pocorexp.nsa.im Open in urlscan Pro
188.114.97.3 Public Scan

Back to summary

Submitted URL:
http://pocorexp.nsa.im/
Effective URL:
https://pocorexp.nsa.im/
Submission: On November 25 via api (November 25th 2024, 5:51:23 pm UTC) from US — Scanned from NL

Form analysis
1 forms found in the DOM

<form id="searchbar-outer" class="searchbar-outer">
  <input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>

Text Content

1. 2024
2. 2023
3. 2022
4. 2021
5. 2020
6. 2019
7. 2018
8. 2017
9. 2016
10. 2015
11. 2014
12. 2013
13. 2012
14. 2011
15. 2010
16. 2009
17. 2008
18. 2007
19. 2006
20. 2005
21. 2004
22. 2003
23. 2002
24. 2001
25. 2000
26. 1999

* Light
* Rust
* Coal
* Navy
* Ayu

CVE-2024-39345

** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.

* https://github.com/actuator/BSIDES-Security-Las-Vegas-2024

CVE-2024-39306

* https://github.com/apena-ba/CVE-2024-39306

CVE-2024-39304

* https://github.com/apena-ba/CVE-2024-39304

CVE-2024-39250

* https://github.com/efrann/CVE-2024-39250

CVE-2024-39248

* https://github.com/jasonthename/CVE-2024-39248

CVE-2024-39211

* https://github.com/artemy-ccrsky/CVE-2024-39211

CVE-2024-39210

* https://github.com/KRookieSec/CVE-2024-39210

CVE-2024-39205

* https://github.com/Marven11/CVE-2024-39205-Pyload-RCE

CVE-2024-39203

* https://github.com/5r1an/CVE-2024-39203

CVE-2024-39081

* https://github.com/Amirasaiyad/BLE-TPMS

CVE-2024-39069

* https://github.com/AungSoePaing/CVE-2024-39069

CVE-2024-39031

* https://github.com/toneemarqus/CVE-2024-39031

CVE-2024-38856

* https://github.com/securelayer7/CVE-2024-38856_Scanner

* https://github.com/0x20c/CVE-2024-38856-EXP

* https://github.com/BBD-YZZ/CVE-2024-38856-RCE

* https://github.com/ThatNotEasy/CVE-2024-38856

* https://github.com/Praison001/CVE-2024-38856-ApacheOfBiz

* https://github.com/emanueldosreis/CVE-2024-38856

* https://github.com/XiaomingX/cve-2024-38856-poc

* https://github.com/codeb0ss/CVE-2024-38856-PoC

CVE-2024-38821

* https://github.com/mouadk/cve-2024-38821

CVE-2024-38816

* https://github.com/WULINPIN/CVE-2024-38816-PoC

* https://github.com/startsw1th/cve-2024-38816-demo

* https://github.com/Galaxy-system/cve-2024-38816

CVE-2024-38812

* https://github.com/groshi/CVE-2024-38812-POC-5-Hands-Private

CVE-2024-38793

* https://github.com/ret2desync/CVE-2024-38793-PoC

CVE-2024-38761

* https://github.com/codeb0ss/CVEploiterv2

CVE-2024-38759

* https://github.com/codeb0ss/CVEploiterv2

CVE-2024-38537

* https://github.com/Havoc10-sw/Detect_polyfill_CVE-2024-38537-

CVE-2024-38526

* https://github.com/putget/pollypull

CVE-2024-38477

* https://github.com/mrmtwoj/apache-vulnerability-testing

CVE-2024-38476

* https://github.com/mrmtwoj/apache-vulnerability-testing

CVE-2024-38475

* https://github.com/mrmtwoj/apache-vulnerability-testing

* https://github.com/p0in7s/CVE-2024-38475

CVE-2024-38474

* https://github.com/mrmtwoj/apache-vulnerability-testing

CVE-2024-38473

* https://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template

* https://github.com/mrmtwoj/apache-vulnerability-testing

* https://github.com/Abdurahmon3236/CVE-2024-38473

CVE-2024-38472

* https://github.com/mrmtwoj/apache-vulnerability-testing

* https://github.com/Abdurahmon3236/CVE-2024-38472

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an
escape sequence to report a window title, in combination with the built-in tmux
integration feature (enabled by default), allows an attacker to inject arbitrary
code into the terminal, a different vulnerability than CVE-2024-38395.

* https://github.com/vin01/poc-cve-2024-38396

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not
honored, and thus remote code execution might occur but "is not trivially
exploitable."

* https://github.com/vin01/poc-cve-2024-38396

CVE-2024-38366

* https://github.com/ReeFSpeK/CocoaPods-RCE_CVE-2024-38366

CVE-2024-38355

Socket.IO is an open source, real-time, bidirectional, event-based,
communication framework. A specially crafted Socket.IO packet can trigger an
uncaught exception on the Socket.IO server, thus killing the Node.js process.
This issue is fixed by commit 15af22fc22 which has been included in
socket.io@4.6.2 (released in May 2023). The fix was backported in the 2.x branch
as well with commit d30630ba10. Users are advised to upgrade. Users unable to
upgrade may attach a listener for the "error" event to catch these errors.

* https://github.com/Y0ursTruly/socketio-cve

CVE-2024-38200

* https://github.com/passtheticket/CVE-2024-38200

CVE-2024-38193

* https://github.com/Nephster/CVE-2024-38193

CVE-2024-38189

* https://github.com/vx7z/CVE-2024-38189

CVE-2024-38144

* https://github.com/Dor00tkit/CVE-2024-38144

CVE-2024-38127

* https://github.com/pwndorei/CVE-2024-38127

CVE-2024-38124

* https://github.com/tadash10/Detailed-Analysis-and-Mitigation-Strategies-for-CVE-2024-38124-and-CVE-2024-43468

CVE-2024-38100

* https://github.com/Florian-Hoth/CVE-2024-38100-RCE-POC

CVE-2024-38080

* https://github.com/pwndorei/CVE-2024-38080

CVE-2024-38077

* https://github.com/qi4L/CVE-2024-38077

* https://github.com/murphysecurity/RDL-detect

* https://github.com/SecStarBot/CVE-2024-38077-POC

* https://github.com/zhuxi1965/CVE-2024-38077-RDLCheck

* https://github.com/mrmtwoj/CVE-2024-38077

* https://github.com/Wlibang/CVE-2024-38077

* https://github.com/BBD-YZZ/fyne-gui

* https://github.com/psl-b/CVE-2024-38077-check

* https://github.com/Sec-Link/CVE-2024-38077

* https://github.com/atlassion/CVE-2024-38077-check

* https://github.com/Destiny0991/check_38077

* https://github.com/amfg145/CVE-2024-38077

* https://github.com/lworld0x00/CVE-2024-38077-notes

CVE-2024-38063

* https://github.com/ynwarcs/CVE-2024-38063

* https://github.com/Sachinart/CVE-2024-38063-poc

* https://github.com/patchpoint/CVE-2024-38063

* https://github.com/diegoalbuquerque/CVE-2024-38063

* https://github.com/ThemeHackers/CVE-2024-38063

* https://github.com/zenzue/CVE-2024-38063-POC

* https://github.com/KernelKraze/CVE-2024-38063_PoC

* https://github.com/haroonawanofficial/CVE-2024-38063-Research-Tool

* https://github.com/PumpkinBridge/Windows-CVE-2024-38063

* https://github.com/thanawee321/CVE-2024-38063

* https://github.com/Th3Tr1ckst3r/CVE-2024-38063

* https://github.com/Th3Tr1ckst3r/Exip6

* https://github.com/becrevex/CVE-2024-38063

* https://github.com/Faizan-Khanx/CVE-2024-38063

* https://github.com/Dragkob/CVE-2024-38063

* https://github.com/AdminPentester/CVE-2024-38063-

* https://github.com/zaneoblaneo/cve_2024_38063_research

* https://github.com/noradlb1/CVE-2024-38063-VB

* https://github.com/ArenaldyP/CVE-2024-38063-Medium

* https://github.com/ps-interactive/cve-2024-38063

* https://github.com/lnx-dvlpr/cve-2024-38063

* https://github.com/p33d/cve-2024-38063

* https://github.com/selenagomez25/CVE-2024-38063

* https://github.com/Brownpanda29/Cve-2024-38063

* https://github.com/idkwastaken/CVE-2024-38063

* https://github.com/dweger-scripts/CVE-2024-38063-Remediation

* https://github.com/AliHj98/cve-2024-38063-Anonyvader

* https://github.com/FrancescoDiSalesGithub/quick-fix-cve-2024-38063

* https://github.com/almogopp/Disable-IPv6-CVE-2024-38063-Fix

CVE-2024-38041

* https://github.com/varwara/CVE-2024-38041

CVE-2024-38036

* https://github.com/hnytgl/CVE-2024-38036

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to
access other customer invoices while signed in as a user. This method allows an
actor to access PII and financial information from another account. The
vulnerability is fixed in 0.4.6.

* https://github.com/uname-s/CVE-2024-37889

CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to
open link in a new tab. The vulnerability allowed to execute JavaScript code by
abusing link href attribute. It affects all users using the Open Link plugin at
version < 1.0.5.

* https://github.com/7Ragnarok7/CVE-2024-37888

CVE-2024-37843

* https://github.com/gsmith257-cyber/CVE-2024-37843-POC

CVE-2024-37791

DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the
keyword parameter at /article/Content/index?class_id.

* https://github.com/czheisenberg/CVE-2024-37791

CVE-2024-37770

* https://github.com/k3ppf0r/CVE-2024-37770

CVE-2024-37765

* https://github.com/Atreb92/cve-2024-37765

CVE-2024-37764

* https://github.com/Atreb92/cve-2024-37764

CVE-2024-37763

* https://github.com/Atreb92/cve-2024-37763

CVE-2024-37762

* https://github.com/Atreb92/cve-2024-37762

CVE-2024-37759

DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression
Language) expression injection vulnerability via the Data Viewing interface.

* https://github.com/crumbledwall/CVE-2024-37759_PoC

CVE-2024-37742

* https://github.com/Eteblue/CVE-2024-37742

CVE-2024-37726

* https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation

* https://github.com/NextGenPentesters/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation

CVE-2024-37713

* https://github.com/fullbbadda1208/CVE-2024-37713

CVE-2024-37393

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514
due to improper validation of user-supplied input. An unauthenticated remote
attacker could exfiltrate data from Active Directory through blind LDAP
injection attacks against the DESKTOP service exposed on the /secserver HTTP
endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the
Local Administrator Password Solution (LAPS) feature.

* https://github.com/optistream/securenvoy-cve-2024-37393

CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate
attributes.

* https://github.com/bartfroklage/CVE-2024-37383-POC

* https://github.com/amirzargham/CVE-2024-37383-exploit

CVE-2024-37147

* https://github.com/0xmupa/CVE-2024-37147-PoC

CVE-2024-37085

* https://github.com/Florian-Hoth/CVE-2024-37085-RCE-POC

* https://github.com/mahmutaymahmutay/CVE-2024-37085

* https://github.com/WTN-arny/CVE-2024-37085

* https://github.com/WTN-arny/Vmware-ESXI

CVE-2024-37084

* https://github.com/Ly4j/CVE-2024-37084-Exp

* https://github.com/Kayiyan/CVE-2024-37084-Poc

* https://github.com/vuhz/CVE-2024-37084

* https://github.com/A0be/CVE-2024-37084-Exp

* https://github.com/XiaomingX/cve-2024-37084-Poc

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities
due to misconfiguration of sudo. An authenticated local user with
non-administrative privileges may exploit these issues to elevate privileges to
root on vCenter Server Appliance.

* https://github.com/Mr-r00t11/CVE-2024-37081

* https://github.com/mbadanoiu/CVE-2024-37081

* https://github.com/CERTologists/Modified-CVE-2024-37081-POC

* https://github.com/CERTologists/-CVE-2024-37081-POC

CVE-2024-37051

GitHub access token could be exposed to third-party sites in JetBrains IDEs
after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7,
2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5,
2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4;
DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6,
2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2;
PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6,
2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6,
2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4;
RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

* https://github.com/LeadroyaL/CVE-2024-37051-EXP

* https://github.com/mrblackstar26/CVE-2024-37051

CVE-2024-37032

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64
hex digits) when getting the model path, and thus mishandles the
TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex
digits, or an initial ../ substring.

* https://github.com/Bi0x/CVE-2024-37032

* https://github.com/ahboon/CVE-2024-37032-scanner

CVE-2024-36991

* https://github.com/bigb0x/CVE-2024-36991

* https://github.com/Mr-xn/CVE-2024-36991

* https://github.com/th3gokul/CVE-2024-36991

* https://github.com/Cappricio-Securities/CVE-2024-36991

* https://github.com/sardine-web/CVE-2024-36991

CVE-2024-36877

* https://github.com/jjensn/CVE-2024-36877

* https://github.com/CERTologists/POC-CVE-2024-36877

CVE-2024-36842

* https://github.com/abbiy/CVE-2024-36842-Backdooring-Oncord-Android-Sterio-

CVE-2024-36837

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain
sensitive information via the getProductList function in the
ProductController.php file.

* https://github.com/phtcloud-dev/CVE-2024-36837

* https://github.com/lhc321-source/CVE-2024-36837

CVE-2024-36823

The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak
cryptographic algorithm, leading to a possible leakage of sensitive information.

* https://github.com/JAckLosingHeart/CVE-2024-36823-POC

CVE-2024-36821

Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows
attackers to escalate privileges from Guest to root.

* https://github.com/IvanGlinkin/CVE-2024-36821

CVE-2024-36539

* https://github.com/Abdurahmon3236/CVE-2024-36539

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal.
Attackers can exploit the URL parameter using the file protocol to read
sensitive information from the server.

* https://github.com/bigb0x/CVE-2024-36527

CVE-2024-36424

* https://github.com/secunnix/CVE-2024-36424

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software
application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example
with no log rotation allows denial of service by logging excessive data.
Versions 7.14.4 and 8.6.1 contain a fix for this issue.

* https://github.com/kva55/CVE-2024-36416

CVE-2024-36401

* https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

* https://github.com/Chocapikk/CVE-2024-36401

* https://github.com/Mr-xn/CVE-2024-36401

* https://github.com/bigb0x/CVE-2024-36401

* https://github.com/netuseradministrator/CVE-2024-36401

* https://github.com/ahisec/geoserver-

* https://github.com/thestar0/CVE-2024-36401-WoodpeckerPlugin

* https://github.com/Niuwoo/CVE-2024-36401

* https://github.com/justin-p/geoexplorer

* https://github.com/daniellowrie/CVE-2024-36401-PoC

* https://github.com/PunitTailor55/GeoServer-CVE-2024-36401

* https://github.com/RevoltSecurities/CVE-2024-36401

* https://github.com/kkhackz0013/CVE-2024-36401

* https://github.com/XiaomingX/cve-2024-36401-poc

* https://github.com/yisas93/CVE-2024-36401-PoC

* https://github.com/jakabakos/CVE-2024-36401-GeoServer-RCE

CVE-2024-36104

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14.
Users are recommended to upgrade to version 18.12.14, which fixes the issue.

* https://github.com/Mr-xn/CVE-2024-32113

* https://github.com/ggfzx/CVE-2024-36104

CVE-2024-36079

An issue was discovered in Vaultize 21.07.27. When uploading files, there is no
check that the filename parameter is correct. As a result, a temporary file will
be created outside the specified directory when the file is downloaded. To
exploit this, an authenticated user would upload a file with an incorrect file
name, and then download it.

* https://github.com/DxRvs/vaultize_CVE-2024-36079

CVE-2024-35584

* https://github.com/whwhwh96/CVE-2024-35584

CVE-2024-35540

* https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities

CVE-2024-35539

* https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities

CVE-2024-35538

* https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities

CVE-2024-35511

phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via
the "username" parameter of /msms/admin/index.php.

* https://github.com/efekaanakkar/CVE-2024-35511

CVE-2024-35475

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM
Community Edition on or before version 6.3.12. The vulnerability exists in
/admin/DatabaseQuery, which allows an attacker to manipulate a victim with
administrative privileges to execute arbitrary SQL commands.

* https://github.com/carsonchan12345/CVE-2024-35475

CVE-2024-35469

A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource
Management System 1.0 allows attackers to execute arbitrary SQL commands via the
password parameter.

* https://github.com/dovankha/CVE-2024-35469

CVE-2024-35468

A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource
Management System 1.0 allows attackers to execute arbitrary SQL commands via the
password parameter.

* https://github.com/dovankha/CVE-2024-35468

CVE-2024-35333

A stack-buffer-overflow vulnerability exists in the read_charset_decl function
of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking
when copying data into a fixed-size stack buffer. An attacker can exploit this
vulnerability by providing a specially crafted input to the vulnerable function,
causing a buffer overflow and potentially leading to arbitrary code execution,
denial of service, or data corruption.

* https://github.com/momo1239/CVE-2024-35333

CVE-2024-35315

* https://github.com/ewilded/CVE-2024-35315-POC

CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

* https://github.com/varwara/CVE-2024-35250

* https://github.com/ro0tmylove/CVE-2024-35250-BOF

* https://github.com/yinsel/CVE-2024-35250-BOF

CVE-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions
2.2.24 and 2.7.7, the composer install command running inside a git/hg
repository which has specially crafted branch names can lead to command
injection. This requires cloning untrusted repositories. Patches are available
in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid
cloning potentially compromised repositories.

* https://github.com/KKkai0315/CVE-2024-35242

CVE-2024-35205

The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android
fails to properly sanitize file names before processing them through external
application interactions, leading to a form of path traversal. This potentially
enables any application to dispatch a crafted library file, aiming to overwrite
an existing native library utilized by WPS Office. Successful exploitation could
result in the execution of arbitrary commands under the guise of WPS Office's
application ID.

* https://github.com/cyb3r-w0lf/Dirty_Stream-Android-POC

CVE-2024-35133

* https://github.com/Ozozuz/Ozozuz-IBM-Security-Verify-CVE-2024-35133

CVE-2024-34958

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via
the component admin/banner_deal.php?mudi=add

* https://github.com/Gr-1m/CVE-2024-34958

CVE-2024-34833

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload.
Users can upload images via the "save_settings" page. An unauthenticated
attacker can leverage this functionality to upload a malicious PHP file instead.
Successful exploitation of this vulnerability results in the ability to execute
arbitrary code as the user running the web server.

* https://github.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce

CVE-2024-34832

Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an
attacker to execute arbitrary code via a crafted file uploaded to the _g and
node parameters.

* https://github.com/julio-cfa/CVE-2024-34832

CVE-2024-34831

* https://github.com/enzored/CVE-2024-34831

CVE-2024-34741

* https://github.com/uthrasri/CVE-2024-34741

CVE-2024-34739

* https://github.com/uthrasri/CVE-2024-34739

CVE-2024-34716

PrestaShop is an open source e-commerce web application. A cross-site scripting
(XSS) vulnerability that only affects PrestaShops with customer-thread feature
flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop
8.1.6. When the customer thread feature flag is enabled through the front-office
contact form, a hacker can upload a malicious file containing an XSS that will
be executed when an admin opens the attached file in back office. The script
injected can access the session and the security token, which allows it to
perform any authenticated action in the scope of the administrator's right. This
vulnerability is patched in 8.1.6. A workaround is to disable the
customer-thread feature-flag.

* https://github.com/aelmokhtar/CVE-2024-34716

* https://github.com/0xDTC/Prestashop-CVE-2024-34716

CVE-2024-34693

Improper Input Validation vulnerability in Apache Superset, allows for an
authenticated attacker to create a MariaDB connection with local_infile enabled.
If both the MariaDB server (off by default) and the local mysql client on the
web server are set to allow for local infile, it's possible for the attacker to
execute a specific MySQL/MariaDB SQL command that is able to read files from the
server and insert their content on a MariaDB database table.This issue affects
Apache Superset: before 3.1.3 and version 4.0.0 Users are recommended to upgrade
to version 4.0.1 or 3.1.3, which fixes the issue.

