/CVE-2016-7479.md +++ b/2016/CVE-2016-7479.md @@ -11,6 +11,7 @@ In all versions of PHP 7, during the unserialization process, resizing the 'prop #### Reference - https://bugs.php.net/bug.php?id=73092 +- https://www.youtube.com/watch?v=LDcaPstAuPk #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2016/CVE-2016-7480.md b/2016/CVE-2016-7480.md index 6d8f1ec3b3..3a40404f57 100644 --- a/2016/CVE-2016-7480.md +++ b/2016/CVE-2016-7480.md @@ -10,7 +10,7 @@ The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP ### POC #### Reference -No PoCs from references. +- https://www.youtube.com/watch?v=LDcaPstAuPk #### Github - https://github.com/ycamper/censys-scripts diff --git a/2020/CVE-2020-6514.md b/2020/CVE-2020-6514.md index 463adc18c9..c4e7bdda5c 100644 --- a/2020/CVE-2020-6514.md +++ b/2020/CVE-2020-6514.md @@ -18,6 +18,7 @@ Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 al - https://github.com/HassanAzze/CVE-2020-6514 - https://github.com/R0jhack/CVE-2020-6514 - https://github.com/developer3000S/PoC-in-GitHub +- https://github.com/hasan-khalil/CVE-2020-6514 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/rojhack/CVE-2020-6514 diff --git a/2024/CVE-2024-2337.md b/2024/CVE-2024-2337.md new file mode 100644 index 0000000000..3cc1b97383 --- /dev/null +++ b/2024/CVE-2024-2337.md @@ -0,0 +1,17 @@ +### [CVE-2024-2337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2337) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Testimonials&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.9.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-37561.md b/2024/CVE-2024-37561.md new file mode 100644 index 0000000000..0e4d6a6450 --- /dev/null +++ b/2024/CVE-2024-37561.md @@ -0,0 +1,17 @@ +### [CVE-2024-37561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37561) +![](https://img.shields.io/static/v1?label=Product&message=Plugin%20Notes%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jamie Bergen Plugin Notes Plus allows Stored XSS.This issue affects Plugin Notes Plus: from n/a through 1.2.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37562.md b/2024/CVE-2024-37562.md new file mode 100644 index 0000000000..76022ff1d3 --- /dev/null +++ b/2024/CVE-2024-37562.md @@ -0,0 +1,17 @@ +### [CVE-2024-37562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37562) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Post%20Notes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.7.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37563.md b/2024/CVE-2024-37563.md new file mode 100644 index 0000000000..5bc7ad612a --- /dev/null +++ b/2024/CVE-2024-37563.md @@ -0,0 +1,17 @@ +### [CVE-2024-37563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37563) +![](https://img.shields.io/static/v1?label=Product&message=TOCHAT.BE&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TOCHAT.BE allows Stored XSS.This issue affects TOCHAT.BE: from n/a through 1.3.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37565.md b/2024/CVE-2024-37565.md new file mode 100644 index 0000000000..97902a2078 --- /dev/null +++ b/2024/CVE-2024-37565.md @@ -0,0 +1,17 @@ +### [CVE-2024-37565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37565) +![](https://img.shields.io/static/v1?label=Product&message=Gum%20Elementor%20Addon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37918.md b/2024/CVE-2024-37918.md new file mode 100644 index 0000000000..d7545c54ca --- /dev/null +++ b/2024/CVE-2024-37918.md @@ -0,0 +1,17 @@ +### [CVE-2024-37918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37918) +![](https://img.shields.io/static/v1?label=Product&message=ConeBlog%20%E2%80%93%20WordPress%20Blog%20Widgets&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCone.Com ConeBlog – WordPress Blog Widgets allows Stored XSS.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through 1.4.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37919.md b/2024/CVE-2024-37919.md new file mode 100644 index 0000000000..a9be23099e --- /dev/null +++ b/2024/CVE-2024-37919.md @@ -0,0 +1,17 @@ +### [CVE-2024-37919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37919) +![](https://img.shields.io/static/v1?label=Product&message=Timeline%20Module%20for%20Beaver%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Timeline Module for Beaver Builder allows Stored XSS.This issue affects Timeline Module for Beaver Builder: from n/a through 1.1.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37920.md b/2024/CVE-2024-37920.md new file mode 100644 index 0000000000..bfdcfc57c2 --- /dev/null +++ b/2024/CVE-2024-37920.md @@ -0,0 +1,17 @@ +### [CVE-2024-37920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37920) +![](https://img.shields.io/static/v1?label=Product&message=ARForms%20Form%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37936.md b/2024/CVE-2024-37936.md new file mode 100644 index 0000000000..8aab7787ca --- /dev/null +++ b/2024/CVE-2024-37936.md @@ -0,0 +1,17 @@ +### [CVE-2024-37936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37936) +![](https://img.shields.io/static/v1?label=Product&message=Tabs%20For%20WPBakery%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in labibahmed Tabs For WPBakery Page Builder allows Stored XSS.This issue affects Tabs For WPBakery Page Builder: from n/a through 1.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37943.md b/2024/CVE-2024-37943.md new file mode 100644 index 0000000000..239c25fbdb --- /dev/null +++ b/2024/CVE-2024-37943.md @@ -0,0 +1,17 @@ +### [CVE-2024-37943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37943) +![](https://img.shields.io/static/v1?label=Product&message=YITH%20WooCommerce%20Ajax%20Product%20Filter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Ajax Product Filter allows Reflected XSS.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through 5.1.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37944.md b/2024/CVE-2024-37944.md new file mode 100644 index 0000000000..2714db3b72 --- /dev/null +++ b/2024/CVE-2024-37944.md @@ -0,0 +1,17 @@ +### [CVE-2024-37944](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37944) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Travel%20Engine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37946.md b/2024/CVE-2024-37946.md new file mode 100644 index 0000000000..e6e5c81a0c --- /dev/null +++ b/2024/CVE-2024-37946.md @@ -0,0 +1,17 @@ +### [CVE-2024-37946](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37946) +![](https://img.shields.io/static/v1?label=Product&message=ReCaptcha%20Integration%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs ReCaptcha Integration for WordPress allows Stored XSS.This issue affects ReCaptcha Integration for WordPress: from n/a through 1.2.