From 8c8613c692a9cf0c04b6cca3edcc2dc4aa598d4b Mon Sep 17 00:00:00 2001 From: trickest-workflows Date: Thu, 16 May 2024 02:07:33 +0000 Subject: [PATCH] Update Thu May 16 02:07:32 UTC 2024 --- 2017/CVE-2017-12154.md | 1 + 2017/CVE-2017-12193.md | 1 + 2017/CVE-2017-15265.md | 1 + 2018/CVE-2018-1130.md | 1 + 2018/CVE-2018-3665.md | 1 + 2018/CVE-2018-5750.md | 1 + 2018/CVE-2018-5803.md | 1 + 2018/CVE-2018-6927.md | 1 + 2018/CVE-2018-7755.md | 1 + 2018/CVE-2018-7757.md | 1 + 2019/CVE-2019-10063.md | 1 + 2019/CVE-2019-11461.md | 1 + 2019/CVE-2019-20636.md | 1 + 2020/CVE-2020-1938.md | 1 + 2020/CVE-2020-23064.md | 4 +-- 2024/CVE-2024-0741.md | 2 +- 2024/CVE-2024-0745.md | 17 ++++++++++ 2024/CVE-2024-0750.md | 2 +- 2024/CVE-2024-1520.md | 17 ++++++++++ 2024/CVE-2024-1522.md | 17 ++++++++++ 2024/CVE-2024-1569.md | 17 ++++++++++ 2024/CVE-2024-1600.md | 17 ++++++++++ 2024/CVE-2024-1601.md | 17 ++++++++++ 2024/CVE-2024-1646.md | 17 ++++++++++ 2024/CVE-2024-22353.md | 6 ++-- 2024/CVE-2024-25078.md | 17 ++++++++++ 2024/CVE-2024-25079.md | 17 ++++++++++ 2024/CVE-2024-25641.md | 17 ++++++++++ 2024/CVE-2024-25743.md | 17 ++++++++++ 2024/CVE-2024-26026.md | 1 + 2024/CVE-2024-27353.md | 17 ++++++++++ 2024/CVE-2024-27460.md | 1 + 2024/CVE-2024-27593.md | 17 ++++++++++ 2024/CVE-2024-27956.md | 1 + 2024/CVE-2024-28042.md | 17 ++++++++++ 2024/CVE-2024-28087.md | 17 ++++++++++ 2024/CVE-2024-29895.md | 2 +- 2024/CVE-2024-31216.md | 17 ++++++++++ 2024/CVE-2024-3317.md | 17 ++++++++++ 2024/CVE-2024-3318.md | 17 ++++++++++ 2024/CVE-2024-3319.md | 17 ++++++++++ 2024/CVE-2024-3400.md | 1 + 2024/CVE-2024-34082.md | 17 ++++++++++ 2024/CVE-2024-34716.md | 1 + 2024/CVE-2024-3483.md | 19 +++++++++++ 2024/CVE-2024-3484.md | 17 ++++++++++ 2024/CVE-2024-3485.md | 17 ++++++++++ 2024/CVE-2024-3486.md | 17 ++++++++++ 2024/CVE-2024-3487.md | 17 ++++++++++ 2024/CVE-2024-3488.md | 17 ++++++++++ 2024/CVE-2024-34954.md | 2 +- 2024/CVE-2024-34955.md | 2 +- 2024/CVE-2024-35179.md | 2 +- 2024/CVE-2024-3634.md | 2 +- 2024/CVE-2024-3744.md | 17 ++++++++++ 2024/CVE-2024-3748.md | 2 +- 2024/CVE-2024-3749.md | 2 +- 2024/CVE-2024-3822.md | 2 +- 2024/CVE-2024-3823.md | 2 +- 2024/CVE-2024-3824.md | 2 +- 2024/CVE-2024-3892.md | 17 ++++++++++ 2024/CVE-2024-3967.md | 17 ++++++++++ 2024/CVE-2024-3968.md | 17 ++++++++++ 2024/CVE-2024-3970.md | 17 ++++++++++ 2024/CVE-2024-4010.md | 17 ++++++++++ 2024/CVE-2024-4040.md | 1 + 2024/CVE-2024-4200.md | 17 ++++++++++ 2024/CVE-2024-4202.md | 17 ++++++++++ 2024/CVE-2024-4357.md | 17 ++++++++++ 2024/CVE-2024-4363.md | 17 ++++++++++ 2024/CVE-2024-4370.md | 17 ++++++++++ 2024/CVE-2024-4561.md | 17 ++++++++++ 2024/CVE-2024-4562.md | 17 ++++++++++ 2024/CVE-2024-4622.md | 17 ++++++++++ 2024/CVE-2024-4636.md | 17 ++++++++++ 2024/CVE-2024-4666.md | 17 ++++++++++ 2024/CVE-2024-4670.md | 17 ++++++++++ 2024/CVE-2024-4702.md | 17 ++++++++++ 2024/CVE-2024-4761.md | 4 +++ 2024/CVE-2024-4837.md | 17 ++++++++++ 2024/CVE-2024-4903.md | 17 ++++++++++ github.txt | 72 ++++++++++++++++++++++++++++++++++++++++++ references.txt | 14 ++++++++ 83 files changed, 911 insertions(+), 17 deletions(-) create mode 100644 2024/CVE-2024-0745.md create mode 100644 2024/CVE-2024-1520.md create mode 100644 2024/CVE-2024-1522.md create mode 100644 2024/CVE-2024-1569.md create mode 100644 2024/CVE-2024-1600.md create mode 100644 2024/CVE-2024-1601.md create mode 100644 2024/CVE-2024-1646.md create mode 100644 2024/CVE-2024-25078.md create mode 100644 2024/CVE-2024-25079.md create mode 100644 2024/CVE-2024-25641.md create mode 100644 2024/CVE-2024-25743.md create mode 100644 2024/CVE-2024-27353.md create mode 100644 2024/CVE-2024-27593.md create mode 100644 2024/CVE-2024-28042.md create mode 100644 2024/CVE-2024-28087.md create mode 100644 2024/CVE-2024-31216.md create mode 100644 2024/CVE-2024-3317.md create mode 100644 2024/CVE-2024-3318.md create mode 100644 2024/CVE-2024-3319.md create mode 100644 2024/CVE-2024-34082.md create mode 100644 2024/CVE-2024-3483.md create mode 100644 2024/CVE-2024-3484.md create mode 100644 2024/CVE-2024-3485.md create mode 100644 2024/CVE-2024-3486.md create mode 100644 2024/CVE-2024-3487.md create mode 100644 2024/CVE-2024-3488.md create mode 100644 2024/CVE-2024-3744.md create mode 100644 2024/CVE-2024-3892.md create mode 100644 2024/CVE-2024-3967.md create mode 100644 2024/CVE-2024-3968.md create mode 100644 2024/CVE-2024-3970.md create mode 100644 2024/CVE-2024-4010.md create mode 100644 2024/CVE-2024-4200.md create mode 100644 2024/CVE-2024-4202.md create mode 100644 2024/CVE-2024-4357.md create mode 100644 2024/CVE-2024-4363.md create mode 100644 2024/CVE-2024-4370.md create mode 100644 2024/CVE-2024-4561.md create mode 100644 2024/CVE-2024-4562.md create mode 100644 2024/CVE-2024-4622.md create mode 100644 2024/CVE-2024-4636.md create mode 100644 2024/CVE-2024-4666.md create mode 100644 2024/CVE-2024-4670.md create mode 100644 2024/CVE-2024-4702.md create mode 100644 2024/CVE-2024-4837.md create mode 100644 2024/CVE-2024-4903.md diff --git a/2017/CVE-2017-12154.md b/2017/CVE-2017-12154.md index e129dce9fe..c163128db0 100644 --- a/2017/CVE-2017-12154.md +++ b/2017/CVE-2017-12154.md @@ -11,6 +11,7 @@ The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4. #### Reference - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ #### Github No PoCs found on GitHub currently. diff --git a/2017/CVE-2017-12193.md b/2017/CVE-2017-12193.md index d4a30513e2..3991d2aa4a 100644 --- a/2017/CVE-2017-12193.md +++ b/2017/CVE-2017-12193.md @@ -11,6 +11,7 @@ The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the L #### Reference - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ #### Github No PoCs found on GitHub currently. diff --git a/2017/CVE-2017-15265.md b/2017/CVE-2017-15265.md index 4417bcce52..3870b06917 100644 --- a/2017/CVE-2017-15265.md +++ b/2017/CVE-2017-15265.md @@ -12,6 +12,7 @@ Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows lo #### Reference - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ - https://www.oracle.com/security-alerts/cpujul2020.html #### Github diff --git a/2018/CVE-2018-1130.md b/2018/CVE-2018-1130.md index 14101d4c24..ca8555392c 100644 --- a/2018/CVE-2018-1130.md +++ b/2018/CVE-2018-1130.md @@ -11,6 +11,7 @@ Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference #### Reference - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-3665.md b/2018/CVE-2018-3665.md index 218cc611b8..2bc628cc12 100644 --- a/2018/CVE-2018-3665.md +++ b/2018/CVE-2018-3665.md @@ -13,6 +13,7 @@ System software utilizing Lazy FP state restore technique on systems using Intel - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 - https://usn.ubuntu.com/3696-1/ - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ - https://www.oracle.com/security-alerts/cpujul2020.html #### Github diff --git a/2018/CVE-2018-5750.md b/2018/CVE-2018-5750.md index 04284db044..6e0495b8f7 100644 --- a/2018/CVE-2018-5750.md +++ b/2018/CVE-2018-5750.md @@ -11,6 +11,7 @@ The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel throu #### Reference - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-5803.md b/2018/CVE-2018-5803.md index 480242e2f8..14ac7244da 100644 --- a/2018/CVE-2018-5803.md +++ b/2018/CVE-2018-5803.md @@ -11,6 +11,7 @@ In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and #### Reference - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ - https://www.spinics.net/lists/netdev/msg482523.html #### Github diff --git a/2018/CVE-2018-6927.md b/2018/CVE-2018-6927.md index cd9c82b8b2..bf36004efc 100644 --- a/2018/CVE-2018-6927.md +++ b/2018/CVE-2018-6927.md @@ -11,6 +11,7 @@ The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 #### Reference - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2018/CVE-2018-7755.md b/2018/CVE-2018-7755.md index 12abfb0b01..62e6293b03 100644 --- a/2018/CVE-2018-7755.md +++ b/2018/CVE-2018-7755.md @@ -12,6 +12,7 @@ An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy. #### Reference - https://usn.ubuntu.com/3696-1/ - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2018/CVE-2018-7757.md b/2018/CVE-2018-7757.md index 47bce0a02a..02f2910c6d 100644 --- a/2018/CVE-2018-7757.md +++ b/2018/CVE-2018-7757.md @@ -11,6 +11,7 @@ Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_ex #### Reference - https://usn.ubuntu.com/3698-1/ +- https://usn.ubuntu.com/3698-2/ #### Github No PoCs found on GitHub currently. diff --git a/2019/CVE-2019-10063.md b/2019/CVE-2019-10063.md index 632e8107b7..4de976506f 100644 --- a/2019/CVE-2019-10063.md +++ b/2019/CVE-2019-10063.