* https://github.com/mbadanoiu/CVE-2024-34693

* https://github.com/Mr-r00t11/CVE-2024-34693

CVE-2024-34582

Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi
userid_change XSS within the Forgot Password feature.

* https://github.com/silent6trinity/CVE-2024-34582

CVE-2024-34474

Clario through 2024-04-11 for Desktop has weak permissions for
%PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.

* https://github.com/Alaatk/CVE-2024-34474

CVE-2024-34472

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An
authenticated blind SQL injection vulnerability exists in the
mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to
/mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing
an authenticated attacker to execute arbitrary SQL commands, leading to the
potential disclosure of the entire application database.

* https://github.com/osvaldotenorio/CVE-2024-34472

CVE-2024-34471

An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal
vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php
file. The filename parameter in the export HTML functionality does not properly
validate the file location, allowing an attacker to read and delete arbitrary
files on the server. This was observed when the mliRealtimeEmails.php file
itself was read and subsequently deleted, resulting in a 404 error for the file
and disruption of email information loading.

* https://github.com/osvaldotenorio/CVE-2024-34471

CVE-2024-34470

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An
Unauthenticated Path Traversal vulnerability exists in the /public/loader.php
file. The path parameter does not properly filter whether the file and directory
passed are part of the webroot, allowing an attacker to read arbitrary files on
the server.

* https://github.com/Mr-r00t11/CVE-2024-34470

* https://github.com/bigb0x/CVE-2024-34470

* https://github.com/th3gokul/CVE-2024-34470

* https://github.com/Cappricio-Securities/CVE-2024-34470

* https://github.com/osvaldotenorio/CVE-2024-34470

CVE-2024-34469

Rukovoditel before 3.5.3 allows XSS via user_photo to
index.php?module=users/registration&action=save.

* https://github.com/Toxich4/CVE-2024-34469

CVE-2024-34463

* https://github.com/yash-chandna/CVE-2024-34463

CVE-2024-34452

CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.

* https://github.com/surajhacx/CVE-2024-34452

CVE-2024-34370

Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce
allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a
through 4.8.9.

* https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally

CVE-2024-34361

* https://github.com/T0X1Cx/CVE-2024-34361-PiHole-SSRF-to-RCE

CVE-2024-34351

Next.js is a React framework that can provide building blocks to create web
applications. A Server-Side Request Forgery (SSRF) vulnerability was identified
in Next.js Server Actions. If the Host header is modified, and the below
conditions are also met, an attacker may be able to make requests that appear to
be originating from the Next.js application server itself. The required
conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js
application makes use of Server Actions; and 3) the Server Action performs a
redirect to a relative path which starts with a /. This vulnerability was fixed
in Next.js 14.1.1.

* https://github.com/Voorivex/CVE-2024-34351

* https://github.com/God4n/nextjs-CVE-2024-34351-_exploit

* https://github.com/avergnaud/Next.js_exploit_CVE-2024-34351

CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web
applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP
request meant that requests are treated as both a single request, and two
separate requests by Next.js, leading to desynchronized responses. This led to a
response queue poisoning vulnerability in the affected Next.js versions. For a
request to be exploitable, the affected route also had to be making use of the
rewrites feature in Next.js. The vulnerability is resolved in Next.js 13.5.1 and
newer.

* https://github.com/Sudistark/rewrites-nextjs-CVE-2024-34350

CVE-2024-34342

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious
PDF, and PDF.js is configured with isEvalSupported set to true (which is the
default value), unrestricted attacker-controlled JavaScript will be executed in
the context of the hosting domain. This vulnerability is fixed in 7.7.3 and
8.0.2.

* https://github.com/LOURC0D3/CVE-2024-4367-PoC

CVE-2024-34329

* https://github.com/pamoutaf/CVE-2024-34329

CVE-2024-34313

An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory
traversal via a crafted request to a public endpoint.

* https://github.com/vincentscode/CVE-2024-34313

CVE-2024-34312

Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a
cross-site scripting (XSS) vulnerability via the component vplide.js.

* https://github.com/vincentscode/CVE-2024-34312

CVE-2024-34310

Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL
injection vulnerability via the id parameter.

* https://github.com/3309899621/CVE-2024-34310

CVE-2024-34226

SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in
SourceCodester Visitor Management System 1.0 allow attackers to execute
arbitrary SQL commands via the id parameters.

* https://github.com/dovankha/CVE-2024-34226

CVE-2024-34225

Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in
Computer Laboratory Management System using PHP and MySQL 1.0 allow remote
attackers to inject arbitrary web script or HTML via the name, shortname
parameters.

* https://github.com/dovankha/CVE-2024-34225

CVE-2024-34224

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in
Computer Laboratory Management System using PHP and MySQL 1.0 allow remote
attackers to inject arbitrary web script or HTML via the firstname, middlename,
lastname parameters.

* https://github.com/dovankha/CVE-2024-34224

CVE-2024-34223

Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester
Human Resource Management System 1.0 allow attackers to approve or reject leave
ticket.

* https://github.com/dovankha/CVE-2024-34223

CVE-2024-34222

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL
Injection via the searccountry parameter.

* https://github.com/dovankha/CVE-2024-34222

CVE-2024-34221

Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure
Permissions resulting in privilege escalation.

* https://github.com/dovankha/CVE-2024-34221

CVE-2024-34220

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL
Injection via the 'leave' parameter.

* https://github.com/dovankha/CVE-2024-34220

CVE-2024-34144

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins
Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with
permission to define and run sandboxed scripts, including Pipelines, to bypass
the sandbox protection and execute arbitrary code in the context of the Jenkins
controller JVM.

* https://github.com/MXWXZ/CVE-2024-34144

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are
affected by an Improper Restriction of XML External Entity Reference ('XXE')
vulnerability that could result in arbitrary code execution. An attacker could
exploit this vulnerability by sending a crafted XML document that references
external entities. Exploitation of this issue does not require user interaction.

* https://github.com/Chocapikk/CVE-2024-34102

* https://github.com/bigb0x/CVE-2024-34102

* https://github.com/th3gokul/CVE-2024-34102

* https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento

* https://github.com/bughuntar/CVE-2024-34102

* https://github.com/EQSTLab/CVE-2024-34102

* https://github.com/0x0d3ad/CVE-2024-34102

* https://github.com/11whoami99/CVE-2024-34102

* https://github.com/Phantom-IN/CVE-2024-34102

* https://github.com/wubinworks/magento2-cosmic-sting-patch

* https://github.com/unknownzerobit/poc

* https://github.com/crynomore/CVE-2024-34102

* https://github.com/d0rb/CVE-2024-34102

* https://github.com/dream434/CVE-2024-34102

* https://github.com/cmsec423/CVE-2024-34102

* https://github.com/ArturArz1/TestCVE-2024-34102

* https://github.com/bughuntar/CVE-2024-34102-Python

* https://github.com/SamJUK/cosmicsting-validator

* https://github.com/cmsec423/Magento-XXE-CVE-2024-34102

* https://github.com/bka/magento-cve-2024-34102-exploit-cosmicstring

CVE-2024-33911

Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in Weblizar School Management Pro.This issue affects
School Management Pro: from n/a through 10.3.4.

* https://github.com/xbz0n/CVE-2024-33911

CVE-2024-33901

** DISPUTED ** Issue in KeePassXC 2.7.7 allows an attacker (who has the
privileges of the victim) to recover some passwords stored in the .kdbx database
via a memory dump. NOTE: the vendor disputes this because memory-management
constraints make this unavoidable in the current design and other realistic
designs.

* https://github.com/gmikisilva/CVE-2024-33901-ProofOfConcept

CVE-2024-33896

* https://github.com/codeb0ss/CVE-2024-33896-PoC

CVE-2024-33883

The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js
lacks certain pollution protection.

* https://github.com/Grantzile/PoC-CVE-2024-33883

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote
attacker to escalate privileges via a crafted Dashlet.

* https://github.com/Neo-XeD/CVE-2024-33775

CVE-2024-33724

* https://github.com/fuzzlove/soplanning-1.52-exploits

CVE-2024-33722

* https://github.com/fuzzlove/soplanning-1.52-exploits

CVE-2024-33644

Improper Control of Generation of Code ('Code Injection') vulnerability in
WPCustomify Customify Site Library allows Code Injection.This issue affects
Customify Site Library: from n/a through 0.0.9.

* https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally

CVE-2024-33559

Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in 8theme XStore allows SQL Injection.This issue
affects XStore: from n/a through 9.3.5.

* https://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection

CVE-2024-33544

Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue
affects WZone: from n/a through 14.0.10.

* https://github.com/codeb0ss/CVE-2024-33544-PoC

CVE-2024-33453

* https://github.com/Ant1sec-ops/CVE-2024-33453

CVE-2024-33438

File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user
to execute arbitrary code via a crafted .phar file.

* https://github.com/julio-cfa/CVE-2024-33438

CVE-2024-33437

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain
sensitive information due to missing support for CSS Style Rules.

* https://github.com/randshell/CSS-Exfil-Protection-POC

CVE-2024-33436

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain
sensitive information due to missing support for CSS variables

* https://github.com/randshell/CSS-Exfil-Protection-POC

CVE-2024-33352

* https://github.com/mmiszczyk/CVE-2024-33352

* https://github.com/geniuszlyy/GenBlueStacksInjector

CVE-2024-33231

* https://github.com/fdzdev/CVE-2024-33231

CVE-2024-33210

* https://github.com/paragbagul111/CVE-2024-33210

CVE-2024-33209

* https://github.com/paragbagul111/CVE-2024-33209

CVE-2024-33113

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via
bsc_sms_inbox.php.

* https://github.com/FaLLenSKiLL1/CVE-2024-33113

* https://github.com/tekua/CVE-2024-33113

CVE-2024-33111

D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS)
via /htdocs/webinc/js/bsc_sms_inbox.php.

* https://github.com/FaLLenSKiLL1/CVE-2024-33111

CVE-2024-32709

Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects
WP-Recall: from n/a through 16.26.5.

* https://github.com/truonghuuphuc/CVE-2024-32709-Poc

CVE-2024-32700

Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks
Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for
WordPress: from n/a through 2.0.0.

* https://github.com/nastar-id/CVE-2024-32700

CVE-2024-32651

changedetection.io is an open source web page change detection, website watcher,
restock monitor and notification service. There is a Server Side Template
Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server
host. Attackers can run any system command without any restriction and they
could use a reverse shell. The impact is critical as the attacker can completely
takeover the server machine. This can be reduced if changedetection is behind a
login page, but this isn't required by the application (not by default and not
enforced).

* https://github.com/s0ck3t-s3c/CVE-2024-32651-changedetection-RCE

* https://github.com/zcrosman/cve-2024-32651

CVE-2024-32640

* https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS

* https://github.com/pizza-power/CVE-2024-32640

* https://github.com/0xYumeko/CVE-2024-32640-SQLI-MuraCMS

* https://github.com/sammings/CVE-2024-32640

CVE-2024-32523

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability in EverPress Mailster allows PHP Local File Inclusion.This issue
affects Mailster: from n/a through 4.0.6.

* https://github.com/truonghuuphuc/CVE-2024-32523-Poc

CVE-2024-32459

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based
clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are
vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No
known workarounds are available.

* https://github.com/absholi7ly/FreeRDP-Out-of-Bounds-Read-CVE-2024-32459-

CVE-2024-32399

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before
allows a remote attacker to obtain sensitive information via the /webeditor/
component.

* https://github.com/codeb0ss/CVEploiterv2

* https://github.com/NN0b0dy/CVE-2024-32399

CVE-2024-32371

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a
regular user account to escalate their privileges and gain administrative access
by changing the type parameter from 1 to 0.

* https://github.com/chucrutis/CVE-2024-32371

CVE-2024-32370

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a
remote attacker to obtain sensitive information via a crafted payload to the id
parameter in the mliSystemUsers.php component.

* https://github.com/chucrutis/CVE-2024-32370

CVE-2024-32369

SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3
through 5.2.18 allows a remote attacker to obtain sensitive information via a
crafted payload to the start and limit parameter in the mliWhiteList.php
component.

* https://github.com/chucrutis/CVE-2024-32369

CVE-2024-32258

The network server of fceux 2.7.0 has a path traversal vulnerability, allowing
attackers to overwrite any files on the server without authentication by fake
ROM.

* https://github.com/liyansong2018/CVE-2024-32258

CVE-2024-32238

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the
router's management system can be accessed via the management system page login
interface.

* https://github.com/FuBoLuSec/CVE-2024-32238

* https://github.com/asdfjkl11/CVE-2024-32238

CVE-2024-32205

** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record
was withdrawn by its CNA. Further investigation showed that it was not a
security issue. Notes: none.

* https://github.com/Lucky-lm/CVE-2024-32205

CVE-2024-32136

Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue
affects BWL Advanced FAQ Manager: from n/a through 2.0.3.

* https://github.com/xbz0n/CVE-2024-32136

CVE-2024-32113

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.

* https://github.com/Mr-xn/CVE-2024-32113

* https://github.com/RacerZ-fighting/CVE-2024-32113-POC

* https://github.com/YongYe-Security/CVE-2024-32113

CVE-2024-32104

Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This
issue affects NextMove Lite: from n/a through 2.18.1.

* https://github.com/Cerberus-HiproPlus/CVE-2024-32104

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API
allows users to connect to different Kafka brokers by specifying their network
address and port. As a separate feature, it also provides the ability to monitor
the performance of Kafka brokers by connecting to their JMX ports. JMX is based
on the RMI protocol, so it is inherently susceptible to deserialization attacks.
A potential attacker can exploit this feature by connecting Kafka UI backend to
its own malicious broker. This vulnerability affects the deployments where one
of the following occurs: 1. dynamic.config.enabled property is set in settings.
It's not enabled by default, but it's suggested to be enabled in many tutorials
for Kafka UI, including its own README.md. OR 2. an attacker has access to the
Kafka cluster that is being connected to Kafka UI. In this scenario the attacker
can exploit this vulnerability to expand their access and execute code on Kafka
UI as well. Instead of setting up a legitimate JMX port, an attacker can create
an RMI listener that returns a malicious serialized object for any RMI call. In
the worst case it could lead to remote code execution as Kafka UI has the
required gadget chains in its classpath. This issue may lead to post-auth remote
code execution. This is particularly dangerous as Kafka-UI does not have
authentication enabled by default. This issue has been addressed in version
0.7.2. All users are advised to upgrade. There are no known workarounds for this
vulnerability. These issues were discovered and reported by the GitHub Security
lab and is also tracked as GHSL-2023-230.

* https://github.com/huseyinstif/CVE-2024-32030-Nuclei-Template

CVE-2024-32004

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4,
2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository
in such a way that, when cloned, will execute arbitrary code during the
operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4,
2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories
from untrusted sources.

* https://github.com/Wadewfsssss/CVE-2024-32004

* https://github.com/10cks/CVE-2024-32004-POC

CVE-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4,
2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted
in a way that exploits a bug in Git whereby it can be fooled into writing files
not into the submodule's worktree but into a .git/ directory. This allows
writing a hook that will be executed while the clone operation is still running,
giving the user no opportunity to inspect the code that is being executed. The
problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1,
2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git
config --global core.symlinks false), the described attack won't work. As
always, it is best to avoid cloning repositories from untrusted sources.

* https://github.com/amalmurali47/git_rce

* https://github.com/safebuffer/CVE-2024-32002

* https://github.com/amalmurali47/hook

* https://github.com/M507/CVE-2024-32002

* https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell

* https://github.com/EQSTLab/git_rce

* https://github.com/jweny/CVE-2024-32002_EXP

* https://github.com/jweny/CVE-2024-32002_HOOK

* https://github.com/markuta/CVE-2024-32002

* https://github.com/bfengj/CVE-2024-32002-Exploit

* https://github.com/10cks/CVE-2024-32002-EXP

* https://github.com/Basyaact/CVE-2024-32002-PoC_Chinese

* https://github.com/10cks/hook

* https://github.com/CrackerCat/CVE-2024-32002_EXP

* https://github.com/fadhilthomas/poc-cve-2024-32002

* https://github.com/JakobTheDev/cve-2024-32002-poc-rce

* https://github.com/Goplush/CVE-2024-32002-git-rce

* https://github.com/NishanthAnand21/CVE-2024-32002-PoC

* https://github.com/LoongBa/ReplaceAllGit

* https://github.com/vincepsh/CVE-2024-32002-hook

* https://github.com/Roronoawjd/git_rce

* https://github.com/blackninja23/CVE-2024-32002

* https://github.com/431m/rcetest

* https://github.com/bonnettheo/CVE-2024-32002

* https://github.com/sanan2004/CVE-2024-32002

* https://github.com/tobelight/cve_2024_32002

* https://github.com/charlesgargasson/CVE-2024-32002

* https://github.com/Roronoawjd/hook

* https://github.com/vincepsh/CVE-2024-32002

* https://github.com/WOOOOONG/CVE-2024-32002

* https://github.com/AD-Appledog/CVE-2024-32002

* https://github.com/daemon-reconfig/CVE-2024-32002

* https://github.com/grecosamuel/CVE-2024-32002

* https://github.com/tiyeume25112004/CVE-2024-32002

* https://github.com/JJoosh/CVE-2024-32002

* https://github.com/FlojBoj/CVE-2024-32002

* https://github.com/sysonlai/CVE-2024-32002-hook

* https://github.com/10cks/CVE-2024-32002-submod

* https://github.com/tobelight/cve_2024_32002_hook

* https://github.com/1mxml/CVE-2024-32002-poc

* https://github.com/Masamuneee/CVE-2024-32002-POC

* https://github.com/WOOOOONG/hook

* https://github.com/10cks/CVE-2024-32002-POC

* https://github.com/bfengj/CVE-2024-32002-hook

* https://github.com/ycdxsb/CVE-2024-32002-hulk

* https://github.com/ycdxsb/CVE-2024-32002-submod

* https://github.com/10cks/CVE-2024-32002-smash

* https://github.com/fadhilthomas/hook

* https://github.com/10cks/CVE-2024-32002-hulk

* https://github.com/aitorcastel/poc_CVE-2024-32002

* https://github.com/Julian-gmz/hook_CVE-2024-32002

* https://github.com/XiaomingX/cve-2024-32002-poc

* https://github.com/10cks/CVE-2024-32002-linux-submod

* https://github.com/10cks/CVE-2024-32002-linux-smash

* https://github.com/aitorcastel/poc_CVE-2024-32002_submodule

* https://github.com/th4s1s/CVE-2024-32002-PoC

* https://github.com/10cks/CVE-2024-32002-linux-hulk

* https://github.com/TSY244/CVE-2024-32002-git-rce

* https://github.com/JakobTheDev/cve-2024-32002-submodule-aw

* https://github.com/JakobTheDev/cve-2024-32002-submodule-rce

* https://github.com/JakobTheDev/cve-2024-32002-poc-aw

* https://github.com/markuta/hooky

* https://github.com/TSY244/CVE-2024-32002-git-rce-father-poc

* https://github.com/chrisWalker11/running-CVE-2024-32002-locally-for-tesing

* https://github.com/sreevatsa1997/test_cve_32002

* https://github.com/Masamuneee/hook

* https://github.com/JJoosh/malicious-hook

CVE-2024-31989

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has
been discovered that an unprivileged pod in a different namespace on the same
cluster could connect to the Redis server on port 6379. Despite having installed
the latest version of the VPC CNI plugin on the EKS cluster, it requires manual
enablement through configuration to enforce network policies. This raises
concerns that many clients might unknowingly have open access to their Redis
servers. This vulnerability could lead to Privilege Escalation to the level of
cluster controller, or to information leakage, affecting anyone who does not
have strict access controls on their Redis instance. This issue has been patched
in version(s) 2.8.19, 2.9.15 and 2.10.10.