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37947.md b/2024/CVE-2024-37947.md new file mode 100644 index 0000000000..79907fae75 --- /dev/null +++ b/2024/CVE-2024-37947.md @@ -0,0 +1,17 @@ +### [CVE-2024-37947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37947) +![](https://img.shields.io/static/v1?label=Product&message=Tutor%20LMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37948.md b/2024/CVE-2024-37948.md new file mode 100644 index 0000000000..b12c5d2bc4 --- /dev/null +++ b/2024/CVE-2024-37948.md @@ -0,0 +1,17 @@ +### [CVE-2024-37948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37948) +![](https://img.shields.io/static/v1?label=Product&message=Caxton%20%E2%80%93%20Create%20Pro%20page%20layouts%20in%20Gutenberg&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.30.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PootlePress Caxton – Create Pro page layouts in Gutenberg allows Stored XSS.This issue affects Caxton – Create Pro page layouts in Gutenberg: from n/a through 1.30.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37949.md b/2024/CVE-2024-37949.md new file mode 100644 index 0000000000..59aa530af8 --- /dev/null +++ b/2024/CVE-2024-37949.md @@ -0,0 +1,17 @@ +### [CVE-2024-37949](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37949) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Mobile&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.15.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Mobile allows Stored XSS.This issue affects Responsive Mobile: from n/a through 1.15.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37950.md b/2024/CVE-2024-37950.md new file mode 100644 index 0000000000..201a90e334 --- /dev/null +++ b/2024/CVE-2024-37950.md @@ -0,0 +1,17 @@ +### [CVE-2024-37950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37950) +![](https://img.shields.io/static/v1?label=Product&message=Master%20Popups&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.0.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37951.md b/2024/CVE-2024-37951.md new file mode 100644 index 0000000000..583eca5e8e --- /dev/null +++ b/2024/CVE-2024-37951.md @@ -0,0 +1,17 @@ +### [CVE-2024-37951](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37951) +![](https://img.shields.io/static/v1?label=Product&message=Magical%20Posts%20Display%20%E2%80%93%20Elementor%20%26%20Gutenberg%20Posts%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.38%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Posts Display – Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37953.md b/2024/CVE-2024-37953.md new file mode 100644 index 0000000000..64ec5b6e41 --- /dev/null +++ b/2024/CVE-2024-37953.md @@ -0,0 +1,17 @@ +### [CVE-2024-37953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37953) +![](https://img.shields.io/static/v1?label=Product&message=MBE%20eShip&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MBE Worldwide S.P.A. MBE eShip allows Reflected XSS.This issue affects MBE eShip: from n/a through 2.1.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37954.md b/2024/CVE-2024-37954.md new file mode 100644 index 0000000000..17c176f37b --- /dev/null +++ b/2024/CVE-2024-37954.md @@ -0,0 +1,17 @@ +### [CVE-2024-37954](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37954) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Responsive%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%200.2.2.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37955.md b/2024/CVE-2024-37955.md new file mode 100644 index 0000000000..462965a7bb --- /dev/null +++ b/2024/CVE-2024-37955.md @@ -0,0 +1,17 @@ +### [CVE-2024-37955](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37955) +![](https://img.shields.io/static/v1?label=Product&message=GutSlider%20%E2%80%93%20All%20in%20One%20Block%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.7.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider – All in One Block Slider allows Stored XSS.This issue affects GutSlider – All in One Block Slider: from n/a through 2.7.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37956.md b/2024/CVE-2024-37956.md new file mode 100644 index 0000000000..e8eadacd9a --- /dev/null +++ b/2024/CVE-2024-37956.md @@ -0,0 +1,17 @@ +### [CVE-2024-37956](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37956) +![](https://img.shields.io/static/v1?label=Product&message=VK%20All%20in%20One%20Expansion%20Unit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%209.98.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.98.1.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37957.md b/2024/CVE-2024-37957.md new file mode 100644 index 0000000000..ba4aec1e41 --- /dev/null +++ b/2024/CVE-2024-37957.md @@ -0,0 +1,17 @@ +### [CVE-2024-37957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37957) +![](https://img.shields.io/static/v1?label=Product&message=Bradmax%20Player&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37958.md b/2024/CVE-2024-37958.md new file mode 100644 index 0000000000..e486e3097d --- /dev/null +++ b/2024/CVE-2024-37958.md @@ -0,0 +1,17 @@ +### [CVE-2024-37958](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37958) +![](https://img.shields.io/static/v1?label=Product&message=Meks%20Smart%20Author%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37959.md b/2024/CVE-2024-37959.md new file mode 100644 index 0000000000..7744729299 --- /dev/null +++ b/2024/CVE-2024-37959.md @@ -0,0 +1,17 @@ +### [CVE-2024-37959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37959) +![](https://img.shields.io/static/v1?label=Product&message=Power%20BI%20Embedded%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects Power BI Embedded for WordPress: from n/a through 1.1.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37960.md b/2024/CVE-2024-37960.md new file mode 100644 index 0000000000..e99234ace4 --- /dev/null +++ b/2024/CVE-2024-37960.md @@ -0,0 +1,17 @@ +### [CVE-2024-37960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37960) +![](https://img.shields.io/static/v1?label=Product&message=CodePen%20Embedded%20Pens%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37961.md b/2024/CVE-2024-37961.md new file mode 100644 index 0000000000..583e1ea348 --- /dev/null +++ b/2024/CVE-2024-37961.md @@ -0,0 +1,17 @@ +### [CVE-2024-37961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37961) +![](https://img.shields.io/static/v1?label=Product&message=codoc&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codoc.Jp allows Stored XSS.This issue affects codoc: from n/a through 0.9.51.12. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38669.md b/2024/CVE-2024-38669.md new file mode 100644 index 0000000000..9b119c8413 --- /dev/null +++ b/2024/CVE-2024-38669.md @@ -0,0 +1,17 @@ +### [CVE-2024-38669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38669) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Predictive%20Search&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%206.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in a3rev Software WooCommerce Predictive Search allows Reflected XSS.This issue affects WooCommerce Predictive Search: from n/a through 6.0.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38670.md b/2024/CVE-2024-38670.md new file mode 100644 index 0000000000..c5c5ed3217 --- /dev/null +++ b/2024/CVE-2024-38670.md @@ -0,0 +1,17 @@ +### [CVE-2024-38670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38670) +![](https://img.shields.io/static/v1?label=Product&message=Team%20Members&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Members allows Stored XSS.This issue affects Team Members: from n/a through 5.3.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38671.md b/2024/CVE-2024-38671.md new file mode 100644 index 0000000000..9787d31d7d --- /dev/null +++ b/2024/CVE-2024-38671.md @@ -0,0 +1,17 @@ +### [CVE-2024-38671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38671) +![](https://img.shields.io/static/v1?label=Product&message=WP%20GoToWebinar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%2015.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Gibson WP GoToWebinar allows Stored XSS.This issue affects WP GoToWebinar: from n/a through 15.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38672.md b/2024/CVE-2024-38672.md new file mode 100644 index 0000000000..b7b7301306 --- /dev/null +++ b/2024/CVE-2024-38672.md @@ -0,0 +1,17 @@ +### [CVE-2024-38672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38672) +![](https://img.shields.io/static/v1?label=Product&message=AdPush&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.50%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in namithjawahar AdPush allows Reflected XSS.This issue affects AdPush: from n/a through 1.50. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38673.md b/2024/CVE-2024-38673.md new file mode 100644 index 0000000000..fd454d9e80 --- /dev/null +++ b/2024/CVE-2024-38673.md @@ -0,0 +1,17 @@ +### [CVE-2024-38673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38673) +![](https://img.shields.io/static/v1?label=Product&message=Multisite%20Content%20Copier%2FUpdater&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Obtain Infotech Multisite Content Copier/Updater allows Reflected XSS.This issue affects Multisite Content Copier/Updater: from n/a through 1.5.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38674.md b/2024/CVE-2024-38674.md new file mode 100644 index 0000000000..6f016a619c --- /dev/null +++ b/2024/CVE-2024-38674.md @@ -0,0 +1,17 @@ +### [CVE-2024-38674](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38674) +![](https://img.shields.io/static/v1?label=Product&message=SKT%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 2.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38675.md b/2024/CVE-2024-38675.md new file mode 100644 index 0000000000..cabd312752 --- /dev/null +++ b/2024/CVE-2024-38675.md @@ -0,0 +1,17 @@ +### [CVE-2024-38675](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38675) +![](https://img.shields.io/static/v1?label=Product&message=Arkhe%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.22.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.22.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38676.md b/2024/CVE-2024-38676.md new file mode 100644 index 0000000000..38bf8726ab --- /dev/null +++ b/2024/CVE-2024-38676.md @@ -0,0 +1,17 @@ +### [CVE-2024-38676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38676) +![](https://img.shields.io/static/v1?label=Product&message=Booking%20Ultra%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Ultra Pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through 1.1.13. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38677.md b/2024/CVE-2024-38677.md new file mode 100644 index 0000000000..5f1a0c9865 --- /dev/null +++ b/2024/CVE-2024-38677.md @@ -0,0 +1,17 @@ +### [CVE-2024-38677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38677) +![](https://img.shields.io/static/v1?label=Product&message=REVIEWS.io&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Reviews.Co.Uk REVIEWS.Io allows Stored XSS.This issue affects REVIEWS.Io: from n/a through 1.2.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38678.md b/2024/CVE-2024-38678.md new file mode 100644 index 0000000000..831442b19c --- /dev/null +++ b/2024/CVE-2024-38678.md @@ -0,0 +1,17 @@ +### [CVE-2024-38678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38678) +![](https://img.shields.io/static/v1?label=Product&message=Calendar.online%20%2F%20Kalender.digital&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Calendar.Online Calendar.Online / Kalender.Digital allows Stored XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38679.md b/2024/CVE-2024-38679.md new file mode 100644 index 0000000000..227ffde81d --- /dev/null +++ b/2024/CVE-2024-38679.md @@ -0,0 +1,17 @@ +### [CVE-2024-38679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38679) +![](https://img.shields.io/static/v1?label=Product&message=Animated%20Typed%20JS%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yongki Agustinus Animated Typed JS Shortcode allows Stored XSS.This issue affects Animated Typed JS Shortcode: from n/a through 2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38680.md b/2024/CVE-2024-38680.md new file mode 100644 index 0000000000..da60d411b6 --- /dev/null +++ b/2024/CVE-2024-38680.md @@ -0,0 +1,17 @@ +### [CVE-2024-38680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38680) +![](https://img.shields.io/static/v1?label=Product&message=Appmaker%20%E2%80%93%20Convert%20WooCommerce%20to%20Android%20%26%20iOS%20Native%20Mobile%20Apps&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.36.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Appmaker Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps allows Reflected XSS.This issue affects Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps: from n/a through 1.36.12. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38681.md b/2024/CVE-2024-38681.md new file mode 100644 index 0000000000..0314f16b00 --- /dev/null +++ b/2024/CVE-2024-38681.md @@ -0,0 +1,17 @@ +### [CVE-2024-38681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38681) +![](https://img.shields.io/static/v1?label=Product&message=Magical%20Addons%20For%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38682.md b/2024/CVE-2024-38682.md new file mode 100644 index 0000000000..85f4587e3d --- /dev/null +++ b/2024/CVE-2024-38682.md @@ -0,0 +1,17 @@ +### [CVE-2024-38682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38682) +![](https://img.shields.io/static/v1?label=Product&message=Post%20Layouts%20for%20Gutenberg&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Post Layouts for Gutenberg allows Stored XSS.This issue affects Post Layouts for Gutenberg: from n/a through 1.2.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38683.md b/2024/CVE-2024-38683.md new file mode 100644 index 0000000000..3f8cc24866 --- /dev/null +++ b/2024/CVE-2024-38683.md @@ -0,0 +1,17 @@ +### [CVE-2024-38683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38683) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Report&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.4.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iThemelandCo WooCommerce Report allows Reflected XSS.This issue affects WooCommerce Report: from n/a through 1.4.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38684.md b/2024/CVE-2024-38684.md new file mode 100644 index 0000000000..93a6a13989 --- /dev/null +++ b/2024/CVE-2024-38684.md @@ -0,0 +1,17 @@ +### [CVE-2024-38684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38684) +![](https://img.shields.io/static/v1?label=Product&message=SlingBlocks%20%E2%80%93%20Gutenberg%20Blocks%20by%20FunnelKit%20(Formerly%20WooFunnels)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FunnelKit SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) allows Stored XSS.This issue affects SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels): from n/a through 1.4.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38685.md b/2024/CVE-2024-38685.md new file mode 100644 index 0000000000..a69f831faf --- /dev/null +++ b/2024/CVE-2024-38685.md @@ -0,0 +1,17 @@ +### [CVE-2024-38685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38685) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Announcement&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SubscriptionPro WP Announcement allows Stored XSS.This issue affects WP Announcement: from n/a through 2.0.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38686.md b/2024/CVE-2024-38686.md new file mode 100644 index 0000000000..43f9c243b0 --- /dev/null +++ b/2024/CVE-2024-38686.md @@ -0,0 +1,17 @@ +### [CVE-2024-38686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38686) +![](https://img.shields.io/static/v1?label=Product&message=FancyPost%20%E2%80%93%20Best%20Ultimate%20Post%20Block%2C%20Post%20Grid%2C%20Layouts%2C%20Carousel%2C%20Slider%20For%20Gutenberg%20%26%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pluginic FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor allows Stored XSS.This issue affects FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor: from n/a through 5.3.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38687.md b/2024/CVE-2024-38687.md new file mode 100644 index 0000000000..4e54b70c0c --- /dev/null +++ b/2024/CVE-2024-38687.md @@ -0,0 +1,17 @@ +### [CVE-2024-38687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38687) +![](https://img.shields.io/static/v1?label=Product&message=Sky%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.5.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techfyd Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38689.md b/2024/CVE-2024-38689.md new file mode 100644 index 0000000000..8c6a6e988e --- /dev/null +++ b/2024/CVE-2024-38689.md @@ -0,0 +1,18 @@ +### [CVE-2024-38689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38689) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Popup&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows Stored XSS.This issue affects Simple Popup: from n/a through 4.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-38694.md b/2024/CVE-2024-38694.md new file mode 100644 index 0000000000..1f0b0b8514 --- /dev/null +++ b/2024/CVE-2024-38694.md @@ -0,0 +1,17 @@ +### [CVE-2024-38694](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38694) +![](https://img.shields.io/static/v1?label=Product&message=Moloni&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Moloni allows Reflected XSS.This issue affects Moloni: from n/a through 4.7.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38696.md b/2024/CVE-2024-38696.md new file mode 100644 index 0000000000..1065cd37c5 --- /dev/null +++ b/2024/CVE-2024-38696.md @@ -0,0 +1,17 @@ +### [CVE-2024-38696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38696) +![](https://img.shields.io/static/v1?label=Product&message=Zoho%20CRM%20Lead%20Magnet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows Reflected XSS.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.8.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38697.md b/2024/CVE-2024-38697.md new file mode 100644 index 0000000000..5dd3ea6715 --- /dev/null +++ b/2024/CVE-2024-38697.md @@ -0,0 +1,17 @@ +### [CVE-2024-38697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38697) +![](https://img.shields.io/static/v1?label=Product&message=Goftino&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Rahimi Goftino allows Stored XSS.This issue affects Goftino: from n/a through 1.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38698.md b/2024/CVE-2024-38698.md new file mode 100644 index 0000000000..cb54895386 --- /dev/null +++ b/2024/CVE-2024-38698.md @@ -0,0 +1,17 @@ +### [CVE-2024-38698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38698) +![](https://img.shields.io/static/v1?label=Product&message=SKT%20Skill%20Bar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Skill Bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through 2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38700.md b/2024/CVE-2024-38700.md index 68c063ceb5..1839e711b7 100644 --- a/2024/CVE-2024-38700.md +++ b/2024/CVE-2024-38700.md @@ -13,5 +13,6 @@ Improper Neutralization of Special Elements in Output Used by a Downstream Compo No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-38703.md b/2024/CVE-2024-38703.md new file mode 100644 index 0000000000..4b9023a6d9 --- /dev/null +++ b/2024/CVE-2024-38703.md @@ -0,0 +1,17 @@ +### [CVE-2024-38703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38703) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Event%20Aggregator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Stored XSS.This issue affects WP Event Aggregator: from n/a through 1.7.