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/hartwork/antijack +- https://github.com/timothee-chauvin/eyeballvul diff --git a/2019/CVE-2019-11461.md b/2019/CVE-2019-11461.md index 88064743c0..c0385271cf 100644 --- a/2019/CVE-2019-11461.md +++ b/2019/CVE-2019-11461.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/hartwork/antijack +- https://github.com/timothee-chauvin/eyeballvul diff --git a/2019/CVE-2019-20636.md b/2019/CVE-2019-20636.md index db8e298e05..2f7554d4f5 100644 --- a/2019/CVE-2019-20636.md +++ b/2019/CVE-2019-20636.md @@ -15,4 +15,5 @@ In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds write #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/timothee-chauvin/eyeballvul diff --git a/2020/CVE-2020-1938.md b/2020/CVE-2020-1938.md index 6ef6746d76..fc1fcc46fa 100644 --- a/2020/CVE-2020-1938.md +++ b/2020/CVE-2020-1938.md @@ -188,6 +188,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough - https://github.com/w4fz5uck5/CVE-2020-1938-Clean-Version - https://github.com/weeka10/-hktalent-TOP +- https://github.com/whatboxapp/GhostCat-LFI-exp - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- - https://github.com/woaiqiukui/CVE-2020-1938TomcatAjpScanner - https://github.com/woodpecker-appstore/tomcat-vuldb diff --git a/2020/CVE-2020-23064.md b/2020/CVE-2020-23064.md index b0ee1ab34c..af7ac35f62 100644 --- a/2020/CVE-2020-23064.md +++ b/2020/CVE-2020-23064.md @@ -1,11 +1,11 @@ ### [CVE-2020-23064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23064) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element. +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ### POC diff --git a/2024/CVE-2024-0741.md b/2024/CVE-2024-0741.md index 6f2b740c31..4d314eef42 100644 --- a/2024/CVE-2024-0741.md +++ b/2024/CVE-2024-0741.md @@ -13,7 +13,7 @@ An out of bounds write in ANGLE could have allowed an attacker to corrupt memory ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1864587 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0745.md b/2024/CVE-2024-0745.md new file mode 100644 index 0000000000..f33b60fd85 --- /dev/null +++ b/2024/CVE-2024-0745.md @@ -0,0 +1,17 @@ +### [CVE-2024-0745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0745) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20122%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack%20buffer%20overflow%20in%20WebAudio&color=brighgreen) + +### Description + +The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1871838 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0750.md b/2024/CVE-2024-0750.md index 64e4abc4c7..a862025efb 100644 --- a/2024/CVE-2024-0750.md +++ b/2024/CVE-2024-0750.md @@ -13,7 +13,7 @@ A bug in popup notifications delay calculation could have made it possible for a ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1863083 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1520.md b/2024/CVE-2024-1520.md new file mode 100644 index 0000000000..3228c6427e --- /dev/null +++ b/2024/CVE-2024-1520.md @@ -0,0 +1,17 @@ +### [CVE-2024-1520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1520) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command&color=brighgreen) + +### Description + +An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/timothee-chauvin/eyeballvul + diff --git a/2024/CVE-2024-1522.md b/2024/CVE-2024-1522.md new file mode 100644 index 0000000000..ee79ea98ca --- /dev/null +++ b/2024/CVE-2024-1522.md @@ -0,0 +1,17 @@ +### [CVE-2024-1522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1522) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/timothee-chauvin/eyeballvul + diff --git a/2024/CVE-2024-1569.md b/2024/CVE-2024-1569.md new file mode 100644 index 0000000000..be9cb8734a --- /dev/null +++ b/2024/CVE-2024-1569.md @@ -0,0 +1,17 @@ +### [CVE-2024-1569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1569) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/timothee-chauvin/eyeballvul + diff --git a/2024/CVE-2024-1600.md b/2024/CVE-2024-1600.md new file mode 100644 index 0000000000..5e9884fd1c --- /dev/null +++ b/2024/CVE-2024-1600.md @@ -0,0 +1,17 @@ +### [CVE-2024-1600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1600) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-98%20Improper%20Control%20of%20Filename%20for%20Include%2FRequire%20Statement%20in%20PHP%20Program%20('PHP%20Remote%20File%20Inclusion')&color=brighgreen) + +### Description + +A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/timothee-chauvin/eyeballvul + diff --git a/2024/CVE-2024-1601.md b/2024/CVE-2024-1601.md new file mode 100644 index 0000000000..e3166101d7 --- /dev/null +++ b/2024/CVE-2024-1601.md @@ -0,0 +1,17 @@ +### [CVE-2024-1601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1601) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command&color=brighgreen) + +### Description + +An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the `/delete_discussion` endpoint, which internally calls the vulnerable `delete_discussion()` function. By sending a specially crafted payload in the 'id' parameter, an attacker can manipulate SQL queries to delete all records from the 'discussion' and 'message' tables. This issue is due to improper neutralization of special elements used in an SQL command. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/timothee-chauvin/eyeballvul + diff --git a/2024/CVE-2024-1646.md b/2024/CVE-2024-1646.md new file mode 100644 index 0000000000..2bcf781358 --- /dev/null +++ b/2024/CVE-2024-1646.md @@ -0,0 +1,17 @@ +### [CVE-2024-1646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1646) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/timothee-chauvin/eyeballvul + diff --git a/2024/CVE-2024-22353.md b/2024/CVE-2024-22353.md index 2238bf9857..a9d8d32482 100644 --- a/2024/CVE-2024-22353.md +++ b/2024/CVE-2024-22353.md @@ -1,11 +1,11 @@ ### [CVE-2024-22353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22353) ![](https://img.shields.io/static/v1?label=Product&message=WebSphere%20Application%20Server%20Liberty&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=17.0.0.3%3C%3D%2024.0.0.3%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.0.0.3%3C%3D%2024.0.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) ### Description -IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. +IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. ### POC diff --git a/2024/CVE-2024-25078.md b/2024/CVE-2024-25078.md new file mode 100644 index 0000000000..a23fa9dba8 --- /dev/null +++ b/2024/CVE-2024-25078.md @@ -0,0 +1,17 @@ +### [CVE-2024-25078](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25078) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-25079.md b/2024/CVE-2024-25079.md new file mode 100644 index 0000000000..c060490977 --- /dev/null +++ b/2024/CVE-2024-25079.md @@ -0,0 +1,17 @@ +### [CVE-2024-25079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25079) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-25641.md b/2024/CVE-2024-25641.md new file mode 100644 index 0000000000..39d1a019f5 --- /dev/null +++ b/2024/CVE-2024-25641.md @@ -0,0 +1,17 @@ +### [CVE-2024-25641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641) +![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.27%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tanjiti/sec_profile + diff --git a/2024/CVE-2024-25743.md b/2024/CVE-2024-25743.md new file mode 100644 index 0000000000..4db9bd2b0a --- /dev/null +++ b/2024/CVE-2024-25743.md @@ -0,0 +1,17 @@ +### [CVE-2024-25743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25743) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel through 6.7.2, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ahoi-attacks/heckler + diff --git a/2024/CVE-2024-26026.md b/2024/CVE-2024-26026.md index 27f00669e2..89cd28a635 100644 --- a/2024/CVE-2024-26026.md +++ b/2024/CVE-2024-26026.md @@ -13,6 +13,7 @@ An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (UR No PoCs from references. #### Github +- https://github.com/GRTMALDET/Big-IP-Next-CVE-2024-26026 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/passwa11/CVE-2024-26026 - https://github.com/wjlin0/poc-doc diff --git a/2024/CVE-2024-27353.md b/2024/CVE-2024-27353.md new file mode 100644 index 0000000000..75f3376f5c --- /dev/null +++ b/2024/CVE-2024-27353.md @@ -0,0 +1,17 @@ +### [CVE-2024-27353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27353) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-27460.md b/2024/CVE-2024-27460.md index 444c459abc..ebc1dfc568 100644 --- a/2024/CVE-2024-27460.md +++ b/2024/CVE-2024-27460.