* https://github.com/vt0x78/CVE-2024-31989

CVE-2024-31982

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1
and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search
allows remote code execution through the search text. This allows remote code
execution for any visitor of a public wiki or user of a closed wiki as the
database search is by default accessible for all users. This impacts the
confidentiality, integrity and availability of the whole XWiki installation.
This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a
workaround, one may manually apply the patch to the page Main.DatabaseSearch.
Alternatively, unless database search is explicitly used by users, this page can
be deleted as this is not the default search interface of XWiki.

* https://github.com/bigb0x/CVE-2024-31982

* https://github.com/k3lpi3b4nsh33/CVE-2024-31982

* https://github.com/th3gokul/CVE-2024-31982

CVE-2024-31977

* https://github.com/actuator/BSIDES-Security-Las-Vegas-2024

CVE-2024-31974

The com.solarized.firedown (aka Solarized FireDown Browser & Downloader)
application 1.0.76 for Android allows a remote attacker to execute arbitrary
JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses
a WebView component to display web content and doesn't adequately sanitize the
URI or any extra data passed in the intent by any installed application (with no
permissions).

* https://github.com/actuator/com.solarized.firedown

CVE-2024-31971

* https://github.com/actuator/BSIDES-Security-Las-Vegas-2024

CVE-2024-31970

* https://github.com/actuator/BSIDES-Security-Las-Vegas-2024

CVE-2024-31851

A path traversal vulnerability exists in the Java version of CData Sync <
23.4.8843 when running using the embedded Jetty server, which could allow an
unauthenticated remote attacker to gain access to sensitive information and
perform limited actions.

* https://github.com/Stuub/CVE-2024-31848-PoC

CVE-2024-31850

A path traversal vulnerability exists in the Java version of CData Arc <
23.4.8839 when running using the embedded Jetty server, which could allow an
unauthenticated remote attacker to gain access to sensitive information and
perform limited actions.

* https://github.com/Stuub/CVE-2024-31848-PoC

CVE-2024-31849

A path traversal vulnerability exists in the Java version of CData Connect <
23.4.8846 when running using the embedded Jetty server, which could allow an
unauthenticated remote attacker to gain complete administrative access to the
application.

* https://github.com/Stuub/CVE-2024-31848-PoC

CVE-2024-31848

A path traversal vulnerability exists in the Java version of CData API Server <
23.4.8844 when running using the embedded Jetty server, which could allow an
unauthenticated remote attacker to gain complete administrative access to the
application.

* https://github.com/Stuub/CVE-2024-31848-PoC

CVE-2024-31835

* https://github.com/paragbagul111/CVE-2024-31835

CVE-2024-31819

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to
execute arbitrary code via the systemRootPath parameter of the submitIndex.php
component.

* https://github.com/Chocapikk/CVE-2024-31819

* https://github.com/dream434/CVE-2024-31819

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to
execute arbitrary code via a crafted file to the certbadge.php endpoint.

* https://github.com/FreySolarEye/Exploit-CVE-2024-31777

CVE-2024-31771

Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker
to escalate privileges via a crafted file

* https://github.com/restdone/CVE-2024-31771

CVE-2024-31719

* https://github.com/VoltaireYoung/CVE-2024-31719----AMI-Aptio-5-Vulnerability

CVE-2024-31666

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary
code via a crafted script to the edit_addon_post.php component.

* https://github.com/hapa3/CVE-2024-31666

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an
attacker to recover a user's NIST P-521 secret key via a quick attack in
approximately 60 signatures. This is especially important in a scenario where an
adversary is able to read messages signed by PuTTY or Pageant. The required set
of signed messages may be publicly readable because they are stored in a public
Git service that supports use of SSH for commit signing, and the signatures were
made by Pageant through an agent-forwarding mechanism. In other words, an
adversary may already have enough signature information to compromise a victim's
private key, even if there is no further use of vulnerable PuTTY versions. After
a key compromise, an adversary may be able to conduct supply-chain attacks on
software maintained in Git. A second, independent scenario is that the adversary
is an operator of an SSH server to which the victim authenticates (for remote
login or file copy), even though this server is not fully trusted by the victim,
and the victim uses the same private key for SSH connections to other services
operated by other entities. Here, the rogue server operator (who would otherwise
have no way to determine the victim's private key) can derive the victim's
private key, and then use it for unauthorized access to those other services. If
the other services include Git services, then again it may be possible to
conduct supply-chain attacks on software maintained in Git. This also affects,
for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before
2.15.0.1, and TortoiseSVN through 1.14.6.

* https://github.com/daedalus/BreakingECDSAwithLLL

* https://github.com/HugoBond/CVE-2024-31497-POC

* https://github.com/edutko/cve-2024-31497

* https://github.com/sh1k4ku/CVE-2024-31497

CVE-2024-31351

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic
Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI
Content Writer & Generator: from n/a through 1.6.

* https://github.com/KTN1990/CVE-2024-31351_wordpress_exploit

CVE-2024-31319

* https://github.com/23Nero/fix-02-failure-CVE-2024-31319-CVE-2024-0039

CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more
resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through
9.2.3 are affected. Users can set a new setting
(proxy.config.http2.max_continuation_frames_per_minute) to limit the number of
CONTINUATION frames per minute. ATS does have a fixed amount of memory a request
can use and ATS adheres to these limits in previous releases. Users are
recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.

* https://github.com/lockness-Ko/CVE-2024-27316

CVE-2024-31211

WordPress is an open publishing platform for the Web. Unserialization of
instances of the WP_HTML_Token class allows for code execution via its
__destruct() magic method. This issue was fixed in WordPress 6.4.2 on December
6th, 2023. Versions prior to 6.4.0 are not affected.

* https://github.com/Abdurahmon3236/-CVE-2024-31211

CVE-2024-30998

SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0,
allows remote attackers to execute arbitrary code and obtain sensitive
information via the email parameter in the index.php component.

* https://github.com/efekaanakkar/CVE-2024-30998

CVE-2024-30973

An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715
allows an attacker to execute arbtirary code and obtain sensitive information
via crafted POST request to /boaform/getASPdata/formFirewall,
/boaform/getASPdata/formAcc.

* https://github.com/Athos-Zago/CVE-2024-30973

CVE-2024-30956

* https://github.com/leoCottret/CVE-2024-30956

CVE-2024-30896

* https://github.com/XenoM0rph97/CVE-2024-30896

CVE-2024-30875

* https://github.com/Ant1sec-ops/CVE-2024-30875

CVE-2024-30851

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1
allows an attacker to obtain sensitive information via the download_file.php
component.

* https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc

CVE-2024-30850

An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute
arbitrary code via the BuildClient function within client_service.go

* https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc

CVE-2024-30656

An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956
allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame.

* https://github.com/Yashodhanvivek/Firebolt-wristphone-vulnerability

CVE-2024-30614

An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive
information via exposed resources to the error scope.

* https://github.com/Lucky-lm/CVE-2024-30614

CVE-2024-30491

Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in Metagauss ProfileGrid.This issue affects
ProfileGrid : from n/a through 5.7.8.

* https://github.com/truonghuuphuc/CVE-2024-30491-Poc

CVE-2024-30270

mailcow: dockerized is an open source groupware/email suite based on docker. A
security vulnerability has been identified in mailcow affecting versions prior
to 2024-04. This vulnerability is a combination of path traversal and arbitrary
code execution, specifically targeting the rspamd_maps() function. It allows
authenticated admin users to overwrite any file writable by the www-data user by
exploiting improper path validation. The exploit chain can lead to the execution
of arbitrary commands on the server. Version 2024-04 contains a patch for the
issue.

* https://github.com/Alchemist3dot14/CVE-2024-30270-PoC

CVE-2024-30255

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol
stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are
vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2
codec allows the client to send an unlimited number of CONTINUATION frames even
after exceeding Envoy's header map limits. This allows an attacker to send a
sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU
utilization, consuming approximately 1 core per 300Mbit/s of traffic and
culminating in denial of service through CPU exhaustion. Users should upgrade to
version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the
CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream
connections.

* https://github.com/lockness-Ko/CVE-2024-27316

* https://github.com/blackmagic2023/Envoy-CPU-Exhaustion-Vulnerability-PoC

CVE-2024-30212

If a SCSI READ(10) command is initiated via USB using the largest LBA
(0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512
byte of the 0x80000000 memory area is returned to the user. If the block count
is increased, the full RAM can be exposed. The same method works to write to
this memory area. If RAM contains pointers, those can be - depending on the
application - overwritten to return data from any other offset including Progam
and Boot Flash.

* https://github.com/Fehr-GmbH/blackleak

CVE-2024-30090

Microsoft Streaming Service Elevation of Privilege Vulnerability

* https://github.com/Dor00tkit/CVE-2024-30090

CVE-2024-30088

Windows Kernel Elevation of Privilege Vulnerability

* https://github.com/exploits-forsale/collateral-damage

* https://github.com/tykawaii98/CVE-2024-30088

* https://github.com/Zombie-Kaiser/CVE-2024-30088-Windows-poc

* https://github.com/NextGenPentesters/CVE-2024-30088-

* https://github.com/Admin9961/CVE-2024-30088

* https://github.com/Justintroup85/exploits-forsale-collateral-damage

CVE-2024-30078

Windows Wi-Fi Driver Remote Code Execution Vulnerability

* https://github.com/blkph0x/CVE_2024_30078_POC_WIFI

* https://github.com/lvyitian/CVE-2024-30078-

* https://github.com/52by/CVE-2024-30078

* https://github.com/kvx07/CVE_2024_30078_A_POC

* https://github.com/a-roshbaik/CVE_2024_30078_POC_WIFI

CVE-2024-30056

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

* https://github.com/absholi7ly/Microsoft-Edge-Information-Disclosure

CVE-2024-30052

Visual Studio Remote Code Execution Vulnerability

* https://github.com/ynwarcs/CVE-2024-30052

CVE-2024-30051

Windows DWM Core Library Elevation of Privilege Vulnerability

* https://github.com/fortra/CVE-2024-30051

CVE-2024-30043

Microsoft SharePoint Server Information Disclosure Vulnerability

* https://github.com/W01fh4cker/CVE-2024-30043-XXE

CVE-2024-29988

SmartScreen Prompt Security Feature Bypass Vulnerability

* https://github.com/Sploitus/CVE-2024-29988-exploit

CVE-2024-29976

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability
in the command “show_allsessions” in Zyxel NAS326 firmware versions before
V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could
allow an authenticated attacker to obtain a logged-in administrator’s session
information containing cookies on an affected device.

* https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc

CVE-2024-29975

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability
in the SUID executable binary in Zyxel NAS326 firmware versions before
V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could
allow an authenticated local attacker with administrator privileges to execute
some system commands as the “root” user on a vulnerable device.

* https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc

CVE-2024-29974

** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the
CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before
V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could
allow an unauthenticated attacker to execute arbitrary code by uploading a
crafted configuration file to a vulnerable device.

* https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc

CVE-2024-29973

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the
“setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0
and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an
unauthenticated attacker to execute some operating system (OS) commands by
sending a crafted HTTP POST request.

* https://github.com/bigb0x/CVE-2024-29973

* https://github.com/k3lpi3b4nsh33/CVE-2024-29973

* https://github.com/RevoltSecurities/CVE-2024-29973

* https://github.com/momika233/CVE-2024-29973

* https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc

* https://github.com/skyrowalker/CVE-2024-29973

* https://github.com/p0et08/CVE-2024-29973

CVE-2024-29972

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI
program "remote_help-cgi" in Zyxel NAS326 firmware versions before
V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could
allow an unauthenticated attacker to execute some operating system (OS) commands
by sending a crafted HTTP POST request.

* https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc

* https://github.com/WanLiChangChengWanLiChang/CVE-2024-29972

* https://github.com/codeb0ss/CVE-2024-29972-PoC

CVE-2024-29943

An attacker was able to perform an out-of-bounds read or write on a JavaScript
object by fooling range-based bounds check elimination. This vulnerability
affects Firefox < 124.0.1.

* https://github.com/bjrjk/CVE-2024-29943

CVE-2024-29895

Cacti provides an operational monitoring and fault management framework. A
command injection vulnerability on the 1.3.x DEV branch allows any
unauthenticated user to execute arbitrary command on the server when
register_argc_argv option of PHP is On. In cmd_realtime.php line 119, the
$poller_id used as part of the command execution is sourced from
$_SERVER['argv'], which can be controlled by URL when register_argc_argv option
of PHP is On. And this option is On by default in many environments such as the
main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d
contains a patch for the issue, but this commit was reverted in commit
99633903cad0de5ace636249de16f77e57a3c8fc.

* https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC

* https://github.com/Rubioo02/CVE-2024-29895

* https://github.com/secunnix/CVE-2024-29895

* https://github.com/ticofookfook/CVE-2024-29895.py

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
vulnerability in Apache StreamPipes user self-registration and password recovery
mechanism. This allows an attacker to guess the recovery token in a reasonable
time and thereby to take over the attacked user's account. This issue affects
Apache StreamPipes: from 0.69.0 through 0.93.0. Users are recommended to upgrade
to version 0.95.0, which fixes the issue.

* https://github.com/DEVisions/CVE-2024-29868

CVE-2024-29863

A race condition in the installer executable in Qlik Qlikview before versions
May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing
lower privileged user to cause code to be executed in the context of a Windows
Administrator.

* https://github.com/pawlokk/qlikview-poc-CVE-2024-29863

CVE-2024-29855

Hard-coded JWT secret allows authentication bypass in Veeam Recovery
Orchestrator

* https://github.com/sinsinology/CVE-2024-29855

CVE-2024-29849

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any
user to enterprise manager web interface.

* https://github.com/sinsinology/CVE-2024-29849

CVE-2024-29847

* https://github.com/sinsinology/CVE-2024-29847

CVE-2024-29824

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5
and prior allows an unauthenticated attacker within the same network to execute
arbitrary code.

* https://github.com/codeb0ss/CVE-2024-29824-PoC

* https://github.com/horizon3ai/CVE-2024-29824

* https://github.com/R4be1/CVE-2024-29824

CVE-2024-29671

* https://github.com/laskdjlaskdj12/CVE-2024-29671-POC

CVE-2024-29510

* https://github.com/swsmith2391/CVE-2024-29510

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP
addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and
::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic.
NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

* https://github.com/felipecruz91/node-ip-vex

CVE-2024-29404

* https://github.com/mansk1es/CVE-2024-29404_Razer

CVE-2024-29399

An issue was discovered in GNU Savane v.3.13 and before, allows a remote
attacker to execute arbitrary code and escalate privileges via a crafted file to
the upload.php component.

* https://github.com/ally-petitt/CVE-2024-29399

CVE-2024-29384

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain
sensitive information via the content.js and parseCSSRules functions.

* https://github.com/randshell/CSS-Exfil-Protection-POC

CVE-2024-29375

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote
attacker to execute arbitrary code via a crafted .ibnrs file to the Project
Description, Identifiers, Custom Triangle Name (inside Input Triangles) and
Yield Curve Name parameters.

* https://github.com/ismailcemunver/CVE-2024-29375

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue
occurs during user authentication process, where a difference in response time
could allow a remote unauthenticated user to determine if a username is valid or
not.

* https://github.com/ThaySolis/CVE-2024-29296

* https://github.com/Lavender-exe/CVE-2024-29296-PoC

CVE-2024-29278

funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in
"create a message ."

* https://github.com/QDming/cve

CVE-2024-29275

SQL injection vulnerability in SeaCMS version 12.9, allows remote
unauthenticated attackers to execute arbitrary code and obtain sensitive
information via the id parameter in class.php.

* https://github.com/Cyphercoda/nuclei_template

CVE-2024-29272

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows
unauthenticated remote attackers to execute arbitrary code and obtain sensitive
information via the sanitizeFileName parameter in save.php.

* https://github.com/awjkjflkwlekfdjs/CVE-2024-29272

CVE-2024-29269

An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers
to run arbitrary system commands via the Cmd parameter.

* https://github.com/Chocapikk/CVE-2024-29269

* https://github.com/wutalent/CVE-2024-29269

* https://github.com/hack-with-rohit/CVE-2024-29269-RCE

* https://github.com/K3ysTr0K3R/CVE-2024-29269-EXPLOIT

* https://github.com/YongYe-Security/CVE-2024-29269

* https://github.com/Quantum-Hacker/CVE-2024-29269

* https://github.com/dream434/CVE-2024-29269

CVE-2024-29059

.NET Framework Information Disclosure Vulnerability

* https://github.com/codewhitesec/HttpRemotingObjRefLeak

CVE-2024-29050

Windows Cryptographic Services Remote Code Execution Vulnerability

* https://github.com/Akrachli/CVE-2024-29050

CVE-2024-28999

The SolarWinds Platform was determined to be affected by a Race Condition
Vulnerability affecting the web console.

* https://github.com/HussainFathy/CVE-2024-28999

CVE-2024-28995

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that
would allow access to read sensitive files on the host machine.

* https://github.com/Stuub/CVE-2024-28995

* https://github.com/bigb0x/CVE-2024-28995

* https://github.com/krypton-kry/CVE-2024-28995

* https://github.com/0xc4t/CVE-2024-28995

* https://github.com/ggfzx/CVE-2024-28995

* https://github.com/gotr00t0day/CVE-2024-28995

* https://github.com/muhammetali20/CVE-2024-28995

* https://github.com/huseyinstif/CVE-2024-28995-Nuclei-Template

* https://github.com/Praison001/CVE-2024-28995-SolarWinds-Serv-U

CVE-2024-28987

* https://github.com/gh-ost00/CVE-2024-28987-POC

* https://github.com/horizon3ai/CVE-2024-28987

* https://github.com/expl0itsecurity/CVE-2024-28987

* https://github.com/HazeLook/CVE-2024-28987

* https://github.com/PlayerFridei/CVE-2024-28987

CVE-2024-28955

* https://github.com/Stuub/CVE-2024-28995

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is
isolated use of external parsers (created via XML_ExternalEntityParserCreate).

* https://github.com/RenukaSelvar/expat_CVE-2024-28757

* https://github.com/saurabh2088/expat_2_1_0_CVE-2024-28757

* https://github.com/saurabh2088/expat_2_1_1_CVE-2024-28757

CVE-2024-28741

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a
remote attacker to execute arbitrary code via the login.php component.

* https://github.com/chebuya/CVE-2024-28741-northstar-agent-rce-poc

CVE-2024-28715

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote
attacker to execute arbitrary code via the markdown0 function in the
/app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.

* https://github.com/Lq0ne/CVE-2024-28715

CVE-2024-28589

An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and
before, allows local low-privileged attackers to execute arbitrary code and
escalate privileges via insecure DLL loading from a world-writable directory
during service initialization.

* https://github.com/Alaatk/CVE-2024-28589

CVE-2024-28515

Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a
remote attacker to execute arbitrary code via the lab3 of
csapp,lab3/buflab-update.pl component.

* https://github.com/heshi906/CVE-2024-28515

CVE-2024-28397

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows
attackers to execute arbitrary code via a crafted API call.

* https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape

* https://github.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-Escape

CVE-2024-28328

CSV Injection vulnerability in the Asus RT-N12+ router allows administrator
users to inject arbitrary commands or formulas in the client name parameter
which can be triggered and executed in a different user session upon exporting
to CSV format.

* https://github.com/Redfox-Secuirty/Asus-RT--N12-B1-s-CSV-Injection-CVE--2024--28328

CVE-2024-28327

Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow
local attackers to obtain unauthorized access and modify router settings.

* https://github.com/Redfox-Secuirty/Asus-RT--N12-B1-s-Insecure-Credential-Storage-CVE--2024--28327

CVE-2024-28326

Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to
obtain root terminal access via the the UART interface.