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38705.md b/2024/CVE-2024-38705.md new file mode 100644 index 0000000000..568a36ae58 --- /dev/null +++ b/2024/CVE-2024-38705.md @@ -0,0 +1,17 @@ +### [CVE-2024-38705](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38705) +![](https://img.shields.io/static/v1?label=Product&message=ElementInvader%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38710.md b/2024/CVE-2024-38710.md new file mode 100644 index 0000000000..176f8e8a38 --- /dev/null +++ b/2024/CVE-2024-38710.md @@ -0,0 +1,17 @@ +### [CVE-2024-38710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38710) +![](https://img.shields.io/static/v1?label=Product&message=Master%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38711.md b/2024/CVE-2024-38711.md new file mode 100644 index 0000000000..48e74f63eb --- /dev/null +++ b/2024/CVE-2024-38711.md @@ -0,0 +1,17 @@ +### [CVE-2024-38711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38711) +![](https://img.shields.io/static/v1?label=Product&message=Link%20Library&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.7.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38712.md b/2024/CVE-2024-38712.md new file mode 100644 index 0000000000..b63a1d4433 --- /dev/null +++ b/2024/CVE-2024-38712.md @@ -0,0 +1,17 @@ +### [CVE-2024-38712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38712) +![](https://img.shields.io/static/v1?label=Product&message=Qi%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qode Interactive Qi Blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through 1.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38713.md b/2024/CVE-2024-38713.md new file mode 100644 index 0000000000..6391f54948 --- /dev/null +++ b/2024/CVE-2024-38713.md @@ -0,0 +1,17 @@ +### [CVE-2024-38713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38713) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Photo%20Album%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.8.02.002. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38718.md b/2024/CVE-2024-38718.md new file mode 100644 index 0000000000..bd393fccc3 --- /dev/null +++ b/2024/CVE-2024-38718.md @@ -0,0 +1,17 @@ +### [CVE-2024-38718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38718) +![](https://img.shields.io/static/v1?label=Product&message=Download%20Button%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in clicklabs® Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38720.md b/2024/CVE-2024-38720.md new file mode 100644 index 0000000000..b31d4eba8d --- /dev/null +++ b/2024/CVE-2024-38720.md @@ -0,0 +1,17 @@ +### [CVE-2024-38720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38720) +![](https://img.shields.io/static/v1?label=Product&message=EazyDocs&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EazyDocs eazydocs allows Stored XSS.This issue affects EazyDocs: from n/a through 2.5.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38722.md b/2024/CVE-2024-38722.md new file mode 100644 index 0000000000..23373239fc --- /dev/null +++ b/2024/CVE-2024-38722.md @@ -0,0 +1,17 @@ +### [CVE-2024-38722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38722) +![](https://img.shields.io/static/v1?label=Product&message=Job%20Board%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.1.57%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows Stored XSS.This issue affects Job Board Manager: from n/a through 2.1.57. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38725.md b/2024/CVE-2024-38725.md new file mode 100644 index 0000000000..af417e5076 --- /dev/null +++ b/2024/CVE-2024-38725.md @@ -0,0 +1,17 @@ +### [CVE-2024-38725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38725) +![](https://img.shields.io/static/v1?label=Product&message=Admin%20Dashboard%20RSS%20Feed&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%203.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webstix Admin Dashboard RSS Feed allows Stored XSS.This issue affects Admin Dashboard RSS Feed: from n/a through 3.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38738.md b/2024/CVE-2024-38738.md new file mode 100644 index 0000000000..49cda57d77 --- /dev/null +++ b/2024/CVE-2024-38738.md @@ -0,0 +1,18 @@ +### [CVE-2024-38738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38738) +![](https://img.shields.io/static/v1?label=Product&message=Change%20From%20Email&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Kadanka Change From Email allows Stored XSS.This issue affects Change From Email: from n/a through 1.2.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-38739.md b/2024/CVE-2024-38739.md new file mode 100644 index 0000000000..455bed62aa --- /dev/null +++ b/2024/CVE-2024-38739.md @@ -0,0 +1,17 @@ +### [CVE-2024-38739](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38739) +![](https://img.shields.io/static/v1?label=Product&message=OnePress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.3.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FameThemes OnePress allows Stored XSS.This issue affects OnePress: from n/a through 2.3.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38741.md b/2024/CVE-2024-38741.md new file mode 100644 index 0000000000..3dda689e74 --- /dev/null +++ b/2024/CVE-2024-38741.md @@ -0,0 +1,17 @@ +### [CVE-2024-38741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38741) +![](https://img.shields.io/static/v1?label=Product&message=Amazing%20Hover%20Effects&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.4.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor-E-Alam Amazing Hover Effects allows Stored XSS.This issue affects Amazing Hover Effects: from n/a through 2.4.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38750.md b/2024/CVE-2024-38750.md new file mode 100644 index 0000000000..f851ef0282 --- /dev/null +++ b/2024/CVE-2024-38750.md @@ -0,0 +1,17 @@ +### [CVE-2024-38750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38750) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20post%20slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%203.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in digontoahsan Advanced post slider.This issue affects Advanced post slider: from n/a through 3.0.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38757.md b/2024/CVE-2024-38757.md new file mode 100644 index 0000000000..a44488b37b --- /dev/null +++ b/2024/CVE-2024-38757.md @@ -0,0 +1,17 @@ +### [CVE-2024-38757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38757) +![](https://img.shields.io/static/v1?label=Product&message=Typebot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Typebot allows Stored XSS.This issue affects Typebot: from n/a through 3.6.