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/Alaatk/CVE-2024-27460 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/xct/CVE-2024-27460 diff --git a/2024/CVE-2024-27593.md b/2024/CVE-2024-27593.md new file mode 100644 index 0000000000..8b05fc4853 --- /dev/null +++ b/2024/CVE-2024-27593.md @@ -0,0 +1,17 @@ +### [CVE-2024-27593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27593) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A stored cross-site scripting (XSS) vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name field. This vulnerability has been fixed in version 3.23.0. + +### POC + +#### Reference +- https://blog.smarttecs.com/posts/2024-002-cve-2024-27593/ + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-27956.md b/2024/CVE-2024-27956.md index be0ffac642..1699210354 100644 --- a/2024/CVE-2024-27956.md +++ b/2024/CVE-2024-27956.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/FoxyProxys/CVE-2024-27956 - https://github.com/NaInSec/CVE-LIST - https://github.com/Ostorlab/KEV +- https://github.com/W3BW/CVE-2024-27956-RCE-File-Package - https://github.com/X-Projetion/CVE-2024-27956-WORDPRESS-RCE-PLUGIN - https://github.com/diego-tella/CVE-2024-27956-RCE - https://github.com/k3ppf0r/CVE-2024-27956 diff --git a/2024/CVE-2024-28042.md b/2024/CVE-2024-28042.md new file mode 100644 index 0000000000..bc86305458 --- /dev/null +++ b/2024/CVE-2024-28042.md @@ -0,0 +1,17 @@ +### [CVE-2024-28042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28042) +![](https://img.shields.io/static/v1?label=Product&message=PowerSYSTEM%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2019%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1357&color=brighgreen) + +### Description + +SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-28087.md b/2024/CVE-2024-28087.md new file mode 100644 index 0000000000..d7d62e7638 --- /dev/null +++ b/2024/CVE-2024-28087.md @@ -0,0 +1,17 @@ +### [CVE-2024-28087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28087) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-29895.md b/2024/CVE-2024-29895.md index 8b612a524c..2b0a47dce1 100644 --- a/2024/CVE-2024-29895.md +++ b/2024/CVE-2024-29895.md @@ -13,5 +13,5 @@ Cacti provides an operational monitoring and fault management framework. A comma - https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m #### Github -No PoCs found on GitHub currently. +- https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC diff --git a/2024/CVE-2024-31216.md b/2024/CVE-2024-31216.md new file mode 100644 index 0000000000..4bf1b374cf --- /dev/null +++ b/2024/CVE-2024-31216.md @@ -0,0 +1,17 @@ +### [CVE-2024-31216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31216) +![](https://img.shields.io/static/v1?label=Product&message=source-controller&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%3A%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) + +### Description + +The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to version 1.2.5, when source-controller was configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to the Azure Blob Storage until the token expires. This vulnerability was fixed in source-controller v1.2.5. There is no workaround for this vulnerability except for using a different auth mechanism such as Azure Workload Identity. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3317.md b/2024/CVE-2024-3317.md new file mode 100644 index 0000000000..b1101e0ffa --- /dev/null +++ b/2024/CVE-2024-3317.md @@ -0,0 +1,17 @@ +### [CVE-2024-3317](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3317) +![](https://img.shields.io/static/v1?label=Product&message=Identity%20Security%20Cloud&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1284%20Improper%20Validation%20of%20Specified%20Quantity%20in%20Input&color=brighgreen) + +### Description + +An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3318.md b/2024/CVE-2024-3318.md new file mode 100644 index 0000000000..52d7fca7ee --- /dev/null +++ b/2024/CVE-2024-3318.md @@ -0,0 +1,17 @@ +### [CVE-2024-3318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3318) +![](https://img.shields.io/static/v1?label=Product&message=Identity%20Security%20Cloud&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3319.md b/2024/CVE-2024-3319.md new file mode 100644 index 0000000000..e582956dfc --- /dev/null +++ b/2024/CVE-2024-3319.md @@ -0,0 +1,17 @@ +### [CVE-2024-3319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3319) +![](https://img.shields.io/static/v1?label=Product&message=Identity%20Security%20Cloud&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3400.md b/2024/CVE-2024-3400.md index b60ed0282c..deb5f32d38 100644 --- a/2024/CVE-2024-3400.md +++ b/2024/CVE-2024-3400.md @@ -67,6 +67,7 @@ A command injection as a result of arbitrary file creation vulnerability in the - https://github.com/sxyrxyy/CVE-2024-3400-Check - https://github.com/tanjiti/sec_profile - https://github.com/terminalJunki3/CVE-2024-3400-Checker +- https://github.com/tk-sawada/IPLineFinder - https://github.com/toxyl/lscve - https://github.com/vulsio/go-cve-dictionary - https://github.com/wjlin0/poc-doc diff --git a/2024/CVE-2024-34082.md b/2024/CVE-2024-34082.md new file mode 100644 index 0000000000..af79150d97 --- /dev/null +++ b/2024/CVE-2024-34082.md @@ -0,0 +1,17 @@ +### [CVE-2024-34082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34082) +![](https://img.shields.io/static/v1?label=Product&message=grav&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.7.46%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%3A%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-34716.md b/2024/CVE-2024-34716.md index 4efa16646a..f8ace04202 100644 --- a/2024/CVE-2024-34716.md +++ b/2024/CVE-2024-34716.md @@ -13,5 +13,6 @@ PrestaShop is an open source e-commerce web application. A cross-site scripting No PoCs from references. #### Github +- https://github.com/aelmokhtar/CVE-2024-34716_PoC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-3483.md b/2024/CVE-2024-3483.md new file mode 100644 index 0000000000..e991544719 --- /dev/null +++ b/2024/CVE-2024-3483.md @@ -0,0 +1,19 @@ +### [CVE-2024-3483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3483) +![](https://img.shields.io/static/v1?label=Product&message=iManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Remote CodeExecution has been discovered inOpenText™ iManager 3.2.6.0200. The vulnerability cantrigger command injection and insecure deserialization issues. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3484.md b/2024/CVE-2024-3484.md new file mode 100644 index 0000000000..bbdaedc46d --- /dev/null +++ b/2024/CVE-2024-3484.md @@ -0,0 +1,17 @@ +### [CVE-2024-3484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3484) +![](https://img.shields.io/static/v1?label=Product&message=iManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalationor file disclosure. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3485.md b/2024/CVE-2024-3485.md new file mode 100644 index 0000000000..1cd28922fa --- /dev/null +++ b/2024/CVE-2024-3485.md @@ -0,0 +1,17 @@ +### [CVE-2024-3485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3485) +![](https://img.shields.io/static/v1?label=Product&message=iManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Thiscould lead to senstive information disclosure. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3486.md b/2024/CVE-2024-3486.md new file mode 100644 index 0000000000..54f4d8f9db --- /dev/null +++ b/2024/CVE-2024-3486.md @@ -0,0 +1,17 @@ +### [CVE-2024-3486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3486) +![](https://img.shields.io/static/v1?label=Product&message=iManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen) + +### Description + +XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3487.md b/2024/CVE-2024-3487.md new file mode 100644 index 0000000000..1f26cd8115 --- /dev/null +++ b/2024/CVE-2024-3487.md @@ -0,0 +1,17 @@ +### [CVE-2024-3487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3487) +![](https://img.shields.io/static/v1?label=Product&message=iManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. Thisvulnerability allows an attacker to manipulate certain parameters to bypassauthentication. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3488.md b/2024/CVE-2024-3488.md new file mode 100644 index 0000000000..4484a1da96 --- /dev/null +++ b/2024/CVE-2024-3488.md @@ -0,0 +1,17 @@ +### [CVE-2024-3488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3488) +![](https://img.shields.io/static/v1?label=Product&message=iManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +File Upload vulnerability in unauthenticatedsession found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload afile without authentication. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-34954.md b/2024/CVE-2024-34954.md index 38a16dafb3..661048ae1a 100644 --- a/2024/CVE-2024-34954.md +++ b/2024/CVE-2024-34954.md @@ -13,5 +13,5 @@ Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) - https://github.com/ethicalhackerNL/CVEs/blob/main/Budget%20Management/XSS/XSS.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-34955.md b/2024/CVE-2024-34955.md index 58e9b324df..7a1cdb418c 100644 --- a/2024/CVE-2024-34955.md +++ b/2024/CVE-2024-34955.md @@ -13,5 +13,5 @@ Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delet - https://github.com/ethicalhackerNL/CVEs/blob/main/Budget%20Management/SQLi.md #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-35179.md b/2024/CVE-2024-35179.md index dbb780a598..a4f982cd35 100644 --- a/2024/CVE-2024-35179.md +++ b/2024/CVE-2024-35179.md @@ -13,5 +13,5 @@ Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when - https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3634.md b/2024/CVE-2024-3634.md index 4cd487da04..dbb1a85cb6 100644 --- a/2024/CVE-2024-3634.md +++ b/2024/CVE-2024-3634.md @@ -13,5 +13,5 @@ The month name translation benaceur WordPress plugin before 2.3.8 does not sanit - https://wpscan.com/vulnerability/76e000e0-314f-4e39-8871-68bf8cc95b22/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3744.md b/2024/CVE-2024-3744.md new file mode 100644 index 0000000000..5e11ae802e --- /dev/null +++ b/2024/CVE-2024-3744.md @@ -0,0 +1,17 @@ +### [CVE-2024-3744](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3744) +![](https://img.shields.io/static/v1?label=Product&message=azure-file-csi-driver&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=v1.29.3%3C%3D%20%3C%3D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) + +### Description + +A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3748.md b/2024/CVE-2024-3748.md index 51f38bc4e1..963bccfc0d 100644 --- a/2024/CVE-2024-3748.md +++ b/2024/CVE-2024-3748.md @@ -13,5 +13,5 @@ The SP Project & Document Manager WordPress plugin through 4.71 is missing valid - https://wpscan.com/vulnerability/01427cfb-5c51-4524-9b9d-e09a603bc34c/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3749.md b/2024/CVE-2024-3749.md index a72989c223..288a6ef4fa 100644 --- a/2024/CVE-2024-3749.md +++ b/2024/CVE-2024-3749.md @@ -13,5 +13,5 @@ The SP Project & Document Manager WordPress plugin through 4.71 lacks proper acc - https://wpscan.com/vulnerability/d14bb16e-ce1d-4c31-8791-bc63174897c0/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3822.md b/2024/CVE-2024-3822.md index 53677ae60f..c2e85dad9e 100644 --- a/2024/CVE-2024-3822.md +++ b/2024/CVE-2024-3822.md @@ -13,5 +13,5 @@ The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and - https://wpscan.com/vulnerability/ff5411b1-9e04-4e72-a502-e431d774642a/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3823.md b/2024/CVE-2024-3823.md index 94f958bb89..6b353b6c7f 100644 --- a/2024/CVE-2024-3823.md +++ b/2024/CVE-2024-3823.md @@ -14,5 +14,5 @@ The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF che - https://wpscan.com/vulnerability/a138215c-4b8c-4182-978f-d21ce25070d3/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3824.md b/2024/CVE-2024-3824.md index e96dda3bb9..097a834c5a 100644 --- a/2024/CVE-2024-3824.md +++ b/2024/CVE-2024-3824.md @@ -13,5 +13,5 @@ The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF che - https://wpscan.com/vulnerability/749ae334-b1d1-421e-a04c-35464c961a4a/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3892.md b/2024/CVE-2024-3892.md new file mode 100644 index 0000000000..43960258a3 --- /dev/null +++ b/2024/CVE-2024-3892.md @@ -0,0 +1,17 @@ +### [CVE-2024-3892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3892) +![](https://img.shields.io/static/v1?label=Product&message=Telerik%20UI%20for%20WinForms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=v2021.1.122%3C%20v2024.2.514%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3967.md b/2024/CVE-2024-3967.md new file mode 100644 index 0000000000..b0536a75bc --- /dev/null +++ b/2024/CVE-2024-3967.md @@ -0,0 +1,17 @@ +### [CVE-2024-3967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3967) +![](https://img.shields.io/static/v1?label=Product&message=iManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Remote CodeExecution has been discovered inOpenText™ iManager 3.2.6.0200. The vulnerability cantrigger remote code execution unisng unsafe java object deserialization. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3968.md b/2024/CVE-2024-3968.md new file mode 100644 index 0000000000..849ef6a43e --- /dev/null +++ b/2024/CVE-2024-3968.md @@ -0,0 +1,17 @@ +### [CVE-2024-3968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3968) +![](https://img.shields.io/static/v1?label=Product&message=iManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Remote CodeExecution has been discovered inOpenText™ iManager 3.2.6.0200. The vulnerability cantrigger remote code execution using custom file upload task. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-3970.md b/2024/CVE-2024-3970.md new file mode 100644 index 0000000000..8f921e02dc --- /dev/null +++ b/2024/CVE-2024-3970.md @@ -0,0 +1,17 @@ +### [CVE-2024-3970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3970) +![](https://img.shields.io/static/v1?label=Product&message=iManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Thiscould lead to senstive information disclosure by directory traversal. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4010.md b/2024/CVE-2024-4010.md new file mode 100644 index 0000000000..80a557d89e --- /dev/null +++ b/2024/CVE-2024-4010.md @@ -0,0 +1,17 @@ +### [CVE-2024-4010](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4010) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Subscribers%20by%20Icegram%20Express%20%E2%80%93%20Email%20Marketing%2C%20Newsletters%2C%20Automation%20for%20WordPress%20%26%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.7.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4040.md b/2024/CVE-2024-4040.md index ff3d2d3483..da624de538 100644 --- a/2024/CVE-2024-4040.md +++ b/2024/CVE-2024-4040.md @@ -14,6 +14,7 @@ A server side template injection vulnerability in CrushFTP in all versions befor - https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ #### Github +- https://github.com/1ncendium/CVE-2024-4040 - https://github.com/Mohammaddvd/CVE-2024-4040 - https://github.com/Mufti22/CVE-2024-4040 - https://github.com/Ostorlab/KEV diff --git a/2024/CVE-2024-4200.md b/2024/CVE-2024-4200.md new file mode 100644 index 0000000000..a50e496afa --- /dev/null +++ b/2024/CVE-2024-4200.md @@ -0,0 +1,17 @@ +### [CVE-2024-4200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4200) +![](https://img.shields.io/static/v1?label=Product&message=Telerik%20Reporting&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0.0%3C%2018.1.24.2.514%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4202.md b/2024/CVE-2024-4202.md new file mode 100644 index 0000000000..11034f944d --- /dev/null +++ b/2024/CVE-2024-4202.md @@ -0,0 +1,17 @@ +### [CVE-2024-4202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4202) +![](https://img.shields.io/static/v1?label=Product&message=Telerik%20Reporting&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0.0%3C%2018.1.24.2.514%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4357.md b/2024/CVE-2024-4357.md new file mode 100644 index 0000000000..6260af99e7 --- /dev/null +++ b/2024/CVE-2024-4357.md @@ -0,0 +1,17 @@ +### [CVE-2024-4357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4357) +![](https://img.shields.io/static/v1?label=Product&message=Telerik%20Report%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0.0%3C%2010.0.24.514%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen) + +### Description + +An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4363.md b/2024/CVE-2024-4363.md new file mode 100644 index 0000000000..056965cd6c --- /dev/null +++ b/2024/CVE-2024-4363.md @@ -0,0 +1,17 @@ +### [CVE-2024-4363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4363) +![](https://img.shields.io/static/v1?label=Product&message=Visual%20Portfolio%2C%20Photo%20Gallery%20%26%20Post%20Grid&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4370.md b/2024/CVE-2024-4370.md new file mode 100644 index 0000000000..3d5646a0b9 --- /dev/null +++ b/2024/CVE-2024-4370.md @@ -0,0 +1,17 @@ +### [CVE-2024-4370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4370) +![](https://img.shields.io/static/v1?label=Product&message=WPZOOM%20Addons%20for%20Elementor%20(Templates%2C%20Widgets)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.36%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4561.md b/2024/CVE-2024-4561.md new file mode 100644 index 0000000000..9479a1d791 --- /dev/null +++ b/2024/CVE-2024-4561.md @@ -0,0 +1,17 @@ +### [CVE-2024-4561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4561) +![](https://img.shields.io/static/v1?label=Product&message=WhatsUp%20Gold&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4562.md b/2024/CVE-2024-4562.md new file mode 100644 index 0000000000..28882a89c8 --- /dev/null +++ b/2024/CVE-2024-4562.md @@ -0,0 +1,17 @@ +### [CVE-2024-4562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4562) +![](https://img.shields.io/static/v1?label=Product&message=WhatsUp%20Gold&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality.  Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4622.md b/2024/CVE-2024-4622.md new file mode 100644 index 0000000000..0f3643ce66 --- /dev/null +++ b/2024/CVE-2024-4622.md @@ -0,0 +1,17 @@ +### [CVE-2024-4622](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4622) +![](https://img.shields.io/static/v1?label=Product&message=Hypercharger%20EV%20Charger&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20all%20versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1392&color=brighgreen) + +### Description + +If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4636.md b/2024/CVE-2024-4636.md new file mode 100644 index 0000000000..b34f984b19 --- /dev/null +++ b/2024/CVE-2024-4636.md @@ -0,0 +1,17 @@ +### [CVE-2024-4636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4636) +![](https://img.shields.io/static/v1?label=Product&message=Image%20Optimization%20by%20Optimole%20%E2%80%93%20Lazy%20Load%2C%20CDN%2C%20Convert%20WebP%20%26%20AVIF&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.12.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4666.md b/2024/CVE-2024-4666.md new file mode 100644 index 0000000000..c7a9dc5a99 --- /dev/null +++ b/2024/CVE-2024-4666.md @@ -0,0 +1,17 @@ +### [CVE-2024-4666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4666) +![](https://img.shields.io/static/v1?label=Product&message=Borderless%20%E2%80%93%20Widgets%2C%20Elements%2C%20Templates%20and%20Toolkit%20for%20Elementor%20%26%20Gutenberg&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.5.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4670.md b/2024/CVE-2024-4670.md new file mode 100644 index 0000000000..ebfa788e39 --- /dev/null +++ b/2024/CVE-2024-4670.md @@ -0,0 +1,17 @@ +### [CVE-2024-4670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4670) +![](https://img.shields.io/static/v1?label=Product&message=All-in-One%20Video%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-98%20Improper%20Control%20of%20Filename%20for%20Include%2FRequire%20Statement%20in%20PHP%20Program%20('PHP%20Remote%20File%20Inclusion')&color=brighgreen) + +### Description + +The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4702.md b/2024/CVE-2024-4702.md new file mode 100644 index 0000000000..4de22ac7bd --- /dev/null +++ b/2024/CVE-2024-4702.md @@ -0,0 +1,17 @@ +### [CVE-2024-4702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4702) +![](https://img.shields.io/static/v1?label=Product&message=Mega%20Elements%20%E2%80%93%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4761.md b/2024/CVE-2024-4761.md index 723d2cdc36..5d5b9f0139 100644 --- a/2024/CVE-2024-4761.md +++ b/2024/CVE-2024-4761.md @@ -13,6 +13,10 @@ Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a rem No PoCs from references. #### Github +- https://github.com/dan-mba/python-selenium-news - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/michredteam/CVE-2024-4761 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/securitycipher/daily-bugbounty-writeups +- https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-4837.md b/2024/CVE-2024-4837.md new file mode 100644 index 0000000000..64a0ea3b17 --- /dev/null +++ b/2024/CVE-2024-4837.md @@ -0,0 +1,17 @@ +### [CVE-2024-4837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4837) +![](https://img.shields.io/static/v1?label=Product&message=Telerik%20Report%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0.0%3C%2010.1.24.514%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4903.md b/2024/CVE-2024-4903.md new file mode 100644 index 0000000000..0a33794d50 --- /dev/null +++ b/2024/CVE-2024-4903.md @@ -0,0 +1,17 @@ +### [CVE-2024-4903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4903) +![](https://img.shields.io/static/v1?label=Product&message=OA&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202017%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument M_ID_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264436. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/github.txt b/github.txt index 494d58b3dc..1115bfffd7 100644 --- a/github.txt +++ b/github.txt @@ -56929,6 +56929,7 @@ CVE-2019-1006 - https://github.com/521526/CVE-2019-1006 CVE-2019-10061 - https://github.com/ossf-cve-benchmark/CVE-2019-10061 CVE-2019-10063 - https://github.com/ARPSyndicate/cvemon CVE-2019-10063 - https://github.com/hartwork/antijack +CVE-2019-10063 - https://github.com/timothee-chauvin/eyeballvul CVE-2019-10067 - https://github.com/Live-Hack-CVE/CVE-2019-10067 CVE-2019-10068 - https://github.com/ARPSyndicate/cvemon CVE-2019-10068 - https://github.com/ARPSyndicate/kenzer-templates @@ -62239,6 +62240,7 @@ CVE-2019-11460 - https://github.com/ARPSyndicate/cvemon CVE-2019-11460 - https://github.com/hartwork/antijack CVE-2019-11461 - https://github.com/ARPSyndicate/cvemon CVE-2019-11461 - https://github.com/hartwork/antijack +CVE-2019-11461 - https://github.com/timothee-chauvin/eyeballvul CVE-2019-11477 - https://github.com/0xT11/CVE-POC CVE-2019-11477 - https://github.com/ARPSyndicate/cvemon CVE-2019-11477 - https://github.com/DevOps-spb-org/Linux-docs @@ -69005,6 +69007,7 @@ CVE-2019-20634 - https://github.com/gmh5225/Awesome-ML-Security_ CVE-2019-20634 - https://github.com/moohax/Proof-Pudding CVE-2019-20634 - https://github.com/trailofbits/awesome-ml-security CVE-2019-20636 - https://github.com/ARPSyndicate/cvemon +CVE-2019-20636 - https://github.com/timothee-chauvin/eyeballvul CVE-2019-20790 - https://github.com/ARPSyndicate/cvemon CVE-2019-20790 - https://github.com/Mr-Anonymous002/espoofer CVE-2019-20790 - https://github.com/Teutades/Espoofer @@ -83456,6 +83459,7 @@ CVE-2020-1938 - https://github.com/veo/vscan CVE-2020-1938 - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough CVE-2020-1938 - https://github.com/w4fz5uck5/CVE-2020-1938-Clean-Version CVE-2020-1938 - https://github.com/weeka10/-hktalent-TOP +CVE-2020-1938 - https://github.com/whatboxapp/GhostCat-LFI-exp CVE-2020-1938 - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- CVE-2020-1938 - https://github.com/woaiqiukui/CVE-2020-1938TomcatAjpScanner CVE-2020-1938 - https://github.com/woodpecker-appstore/tomcat-vuldb @@ -138973,6 +138977,7 @@ CVE-2023-20178 - https://github.com/em1ga3l/cve-msrc-extractor CVE-2023-20178 - https://github.com/johe123qwe/github-trending CVE-2023-20178 - https://github.com/lions2012/Penetration_Testing_POC CVE-2023-20178 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-20178 - https://github.com/xct/CVE-2024-27460 CVE-2023-20180 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-20181 - https://github.com/ahmedvienna/CVEs-and-Vulnerabilities CVE-2023-20188 - https://github.com/ahmedvienna/CVEs-and-Vulnerabilities @@ -141020,6 +141025,7 @@ CVE-2023-24955 - https://github.com/Ostorlab/KEV CVE-2023-24955 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-24955 - https://github.com/former-farmer/CVE-2023-24955-PoC CVE-2023-24955 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-24955 - https://github.com/postmodern/cisa-kev.rb CVE-2023-24998 - https://github.com/ARPSyndicate/cvemon CVE-2023-24998 - https://github.com/Threekiii/CVE CVE-2023-24998 - https://github.com/muneebaashiq/MBProjects @@ -156712,6 +156718,8 @@ CVE-2024-1512 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-1512 - https://github.com/rat-c/CVE-2024-1512 CVE-2024-1514 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1516 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-1520 - https://github.com/timothee-chauvin/eyeballvul +CVE-2024-1522 - https://github.com/timothee-chauvin/eyeballvul CVE-2024-1523 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1525 - https://github.com/NaInSec/CVE-LIST CVE-2024-1526 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -156746,6 +156754,7 @@ CVE-2024-1562 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1563 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1564 