* https://github.com/Redfox-Secuirty/Asus-RT--N12-B1-s-Privilege-Escalation--CVE--2024--28326

CVE-2024-28325

Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local
attackers to obtain unauthorized access and modify router settings.

* https://github.com/Redfox-Secuirty/Asus-RT-N12-B1-s-Credentials-Stored-in-Cleartext--CVE--2024--28325

CVE-2024-28255

OpenMetadata is a unified platform for discovery, observability, and governance
powered by a central metadata repository, in-depth lineage, and seamless team
collaboration. The JwtFilter handles the API authentication by requiring and
verifying JWT tokens. When a new request comes in, the request's path is checked
against this list. When the request's path contains any of the excluded
endpoints the filter returns without validating the JWT. Unfortunately, an
attacker may use Path Parameters to make any path contain any arbitrary strings.
For example, a request to GET
/api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111 will
match the excluded endpoint condition and therefore will be processed with no
JWT validation allowing an attacker to bypass the authentication mechanism and
reach any arbitrary endpoint, including the ones listed above that lead to
arbitrary SpEL expression injection. This bypass will not work when the endpoint
uses the SecurityContext.getUserPrincipal() since it will return null and will
throw an NPE. This issue may lead to authentication bypass and has been
addressed in version 1.2.4. Users are advised to upgrade. There are no known
workarounds for this vulnerability. This issue is also tracked as GHSL-2023-237.

* https://github.com/YongYe-Security/CVE-2024-28255

CVE-2024-28247

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content
without installing any client-side software. A vulnerability has been discovered
in Pihole that allows an authenticated user on the platform to read internal
server files arbitrarily, and because the application runs from behind, reading
files is done as a privileged user.If the URL that is in the list of "Adslists"
begins with "file*" it is understood that it is updating from a local file, on
the other hand if it does not begin with "file*" depending on the state of the
response it does one thing or another. The problem resides in the update through
local files. When updating from a file which contains non-domain lines, 5 of the
non-domain lines are printed on the screen, so if you provide it with any file
on the server which contains non-domain lines it will print them on the screen.
This vulnerability is fixed by 5.18.

* https://github.com/T0X1Cx/CVE-2024-28247-Pi-hole-Arbitrary-File-Read

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from
unauthenticated users, which could allow remote attacker to execute arbitrary
code via unsafe Java objects deserialization.

* https://github.com/0x1x02/CVE-2024-28213

CVE-2024-28182

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C.
The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number
of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context
in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0
mitigates this vulnerability by limiting the number of CONTINUATION frames it
accepts per stream. There is no workaround for this vulnerability.

* https://github.com/lockness-Ko/CVE-2024-27316

CVE-2024-28116

Grav is an open-source, flat-file content management system. Grav CMS prior to
version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which
allows any authenticated user (editor permissions are sufficient) to execute
arbitrary code on the remote server bypassing the existing security sandbox.
Version 1.7.45 contains a patch for this issue.

* https://github.com/geniuszlyy/GenGravSSTIExploit

* https://github.com/akabe1/Graver

* https://github.com/gunzf0x/Grav-CMS-RCE-Authenticated

CVE-2024-28093

The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by
default, and has default credentials for a root-level account.

* https://github.com/actuator/BSIDES-Security-Las-Vegas-2024

CVE-2024-28088

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able
to control the final part of the path parameter in a load_chain call. This
bypasses the intended behavior of loading configurations only from the
hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an
API key for a large language model online service, or remote code execution. (A
patch is available as of release 0.1.29 of langchain-core.)

* https://github.com/levpachmanov/cve-2024-28088-poc

CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions,
allows escape sequences to be sent to other users' terminals through argv.
(Specifically, escape sequences received from stdin are blocked, but escape
sequences received from argv are not blocked.) There may be plausible scenarios
where this leads to account takeover.

* https://github.com/skyler-ferrante/CVE-2024-28085

* https://github.com/oditynet/sleepall

CVE-2024-28000

* https://github.com/Alucard0x1/CVE-2024-28000

* https://github.com/arch1m3d/CVE-2024-28000

* https://github.com/JohnDoeAnonITA/CVE-2024-28000

* https://github.com/ebrasha/CVE-2024-28000

* https://github.com/SSSSuperX/CVE-2024-28000

CVE-2024-27983

An attacker can make the Node.js HTTP/2 server completely unavailable by sending
a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is
possible to leave some data in nghttp2 memory after reset when headers with
HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is
abruptly closed by the client triggering the Http2Session destructor while
header frames are still being processed (and stored in memory) causing a race
condition.

* https://github.com/lirantal/CVE-2024-27983-nodejs-http2

CVE-2024-27972

Improper Neutralization of Special Elements used in a Command ('Command
Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command
Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.

* https://github.com/truonghuuphuc/CVE-2024-27972-Poc

CVE-2024-27971

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows
PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for
WooCommerce: from n/a through 2.3.10.

* https://github.com/truonghuuphuc/CVE-2024-27971-Note

CVE-2024-27956

Improper Neutralization of Special Elements used in an SQL Command ('SQL
Injection') vulnerability in ValvePress Automatic allows SQL Injection.This
issue affects Automatic: from n/a through 3.92.0.

* https://github.com/AiGptCode/WordPress-Auto-Admin-Account-and-Reverse-Shell-cve-2024-27956

* https://github.com/diego-tella/CVE-2024-27956-RCE

* https://github.com/truonghuuphuc/CVE-2024-27956

* https://github.com/ThatNotEasy/CVE-2024-27956

* https://github.com/itzheartzz/MASS-CVE-2024-27956

* https://github.com/Cappricio-Securities/CVE-2024-27956

* https://github.com/FoxyProxys/CVE-2024-27956

* https://github.com/k3ppf0r/CVE-2024-27956

* https://github.com/X-Projetion/CVE-2024-27956-WORDPRESS-RCE-PLUGIN

* https://github.com/CERTologists/EXPLOITING-CVE-2024-27956

* https://github.com/cve-2024/CVE-2024-27956-RCE

* https://github.com/W3BW/CVE-2024-27956-RCE-File-Package

* https://github.com/TadashiJei/Valve-Press-CVE-2024-27956-RCE

CVE-2024-27954

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability in WP Automatic Automatic allows Path Traversal, Server Side
Request Forgery.This issue affects Automatic: from n/a through 3.92.0.

* https://github.com/gh-ost00/CVE-2024-27954

* https://github.com/Quantum-Hacker/CVE-2024-27954

CVE-2024-27919

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0
and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of
CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header
map limits have been exceeded. This allows an attacker to send an sequence of
CONTINUATION frames without the END_HEADERS bit set causing unlimited memory
consumption. This can lead to denial of service through memory exhaustion. Users
should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION
flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and
1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable
HTTP/2 protocol for downstream connections.

* https://github.com/lockness-Ko/CVE-2024-27316

CVE-2024-27914

GLPI is a Free Asset and IT Management Software package, Data center management,
ITIL Service Desk, licenses tracking and software auditing. An unauthenticated
user can provide a malicious link to a GLPI administrator in order to exploit a
reflected XSS vulnerability. The XSS will only trigger if the administrator
navigates through the debug bar. This issue has been patched in version 10.0.13.

* https://github.com/shellkraft/CVE-2024-27914

CVE-2024-27821

A path handling issue was addressed with improved validation. This issue is
fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut
may output sensitive user data without consent.

* https://github.com/0xilis/CVE-2024-27821

CVE-2024-27815

An out-of-bounds write issue was addressed with improved input validation. This
issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS
10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with
kernel privileges.

* https://github.com/jprx/CVE-2024-27815

CVE-2024-27804

The issue was addressed with improved memory handling. This issue is fixed in
iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may
be able to execute arbitrary code with kernel privileges.

* https://github.com/R00tkitSMM/CVE-2024-27804

CVE-2024-27766

* https://github.com/Ant1sec-ops/CVE-2024-27766

CVE-2024-27697

* https://github.com/SanjinDedic/FuguHub-8.4-Authenticated-RCE-CVE-2024-27697

CVE-2024-27674

Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the
"%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged
user can escalate to SYSTEM by replacing the MacroService.exe binary.

* https://github.com/Alaatk/CVE-2024-27674

CVE-2024-27673

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This
candidate was withdrawn by its CNA. Further investigation showed that it was not
a security issue. Notes: none.

* https://github.com/Alaatk/CVE-2024-27673

CVE-2024-27665

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via
file upload feature in Syllabus module.

* https://github.com/Thirukrishnan/CVE-2024-27665

CVE-2024-27632

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate
privileges via the form_id in the form_header() function.

* https://github.com/ally-petitt/CVE-2024-27632

CVE-2024-27631

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows
a remote attacker to escalate privileges via siteadmin/usergroup.php

* https://github.com/ally-petitt/CVE-2024-27631

CVE-2024-27630

Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a
remote attacker to delete arbitrary files via crafted input to the
trackers_data_delete_file function.

* https://github.com/ally-petitt/CVE-2024-27630

CVE-2024-27619

Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user
having read/write access to ftp server can write directly to ram causing buffer
overflow if file or files uploaded are greater than available ram. Ftp server
allows change of directory to root which is one level up than root of usb flash
directory. During upload ram is getting filled and causing system resource
exhaustion (no free memory) which causes system to crash and reboot.

* https://github.com/ioprojecton/dir-3040_dos

CVE-2024-27564

A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit
f9f4bbc allows attackers to force the application to make arbitrary requests via
injection of crafted URLs into the urlparameter.

* https://github.com/MuhammadWaseem29/SSRF-Exploit-CVE-2024-27564

* https://github.com/Quantum-Hacker/CVE-2024-27564

CVE-2024-27518

An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows
unprivileged attackers to escalate privileges via a restore of a crafted DLL
file into the C:\Program Files\SUPERAntiSpyware folder.

* https://github.com/secunnix/CVE-2024-27518

CVE-2024-27477

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket
creation and modification functionality, allowing attackers to inject malicious
JavaScript code into the title field of tickets (also known as to-dos). This
stored XSS vulnerability can be exploited to perform Server-Side Request Forgery
(SSRF) attacks.

* https://github.com/dead1nfluence/Leantime-POC

CVE-2024-27476

Leantime 3.0.6 is vulnerable to HTML Injection via
/dashboard/show#/tickets/newTicket.

* https://github.com/dead1nfluence/Leantime-POC

CVE-2024-27474

Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This
vulnerability allows malicious actors to perform unauthorized actions on behalf
of authenticated users, specifically administrators.

* https://github.com/dead1nfluence/Leantime-POC

CVE-2024-27462

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This
candidate was withdrawn by its CNA. Further investigation showed that it was not
a security issue. Notes: none.

* https://github.com/Alaatk/CVE-2024-27462

CVE-2024-27460

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and
below.

* https://github.com/xct/CVE-2024-27460

* https://github.com/Alaatk/CVE-2024-27460

* https://github.com/10cks/CVE-2024-27460-installer

CVE-2024-27348

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue
affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users
are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth
system, which fixes the issue.

* https://github.com/Zeyad-Azima/CVE-2024-27348

* https://github.com/kljunowsky/CVE-2024-27348

* https://github.com/jakabakos/CVE-2024-27348-Apache-HugeGraph-RCE

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2
in order to generate an informative HTTP 413 response. If a client does not stop
sending headers, this leads to memory exhaustion.

* https://github.com/lockness-Ko/CVE-2024-27316

* https://github.com/aeyesec/CVE-2024-27316_poc

CVE-2024-27292

Docassemble is an expert system for guided interviews and document assembly. The
vulnerability allows attackers to gain unauthorized access to information on the
system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The
vulnerability has been patched in version 1.4.97 of the master branch.

* https://github.com/th3gokul/CVE-2024-27292

* https://github.com/tequilasunsh1ne/CVE_2024_27292

CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform
limited admin actions was possible

* https://github.com/W01fh4cker/CVE-2024-27198-RCE

* https://github.com/Stuub/RCity-CVE-2024-27198

* https://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform
admin actions was possible

* https://github.com/W01fh4cker/CVE-2024-27198-RCE

* https://github.com/Chocapikk/CVE-2024-27198

* https://github.com/yoryio/CVE-2024-27198

* https://github.com/Stuub/RCity-CVE-2024-27198

* https://github.com/K3ysTr0K3R/CVE-2024-27198-EXPLOIT

* https://github.com/geniuszlyy/CVE-2024-27198

* https://github.com/CharonDefalt/CVE-2024-27198-RCE

* https://github.com/passwa11/CVE-2024-27198-RCE

* https://github.com/jrbH4CK/CVE-2024-27198

* https://github.com/rampantspark/CVE-2024-27198

* https://github.com/dkhacks/CVE_2024_27198

* https://github.com/HPT-Intern-Task-Submission/CVE-2024-27198

* https://github.com/Cythonic1/CVE-2024-27198_POC

* https://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-

CVE-2024-27173

Remote Command program allows an attacker to get Remote Code Execution by
overwriting existing Python files containing executable code. This vulnerability
can be executed in combination with other vulnerabilities and difficult to
execute alone. So, the CVSS score for this vulnerability alone is lower than the
score listed in the "Base Score" of this vulnerability. For detail on related
other vulnerabilities, please ask to the below contact point.
https://www.toshibatec.com/contacts/products/ As for the affected
products/models/versions, see the reference URL.

* https://github.com/Ieakd/0day-POC-for-CVE-2024-27173

CVE-2024-27130

A buffer copy without checking size of input vulnerability has been reported to
affect several QNAP operating system versions. If exploited, the vulnerability
could allow users to execute code via a network. We have already fixed the
vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later

* https://github.com/watchtowrlabs/CVE-2024-27130

* https://github.com/d0rb/CVE-2024-27130

* https://github.com/XiaomingX/cve-2024-27130-poc

CVE-2024-27088

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names
or complex default argument names into function#copy or function#toStringTokens
may cause the script to stall. The vulnerability is patched in v0.10.63.

* https://github.com/200101WhoAmI/CVE-2024-27088

CVE-2024-26817

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use
calloc instead of kzalloc to avoid integer overflow This uses calloc instead of
doing the multiplication which might overflow.

* https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd

CVE-2024-26581

In the Linux kernel, the following vulnerability has been resolved: netfilter:
nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might
collect an end interval element that has been just added in this transactions,
skip end interval elements that are not yet active.

* https://github.com/madfxr/CVE-2024-26581-Checker

* https://github.com/laoqin1234/Linux-Root-CVE-2024-26581-PoC

CVE-2024-26574

Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a
local attacker to execute arbitrary code via a crafted script to the
WSNativePushService.exe

* https://github.com/Alaatk/CVE-2024-26574

CVE-2024-26560

* https://github.com/sajaljat/CVE-2024-26560

CVE-2024-26535

* https://github.com/sajaljat/CVE-2024-26535

CVE-2024-26534

* https://github.com/sajaljat/CVE-2024-26534

CVE-2024-26521

HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote
attacker to execute arbitrary code, escalate privileges, and obtain sensitive
information via a crafted payload to the english.php component.

* https://github.com/hackervegas001/CVE-2024-26521

CVE-2024-26503

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass
v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted
file to certbadge.php endpoint.

* https://github.com/RoboGR00t/Exploit-CVE-2024-26503

CVE-2024-26475

An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8
allows a local attacker to cause a denial of service via the
grub_sfs_read_extent function.

* https://github.com/TronciuVlad/CVE-2024-26475

CVE-2024-26308

Allocation of Resources Without Limits or Throttling vulnerability in Apache
Commons Compress.This issue affects Apache Commons Compress: from 1.21 before
1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

* https://github.com/crazycatMyopic/cve

CVE-2024-26304

There is a buffer overflow vulnerability in the underlying L2/L3 Management
service that could lead to unauthenticated remote code execution by sending
specially crafted packets destined to the PAPI (Aruba's access point management
protocol) UDP port (8211). Successful exploitation of this vulnerability results
in the ability to execute arbitrary code as a privileged user on the underlying
operating system.

* https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits

* https://github.com/X-Projetion/CVE-2024-26304-RCE-exploit

CVE-2024-26230

Windows Telephony Server Elevation of Privilege Vulnerability

* https://github.com/Wa1nut4/CVE-2024-26230

* https://github.com/kiwids0220/CVE-2024-26230

CVE-2024-26229

Windows CSC Service Elevation of Privilege Vulnerability

* https://github.com/varwara/CVE-2024-26229

* https://github.com/RalfHacker/CVE-2024-26229-exploit

* https://github.com/Cracked5pider/eop24-26229

* https://github.com/apkc/CVE-2024-26229-BOF

* https://github.com/team-MineDEV/CVE-2024-26229

* https://github.com/mqxmm/CVE-2024-26229

CVE-2024-26218

Windows Kernel Elevation of Privilege Vulnerability

* https://github.com/exploits-forsale/CVE-2024-26218

CVE-2024-26160

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

* https://github.com/xsh3llsh0ck/CVE-2024-26160

CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a
possible sensitive session information leak in Active Storage. By default,
Active Storage sends a Set-Cookie header along with the user's session cookie
when serving blobs. It also sets Cache-Control to public. Certain proxies may
cache the Set-Cookie, leading to an information leak. The vulnerability is fixed
in 7.0.8.1 and 6.1.7.7.

* https://github.com/gmo-ierae/CVE-2024-26144-test

CVE-2024-26026

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API
(URI). Note: Software versions which have reached End of Technical Support
(EoTS) are not evaluated

* https://github.com/passwa11/CVE-2024-26026

* https://github.com/GRTMALDET/Big-IP-Next-CVE-2024-26026

CVE-2024-25897

ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based)
via the CurrentFundraiser GET parameter.

* https://github.com/i-100-user/CVE-2024-25897

CVE-2024-25832

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could
allow an authenticated malicious actor to upload a file of dangerous type by
manipulating the filename extension.

* https://github.com/0xNslabs/CVE-2024-25832-PoC

CVE-2024-25830

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an
improper directory access restriction. An unauthenticated, remote attacker can
exploit this, by sending a URI that contains the path of the configuration file.
A successful exploit could allow the attacker to extract the root and admin
password.

* https://github.com/0xNslabs/CVE-2024-25832-PoC

CVE-2024-25809

* https://github.com/sajaljat/CVE-2024-25809

CVE-2024-25753

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware
version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code
via the formSetDeviceName function.

* https://github.com/codeb0ss/CVE-2024-25735-PoC

CVE-2024-25735

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote
attackers can discover cleartext passwords via a SoftAP /device/config GET
request.

* https://github.com/codeb0ss/CVE-2024-25735-PoC

CVE-2024-25733

* https://github.com/hackintoanetwork/ARC-Browser-Address-Bar-Spoofing-PoC

CVE-2024-25731

The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains
hardcoded AES encryption keys that can be extracted from a binary file. Thus,
encryption can be defeated by an attacker who can observe packet data (e.g.,
over Wi-Fi).

* https://github.com/actuator/com.cn.dq.ipc

CVE-2024-25729

Arris SBG6580 devices have predictable default WPA2 security passwords that
could lead to unauthorized remote access. (They use the first 6 characters of
the SSID and the last 6 characters of the BSSID, decrementing the last octet.)

* https://github.com/actuator/BSIDES-Security-Las-Vegas-2024

CVE-2024-25723

ZenML Server in the ZenML machine learning package before 0.46.7 for Python
allows remote privilege escalation because the
/api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the
basis of a valid username along with a new password in the request body. These
are also patched versions: 0.44.4, 0.43.1, and 0.42.2.

* https://github.com/david-botelho-mariano/exploit-CVE-2024-25723

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior
to version 1.2.27, an arbitrary file write vulnerability, exploitable through
the "Package Import" feature, allows authenticated users having the "Import
Templates" permission to execute arbitrary PHP code on the web server. The
vulnerability is located within the import_package() function defined into the
/lib/import.php script. The function blindly trusts the filename and file
content provided within the XML data, and writes such files into the Cacti base
path (or even outside, since path traversal sequences are not filtered). This
can be exploited to write or overwrite arbitrary files on the web server,
leading to execution of arbitrary PHP code or other security impacts. Version
1.2.27 contains a patch for this issue.