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38758.md b/2024/CVE-2024-38758.md new file mode 100644 index 0000000000..21ebf9c5b4 --- /dev/null +++ b/2024/CVE-2024-38758.md @@ -0,0 +1,17 @@ +### [CVE-2024-38758](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38758) +![](https://img.shields.io/static/v1?label=Product&message=WappPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%206.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-5281.md b/2024/CVE-2024-5281.md index 9348628d81..4a998e354f 100644 --- a/2024/CVE-2024-5281.md +++ b/2024/CVE-2024-5281.md @@ -13,5 +13,5 @@ The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and es - https://wpscan.com/vulnerability/3c0bdb0f-a06a-47a8-9198-a2bf2678b8f1/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-5282.md b/2024/CVE-2024-5282.md index c33716c6b2..0eff6ec11a 100644 --- a/2024/CVE-2024-5282.md +++ b/2024/CVE-2024-5282.md @@ -13,5 +13,5 @@ The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and es - https://wpscan.com/vulnerability/bf3fb97e-12fa-4b37-b28b-1771ddb5ceb1/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-5283.md b/2024/CVE-2024-5283.md index d075646ff9..4032041d7f 100644 --- a/2024/CVE-2024-5283.md +++ b/2024/CVE-2024-5283.md @@ -13,5 +13,5 @@ The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and es - https://wpscan.com/vulnerability/3e1adcd3-7c46-45e8-9e2b-2ede0d79c943/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-5284.md b/2024/CVE-2024-5284.md index 95a05d5253..9b3ba40a12 100644 --- a/2024/CVE-2024-5284.md +++ b/2024/CVE-2024-5284.md @@ -14,5 +14,5 @@ The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check - https://wpscan.com/vulnerability/a601a267-e781-439f-9c76-b4c841e819e5/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-5286.md b/2024/CVE-2024-5286.md index e5ee40fd5e..201b59af87 100644 --- a/2024/CVE-2024-5286.md +++ b/2024/CVE-2024-5286.md @@ -13,5 +13,5 @@ The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and es - https://wpscan.com/vulnerability/a0b3069c-59d3-41ea-9b48-f5a4cf9ca45f/ #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-5804.md b/2024/CVE-2024-5804.md new file mode 100644 index 0000000000..3f5629fc3e --- /dev/null +++ b/2024/CVE-2024-5804.md @@ -0,0 +1,17 @@ +### [CVE-2024-5804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5804) +![](https://img.shields.io/static/v1?label=Product&message=Conditional%20Fields%20for%20Contact%20Form%207&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.4.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cf_admin_init function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5977.md b/2024/CVE-2024-5977.md new file mode 100644 index 0000000000..ea746fa704 --- /dev/null +++ b/2024/CVE-2024-5977.md @@ -0,0 +1,17 @@ +### [CVE-2024-5977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5977) +![](https://img.shields.io/static/v1?label=Product&message=GiveWP%20%E2%80%93%20Donation%20Plugin%20and%20Fundraising%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.13.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with GiveWP Worker-level access and above, to delete and update arbitrary posts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-5997.md b/2024/CVE-2024-5997.md new file mode 100644 index 0000000000..d0d7233dbc --- /dev/null +++ b/2024/CVE-2024-5997.md @@ -0,0 +1,17 @@ +### [CVE-2024-5997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5997) +![](https://img.shields.io/static/v1?label=Product&message=Duplica%20%E2%80%93%20Duplicate%20Posts%2C%20Pages%2C%20Custom%20Posts%20or%20Users&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%200.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_user and duplicate_post functions in all versions up to, and including, 0.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create duplicates of users and posts/pages. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6338.md b/2024/CVE-2024-6338.md new file mode 100644 index 0000000000..96ca103625 --- /dev/null +++ b/2024/CVE-2024-6338.md @@ -0,0 +1,17 @@ +### [CVE-2024-6338](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6338) +![](https://img.shields.io/static/v1?label=Product&message=FV%20Flowplayer%20Video%20Player&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.5.46.7212%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6455.md b/2024/CVE-2024-6455.md new file mode 100644 index 0000000000..80fabefe75 --- /dev/null +++ b/2024/CVE-2024-6455.md @@ -0,0 +1,17 @@ +### [CVE-2024-6455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6455) +![](https://img.shields.io/static/v1?label=Product&message=ElementsKit%20Elementor%20addons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6560.md b/2024/CVE-2024-6560.md new file mode 100644 index 0000000000..479200bfcf --- /dev/null +++ b/2024/CVE-2024-6560.md @@ -0,0 +1,17 @@ +### [CVE-2024-6560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6560) +![](https://img.shields.io/static/v1?label=Product&message=Addonify%20%E2%80%93%20Quick%20View%20For%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.2.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6799.md b/2024/CVE-2024-6799.md new file mode 100644 index 0000000000..720d8684f2 --- /dev/null +++ b/2024/CVE-2024-6799.md @@ -0,0 +1,17 @@ +### [CVE-2024-6799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6799) +![](https://img.shields.io/static/v1?label=Product&message=YITH%20Essential%20Kit%20for%20WooCommerce%20%231&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.34.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_module', 'deactivate_module', and 'install_module' functions in all versions up to, and including, 2.34.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate, and deactivate plugins from a pre-defined list of available YITH plugins. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/github.txt b/github.txt index 6a1f38bb96..8d8a38fbe6 100644 --- a/github.txt +++ b/github.txt @@ -21434,6 +21434,7 @@ CVE-2016-1000109 - https://github.com/corzel/nginx-proxy2 CVE-2016-1000109 - https://github.com/creativ/docker-nginx-proxy CVE-2016-1000109 - https://github.com/cryptoplay/docker-alpine-nginx-proxy CVE-2016-1000109 - https://github.com/dlpnetworks/dlp-nginx-proxy +CVE-2016-1000109 - https://github.com/dmitriy-tkalich/docker-nginx-proxy CVE-2016-1000109 - https://github.com/expoli/nginx-proxy-docker-image-builder CVE-2016-1000109 - https://github.com/gabomasi/reverse-proxy CVE-2016-1000109 - https://github.com/garnser/nginx-oidc-proxy @@ -21473,6 +21474,7 @@ CVE-2016-1000110 - https://github.com/corzel/nginx-proxy2 CVE-2016-1000110 - https://github.com/creativ/docker-nginx-proxy CVE-2016-1000110 - https://github.com/cryptoplay/docker-alpine-nginx-proxy CVE-2016-1000110 - https://github.com/dlpnetworks/dlp-nginx-proxy +CVE-2016-1000110 - https://github.com/dmitriy-tkalich/docker-nginx-proxy CVE-2016-1000110 - https://github.com/expoli/nginx-proxy-docker-image-builder CVE-2016-1000110 - https://github.com/gabomasi/reverse-proxy CVE-2016-1000110 - https://github.com/garnser/nginx-oidc-proxy @@ -26917,6 +26919,7 @@ CVE-2016-5385 - https://github.com/corzel/nginx-proxy2 CVE-2016-5385 - https://github.com/creativ/docker-nginx-proxy CVE-2016-5385 - https://github.com/cryptoplay/docker-alpine-nginx-proxy CVE-2016-5385 - https://github.com/dlpnetworks/dlp-nginx-proxy +CVE-2016-5385 - https://github.com/dmitriy-tkalich/docker-nginx-proxy CVE-2016-5385 - https://github.com/expoli/nginx-proxy-docker-image-builder CVE-2016-5385 - https://github.com/gabomasi/reverse-proxy CVE-2016-5385 - https://github.com/garnser/nginx-oidc-proxy @@ -26962,6 +26965,7 @@ CVE-2016-5386 - https://github.com/corzel/nginx-proxy2 CVE-2016-5386 - https://github.com/creativ/docker-nginx-proxy CVE-2016-5386 - https://github.com/cryptoplay/docker-alpine-nginx-proxy CVE-2016-5386 - https://github.com/dlpnetworks/dlp-nginx-proxy +CVE-2016-5386 - https://github.com/dmitriy-tkalich/docker-nginx-proxy CVE-2016-5386 - https://github.com/expoli/nginx-proxy-docker-image-builder CVE-2016-5386 - https://github.com/gabomasi/reverse-proxy CVE-2016-5386 - https://github.com/garnser/nginx-oidc-proxy @@ -27011,6 +27015,7 @@ CVE-2016-5387 - https://github.com/corzel/nginx-proxy2 CVE-2016-5387 - https://github.com/creativ/docker-nginx-proxy CVE-2016-5387 - https://github.com/cryptoplay/docker-alpine-nginx-proxy CVE-2016-5387 - https://github.com/dlpnetworks/dlp-nginx-proxy +CVE-2016-5387 - https://github.com/dmitriy-tkalich/docker-nginx-proxy CVE-2016-5387 - https://github.com/expoli/nginx-proxy-docker-image-builder CVE-2016-5387 - https://github.com/firatesatoglu/shodanSearch CVE-2016-5387 - https://github.com/gabomasi/reverse-proxy @@ -27057,6 +27062,7 @@ CVE-2016-5388 - https://github.com/corzel/nginx-proxy2 CVE-2016-5388 - https://github.com/creativ/docker-nginx-proxy CVE-2016-5388 - https://github.com/cryptoplay/docker-alpine-nginx-proxy CVE-2016-5388 - https://github.com/dlpnetworks/dlp-nginx-proxy +CVE-2016-5388 - https://github.com/dmitriy-tkalich/docker-nginx-proxy CVE-2016-5388 - https://github.com/expoli/nginx-proxy-docker-image-builder CVE-2016-5388 - https://github.com/gabomasi/reverse-proxy CVE-2016-5388 - https://github.com/garnser/nginx-oidc-proxy @@ -94069,6 +94075,7 @@ CVE-2020-6514 - https://github.com/ARPSyndicate/cvemon CVE-2020-6514 - https://github.com/HassanAzze/CVE-2020-6514 CVE-2020-6514 - https://github.com/R0jhack/CVE-2020-6514 CVE-2020-6514 - https://github.com/developer3000S/PoC-in-GitHub +CVE-2020-6514 - https://github.com/hasan-khalil/CVE-2020-6514 CVE-2020-6514 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-6514 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2020-6514 - https://github.com/rojhack/CVE-2020-6514 @@ -152349,6 +152356,7 @@ CVE-2023-39848 - https://github.com/jlcmux/DWVA-Desafio3 CVE-2023-39848 - https://github.com/jmsanderscybersec/DVWA CVE-2023-39848 - https://github.com/johdgft/digininja CVE-2023-39848 - https://github.com/kaushik-qp/DVWA-2 +CVE-2023-39848 - https://github.com/kowan7/DVWA CVE-2023-39848 - https://github.com/krrajesh-git/DVWA CVE-2023-39848 - https://github.com/kyphan38/dvwa CVE-2023-39848 - https://github.com/luisaamaya005/DVWA2 @@ -165379,6 +165387,7 @@ CVE-2024-23343 - https://github.com/Sim4n6/Sim4n6 CVE-2024-23349 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23351 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23354 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-2337 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23439 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23440 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23446 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171684,7 +171693,26 @@ CVE-2024-37940 - https://github.com/20142995/nuclei-templates CVE-2024-37940 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37941 - https://github.com/20142995/nuclei-templates CVE-2024-37941 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-37942 - https://github.com/20142995/nuclei-templates +CVE-2024-37943 - https://github.com/20142995/nuclei-templates +CVE-2024-37944 - https://github.com/20142995/nuclei-templates +CVE-2024-37946 - https://github.com/20142995/nuclei-templates +CVE-2024-37947 - https://github.com/20142995/nuclei-templates +CVE-2024-37948 - https://github.com/20142995/nuclei-templates +CVE-2024-37949 - https://github.com/20142995/nuclei-templates +CVE-2024-37950 - https://github.com/20142995/nuclei-templates +CVE-2024-37951 - https://github.com/20142995/nuclei-templates CVE-2024-37952 - https://github.com/20142995/nuclei-templates +CVE-2024-37953 - https://github.com/20142995/nuclei-templates +CVE-2024-37954 - https://github.com/20142995/nuclei-templates +CVE-2024-37955 - https://github.com/20142995/nuclei-templates +CVE-2024-37956 - https://github.com/20142995/nuclei-templates +CVE-2024-37957 - https://github.com/20142995/nuclei-templates +CVE-2024-37958 - https://github.com/20142995/nuclei-templates +CVE-2024-37959 - https://github.com/20142995/nuclei-templates +CVE-2024-37960 - https://github.com/20142995/nuclei-templates +CVE-2024-37961 - https://github.com/20142995/nuclei-templates +CVE-2024-37962 - https://github.com/20142995/nuclei-templates CVE-2024-3797 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37984 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3800 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171830,16 +171858,41 @@ CVE-2024-38661 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38663 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38664 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38667 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38669 - https://github.com/20142995/nuclei-templates CVE-2024-3867 - https://github.com/c4cnm/CVE-2024-3867 CVE-2024-3867 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-38670 - https://github.com/20142995/nuclei-templates +CVE-2024-38671 - https://github.com/20142995/nuclei-templates +CVE-2024-38672 - https://github.com/20142995/nuclei-templates +CVE-2024-38673 - https://github.com/20142995/nuclei-templates +CVE-2024-38674 - https://github.com/20142995/nuclei-templates +CVE-2024-38675 - https://github.com/20142995/nuclei-templates +CVE-2024-38676 - https://github.com/20142995/nuclei-templates +CVE-2024-38677 - https://github.com/20142995/nuclei-templates +CVE-2024-38678 - https://github.com/20142995/nuclei-templates +CVE-2024-38679 - https://github.com/20142995/nuclei-templates