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1566 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-1569 - https://github.com/timothee-chauvin/eyeballvul CVE-2024-1579 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1580 - https://github.com/NaInSec/CVE-LIST CVE-2024-1582 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -156754,6 +156763,8 @@ CVE-2024-1589 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1590 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1597 - https://github.com/NaInSec/CVE-LIST CVE-2024-1597 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-1600 - https://github.com/timothee-chauvin/eyeballvul +CVE-2024-1601 - https://github.com/timothee-chauvin/eyeballvul CVE-2024-1603 - https://github.com/NaInSec/CVE-LIST CVE-2024-1604 - https://github.com/DojoSecurity/DojoSecurity CVE-2024-1604 - https://github.com/NaInSec/CVE-LIST @@ -156777,6 +156788,7 @@ CVE-2024-1635 - https://github.com/NaInSec/CVE-LIST CVE-2024-1636 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1642470 - https://github.com/Symbolexe/CVE-2024-1642470 CVE-2024-1642470 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-1646 - https://github.com/timothee-chauvin/eyeballvul CVE-2024-1647 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1648 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1651 - https://github.com/Whiteh4tWolf/CVE-2024-1651-PoC @@ -157917,6 +157929,8 @@ CVE-2024-22024 - https://github.com/netlas-io/netlas-dorks CVE-2024-22024 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22025 - https://github.com/NaInSec/CVE-LIST CVE-2024-22025 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-22026 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-22026 - https://github.com/securekomodo/CVE-2024-22026 CVE-2024-2203 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22039 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22040 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -159236,6 +159250,8 @@ CVE-2024-25063 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25064 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25065 - https://github.com/Threekiii/CVE CVE-2024-25065 - https://github.com/tanjiti/sec_profile +CVE-2024-25078 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-25079 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25081 - https://github.com/NaInSec/CVE-LIST CVE-2024-25081 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25082 - https://github.com/NaInSec/CVE-LIST @@ -159583,6 +159599,7 @@ CVE-2024-25629 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2563 - https://github.com/NaInSec/CVE-LIST CVE-2024-2564 - https://github.com/NaInSec/CVE-LIST CVE-2024-2564 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-25641 - https://github.com/tanjiti/sec_profile CVE-2024-25642 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25643 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25644 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -159806,6 +159823,7 @@ CVE-2024-25991 - https://github.com/NaInSec/CVE-LIST CVE-2024-25992 - https://github.com/NaInSec/CVE-LIST CVE-2024-25993 - https://github.com/NaInSec/CVE-LIST CVE-2024-26019 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-26026 - https://github.com/GRTMALDET/Big-IP-Next-CVE-2024-26026 CVE-2024-26026 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-26026 - https://github.com/passwa11/CVE-2024-26026 CVE-2024-26026 - https://github.com/wjlin0/poc-doc @@ -160464,6 +160482,7 @@ CVE-2024-27351 - https://github.com/NaInSec/CVE-LIST CVE-2024-27351 - https://github.com/ch4n3-yoon/ch4n3-yoon CVE-2024-27351 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27351 - https://github.com/mdisec/mdisec-twitch-yayinlari +CVE-2024-27353 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27356 - https://github.com/aggressor0/GL.iNet-Exploits CVE-2024-27356 - https://github.com/aggressor0/GL.iNet-RCE CVE-2024-27356 - https://github.com/aggressor0/GL.iNet-Vulnerabilities @@ -160490,6 +160509,7 @@ CVE-2024-27456 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2746 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27460 - https://github.com/Alaatk/CVE-2024-27460 CVE-2024-27460 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-27460 - https://github.com/xct/CVE-2024-27460 CVE-2024-27462 - https://github.com/Alaatk/CVE-2024-27462 CVE-2024-27462 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-27474 - https://github.com/dead1nfluence/Leantime-POC @@ -160539,6 +160559,7 @@ CVE-2024-2758 - https://github.com/Ampferl/poc_http2-continuation-flood CVE-2024-2758 - https://github.com/DrewskyDev/H2Flood CVE-2024-2758 - https://github.com/Vos68/HTTP2-Continuation-Flood-PoC CVE-2024-2759 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-27593 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2760 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27612 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27613 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -160656,6 +160677,7 @@ CVE-2024-27956 - https://github.com/AiGptCode/WordPress-Auto-Admin-Account-and-R CVE-2024-27956 - https://github.com/FoxyProxys/CVE-2024-27956 CVE-2024-27956 - https://github.com/NaInSec/CVE-LIST CVE-2024-27956 - https://github.com/Ostorlab/KEV +CVE-2024-27956 - https://github.com/W3BW/CVE-2024-27956-RCE-File-Package CVE-2024-27956 - https://github.com/X-Projetion/CVE-2024-27956-WORDPRESS-RCE-PLUGIN CVE-2024-27956 - https://github.com/diego-tella/CVE-2024-27956-RCE CVE-2024-27956 - https://github.com/k3ppf0r/CVE-2024-27956 @@ -160732,6 +160754,7 @@ CVE-2024-28039 - https://github.com/NaInSec/CVE-LIST CVE-2024-28039 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28040 - https://github.com/NaInSec/CVE-LIST CVE-2024-28041 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-28042 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28045 - https://github.com/NaInSec/CVE-LIST CVE-2024-2805 - https://github.com/NaInSec/CVE-LIST CVE-2024-2805 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -160753,6 +160776,7 @@ CVE-2024-28085 - https://github.com/giterlizzi/secdb-feeds CVE-2024-28085 - https://github.com/kherrick/lobsters CVE-2024-28085 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-28085 - https://github.com/skyler-ferrante/CVE-2024-28085 +CVE-2024-28087 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28088 - https://github.com/levpachmanov/cve-2024-28088-poc CVE-2024-28088 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-28088 - https://github.com/seal-community/patches @@ -161563,6 +161587,7 @@ CVE-2024-29890 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29891 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29892 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29893 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-29895 - https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC CVE-2024-29896 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29897 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29898 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162080,6 +162105,7 @@ CVE-2024-31209 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31213 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31214 - https://github.com/nvn1729/advisories CVE-2024-31215 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-31216 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31218 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31220 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31221 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162393,6 +162419,9 @@ CVE-2024-33153 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33155 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33161 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33164 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3317 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3318 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3319 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33211 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33212 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33213 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162580,6 +162609,7 @@ CVE-2024-3400 - https://github.com/swaybs/CVE-2024-3400 CVE-2024-3400 - https://github.com/sxyrxyy/CVE-2024-3400-Check CVE-2024-3400 - https://github.com/tanjiti/sec_profile CVE-2024-3400 - https://github.com/terminalJunki3/CVE-2024-3400-Checker +CVE-2024-3400 - https://github.com/tk-sawada/IPLineFinder CVE-2024-3400 - https://github.com/toxyl/lscve CVE-2024-3400 - https://github.com/vulsio/go-cve-dictionary CVE-2024-3400 - https://github.com/wjlin0/poc-doc @@ -162595,6 +162625,7 @@ CVE-2024-34061 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34064 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34069 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34078 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-34082 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34084 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34089 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34090 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162693,6 +162724,7 @@ CVE-2024-3460 - https://github.com/DojoSecurity/DojoSecurity CVE-2024-3460 - https://github.com/afine-com/research CVE-2024-3461 - https://github.com/DojoSecurity/DojoSecurity CVE-2024-3461 - https://github.com/afine-com/research +CVE-2024-34716 - https://github.com/aelmokhtar/CVE-2024-34716_PoC CVE-2024-34716 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34717 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34771 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162700,9 +162732,17 @@ CVE-2024-34772 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34773 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3479 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3480 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3483 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3484 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3485 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3486 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3487 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3488 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34897 - https://github.com/murataydemir/CVE-2024-23897 CVE-2024-34914 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34950 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-34954 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-34955 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-35009 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-35010 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-35011 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162713,6 +162753,7 @@ CVE-2024-3512 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3514 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3515 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3516 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-35179 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-35205 - https://github.com/Ch0pin/related_work CVE-2024-3521 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3522 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162752,6 +162793,7 @@ CVE-2024-3618 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3619 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3620 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3628 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3634 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3645 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3652 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3661 - https://github.com/apiverve/news-API @@ -162779,6 +162821,9 @@ CVE-2024-3707 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3729 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-3735 - https://github.com/ahmedvienna/CVEs-and-Vulnerabilities CVE-2024-3737 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3744 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3748 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3749 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3757 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3758 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3759 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162807,6 +162852,9 @@ CVE-2024-3807 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3807 - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc CVE-2024-3817 - https://github.com/dellalibera/dellalibera CVE-2024-3817 - https://github.com/otms61/vex_dir +CVE-2024-3822 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3823 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3824 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3832 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3833 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3834 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162833,6 +162881,7 @@ CVE-2024-3867 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3868 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3889 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3891 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3892 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3895 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3897 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3914 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162842,11 +162891,15 @@ CVE-2024-3936 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3942 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3951 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3957 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3967 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3968 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-3970 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3985 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3991 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4000 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4003 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4006 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4010 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4021 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4024 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4029 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162854,6 +162907,7 @@ CVE-2024-4031 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4033 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4034 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4036 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4040 - https://github.com/1ncendium/CVE-2024-4040 CVE-2024-4040 - https://github.com/Mohammaddvd/CVE-2024-4040 CVE-2024-4040 - https://github.com/Mufti22/CVE-2024-4040 CVE-2024-4040 - https://github.com/Ostorlab/KEV @@ -162905,6 +162959,8 @@ CVE-2024-4171 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4172 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4186 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4199 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4200 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4202 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4203 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4208 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4226 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162935,8 +162991,11 @@ CVE-2024-4340 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4345 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4346 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4349 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4357 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4363 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4368 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4369 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4370 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4373 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4392 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4393 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162980,6 +163039,8 @@ CVE-2024-4548 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4549 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4558 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4559 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4561 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4562 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4582 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4583 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4584 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162999,7 +163060,9 @@ CVE-2024-4599 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4600 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4601 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4618 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4622 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4624 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4636 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4644 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4645 