* https://github.com/5ma1l/CVE-2024-25641

* https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26

* https://github.com/thisisveryfunny/CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26

* https://github.com/Safarchand/CVE-2024-25641

* https://github.com/XiaomingX/cve-2024-25641-poc

CVE-2024-25600

Improper Control of Generation of Code ('Code Injection') vulnerability in
Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks
Builder: from n/a through 1.9.6.

* https://github.com/gobysec/Goby

* https://github.com/gobysec/GobyVuls

* https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

* https://github.com/Chocapikk/CVE-2024-25600

* https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT

* https://github.com/Christbowel/CVE-2024-25600_Nuclei-Template

* https://github.com/Tornad0007/CVE-2024-25600-Bricks-Builder-plugin-for-WordPress

* https://github.com/hy011121/CVE-2024-25600-wordpress-Exploit-RCE

* https://github.com/ivanbg2004/0BL1V10N-CVE-2024-25600-Bricks-Builder-plugin-for-WordPress

* https://github.com/X-Projetion/WORDPRESS-CVE-2024-25600-EXPLOIT-RCE

* https://github.com/wh6amiGit/CVE-2024-25600

* https://github.com/k3lpi3b4nsh33/CVE-2024-25600

* https://github.com/WanLiChangChengWanLiChang/CVE-2024-25600

* https://github.com/svchostmm/CVE-2024-25600-mass

* https://github.com/KaSooMi0228/CVE-2024-25600-Bricks-Builder-WordPress

CVE-2024-25503

Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows
a remote attacker to execute arbitrary code and obtain sensitive information via
a crafted script to the edit details parameter of the New Project function.

* https://github.com/EQSTLab/CVE-2024-25503

CVE-2024-25466

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1
and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a
crafted script to the Android library component.

* https://github.com/FixedOctocat/CVE-2024-25466

CVE-2024-25423

An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute
arbitrary code via a crafted c4d_base.xdl64 file.

* https://github.com/DriverUnload/cve-2024-25423

CVE-2024-25412

* https://github.com/paragbagul111/CVE-2024-25412

CVE-2024-25411

* https://github.com/paragbagul111/CVE-2024-25411

CVE-2024-25381

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due
to non-filtering of quoted content.

* https://github.com/Ox130e07d/CVE-2024-25381

CVE-2024-25376

An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio
MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary
code via the msiexec.exe repair mode.

* https://github.com/ewilded/CVE-2024-25376-POC

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code
execution (RCE) via the href attribute.

* https://github.com/EQSTLab/CVE-2024-25293

CVE-2024-25292

Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers
to execute arbitrary web scripts or HTML via a crafted payload injected into the
Upload Title parameter.

* https://github.com/EQSTLab/CVE-2024-25292

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a
crafted plugin.

* https://github.com/EQSTLab/CVE-2024-25291

CVE-2024-25281

* https://github.com/sajaljat/CVE-2024-25281

CVE-2024-25280

* https://github.com/sajaljat/CVE-2024-25280

CVE-2024-25279

* https://github.com/sajaljat/CVE-2024-25279

CVE-2024-25278

* https://github.com/sajaljat/CVE-2024-25278

CVE-2024-25277

* https://github.com/maen08/CVE-2024-25277

CVE-2024-25270

* https://github.com/fbkcs/CVE-2024-25270

CVE-2024-25251

code-projects Agro-School Management System 1.0 is suffers from Incorrect Access
Control.

* https://github.com/ASR511-OO7/CVE-2024-25251

CVE-2024-25250

SQL Injection vulnerability in code-projects Agro-School Management System 1.0
allows attackers to run arbitrary code via the Login page.

* https://github.com/ASR511-OO7/CVE-2024-25250.

CVE-2024-25227

SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to
execute arbitrary code, cause a denial of service (DoS), escalate privileges,
and obtain sensitive information via the tb_login parameter in admin login page.

* https://github.com/thetrueartist/ABO.CMS-Login-SQLi-CVE-2024-25227

* https://github.com/thetrueartist/ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227

CVE-2024-25202

Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and
User Management System 1.0 allows attackers to run arbitrary code via the search
bar.

* https://github.com/Agampreet-Singh/CVE-2024-25202

CVE-2024-25175

An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload
via a HTTP response splitting attack.

* https://github.com/jet-pentest/CVE-2024-25175

CVE-2024-25170

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via
manipulating the Host header.

* https://github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0

CVE-2024-25169

An issue in Mezzanine v6.0.0 allows attackers to bypass access control
mechanisms in the admin panel via a crafted request.

* https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0

CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web
Portal allows files to be uploaded outside of the intended ‘uploadtemp’
directory with a specially crafted POST request. In situations where a file is
successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files
could be used to execute code, including web shells.

* https://github.com/nettitude/CVE-2024-25153

* https://github.com/rainbowhatrkn/CVE-2024-25153

CVE-2024-25092

Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue
affects NextMove Lite: from n/a through 2.17.0.

* https://github.com/RandomRobbieBF/CVE-2024-25092

CVE-2024-24919

Potentially allowing an attacker to read certain information on Check Point
Security Gateways once connected to the internet and enabled with remote Access
VPN or Mobile Access Software Blades. A Security fix that mitigates this
vulnerability is available.

* https://github.com/seed1337/CVE-2024-24919-POC

* https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner

* https://github.com/RevoltSecurities/CVE-2024-24919

* https://github.com/LucasKatashi/CVE-2024-24919

* https://github.com/GoatSecurity/CVE-2024-24919

* https://github.com/un9nplayer/CVE-2024-24919

* https://github.com/verylazytech/CVE-2024-24919

* https://github.com/geniuszlyy/CVE-2024-24919

* https://github.com/0nin0hanz0/CVE-2024-24919-PoC

* https://github.com/c3rrberu5/CVE-2024-24919

* https://github.com/GuayoyoCyber/CVE-2024-24919

* https://github.com/emanueldosreis/CVE-2024-24919

* https://github.com/smackerdodi/CVE-2024-24919-nuclei-templater

* https://github.com/zam89/CVE-2024-24919

* https://github.com/Bytenull00/CVE-2024-24919

* https://github.com/GlobalsecureAcademy/CVE-2024-24919

* https://github.com/Rug4lo/CVE-2024-24919-Exploit

* https://github.com/protonnegativo/CVE-2024-24919

* https://github.com/bigb0x/CVE-2024-24919-Sniper

* https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN

* https://github.com/fernandobortotti/CVE-2024-24919

* https://github.com/skyrowalker/CVE-2024-24919

* https://github.com/SalehLardhi/CVE-2024-24919

* https://github.com/gurudattch/CVE-2024-24919

* https://github.com/0xYumeko/CVE-2024-24919

* https://github.com/Cappricio-Securities/CVE-2024-24919

* https://github.com/0xans/CVE-2024-24919

* https://github.com/nexblade12/CVE-2024-24919

* https://github.com/mr-kasim-mehar/CVE-2024-24919-Exploit

* https://github.com/starlox0/CVE-2024-24919-POC

* https://github.com/r4p3c4/CVE-2024-24919-Checkpoint-Firewall-VPN-Check

* https://github.com/am-eid/CVE-2024-24919

* https://github.com/hendprw/CVE-2024-24919

* https://github.com/P3wc0/CVE-2024-24919

* https://github.com/nicolvsrlr27/CVE-2024-24919

* https://github.com/satriarizka/CVE-2024-24919

* https://github.com/ShadowByte1/CVE-2024-24919

* https://github.com/yagyuufellinluvv/CVE-2024-24919

* https://github.com/Vulnpire/CVE-2024-24919

* https://github.com/Jutrm/cve-2024-24919

* https://github.com/YN1337/CVE-2024-24919

* https://github.com/satchhacker/cve-2024-24919

* https://github.com/Tim-Hoekstra/CVE-2024-24919

* https://github.com/H3KEY/CVE-2024-24919

* https://github.com/0xkalawy/CVE-2024-24919

* https://github.com/nullcult/CVE-2024-24919-Exploit

* https://github.com/J4F9S5D2Q7/CVE-2024-24919-CHECKPOINT

* https://github.com/sar-3mar/CVE-2024-24919_POC

* https://github.com/B1naryo/CVE-2024-24919-POC

* https://github.com/birdlex/cve-2024-24919-checker

* https://github.com/Expl0itD0g/CVE-2024-24919---Poc

* https://github.com/LuisMateo1/Arbitrary-File-Read-CVE-2024-24919

* https://github.com/Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN

* https://github.com/AhmedMansour93/Event-ID-263-Rule-Name-SOC287---Arbitrary-File-Read-on-Checkpoint-Security-Gateway-CVE-2024-24919-

CVE-2024-24816

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A
cross-site scripting vulnerability vulnerability has been discovered in versions
prior to 4.24.0-lts in samples that use the preview feature. All integrators
that use these samples in the production code can be affected. The vulnerability
allows an attacker to execute JavaScript code by abusing the misconfigured
preview feature. It affects all users using the CKEditor 4 at version <
4.24.0-lts with affected samples used in a production environment. A fix is
available in version 4.24.0-lts.

* https://github.com/afine-com/CVE-2024-24816

CVE-2024-24809

Traccar is an open source GPS tracking system. Versions prior to 6.0 are
vulnerable to path traversal and unrestricted upload of file with dangerous
type. Since the system allows registration by default, attackers can acquire
ordinary user permissions by registering an account and exploit this
vulnerability to upload files with the prefix device. under any folder.
Attackers can use this vulnerability for phishing, cross-site scripting attacks,
and potentially execute arbitrary commands on the server. Version 6.0 contains a
patch for the issue.

* https://github.com/gh-ost00/CVE-2024-24809-Proof-of-concept

CVE-2024-24787

On Darwin, building a Go module which contains CGO can trigger arbitrary code
execution when using the Apple version of ld, due to usage of the -lto_library
flag in a "#cgo LDFLAGS" directive.

* https://github.com/LOURC0D3/CVE-2024-24787-PoC

CVE-2024-24760

mailcow is a dockerized email package, with multiple containers linked in one
bridged network. A security vulnerability has been identified in mailcow
affecting versions < 2024-01c. This vulnerability potentially allows attackers
on the same subnet to connect to exposed ports of a Docker container, even when
the port is bound to 127.0.0.1. The vulnerability has been addressed by
implementing additional iptables/nftables rules. These rules drop packets for
Docker containers on ports 3306, 6379, 8983, and 12345, where the input
interface is not br-mailcow and the output interface is br-mailcow.

* https://github.com/killerbees19/CVE-2024-24760

CVE-2024-24725

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP
deserialization attacks via columnOrder in a POST request to the
modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

* https://github.com/MelkorW/CVE-2024-24725-PoC

CVE-2024-24686

* https://github.com/SpiralBL0CK/CVE-2024-24686

CVE-2024-24685

* https://github.com/SpiralBL0CK/CVE-2024-24685

CVE-2024-24684

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF
functionality of libigl v2.5.0. A specially crafted .off file can lead to
stack-based buffer overflow. An attacker can provide a malicious file to trigger
this vulnerability.This vulnerability concerns the header parsing occuring while
processing an .off file via the readOFF function. We can see above that at [0] a
stack-based buffer called comment is defined with an hardcoded size of 1000
bytes. The call to fscanf at [1] is unsafe and if the first line of the header
of the .off files is longer than 1000 bytes it will overflow the header buffer.

* https://github.com/SpiralBL0CK/CVE-2024-24684

CVE-2024-24590

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the
client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded
artifact to run arbitrary code on an end user’s system when interacted with.

* https://github.com/diegogarciayala/CVE-2024-24590-ClearML-RCE-CMD-POC

* https://github.com/OxyDeV2/ClearML-CVE-2024-24590

* https://github.com/xffsec/CVE-2024-24590-ClearML-RCE-Exploit

* https://github.com/sviim/ClearML-CVE-2024-24590-RCE

* https://github.com/junnythemarksman/CVE-2024-24590

* https://github.com/Bigb972003/cve-2024-24590

* https://github.com/j3r1ch0123/CVE-2024-24590

CVE-2024-24576

Rust is a programming language. The Rust Security Response WG was notified that
the Rust standard library prior to version 1.77.2 did not properly escape
arguments when invoking batch files (with the bat and cmd extensions) on Windows
using the Command. An attacker able to control the arguments passed to the
spawned process could execute arbitrary shell commands by bypassing the
escaping. The severity of this vulnerability is critical for those who invoke
batch files on Windows with untrusted arguments. No other platform or use is
affected. The Command::arg and Command::args APIs state in their documentation
that the arguments will be passed to the spawned process as-is, regardless of
the content of the arguments, and will not be evaluated by a shell. This means
it should be safe to pass untrusted input as an argument. On Windows, the
implementation of this is more complex than other platforms, because the Windows
API only provides a single string containing all the arguments to the spawned
process, and it's up to the spawned process to split them. Most programs use the
standard C run-time argv, which in practice results in a mostly consistent way
arguments are splitted. One exception though is cmd.exe (used among other things
to execute batch files), which has its own argument splitting logic. That forces
the standard library to implement custom escaping for arguments passed to batch
files. Unfortunately it was reported that our escaping logic was not thorough
enough, and it was possible to pass malicious arguments that would result in
arbitrary shell execution. Due to the complexity of cmd.exe, we didn't identify
a solution that would correctly escape arguments in all cases. To maintain our
API guarantees, we improved the robustness of the escaping code, and changed the
Command API to return an InvalidInput error when it cannot safely escape an
argument. This error will be emitted when spawning the process. The fix is
included in Rust 1.77.2. Note that the new escaping logic for batch files errs
on the conservative side, and could reject valid arguments. Those who implement
the escaping themselves or only handle trusted inputs on Windows can also use
the CommandExt::raw_arg method to bypass the standard library's escaping logic.

* https://github.com/frostb1ten/CVE-2024-24576-PoC

* https://github.com/aydinnyunus/CVE-2024-24576-Exploit

* https://github.com/brains93/CVE-2024-24576-PoC-Python

* https://github.com/corysabol/batbadbut-demo

* https://github.com/mishl-dev/CVE-2024-24576-PoC-Python

* https://github.com/lpn/CVE-2024-24576.jl

* https://github.com/foxoman/CVE-2024-24576-PoC---Nim

* https://github.com/SheL3G/CVE-2024-24576-PoC-BatBadBut

* https://github.com/Gaurav1020/CVE-2024-24576-PoC-Rust

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2
requests in Apache Tomcat. When processing an HTTP/2 request, if the request
exceeded any of the configured limits for headers, the associated HTTP/2 stream
was not reset until after all of the headers had been processed.This issue
affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through
10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are
recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which
fix the issue.

* https://github.com/Abdurahmon3236/CVE-2024-24549

CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code
via the upgrade.php file in the languages place.

* https://github.com/xF-9979/CVE-2024-24520

CVE-2024-24488

An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local
attacker to obtain sensitive information via the password component.

* https://github.com/minj-ae/CVE-2024-24488

CVE-2024-24409

* https://github.com/passtheticket/CVE-2024-24409

CVE-2024-24402

An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges
via a crafted script to the /usr/local/nagios/bin/npcd component.

* https://github.com/MAWK0235/CVE-2024-24402

CVE-2024-24401

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to
execute arbitrary code via a crafted payload to the monitoringwizard.php
component.

* https://github.com/MAWK0235/CVE-2024-24401

CVE-2024-24398

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS
before v.2024.1.2 allows a remote attacker to execute arbitrary code via a
crafted payload to the fileName parameter of the Save function.

* https://github.com/trustcves/CVE-2024-24398

CVE-2024-24397

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS
before v.2024.1.2 allows a remote attacker to execute arbitrary code via a
crafted payload to the ReportName field.

* https://github.com/trustcves/CVE-2024-24397

CVE-2024-24396

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS
before v.2024.1.2 allows a remote attacker to execute arbitrary code via a
crafted payload to the search bar component.

* https://github.com/trustcves/CVE-2024-24396

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via
a crafted payload to the /var/lib/vitalpbx/scripts folder.

* https://github.com/erick-duarte/CVE-2024-24386

CVE-2024-24337

CSV Injection vulnerability in '/members/moremember.pl' and
'/admin/aqbudgets.pl' endpoints in Koha Library Management System version
23.05.05 and earlier allows attackers to to inject DDE commands into csv exports
via the 'Budget' and 'Patrons Member' components.

* https://github.com/nitipoom-jar/CVE-2024-24337

CVE-2024-24336

A multiple Cross-site scripting (XSS) vulnerability in the
'/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha
Library Management System version 23.05.05 and earlier allows malicious staff
users to carry out CSRF attacks, including unauthorized changes to usernames and
passwords of users visiting the affected page, via the 'Circulation note' and
‘Patrons Restriction’ components.

* https://github.com/nitipoom-jar/CVE-2024-24336

CVE-2024-24206

* https://github.com/l00neyhacker/CVE-2024-24206

CVE-2024-24204

* https://github.com/l00neyhacker/CVE-2024-24204

CVE-2024-24203

* https://github.com/l00neyhacker/CVE-2024-24203

CVE-2024-24142

Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject'
parameter.

* https://github.com/BurakSevben/CVE-2024-24142

CVE-2024-24141

Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task'
parameter.

* https://github.com/BurakSevben/CVE-2024-24141

CVE-2024-24140

Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the
parameter 'tracker.'

* https://github.com/BurakSevben/CVE-2024-24140

CVE-2024-24139

Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via
the 'user' parameter.

* https://github.com/BurakSevben/CVE-2024-24139

CVE-2024-24138

* https://github.com/BurakSevben/CVE-2024-24138

CVE-2024-24137

* https://github.com/BurakSevben/CVE-2024-24137

CVE-2024-24136

The 'Your Name' field in the Submit Score section of Sourcecodester Math Game
with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.

* https://github.com/BurakSevben/CVE-2024-24136

CVE-2024-24135

Product Name and Product Code in the 'Add Product' section of Sourcecodester
Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.

* https://github.com/BurakSevben/CVE-2024-24135

CVE-2024-24134

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS)
via the 'Menu Name' and 'Description' fields in the Update Menu section.

* https://github.com/BurakSevben/CVE-2024-24134

CVE-2024-24108

* https://github.com/ASR511-OO7/CVE-2024-24108

CVE-2024-24105

SQL Injection vulnerability in Code-projects Computer Science Time Table System
1.0 allows attackers to run arbitrary code via adminFormvalidation.php.

* https://github.com/ASR511-OO7/CVE-2024-24105

CVE-2024-24104

* https://github.com/ASR511-OO7/CVE-2024-24104

CVE-2024-24103

* https://github.com/ASR511-OO7/CVE-2024-24103

CVE-2024-24102

* https://github.com/ASR511-OO7/CVE-2024-24102

CVE-2024-24101

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under
Eligibility Information Update.

* https://github.com/ASR511-OO7/CVE-2024-24101

CVE-2024-24100

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via
PublisherID.

* https://github.com/ASR511-OO7/CVE-2024-24100

CVE-2024-24099

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under
Employment Status Information Update.

* https://github.com/ASR511-OO7/CVE-2024-24099

CVE-2024-24098

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via
the News Feed.

* https://github.com/ASR511-OO7/CVE-2024-24098

CVE-2024-24097

Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking
System 1.0 allows attackers to run arbitrary code via the News Feed.

* https://github.com/ASR511-OO7/CVE-2024-24097

CVE-2024-24096

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via
BookSBIN.

* https://github.com/ASR511-OO7/CVE-2024-24096

CVE-2024-24095

Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.

* https://github.com/ASR511-OO7/CVE-2024-24095

CVE-2024-24094

* https://github.com/ASR511-OO7/CVE-2024-24094

CVE-2024-24093

SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows
attackers to run arbitrary code via Personal Information Update information.