CVE-2024-3868 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38680 - https://github.com/20142995/nuclei-templates +CVE-2024-38681 - https://github.com/20142995/nuclei-templates +CVE-2024-38682 - https://github.com/20142995/nuclei-templates +CVE-2024-38683 - https://github.com/20142995/nuclei-templates +CVE-2024-38684 - https://github.com/20142995/nuclei-templates +CVE-2024-38685 - https://github.com/20142995/nuclei-templates +CVE-2024-38686 - https://github.com/20142995/nuclei-templates +CVE-2024-38687 - https://github.com/20142995/nuclei-templates +CVE-2024-38688 - https://github.com/20142995/nuclei-templates +CVE-2024-38689 - https://github.com/20142995/nuclei-templates CVE-2024-38689 - https://github.com/Cr0nu3/Cr0nu3 +CVE-2024-38690 - https://github.com/20142995/nuclei-templates +CVE-2024-38691 - https://github.com/20142995/nuclei-templates +CVE-2024-38692 - https://github.com/20142995/nuclei-templates CVE-2024-38694 - https://github.com/20142995/nuclei-templates CVE-2024-38695 - https://github.com/20142995/nuclei-templates CVE-2024-38696 - https://github.com/20142995/nuclei-templates CVE-2024-38697 - https://github.com/20142995/nuclei-templates CVE-2024-38698 - https://github.com/20142995/nuclei-templates CVE-2024-38699 - https://github.com/20142995/nuclei-templates +CVE-2024-38700 - https://github.com/20142995/nuclei-templates CVE-2024-38700 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38701 - https://github.com/20142995/nuclei-templates CVE-2024-38702 - https://github.com/20142995/nuclei-templates @@ -172980,6 +173033,11 @@ CVE-2024-5273 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5274 - https://github.com/Alchemist3dot14/CVE-2024-5274-Detection CVE-2024-5274 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5279 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5281 - https://github.com/20142995/nuclei-templates +CVE-2024-5282 - https://github.com/20142995/nuclei-templates +CVE-2024-5283 - https://github.com/20142995/nuclei-templates +CVE-2024-5284 - https://github.com/20142995/nuclei-templates +CVE-2024-5286 - https://github.com/20142995/nuclei-templates CVE-2024-5288 - https://github.com/wolfSSL/wolfssl CVE-2024-5289 - https://github.com/20142995/nuclei-templates CVE-2024-5289 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -173142,6 +173200,7 @@ CVE-2024-5793 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5796 - https://github.com/20142995/nuclei-templates CVE-2024-5796 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5802 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5804 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5805 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5806 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2024-5806 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -173210,12 +173269,14 @@ CVE-2024-5961 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5964 - https://github.com/20142995/nuclei-templates CVE-2024-5964 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5974 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5977 - https://github.com/20142995/nuclei-templates CVE-2024-5988 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5989 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5990 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5991 - https://github.com/wolfSSL/wolfssl CVE-2024-5992 - https://github.com/20142995/nuclei-templates CVE-2024-5993 - https://github.com/20142995/nuclei-templates +CVE-2024-5997 - https://github.com/20142995/nuclei-templates CVE-2024-6008 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6009 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6011 - https://github.com/20142995/nuclei-templates @@ -173354,6 +173415,7 @@ CVE-2024-6321 - https://github.com/20142995/nuclei-templates CVE-2024-6323 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6328 - https://github.com/20142995/nuclei-templates CVE-2024-6334 - https://github.com/20142995/nuclei-templates +CVE-2024-6338 - https://github.com/20142995/nuclei-templates CVE-2024-6340 - https://github.com/20142995/nuclei-templates CVE-2024-6342 - https://github.com/yikesoftware/yikesoftware CVE-2024-6343 - https://github.com/yikesoftware/yikesoftware @@ -173536,6 +173598,7 @@ CVE-2024-6428 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6434 - https://github.com/20142995/nuclei-templates CVE-2024-6434 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6447 - https://github.com/20142995/nuclei-templates +CVE-2024-6455 - https://github.com/20142995/nuclei-templates CVE-2024-6457 - https://github.com/20142995/nuclei-templates CVE-2024-6457 - https://github.com/tanjiti/sec_profile CVE-2024-6465 - https://github.com/20142995/nuclei-templates @@ -173569,6 +173632,7 @@ CVE-2024-6556 - https://github.com/20142995/nuclei-templates CVE-2024-6557 - https://github.com/20142995/nuclei-templates CVE-2024-6557 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6559 - https://github.com/20142995/nuclei-templates +CVE-2024-6560 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6563 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6564 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6565 - https://github.com/20142995/nuclei-templates @@ -173630,6 +173694,7 @@ CVE-2024-6746 - https://github.com/20142995/nuclei-templates CVE-2024-6765 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6773 - https://github.com/zgimszhd61/CVE-prompt-app-quickstart CVE-2024-6780 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6799 - https://github.com/20142995/nuclei-templates CVE-2024-6801 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6802 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6803 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/references.txt b/references.txt index 4faa497bcd..8b33500199 100644 --- a/references.txt +++ b/references.txt @@ -41791,7 +41791,10 @@ CVE-2016-7445 - http://www.openwall.com/lists/oss-security/2016/09/18/4 CVE-2016-7445 - https://github.com/uclouvain/openjpeg/issues/843 CVE-2016-7454 - https://packetstormsecurity.com/files/140121/XFINITY-Gateway-Technicolor-DPC3941T-Cross-Site-Request-Forgery.html CVE-2016-7478 - https://bugs.php.net/bug.php?id=73093 +CVE-2016-7478 - https://www.youtube.com/watch?v=LDcaPstAuPk CVE-2016-7479 - https://bugs.php.net/bug.php?id=73092 +CVE-2016-7479 - https://www.youtube.com/watch?v=LDcaPstAuPk +CVE-2016-7480 - https://www.youtube.com/watch?v=LDcaPstAuPk CVE-2016-7504 - http://bugs.ghostscript.com/show_bug.cgi?id=697142 CVE-2016-7505 - http://bugs.ghostscript.com/show_bug.cgi?id=697140 CVE-2016-7506 - http://bugs.ghostscript.com/show_bug.cgi?id=697141