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4646 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163012,13 +163075,20 @@ CVE-2024-4652 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4653 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4654 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4656 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4666 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4670 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4671 - https://github.com/apiverve/news-API CVE-2024-4671 - https://github.com/tanjiti/sec_profile CVE-2024-4701 - https://github.com/JoeBeeton/CVE-2024-4701-POC CVE-2024-4701 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-4702 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4734 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4761 - https://github.com/dan-mba/python-selenium-news CVE-2024-4761 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4761 - https://github.com/michredteam/CVE-2024-4761 CVE-2024-4761 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-4761 - https://github.com/securitycipher/daily-bugbounty-writeups +CVE-2024-4761 - https://github.com/tanjiti/sec_profile CVE-2024-4801 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4802 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4803 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163041,6 +163111,7 @@ CVE-2024-4822 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4823 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4824 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4825 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4837 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4840 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4847 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4853 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163052,6 +163123,7 @@ CVE-2024-4871 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-48788 - https://github.com/mrobsidian1/CVE-2023-48788-Proof-of-concept-SQLinj CVE-2024-4893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4894 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4903 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-54321 - https://github.com/runwuf/clickhouse-test CVE-2024-5555 - https://github.com/JohnnyBradvo/CVE-2024-5555 CVE-2024-5555 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/references.txt b/references.txt index c6dbba0ad2..292974b0f2 100644 --- a/references.txt +++ b/references.txt @@ -42278,10 +42278,12 @@ CVE-2017-12149 - https://github.com/gottburgm/Exploits/tree/master/CVE-2017-1214 CVE-2017-12153 - http://seclists.org/oss-sec/2017/q3/437 CVE-2017-12153 - https://usn.ubuntu.com/3583-2/ CVE-2017-12154 - https://usn.ubuntu.com/3698-1/ +CVE-2017-12154 - https://usn.ubuntu.com/3698-2/ CVE-2017-12190 - https://usn.ubuntu.com/3582-1/ CVE-2017-12190 - https://usn.ubuntu.com/3583-2/ CVE-2017-12192 - https://usn.ubuntu.com/3583-2/ CVE-2017-12193 - https://usn.ubuntu.com/3698-1/ +CVE-2017-12193 - https://usn.ubuntu.com/3698-2/ CVE-2017-12199 - https://github.com/kevins1022/cve/blob/master/wordpress-product-catalog.md CVE-2017-12200 - https://github.com/kevins1022/cve/blob/master/wordpress-product-catalog.md CVE-2017-12374 - https://bugzilla.clamav.net/show_bug.cgi?id=11939 @@ -43191,6 +43193,7 @@ CVE-2017-15225 - https://sourceware.org/bugzilla/show_bug.cgi?id=22212 CVE-2017-15232 - https://github.com/mozilla/mozjpeg/issues/268 CVE-2017-15265 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 CVE-2017-15265 - https://usn.ubuntu.com/3698-1/ +CVE-2017-15265 - https://usn.ubuntu.com/3698-2/ CVE-2017-15265 - https://www.oracle.com/security-alerts/cpujul2020.html CVE-2017-15266 - https://bugzilla.redhat.com/show_bug.cgi?id=1499599 CVE-2017-15267 - https://bugzilla.redhat.com/show_bug.cgi?id=1499600 @@ -48633,6 +48636,7 @@ CVE-2018-11290 - https://www.qualcomm.com/company/product-security/bulletins CVE-2018-11291 - https://www.qualcomm.com/company/product-security/bulletins CVE-2018-11292 - https://www.qualcomm.com/company/product-security/bulletins CVE-2018-1130 - https://usn.ubuntu.com/3698-1/ +CVE-2018-1130 - https://usn.ubuntu.com/3698-2/ CVE-2018-11305 - https://www.qualcomm.com/company/product-security/bulletins CVE-2018-11307 - https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 CVE-2018-11307 - https://www.oracle.com/security-alerts/cpuapr2020.html @@ -53012,6 +53016,7 @@ CVE-2018-3646 - https://www.oracle.com/technetwork/security-advisory/cpujan2019- CVE-2018-3665 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 CVE-2018-3665 - https://usn.ubuntu.com/3696-1/ CVE-2018-3665 - https://usn.ubuntu.com/3698-1/ +CVE-2018-3665 - https://usn.ubuntu.com/3698-2/ CVE-2018-3665 - https://www.oracle.com/security-alerts/cpujul2020.html CVE-2018-3693 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 CVE-2018-3693 - https://www.oracle.com/security-alerts/cpujul2020.html @@ -53694,6 +53699,7 @@ CVE-2018-5731 - https://improsec.com/blog/heimdal-advisory-2 CVE-2018-5737 - https://kb.isc.org/docs/aa-01606 CVE-2018-5747 - https://github.com/ckolivas/lrzip/issues/90 CVE-2018-5750 - https://usn.ubuntu.com/3698-1/ +CVE-2018-5750 - https://usn.ubuntu.com/3698-2/ CVE-2018-5751 - http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html CVE-2018-5751 - http://seclists.org/fulldisclosure/2018/Jun/23 CVE-2018-5751 - https://www.exploit-db.com/exploits/44881/ @@ -53742,6 +53748,7 @@ CVE-2018-5796 - https://gtacknowledge.extremenetworks.com/articles/Vulnerability CVE-2018-5797 - https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003 CVE-2018-5799 - http://seclists.org/fulldisclosure/2018/Mar/58 CVE-2018-5803 - https://usn.ubuntu.com/3698-1/ +CVE-2018-5803 - https://usn.ubuntu.com/3698-2/ CVE-2018-5803 - https://www.spinics.net/lists/netdev/msg482523.html CVE-2018-5814 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43 CVE-2018-5814 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11 @@ -54209,6 +54216,7 @@ CVE-2018-6913 - https://www.oracle.com/security-alerts/cpujul2020.html CVE-2018-6914 - https://hackerone.com/reports/302298 CVE-2018-6922 - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html CVE-2018-6927 - https://usn.ubuntu.com/3698-1/ +CVE-2018-6927 - https://usn.ubuntu.com/3698-2/ CVE-2018-6928 - https://www.exploit-db.com/exploits/44030/ CVE-2018-6936 - https://www.exploit-db.com/exploits/44219/ CVE-2018-6940 - http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt @@ -54474,9 +54482,11 @@ CVE-2018-7752 - https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97fe CVE-2018-7752 - https://github.com/gpac/gpac/issues/997 CVE-2018-7755 - https://usn.ubuntu.com/3696-1/ CVE-2018-7755 - https://usn.ubuntu.com/3698-1/ +CVE-2018-7755 - https://usn.ubuntu.com/3698-2/ CVE-2018-7756 - http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt CVE-2018-7756 - https://www.exploit-db.com/exploits/44275/ CVE-2018-7757 - https://usn.ubuntu.com/3698-1/ +CVE-2018-7757 - https://usn.ubuntu.com/3698-2/ CVE-2018-7765 - http://seclists.org/fulldisclosure/2019/May/26 CVE-2018-7777 - http://packetstormsecurity.com/files/156184/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html CVE-2018-7801 - http://seclists.org/fulldisclosure/2021/Jul/32 @@ -93711,6 +93721,9 @@ CVE-2024-0731 - https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt CVE-2024-0732 - https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt CVE-2024-0736 - https://0day.today/exploit/39249 CVE-2024-0737 - https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html +CVE-2024-0741 - https://bugzilla.mozilla.org/show_bug.cgi?id=1864587 +CVE-2024-0745 - https://bugzilla.mozilla.org/show_bug.cgi?id=1871838 +CVE-2024-0750 - https://bugzilla.mozilla.org/show_bug.cgi?id=1863083 CVE-2024-0763 - https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5 CVE-2024-0765 - https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786 CVE-2024-0769 - https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md @@ -94934,6 +94947,7 @@ CVE-2024-27570 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/generate_c CVE-2024-27571 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md CVE-2024-27572 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md CVE-2024-27592 - https://medium.com/@nicatabbasov00002/open-redirect-vulnerability-62986ccaf0f7 +CVE-2024-27593 - https://blog.smarttecs.com/posts/2024-002-cve-2024-27593/ CVE-2024-2760 - https://fluidattacks.com/advisories/kent/ CVE-2024-2761 - https://wpscan.com/vulnerability/e092ccdc-7ea1-4937-97b7-4cdbff5e74e5/ CVE-2024-27619 - https://github.com/ioprojecton/dir-3040_dos