* https://github.com/ASR511-OO7/CVE-2024-24093

CVE-2024-24092

SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0
allows attackers to run arbitrary code via login.php.

* https://github.com/ASR511-OO7/CVE-2024-24092

CVE-2024-24035

Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows
attackers to run arbitrary code via the hmessage parameter.

* https://github.com/ELIZEUOPAIN/CVE-2024-24035

CVE-2024-24034

Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the
hprinter parameter, allows remote attackers to execute arbitrary code.

* https://github.com/ELIZEUOPAIN/CVE-2024-24034

CVE-2024-23998

* https://github.com/EQSTLab/CVE-2024-23998

CVE-2024-23997

* https://github.com/EQSTLab/CVE-2024-23997

CVE-2024-23995

Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote
attackers to execute arbitrary code in the column name of a database table in
tabulator-popup-container.

* https://github.com/EQSTLab/CVE-2024-23995

CVE-2024-23898

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both
inclusive) does not perform origin validation of requests made through the CLI
WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH)
vulnerability, allowing attackers to execute CLI commands on the Jenkins
controller.

* https://github.com/jenkinsci-cert/SECURITY-3314-3315

CVE-2024-23897

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of
its CLI command parser that replaces an '@' character followed by a file path in
an argument with the file's contents, allowing unauthenticated attackers to read
arbitrary files on the Jenkins controller file system.

* https://github.com/gobysec/Goby

* https://github.com/gobysec/GobyVuls

* https://github.com/h4x0r-dz/CVE-2024-23897

* https://github.com/binganao/CVE-2024-23897

* https://github.com/wjlin0/CVE-2024-23897

* https://github.com/xaitax/CVE-2024-23897

* https://github.com/kaanatmacaa/CVE-2024-23897

* https://github.com/godylockz/CVE-2024-23897

* https://github.com/Vozec/CVE-2024-23897

* https://github.com/3yujw7njai/CVE-2024-23897

* https://github.com/Maalfer/CVE-2024-23897

* https://github.com/jenkinsci-cert/SECURITY-3314-3315

* https://github.com/10T4/PoC-Fix-jenkins-rce_CVE-2024-23897

* https://github.com/verylazytech/CVE-2024-23897

* https://github.com/viszsec/CVE-2024-23897

* https://github.com/mil4ne/CVE-2024-23897-Jenkins-4.441

* https://github.com/Praison001/CVE-2024-23897-Jenkins-Arbitrary-Read-File-Vulnerability

* https://github.com/yoryio/CVE-2024-23897

* https://github.com/ThatNotEasy/CVE-2024-23897

* https://github.com/vmtyan/poc-cve-2024-23897

* https://github.com/Anekant-Singhai/Exploits

* https://github.com/jopraveen/CVE-2024-23897

* https://github.com/JAthulya/CVE-2024-23897

* https://github.com/Nebian/CVE-2024-23897

* https://github.com/r0xdeadbeef/CVE-2024-23897

* https://github.com/AbraXa5/Jenkins-CVE-2024-23897

* https://github.com/B4CK4TT4CK/CVE-2024-23897

* https://github.com/NoSpaceAvailable/CVE-2024-23897

* https://github.com/ShieldAuth-PHP/PBL05-CVE-Analsys

* https://github.com/cc3305/CVE-2024-23897

* https://github.com/ifconfig-me/CVE-2024-23897

* https://github.com/murataydemir/CVE-2024-23897

* https://github.com/tamatee/test_cve_2024_23897

* https://github.com/brijne/CVE-2024-23897-RCE

* https://github.com/WLXQqwer/Jenkins-CVE-2024-23897-

* https://github.com/BinaryGoodBoy0101/Jenkins-Exploit-CVE-2024-23897-Fsociety

* https://github.com/Surko888/Surko-Exploit-Jenkins-CVE-2024-23897

* https://github.com/pulentoski/CVE-2024-23897-Arbitrary-file-read

CVE-2024-23828

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to
an authenticated arbitrary command execution via CRLF attack when changing the
value of test_config_cmd or start_cmd. This vulnerability exists due to an
incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulnerability has
been patched in version 2.0.0.beta.12.

* https://github.com/oxagast/oxasploits

CVE-2024-23780

* https://github.com/HazardLab-IO/CVE-2024-23780

CVE-2024-23774

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0.
An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe
and AMPTools.exe components. This allows local attackers to execute code of
their choice with NT Authority\SYSTEM privileges.

* https://github.com/Verrideo/CVE-2024-23774

CVE-2024-23773

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0.
An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe
component. Local attackers can delete any file of their choice with NT
Authority\SYSTEM privileges.

* https://github.com/Verrideo/CVE-2024-23773

CVE-2024-23772

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0.
An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe,
KUserAlert.exe, and Runkbot.exe components. This allows local attackers to
create any file of their choice with NT Authority\SYSTEM privileges.

* https://github.com/Verrideo/CVE-2024-23772

CVE-2024-23747

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible
to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability
resides in the system's handling of user data access through a
/Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter,
an attacker can gain access to sensitive medical information.

* https://github.com/louiselalanne/CVE-2024-23747

CVE-2024-23746

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex
series of steps that might be usable in some environments (bypass a
kTCCServiceSystemPolicyAppBundles requirement via a file copy, an
app.app/Contents rename, an asar modification, and a rename back to
app.app/Contents).

* https://github.com/louiselalanne/CVE-2024-23746

CVE-2024-23745

** DISPUTED ** In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the
Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands.
Additionally, even if a NIB file is modified within an application, Gatekeeper
may still permit the execution of the application, enabling the execution of
arbitrary commands within the application's context. NOTE: the vendor's
perspective is that this is simply an instance of CVE-2022-48505, cannot
properly be categorized as a product-level vulnerability, and cannot have a
product-level fix because it is about incorrect caching of file signatures on
macOS.

* https://github.com/louiselalanne/CVE-2024-23745

CVE-2024-23743

** DISPUTED ** Notion through 3.1.0 on macOS might allow code execution because
of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the
attacker must launch the Notion Desktop application with nonstandard flags that
turn the Electron-based application into a Node.js execution environment."

* https://github.com/giovannipajeu1/CVE-2024-23743

CVE-2024-23742

** DISPUTED ** An issue in Loom on macOS version 0.196.1 and before, allows
remote attackers to execute arbitrary code via the RunAsNode and
enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because
it requires local access to a victim's machine.

* https://github.com/giovannipajeu1/CVE-2024-23742

CVE-2024-23741

An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to
execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments
settings.

* https://github.com/giovannipajeu1/CVE-2024-23741

CVE-2024-23740

An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to
execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments
settings.

* https://github.com/giovannipajeu1/CVE-2024-23740

CVE-2024-23739

An issue in Discord for macOS version 0.0.291 and before, allows remote
attackers to execute arbitrary code via the RunAsNode and
enableNodeClilnspectArguments settings.

* https://github.com/giovannipajeu1/CVE-2024-23739

* https://github.com/giovannipajeu1/CVE-2024-23740

CVE-2024-23738

** DISPUTED ** An issue in Postman version 10.22 and before on macOS allows a
remote attacker to execute arbitrary code via the RunAsNode and
enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the
report's accuracy ... the configuration does not enable remote code execution.."

* https://github.com/giovannipajeu1/CVE-2024-23738

CVE-2024-23727

The YI Smart Kami Vision com.kamivision.yismart application through
1.0.0_20231219 for Android allows a remote attacker to execute arbitrary
JavaScript code via an implicit intent to the
com.ants360.yicamera.activity.WebViewActivity component.

* https://github.com/actuator/yi

CVE-2024-23726

Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead
to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi
network) can derive the default WPA2-PSK value by observing a beacon frame. A
PSK is generated by using the first six characters of the SSID and the last six
of the BSSID, decrementing the last digit.

* https://github.com/actuator/BSIDES-Security-Las-Vegas-2024

CVE-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via
an invalid HTTP payload with the content type of x-www-form-urlencoded. It
crashes and does not restart. This could result in logs not being delivered
properly.

* https://github.com/alexcote1/CVE-2024-23722-poc

CVE-2024-23709

In multiple locations, there is a possible out of bounds write due to a heap
buffer overflow. This could lead to remote information disclosure with no
additional execution privileges needed. User interaction is needed for
exploitation.

* https://github.com/AbrarKhan/external_sonivox_CVE-2024-23709

CVE-2024-23708

In multiple functions of NotificationManagerService.java, there is a possible
way to not show a toast message when a clipboard message has been accessed. This
could lead to local escalation of privilege with no additional execution
privileges needed. User interaction is not needed for exploitation.

* https://github.com/uthrasri/CVE-2024-23708

CVE-2024-23692

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a
template injection vulnerability. This vulnerability allows a remote,
unauthenticated attacker to execute arbitrary commands on the affected system by
sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto
HFS 2.3m is no longer supported.

* https://github.com/verylazytech/CVE-2024-23692

* https://github.com/0x20c/CVE-2024-23692-EXP

* https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS

* https://github.com/vanboomqi/CVE-2024-23692

* https://github.com/BBD-YZZ/CVE-2024-23692

* https://github.com/k3lpi3b4nsh33/CVE-2024-23692

* https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692

* https://github.com/Tupler/CVE-2024-23692-exp

* https://github.com/Mr-r00t11/CVE-2024-23692

* https://github.com/WanLiChangChengWanLiChang/CVE-2024-23692-RCE

* https://github.com/XiaomingX/cve-2024-23692-poc

CVE-2024-23652

BuildKit is a toolkit for converting source code to build artifacts in an
efficient, expressive and repeatable manner. A malicious BuildKit frontend or
Dockerfile using RUN --mount could trick the feature that removes empty files
created for the mountpoints into removing a file outside the container, from the
host system. The issue has been fixed in v0.12.5. Workarounds include avoiding
using BuildKit frontends from an untrusted source or building an untrusted
Dockerfile containing RUN --mount feature.

* https://github.com/abian2/CVE-2024-23652

CVE-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect
the availability of Kibana by uploading a maliciously crafted osquery pack.

* https://github.com/zhazhalove/osquery_cve-2024-23443

CVE-2024-23346

Pymatgen (Python Materials Genomics) is an open-source Python library for
materials analysis. A critical security vulnerability exists in the
JonesFaithfulTransformation.from_transformation_str() method within the pymatgen
library prior to version 2024.2.20. This method insecurely utilizes eval() for
processing input, enabling execution of arbitrary code when parsing untrusted
input. Version 2024.2.20 fixes this issue.

* https://github.com/9carlo6/CVE-2024-23346

CVE-2024-23339

hoolock is a suite of lightweight utilities designed to maintain a small
footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1,
utility functions related to object paths (get, set, and update) did not block
attempts to access or alter object prototypes. Starting in version 2.2.1, the
get, set and update functions throw a TypeError when a user attempts to access
or alter inherited properties.

* https://github.com/200101WhoAmI/CVE-2024-23339

CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
When using aiohttp as a web server and configuring static routes, it is
necessary to specify the root path for static files. Additionally, the option
'follow_symlinks' can be used to determine whether to follow symbolic links
outside the static root directory. When 'follow_symlinks' is set to True, there
is no validation to check if reading a file is within the root directory. This
can lead to directory traversal vulnerabilities, resulting in unauthorized
access to arbitrary files on the system, even when symlinks are not present.
Disabling follow_symlinks and using a reverse proxy are encouraged mitigations.
Version 3.9.2 fixes this issue.

* https://github.com/jhonnybonny/CVE-2024-23334

* https://github.com/z3rObyte/CVE-2024-23334-PoC

* https://github.com/ox1111/CVE-2024-23334

* https://github.com/sxyrxyy/aiohttp-exploit-CVE-2024-23334-certstream

* https://github.com/s4botai/CVE-2024-23334-PoC

* https://github.com/TheRedP4nther/LFI-aiohttp-CVE-2024-23334-PoC

* https://github.com/brian-edgar-re/poc-cve-2024-23334

* https://github.com/Pylonet/CVE-2024-23334

* https://github.com/binaryninja/CVE-2024-23334

* https://github.com/wizarddos/CVE-2024-23334

* https://github.com/Arc4he/CVE-2024-23334-PoC

CVE-2024-23208

The issue was addressed with improved memory handling. This issue is fixed in
macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may
be able to execute arbitrary code with kernel privileges.

* https://github.com/hrtowii/CVE-2024-23208-test

CVE-2024-23200

* https://github.com/l00neyhacker/CVE-2024-23200

CVE-2024-23199

* https://github.com/l00neyhacker/CVE-2024-23199

CVE-2024-23113

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0
through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions
7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM
versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager
versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute
unauthorized code or commands via specially crafted packets.

* https://github.com/expl0itsecurity/CVE-2024-23113

* https://github.com/HazeLook/CVE-2024-23113

* https://github.com/p33d/CVE-2024-23113

* https://github.com/maybelookis/CVE-2024-23113

* https://github.com/groshi/CVE-2024-23113-Private-POC

* https://github.com/OxLmahdi/cve-2024-23113

* https://github.com/CheckCve2/CVE-2024-23113

* https://github.com/puckiestyle/CVE-2024-23113

* https://github.com/XiaomingX/cve-2024-23113-exp

CVE-2024-23108

An improper neutralization of special elements used in an os command ('os
command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0
through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through
6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or
commands via via crafted API requests.

* https://github.com/horizon3ai/CVE-2024-23108

* https://github.com/hitem/CVE-2024-23108

CVE-2024-23002

* https://github.com/xiaomaoxxx/CVE-2024-23002

CVE-2024-22983

SQL injection vulnerability in Projectworlds Visitor Management System in PHP
v.1.0 allows a remote attacker to escalate privileges via the name parameter in
the myform.php endpoint.

* https://github.com/keru6k/CVE-2024-22983

CVE-2024-22939

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote
attacker to execute arbitrary code via the system/article/category_edit
component.

* https://github.com/NUDTTAN91/CVE-2024-22939

CVE-2024-22922

An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe
attacker to escalate privileges via a crafted script to the login page in the
POST/index.php

* https://github.com/keru6k/CVE-2024-22922

CVE-2024-22917

SQL injection vulnerability in Dynamic Lab Management System Project in PHP
v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.

* https://github.com/ASR511-OO7/CVE-2024-22917

CVE-2024-22909

* https://github.com/BurakSevben/CVE-2024-22909

CVE-2024-22903

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote
code execution (RCE) vulnerability via the deleteUpdateAPK function.

* https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain

CVE-2024-22902

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root
credentials.

* https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain

CVE-2024-22901

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.

* https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain

CVE-2024-22900

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote
code execution (RCE) vulnerability via the setNetworkCardInfo function.

* https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain

CVE-2024-22899

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote
code execution (RCE) vulnerability via the syncNtpTime function.

* https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later,
V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later,
V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary
code via the password component in the shadow file.

* https://github.com/Jaarden/CVE-2024-22894

CVE-2024-22891

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE)
vulnerability via the Markdown link.

* https://github.com/EQSTLab/CVE-2024-22891

CVE-2024-22890

* https://github.com/BurakSevben/CVE-2024-22890

CVE-2024-22889

Due to incorrect access control in Plone version v6.0.9, remote attackers can
view and list all files hosted on the website via sending a crafted request.

* https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9

CVE-2024-22867

* https://github.com/brandon-t-elliott/CVE-2024-22867

CVE-2024-22853

D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the
Alphanetworks account, which allows remote attackers to obtain root access via a
telnet session.

* https://github.com/FaLLenSKiLL1/CVE-2024-22853

CVE-2024-22774

An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a
local attacker to escalate privileges via the ccsservice.exe component.

* https://github.com/Gray-0men/CVE-2024-22774

CVE-2024-22752

Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows
attackers to gain escalated privileges via use of crafted executable launched
from the application installation directory.

* https://github.com/hacker625/CVE-2024-22752

CVE-2024-22678

* https://github.com/l00neyhacker/CVE-2024-22678

CVE-2024-22676

* https://github.com/l00neyhacker/CVE-2024-22676

CVE-2024-22675

* https://github.com/l00neyhacker/CVE-2024-22675

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial
of Service) if parsing an untrusted SVG file.

* https://github.com/zunak/CVE-2024-22641

CVE-2024-22640

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of
Service) if parsing an untrusted HTML page with a crafted color.

* https://github.com/zunak/CVE-2024-22640

CVE-2024-22534

* https://github.com/austino2000/CVE-2024-22534

CVE-2024-22532

Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows
attackers to cause a denial of service via crafted xwd file.

* https://github.com/pwndorei/CVE-2024-22532

CVE-2024-22526

Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local
attackers to cause a denial of service (DoS) via exr image file.

* https://github.com/200101WhoAmI/CVE-2024-22526

CVE-2024-22515

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0
allows attackers to upload arbitrary files via the upload audio component.

* https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution

* https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability

CVE-2024-22514

An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run
arbitrary files by restoring a crafted backup file.

* https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution

* https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution

CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to
information disclosure. A user can access web application resources even after
their account has been disabled due to missing user validation checks via the
for_user method.

* https://github.com/dmdhrumilmistry/CVEs

CVE-2024-22416

pyLoad is a free and open-source Download Manager written in pure Python. The
pyload API allows any API call to be made using GET requests. Since the session
cookie is not set to SameSite: strict, this opens the library up to severe
attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result
any API call can be made via a CSRF attack by an unauthenticated user. This
issue has been addressed in release 0.5.0b3.dev78. All users are advised to
upgrade.

* https://github.com/mindstorm38/ensimag-secu3a-cve-2024-22416

CVE-2024-22411

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3
pre12, any HTML inside text that is passed to error or succeed in an
Avo::BaseAction subclass will be rendered directly without sanitization in the
toast/notification that appears in the UI on Action completion. A malicious user
could exploit this vulnerability to trigger a cross site scripting attack on an
unsuspecting user. This issue has been addressed in the 3.3.0 and 2.47.0
releases of Avo. Users are advised to upgrade.

* https://github.com/tamaloa/avo-CVE-2024-22411

CVE-2024-22393

Unrestricted Upload of File with Dangerous Type vulnerability in Apache
Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by
uploading large pixel files will cause server out of memory. A logged-in user
can cause such an attack by uploading an image when posting content. Users are
recommended to upgrade to version [1.2.5], which fixes the issue.

* https://github.com/omranisecurity/CVE-2024-22393

CVE-2024-22369

Deserialization of Untrusted Data vulnerability in Apache Camel SQL
ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0
before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are
recommended to upgrade to version 4.4.0, which fixes the issue. If users are on
the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If
users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

* https://github.com/oscerd/CVE-2024-22369

CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor
with administrative privileges on the vCenter appliance shell may exploit this
issue to partially read arbitrary files containing sensitive data.

* https://github.com/mbadanoiu/CVE-2024-22275

CVE-2024-22274

The vCenter Server contains an authenticated remote code execution
vulnerability. A malicious actor with administrative privileges on the vCenter
appliance shell may exploit this issue to run arbitrary commands on the
underlying operating system.

* https://github.com/l0n3m4n/CVE-2024-22274-RCE

* https://github.com/mbadanoiu/CVE-2024-22274

* https://github.com/ninhpn1337/CVE-2024-22274

* https://github.com/Mustafa1986/CVE-2024-22274-RCE

CVE-2024-22263

Spring Cloud Data Flow is a microservices-based Streaming and Batch data
processing in Cloud Foundry and Kubernetes. The Skipper server has the ability
to receive upload package requests. However, due to improper sanitization for
upload path, a malicious user who has access to skipper server api can use a
crafted upload request to write arbitrary file to any location on file system,
may even compromises the server.

* https://github.com/securelayer7/CVE-2024-22263_Scanner

CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL
(e.g. through a query parameter) AND perform validation checks on the host of
the parsed URL may be vulnerable to a open redirect
https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if
the URL is used after passing validation checks. This is the same as
CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243
https://spring.io/security/cve-2024-22243 , but with different input.

* https://github.com/Performant-Labs/CVE-2024-22262

CVE-2024-22243

* https://github.com/SeanPesce/CVE-2024-22243

* https://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234

CVE-2024-22234

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to
6.2.2, an application is vulnerable to broken access control when it directly
uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)
method. Specifically, an application is vulnerable if: * The application uses
AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a
null authentication parameter is passed to it resulting in an erroneous true
return value. An application is not vulnerable if any of the following is true:
* The application does not use
AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The
application does not pass null to
AuthenticationTrustResolver.isFullyAuthenticated * The application only uses
isFullyAuthenticated via Method Security
https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html
or HTTP Request Security
https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html

* https://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234

CVE-2024-22198

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to
arbitrary command execution by abusing the configuration settings. The Home &gt;
Preference page exposes a list of system settings such as Run Mode, Jwt Secret,
Node Secret and Terminal Start Command. While the UI doesn't allow users to
modify the Terminal Start Command setting, it is possible to do so by sending a
request to the API. This issue may lead to authenticated remote code execution,
privilege escalation, and information disclosure. This vulnerability has been
patched in version 2.0.0.beta.9.

* https://github.com/xiw1ll/CVE-2024-22198_Checker

CVE-2024-22145

Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect
allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through
0.1.0.8.

* https://github.com/RandomRobbieBF/CVE-2024-22145

CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After
command is executed, audit entry is added to "Audit Log". Due to "clientip"
field is not sanitized, it is possible to injection SQL into "clientip" and
exploit time based blind SQL injection.

* https://github.com/W01fh4cker/CVE-2024-22120-RCE

* https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher

* https://github.com/isPique/CVE-2024-22120-RCE-with-gopher

* https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally

CVE-2024-22026

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an
authenticated local user to bypass shell restriction and execute arbitrary
commands on the appliance.

* https://github.com/securekomodo/CVE-2024-22026

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti
Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways
which allows an attacker to access certain restricted resources without
authentication.

* https://github.com/0dteam/CVE-2024-22024

* https://github.com/tequilasunsh1ne/ivanti_CVE_2024_22024

CVE-2024-22002

CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to
insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory.

* https://github.com/0xkickit/iCUE_DllHijack_LPE-CVE-2024-22002

CVE-2024-21980

* https://github.com/Freax13/cve-2024-21980-poc

CVE-2024-21978

* https://github.com/Freax13/cve-2024-21978-poc

CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti
Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti
Neurons for ZTA allows an attacker to access certain restricted resources
without authentication.

* https://github.com/gobysec/Goby

* https://github.com/gobysec/GobyVuls

* https://github.com/h4x0r-dz/CVE-2024-21893.py

* https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure
(9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated
administrator to send specially crafted requests and execute arbitrary commands
on the appliance.

* https://github.com/gobysec/Goby

* https://github.com/gobysec/GobyVuls

* https://github.com/Chocapikk/CVE-2024-21887

* https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887

* https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887

* https://github.com/seajaysec/Ivanti-Connect-Around-Scan

* https://github.com/yoryio/CVE-2023-46805

* https://github.com/oways/ivanti-CVE-2024-21887

* https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887

* https://github.com/tucommenceapousser/CVE-2024-21887

* https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped

CVE-2024-21793

An OData injection vulnerability exists in the BIG-IP Next Central Manager API
(URI). Note: Software versions which have reached End of Technical Support
(EoTS) are not evaluated.

* https://github.com/FeatherStark/CVE-2024-21793

CVE-2024-21762

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0
through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15,
6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through
7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0
through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code
or commands via specifically crafted requests

* https://github.com/h4x0r-dz/CVE-2024-21762

* https://github.com/BishopFox/cve-2024-21762-check

* https://github.com/r4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check

* https://github.com/d0rb/CVE-2024-21762

* https://github.com/cleverg0d/CVE-2024-21762-Checker

* https://github.com/Codeb3af/Cve-2024-21762-

* https://github.com/rdoix/cve-2024-21762-checker

* https://github.com/bsekercioglu/cve2024-21762-ShodanChecker

* https://github.com/XiaomingX/cve-2024-21762-poc

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability
[CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all
versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all
versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker
with super-admin profile and CLI access to decrypting the backup file.

* https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE

CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in
Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from
9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64
onwards or 9.0.44 onwards, which contain a fix for the issue.

* https://github.com/LtmThink/CVE-2024-21733

CVE-2024-21689

* https://github.com/salvadornakamura/CVE-2024-21689

CVE-2024-21683

This High severity RCE (Remote Code Execution) vulnerability was introduced in
version 5.2 of Confluence Data Center and Server. This RCE (Remote Code
Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated
attacker to execute arbitrary code which has high impact to confidentiality,
high impact to integrity, high impact to availability, and requires no user
interaction. Atlassian recommends that Confluence Data Center and Server
customers upgrade to latest version. If you are unable to do so, upgrade your
instance to one of the specified supported fixed versions. See the release notes
https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can
download the latest version of Confluence Data Center and Server from the
download center https://www.atlassian.com/software/confluence/download-archives.
This vulnerability was found internally.

* https://github.com/W01fh4cker/CVE-2024-21683-RCE

* https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server

* https://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server

* https://github.com/xh4vm/CVE-2024-21683

* https://github.com/phucrio/CVE-2024-21683-RCE

CVE-2024-21650

XWiki Platform is a generic wiki platform offering runtime services for
applications built on top of it. XWiki is vulnerable to a remote code execution
(RCE) attack through its user registration feature. This issue allows an
attacker to execute arbitrary code by crafting malicious payloads in the "first
name" or "last name" fields during user registration. This impacts all
installations that have user registration enabled for guests. This vulnerability
has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.

* https://github.com/codeb0ss/CVE-2024-21650-PoC

CVE-2024-21644

pyLoad is the free and open-source Download Manager written in pure Python. Any
unauthenticated user can browse to a specific URL to expose the Flask config,
including the SECRET_KEY variable. This issue has been patched in version
0.5.0b3.dev77.

* https://github.com/ltranquility/CVE-2024-21644-Poc

CVE-2024-21633

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1
and prior, Apktool infers resource files' output path according to their
resource names which can be manipulated by attacker to place files at desired
location on the system Apktool runs on. Affected environments are those in which
an attacker may write/overwrite any file that user has write access, and either
user name is known or cwd is under user folder. Commit
d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.

* https://github.com/0x33c0unt/CVE-2024-21633

CVE-2024-21626

runc is a CLI tool for spawning and running containers on Linux according to the
OCI specification. In runc 1.1.11 and earlier, due to an internal file
descriptor leak, an attacker could cause a newly-spawned container process (from
runc exec) to have a working directory in the host filesystem namespace,
allowing for a container escape by giving access to the host filesystem ("attack
2"). The same attack could be used by a malicious image to allow a container
process to gain access to the host filesystem through runc run ("attack 1").
Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary
host binaries, allowing for complete container escapes ("attack 3a" and "attack
3b"). runc 1.1.12 includes patches for this issue.

* https://github.com/NitroCao/CVE-2024-21626

* https://github.com/Wall1e/CVE-2024-21626-POC

* https://github.com/V0WKeep3r/CVE-2024-21626-runcPOC

* https://github.com/cdxiaodong/CVE-2024-21626

* https://github.com/zhangguanzhang/CVE-2024-21626

* https://github.com/laysakura/CVE-2024-21626-demo

* https://github.com/dorser/cve-2024-21626

* https://github.com/Sk3pper/CVE-2024-21626

* https://github.com/FlojBoj/CVE-2024-21626

* https://github.com/KubernetesBachelor/CVE-2024-21626

* https://github.com/zpxlz/CVE-2024-21626-POC

* https://github.com/abian2/CVE-2024-21626

* https://github.com/Sk3pper/CVE-2024-21626-old-docker-versions

* https://github.com/adaammmeeee/little-joke

CVE-2024-21534

* https://github.com/pabloopez/CVE-2024-21534

* https://github.com/XiaomingX/CVE-2024-21534-poc

CVE-2024-21520

* https://github.com/ch4n3-yoon/CVE-2024-21520-Demo

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL
Injection issue was identified in the Divido payment extension for OpenCart,
which is included by default in version 3.0.3.9. As an anonymous unauthenticated
user, if the Divido payment module is installed (it does not have to be
enabled), it is possible to exploit SQL injection to gain unauthorised access to
the backend database. For any site which is vulnerable, any unauthenticated user
could exploit this to dump the entire OpenCart database, including customer PII
data.

* https://github.com/bigb0x/CVE-2024-21514

CVE-2024-21413

Microsoft Outlook Remote Code Execution Vulnerability

* https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

* https://github.com/duy-31/CVE-2024-21413

* https://github.com/CMNatic/CVE-2024-21413

* https://github.com/r00tb1t/CVE-2024-21413-POC

* https://github.com/ThemeHackers/CVE-2024-21413

* https://github.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

* https://github.com/ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

* https://github.com/X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit

* https://github.com/dshabani96/CVE-2024-21413

* https://github.com/olebris/CVE-2024-21413

* https://github.com/th3Hellion/CVE-2024-21413

* https://github.com/MSeymenD/CVE-2024-21413

* https://github.com/ShubhamKanhere307/CVE-2024-21413

* https://github.com/DerZiad/CVE-2024-21413

* https://github.com/Redfox-Secuirty/Unveiling-Moniker-Link-CVE-2024-21413-Navigating-the-Latest-Cybersecurity-Landscape

CVE-2024-21412

Internet Shortcut Files Security Feature Bypass Vulnerability

* https://github.com/lsr00ter/CVE-2024-21412_Water-Hydra

CVE-2024-21388

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

* https://github.com/d0rb/CVE-2024-21388

CVE-2024-21378

Microsoft Outlook Remote Code Execution Vulnerability

* https://github.com/d0rb/CVE-2024-21378

CVE-2024-21345

Windows Kernel Elevation of Privilege Vulnerability

* https://github.com/exploits-forsale/CVE-2024-21345

* https://github.com/FoxyProxys/CVE-2024-21345

CVE-2024-21338

Windows Kernel Elevation of Privilege Vulnerability

* https://github.com/hakaioffsec/CVE-2024-21338

* https://github.com/tykawaii98/CVE-2024-21338_PoC

* https://github.com/Crowdfense/CVE-2024-21338

* https://github.com/varwara/CVE-2024-21338

* https://github.com/Zombie-Kaiser/CVE-2024-21338-x64-build-

* https://github.com/UMU618/CVE-2024-21338

CVE-2024-21320

Windows Themes Spoofing Vulnerability

* https://github.com/sxyrxyy/CVE-2024-21320-POC

CVE-2024-21306

Microsoft Bluetooth Driver Spoofing Vulnerability

* https://github.com/PhucHauDeveloper/BadBlue

* https://github.com/d4rks1d33/C-PoC-for-CVE-2024-21306

CVE-2024-21305

Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

* https://github.com/tandasat/CVE-2024-21305

CVE-2024-21111

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization
(component: Core). Supported versions that are affected are Prior to 7.0.16.
Easily exploitable vulnerability allows low privileged attacker with logon to
the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM
VirtualBox. Successful attacks of this vulnerability can result in takeover of
Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only.
CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

* https://github.com/mansk1es/CVE-2024-21111

* https://github.com/x0rsys/CVE-2024-21111

* https://github.com/10cks/CVE-2024-21111-del

CVE-2024-21107

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization
(component: Core). Supported versions that are affected are Prior to 7.0.16.
Easily exploitable vulnerability allows high privileged attacker with logon to
the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM
VirtualBox. Successful attacks of this vulnerability can result in takeover of
Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only.
CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

* https://github.com/Alaatk/CVE-2024-21107

CVE-2024-21006

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
(component: Core). Supported versions that are affected are 12.2.1.4.0 and
14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker
with network access via T3, IIOP to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in unauthorized access to
critical data or complete access to all Oracle WebLogic Server accessible data.
CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

* https://github.com/lightr3d/CVE-2024-21006_jar

* https://github.com/momika233/CVE-2024-21006

* https://github.com/dadvlingd/CVE-2024-21006

CVE-2024-20931

* https://github.com/gobysec/Goby

* https://github.com/gobysec/GobyVuls

* https://github.com/GlassyAmadeus/CVE-2024-20931

* https://github.com/dinosn/CVE-2024-20931

* https://github.com/ATonysan/CVE-2024-20931_weblogic

* https://github.com/Leocodefocus/CVE-2024-20931-Poc

CVE-2024-20767

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper
Access Control vulnerability that could lead to arbitrary file system read. An
attacker could leverage this vulnerability to bypass security measures and gain
unauthorized access to sensitive files and perform arbitrary file system write.
Exploitation of this issue does not require user interaction.

* https://github.com/yoryio/CVE-2024-20767

* https://github.com/Chocapikk/CVE-2024-20767

* https://github.com/m-cetin/CVE-2024-20767

* https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion

CVE-2024-20746

Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds
write vulnerability that could result in arbitrary code execution in the context
of the current user. Exploitation of this issue requires user interaction in
that a victim must open a malicious file.

* https://github.com/200101WhoAmI/CVE-2024-20746

CVE-2024-20698

Windows Kernel Elevation of Privilege Vulnerability

* https://github.com/RomanRybachek/CVE-2024-20698

CVE-2024-20696

Windows libarchive Remote Code Execution Vulnerability

* https://github.com/clearbluejar/CVE-2024-20696

CVE-2024-20666

BitLocker Security Feature Bypass Vulnerability

* https://github.com/nnotwen/Script-For-CVE-2024-20666

* https://github.com/invaderslabs/CVE-2024-20666

CVE-2024-20656

Visual Studio Elevation of Privilege Vulnerability

* https://github.com/Wh04m1001/CVE-2024-20656

CVE-2024-20467

* https://github.com/saler-cve/PoC-Exploit-CVE-2024-20467

CVE-2024-20419

* https://github.com/codeb0ss/CVE-2024-20419-PoC

CVE-2024-20405

A vulnerability in the web-based management interface of Cisco Finesse could
allow an unauthenticated, remote attacker to conduct a stored XSS attack by
exploiting an RFI vulnerability. This vulnerability is due to insufficient
validation of user-supplied input for specific HTTP requests that are sent to an
affected device. An attacker could exploit this vulnerability by persuading a
user to click a crafted link. A successful exploit could allow the attacker to
execute arbitrary script code in the context of the affected interface or access
sensitive information on the affected device.

* https://github.com/AbdElRahmanEzzat1995/CVE-2024-20405

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could
allow an unauthenticated, remote attacker to conduct an SSRF attack on an
affected system. This vulnerability is due to insufficient validation of
user-supplied input for specific HTTP requests that are sent to an affected
system. An attacker could exploit this vulnerability by sending a crafted HTTP
request to the affected device. A successful exploit could allow the attacker to
obtain limited sensitive information for services that are associated to the
affected device.

* https://github.com/AbdElRahmanEzzat1995/CVE-2024-20404

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN
clients and plug-ins and that has been available in Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could
allow an authenticated, local attacker to execute arbitrary code with root-level
privileges. Administrator-level privileges are required to exploit this
vulnerability. This vulnerability is due to improper validation of a file when
it is read from system flash memory. An attacker could exploit this
vulnerability by copying a crafted file to the disk0: file system of an affected
device. A successful exploit could allow the attacker to execute arbitrary code
on the affected device after the next reload of the device, which could alter
system behavior. Because the injected code could persist across device reboots,
Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium
to High.

* https://github.com/west-wind/Threat-Hunting-With-Splunk

CVE-2024-20356

A vulnerability in the web-based management interface of Cisco Integrated
Management Controller (IMC) could allow an authenticated, remote attacker with
Administrator-level privileges to perform command injection attacks on an
affected system and elevate their privileges to root. This vulnerability is due
to insufficient user input validation. An attacker could exploit this
vulnerability by sending crafted commands to the web-based management interface
of the affected software. A successful exploit could allow the attacker to
elevate their privileges to root.

* https://github.com/nettitude/CVE-2024-20356

* https://github.com/SherllyNeo/CVE_2024_20356

CVE-2024-20353

A vulnerability in the management and VPN web servers for Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software could allow an unauthenticated, remote attacker to cause the device to
reload unexpectedly, resulting in a denial of service (DoS) condition. This
vulnerability is due to incomplete error checking when parsing an HTTP header.
An attacker could exploit this vulnerability by sending a crafted HTTP request
to a targeted web server on a device. A successful exploit could allow the
attacker to cause a DoS condition when the device reloads.

* https://github.com/west-wind/Threat-Hunting-With-Splunk

* https://github.com/codeb0ss/CVE-2024-20353-PoC

CVE-2024-20338

A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client
for Linux could allow an authenticated, local attacker to elevate privileges on
an affected device. This vulnerability is due to the use of an uncontrolled
search path element. An attacker could exploit this vulnerability by copying a
malicious library file to a specific directory in the filesystem and persuading
an administrator to restart a specific process. A successful exploit could allow
the attacker to execute arbitrary code on an affected device with root
privileges.

* https://github.com/annmuor/CVE-2024-20338

CVE-2024-20291

A vulnerability in the access control list (ACL) programming for port channel
subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS
mode could allow an unauthenticated, remote attacker to send traffic that should
be blocked through an affected device. This vulnerability is due to incorrect
hardware programming that occurs when configuration changes are made to port
channel member ports. An attacker could exploit this vulnerability by attempting
to send traffic through an affected device. A successful exploit could allow the
attacker to access network resources that should be protected by an ACL that was
applied on port channel subinterfaces.

* https://github.com/Instructor-Team8/CVE-2024-20291-POC

CVE-2024-20017

In wlan service, there is a possible out of bounds write due to improper input
validation. This could lead to remote code execution with no additional
execution privileges needed. User interaction is not needed for exploitation
Patch ID: WCNCR00350938; Issue ID: MSV-1132.

* https://github.com/mellow-hype/cve-2024-20017

CVE-2024-6313

* https://github.com/codeb0ss/CVEploiterv2

CVE-2024-6239

A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using
-dests parameter with pdfinfo utility. By using certain malformed input files,
an attacker could cause the utility to crash, leading to a denial of service.

* https://github.com/Sharkkcode/CVE_2024_6239_slide

CVE-2024-6222

* https://github.com/Florian-Hoth/CVE-2024-6222

CVE-2024-6205

* https://github.com/j3r1ch0123/CVE-2024-6205

CVE-2024-6164

* https://github.com/codeb0ss/CVEploiterv2

CVE-2024-6095

* https://github.com/Abdurahmon3236/-CVE-2024-6095

CVE-2024-6050

* https://github.com/kac89/CVE-2024-6050

CVE-2024-6043

A vulnerability classified as critical has been found in SourceCodester Best
House Rental Management System 1.0. This affects the function login of the file
admin_class.php. The manipulation of the argument username leads to sql
injection. It is possible to initiate the attack remotely. The exploit has been
disclosed to the public and may be used. The associated identifier of this
vulnerability is VDB-268767.

* https://github.com/lfillaz/CVE-2024-6043

CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection
via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3
due to insufficient escaping on the user supplied parameter and lack of
sufficient preparation on the existing SQL query. This makes it possible for
unauthenticated attackers to append additional SQL queries into already existing
queries that can be used to extract sensitive information from the database.

* https://github.com/truonghuuphuc/CVE-2024-6028-Poc

CVE-2024-5961

Improper neutralization of input during web page generation vulnerability in
2ClickPortal software allows reflected cross-site scripting (XSS). An attacker
might trick somebody into using a crafted URL, which will cause a script to be
run in user's browser. This issue affects 2ClickPortal software versions from
7.2.31 through 7.6.4.

* https://github.com/kac89/CVE-2024-5961

CVE-2024-5947

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication
Information Disclosure Vulnerability. This vulnerability allows network-adjacent
attackers to disclose sensitive information on affected installations of Deep
Sea Electronics DSE855 devices. Authentication is not required to exploit this
vulnerability. The specific flaw exists within the web-based UI. The issue
results from the lack of authentication prior to allowing access to
functionality. An attacker can leverage this vulnerability to disclose stored
credentials, leading to further compromise. Was ZDI-CAN-22679.

* https://github.com/Cappricio-Securities/CVE-2024-5947

CVE-2024-5932

* https://github.com/EQSTLab/CVE-2024-5932

* https://github.com/OxLmahdi/cve-2024-5932

* https://github.com/0xb0mb3r/CVE-2024-5932-PoC

CVE-2024-5910

* https://github.com/zetraxz/CVE-2024-5910

* https://github.com/p33d/Palo-Alto-Expedition-Remote-Code-Execution-Exploit-CVE-2024-5910-CVE-2024-9464

CVE-2024-5836

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54
allowed an attacker who convinced a user to install a malicious extension to
execute arbitrary code via a crafted Chrome Extension. (Chromium security
severity: High)

* https://github.com/ading2210/CVE-2024-6778-POC

CVE-2024-5806

* https://github.com/watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806

CVE-2024-5764

* https://github.com/fin3ss3g0d/CVE-2024-5764

CVE-2024-5737

* https://github.com/afine-com/CVE-2024-5737

CVE-2024-5736

* https://github.com/afine-com/CVE-2024-5736

CVE-2024-5735

* https://github.com/afine-com/CVE-2024-5735

CVE-2024-5666

* https://github.com/nimosec/cve-2024-56662

CVE-2024-5633

* https://github.com/Adikso/CVE-2024-5633

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and
escape a parameter from a REST route before using it in a SQL statement,
allowing unauthenticated users to perform SQL injection attacks

* https://github.com/geniuszlyy/CVE-2024-5522

* https://github.com/truonghuuphuc/CVE-2024-5522-Poc

* https://github.com/kryptonproject/CVE-2024-5522-PoC

CVE-2024-5452

A remote code execution (RCE) vulnerability exists in the
lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of
deserialized user input and mismanagement of dunder attributes by the deepdiff
library. The library uses deepdiff.Delta objects to modify application state
based on frontend actions. However, it is possible to bypass the intended
restrictions on modifying dunder attributes, allowing an attacker to construct a
serialized delta that passes the deserializer whitelist and contains dunder
attributes. When processed, this can be exploited to access other modules,
classes, and instances, leading to arbitrary attribute write and total RCE on
any self-hosted pytorch-lightning application in its default configuration, as
the delta endpoint is enabled by default.

* https://github.com/XiaomingX/cve-2024-5452-poc

CVE-2024-5420

Missing input validation in the SEH Computertechnik utnserver Pro, SEH
Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface
allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro,
utnserver ProMAX, INU-100 version 20.1.22 and below.

* https://github.com/gh-ost00/CVE-2024-5420-XSS

* https://github.com/K4yd0/CVE-2024-5420_XSS

CVE-2024-5356

A vulnerability, which was classified as critical, was found in anji-plus
AJ-Report up to 1.4.1. Affected is an unknown function of the file
/dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence
leads to sql injection. It is possible to launch the attack remotely. The
exploit has been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-266268.

* https://github.com/droyuu/Aj-Report-sql-CVE-2024-5356-POC

CVE-2024-5326

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for
WordPress is vulnerable to unauthorized modification of data due to a missing
capability check on the 'postx_presets_callback' function in all versions up to,
and including, 4.1.2. This makes it possible for authenticated attackers, with
Contributor-level access and above, to change arbitrary options on affected
sites. This can be used to enable new user registration and set the default role
for new users to Administrator.

* https://github.com/truonghuuphuc/CVE-2024-5326-Poc

* https://github.com/cve-2024/CVE-2024-5326-Poc

CVE-2024-5324

The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is
vulnerable to unauthorized modification of data due to a missing capability
check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes
it possible for authenticated attackers, with Subscriber-level access and above,
to change arbitrary options on affected sites. This can be used to enable new
user registration and set the default role for new users to Administrator.

* https://github.com/RandomRobbieBF/CVE-2024-5324

CVE-2024-5274

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote
attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
(Chromium security severity: High)

* https://github.com/mistymntncop/CVE-2024-5274

* https://github.com/Alchemist3dot14/CVE-2024-5274-Detection

CVE-2024-5271

Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of
a type confusion, which could result in arbitrary code execution.

* https://github.com/14mb1v45h/cyberspace-CVE-2024-52711

CVE-2024-5247

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload
Remote Code Execution Vulnerability. This vulnerability allows remote attackers
to execute arbitrary code on affected installations of NETGEAR ProSAFE Network
Management System. Authentication is required to exploit this vulnerability. The
specific flaw exists within the UpLoadServlet class. The issue results from the
lack of proper validation of user-supplied data, which can allow the upload of
arbitrary files. An attacker can leverage this vulnerability to execute code in
the context of SYSTEM. Was ZDI-CAN-22923.

* https://github.com/ubaii/CVE-2024-52475

CVE-2024-5246

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution
Vulnerability. This vulnerability allows remote attackers to execute arbitrary
code on affected installations of NETGEAR ProSAFE Network Management System.
Authentication is required to exploit this vulnerability. The specific flaw
exists within the product installer. The issue results from the use of a
vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability
to execute code in the context of SYSTEM. Was ZDI-CAN-22868.

* https://github.com/Abdurahmon3236/CVE-2024-5246

CVE-2024-5243

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This
vulnerability allows network-adjacent attackers to execute arbitrary code on
affected installations of TP-Link Omada ER605 routers. Authentication is not
required to exploit this vulnerability. However, devices are vulnerable only if
configured to use the Comexe DDNS service. The specific flaw exists within the
handling of DNS names. The issue results from the lack of proper validation of
the length of user-supplied data prior to copying it to a buffer. An attacker
can leverage this vulnerability to execute code in the context of root. Was
ZDI-CAN-22523.

* https://github.com/RandomRobbieBF/CVE-2024-52433

CVE-2024-5242

TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution
Vulnerability. This vulnerability allows network-adjacent attackers to execute
arbitrary code on affected installations of TP-Link Omada ER605 routers.
Authentication is not required to exploit this vulnerability. However, devices
are vulnerable only if configured to use the Comexe DDNS service. The specific
flaw exists within the handling of DDNS error codes. The issue results from the
lack of proper validation of the length of user-supplied data prior to copying
it to a fixed-length stack-based buffer. An attacker can leverage this
vulnerability to execute code in the context of root. Was ZDI-CAN-22522.

* https://github.com/RandomRobbieBF/CVE-2024-52429

CVE-2024-5238

A vulnerability, which was classified as critical, was found in Campcodes
Complete Web-Based School Management System 1.0. This affects an unknown part of
the file /view/timetable_insert_form.php. The manipulation of the argument grade
leads to sql injection. It is possible to initiate the attack remotely. The
exploit has been disclosed to the public and may be used. The identifier
VDB-265989 was assigned to this vulnerability.

* https://github.com/RandomRobbieBF/CVE-2024-52382

CVE-2024-5231

A vulnerability was found in Campcodes Complete Web-Based School Management
System 1.0 and classified as critical. Affected by this issue is some unknown
functionality of the file /view/teacher_salary_details.php. The manipulation of
the argument index leads to sql injection. The attack may be launched remotely.
The exploit has been disclosed to the public and may be used. VDB-265982 is the
identifier assigned to this vulnerability.

* https://github.com/famixcm/CVE-2024-52316

* https://github.com/TAM-K592/CVE-2024-52317

* https://github.com/TAM-K592/CVE-2024-52316

* https://github.com/TAM-K592/CVE-2024-52318

CVE-2024-5230

A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified
as problematic. Affected by this vulnerability is an unknown functionality. The
manipulation of the argument razorpayKeyId leads to information disclosure. The
attack can be launched remotely. It is recommended to upgrade the affected
component. The identifier VDB-265981 was assigned to this vulnerability.

* https://github.com/Nyamort/CVE-2024-52301

* https://github.com/d3sca/CVE-2024-52302

* https://github.com/martinhaunschmid/CVE-2024-52301-Research

CVE-2024-5217

* https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning

CVE-2024-5174

* https://github.com/l20170217b/CVE-2024-51747

CVE-2024-5166

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata
exposure across authenticated Looker users sharing the same LookML model.

* https://github.com/RandomRobbieBF/CVE-2024-51665

CVE-2024-5156

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting
via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due
to insufficient input sanitization and output escaping on user supplied
attributes. This makes it possible for authenticated attackers, with
contributor-level access and above, to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.

* https://github.com/ajayalf/CVE-2024-51567

* https://github.com/thehash007/CVE-2024-51567-RCE-EXPLOIT

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server
settings on the device, without having to re-enter SMTP server credentials. By
redirecting send-to-email traffic to the new server, the original SMTP server
credentials may potentially be exposed.

* https://github.com/BLACK-SCORP10/CVE-2024-51430

* https://github.com/bevennyamande/CVE-2024-51435

CVE-2024-5137

A vulnerability classified as problematic was found in PHPGurukul Directory
Management System 1.0. Affected by this vulnerability is an unknown
functionality of the file /admin/admin-profile.php of the component Searchbar.
The manipulation leads to cross site scripting. The attack can be launched
remotely. The exploit has been disclosed to the public and may be used. The
identifier VDB-265213 was assigned to this vulnerability.

* https://github.com/refr4g/CVE-2024-51378

CVE-2024-5135

A vulnerability was found in PHPGurukul Directory Management System 1.0. It has
been rated as critical. This issue affects some unknown processing of the file
/admin/index.php. The manipulation of the argument username leads to sql
injection. The attack may be initiated remotely. The exploit has been disclosed
to the public and may be used. The associated identifier of this vulnerability
is VDB-265211.

* https://github.com/Kov404/CVE-2024-51358

CVE-2024-5124

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt
repository, specifically within the password comparison logic. The vulnerability
is present in version 20240310 of the software, where passwords are compared
using the '=' operator in Python. This method of comparison allows an attacker
to guess passwords based on the timing of each character's comparison. The issue
arises from the code segment that checks a password for a particular username,
which can lead to the exposure of sensitive information to an unauthorized
actor. An attacker exploiting this vulnerability could potentially guess user
passwords, compromising the security of the system.

* https://github.com/gogo2464/CVE-2024-5124

CVE-2024-5117

A vulnerability, which was classified as critical, was found in SourceCodester
Event Registration System 1.0. This affects an unknown part of the file
portal.php. The manipulation of the argument username/password leads to sql
injection. It is possible to initiate the attack remotely. The exploit has been
disclosed to the public and may be used. The identifier VDB-265197 was assigned
to this vulnerability.

* https://github.com/Lakshmirnr/CVE-2024-51179

CVE-2024-5113

A vulnerability was found in Campcodes Complete Web-Based School Management
System 1.0. It has been rated as critical. This issue affects some unknown
processing of the file /view/student_profile1.php. The manipulation of the
argument std_index leads to sql injection. The attack may be initiated remotely.
The exploit has been disclosed to the public and may be used. The associated
identifier of this vulnerability is VDB-265103.

* https://github.com/JAckLosingHeart/CVE-2024-51135

* https://github.com/JAckLosingHeart/CVE-2024-51132-POC

* https://github.com/JAckLosingHeart/CVE-2024-51136-POC

CVE-2024-5103

A vulnerability was found in Campcodes Complete Web-Based School Management
System 1.0. It has been declared as critical. Affected by this vulnerability is
an unknown functionality of the file /view/student_first_payment.php. The
manipulation of the argument grade leads to sql injection. The attack can be
launched remotely. The exploit has been disclosed to the public and may be used.
The identifier VDB-265093 was assigned to this vulnerability.

* https://github.com/vighneshnair7/CVE-2024-51030

* https://github.com/Shree-Chandragiri/CVE-2024-51032

* https://github.com/vighneshnair7/CVE-2024-51031

CVE-2024-5102

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on
Windows may allow user to elevate privilege to delete arbitrary files or run
processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair"
(settings -> troubleshooting -> repair) feature, which attempts to delete a file
in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged
user can make a pseudo-symlink and a junction folder and point to a file on the
system. This can provide a low-privileged user an Elevation of Privilege to win
a race-condition which will re-create the system files and make Windows callback
to a specially-crafted file which could be used to launch a privileged shell
instance. This issue affects Avast Antivirus prior to 24.2.

* https://github.com/BrotherOfJhonny/CVE-2024-51026_Overview

CVE-2024-5098

A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and
classified as critical. Affected by this vulnerability is an unknown
functionality of the file login.php. The manipulation of the argument username
leads to sql injection. The exploit has been disclosed to the public and may be
used. The identifier VDB-265081 was assigned to this vulnerability.

* https://github.com/riftsandroses/CVE-2024-50986

CVE-2024-5097

A vulnerability, which was classified as problematic, was found in
SourceCodester Simple Inventory System 1.0. Affected is an unknown function of
the file /tableedit.php#page=editprice. The manipulation of the argument
itemnumber leads to cross-site request forgery. It is possible to launch the
attack remotely. The exploit has been disclosed to the public and may be used.
The identifier of this vulnerability is VDB-265080.

* https://github.com/Akhlak2511/CVE-2024-50972

* https://github.com/Akhlak2511/CVE-2024-50971

* https://github.com/Akhlak2511/CVE-2024-50970

CVE-2024-5096

A vulnerability classified as problematic was found in Hipcam Device up to
20240511. This vulnerability affects unknown code of the file /log/wifi.mac of
the component MAC Address Handler. The manipulation leads to information
disclosure. The attack can be initiated remotely. The exploit has been disclosed
to the public and may be used. VDB-265078 is the identifier assigned to this
vulnerability. NOTE: The vendor was contacted early about this disclosure but
did not respond in any way.

* https://github.com/fdzdev/CVE-2024-50964

* https://github.com/fdzdev/CVE-2024-50962

* https://github.com/fdzdev/CVE-2024-50961

* https://github.com/Akhlak2511/CVE-2024-50969

* https://github.com/Akhlak2511/CVE-2024-50968

CVE-2024-5084

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to
arbitrary file uploads due to missing file type validation in the
'file_upload_action' function in all versions up to, and including, 1.1.0. This
makes it possible for unauthenticated attackers to upload arbitrary files on the
affected site's server which may make remote code execution possible.

* https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

* https://github.com/Chocapikk/CVE-2024-5084

* https://github.com/KTN1990/CVE-2024-5084

* https://github.com/WOOOOONG/CVE-2024-5084

* https://github.com/z1gazaga/CVE-2024-5084

* https://github.com/Wh1teSnak3/CVE-2024-50848

* https://github.com/k3lpi3b4nsh33/CVE-2024-5084

* https://github.com/Wh1teSnak3/CVE-2024-50849

CVE-2024-5080

* https://github.com/g3tsyst3m/CVE-2024-50804

* https://github.com/Praison001/CVE-2024-50803-Redaxo

CVE-2024-5065

A vulnerability classified as critical has been found in PHPGurukul Online
Course Registration System 3.1. Affected is an unknown function of the file
/onlinecourse/. The manipulation of the argument regno leads to sql injection.
It is possible to launch the attack remotely. The exploit has been disclosed to
the public and may be used. The identifier of this vulnerability is VDB-264924.

* https://github.com/SAHALLL/CVE-2024-50657

CVE-2024-5052

Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web
administration. The vulnerability exists when the web server, default port
10001, attempts to process a large number of incomplete HTTP requests.

* https://github.com/hatvix1/CVE-2024-50526-Private-POC

CVE-2024-5049

A vulnerability, which was classified as critical, has been found in Codezips
E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the
file admin/editproduct.php. The manipulation of the argument profilepic leads to
unrestricted upload. The attack may be launched remotely. The exploit has been
disclosed to the public and may be used. VDB-264746 is the identifier assigned
to this vulnerability.

* https://github.com/RandomRobbieBF/CVE-2024-50498

* https://github.com/RandomRobbieBF/CVE-2024-50493

* https://github.com/RandomRobbieBF/CVE-2024-50490

CVE-2024-5048

A vulnerability classified as critical was found in code-projects Budget
Management 1.0. Affected by this vulnerability is an unknown functionality of
the file /index.php. The manipulation of the argument edit leads to sql
injection. The attack can be launched remotely. The exploit has been disclosed
to the public and may be used. The identifier VDB-264745 was assigned to this
vulnerability.

* https://github.com/RandomRobbieBF/CVE-2024-50483

* https://github.com/RandomRobbieBF/CVE-2024-50488

* https://github.com/RandomRobbieBF/CVE-2024-50482

* https://github.com/RandomRobbieBF/CVE-2024-50485

CVE-2024-5047

A vulnerability classified as critical has been found in SourceCodester Student
Management System 1.0. Affected is an unknown function of the file
/student/controller.php. The manipulation of the argument photo leads to
unrestricted upload. It is possible to launch the attack remotely. The exploit
has been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-264744.

* https://github.com/RandomRobbieBF/CVE-2024-50476

* https://github.com/RandomRobbieBF/CVE-2024-50477

* https://github.com/RandomRobbieBF/CVE-2024-50475

* https://github.com/RandomRobbieBF/CVE-2024-50473

* https://github.com/RandomRobbieBF/CVE-2024-50478

CVE-2024-5045

A vulnerability was found in SourceCodester Online Birth Certificate Management
System 1.0. It has been declared as problematic. This vulnerability affects
unknown code of the file /admin. The manipulation leads to files or directories
accessible. The attack can be initiated remotely. The exploit has been disclosed
to the public and may be used. VDB-264742 is the identifier assigned to this
vulnerability.

* https://github.com/RandomRobbieBF/CVE-2024-50450

CVE-2024-5042

A flaw was found in the Submariner project. Due to unnecessary role-based access
control permissions, a privileged attacker can run a malicious container on a
node that may allow them to steal service account tokens and further compromise
other nodes and potentially the entire cluster.

* https://github.com/RandomRobbieBF/CVE-2024-50427

CVE-2024-5034

* https://github.com/Nyamort/CVE-2024-50340

CVE-2024-5033

* https://github.com/shellkraft/CVE-2024-50335

CVE-2024-5025

The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site
Scripting via the ‘arglist’ parameter in all versions up to, and including,
1.11.29 due to insufficient input sanitization and output escaping. This makes
it possible for authenticated attackers, with Contributor-level access and
above, to inject arbitrary web scripts in pages that will execute whenever a
user accesses an injected page.

* https://github.com/slavin-ayu/CVE-2024-50251-PoC

CVE-2024-5009

* https://github.com/sinsinology/CVE-2024-5009

* https://github.com/th3gokul/CVE-2024-5009

CVE-2024-4968

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It
has been rated as problematic. Affected by this issue is some unknown
functionality of the file Marker Name of the component Add Marker. The
manipulation leads to cross site scripting. The attack may be launched remotely.
The exploit has been disclosed to the public and may be used. The identifier of
this vulnerability is VDB-264536.

* https://github.com/RandomRobbieBF/CVE-2024-49681

CVE-2024-4956

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker
to read system files. Fixed in version 3.68.1.

* https://github.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner

* https://github.com/verylazytech/CVE-2024-4956

* https://github.com/fin3ss3g0d/CVE-2024-4956

* https://github.com/TypicalModMaker/CVE-2024-4956

* https://github.com/xungzzz/CVE-2024-4956

* https://github.com/GoatSecurity/CVE-2024-4956

* https://github.com/erickfernandox/CVE-2024-4956

* https://github.com/gmh5225/CVE-2024-4956

* https://github.com/banditzCyber0x/CVE-2024-4956

* https://github.com/Cappricio-Securities/CVE-2024-4956

* https://github.com/thinhap/CVE-2024-4956-PoC

* https://github.com/An00bRektn/shirocrack

* https://github.com/codeb0ss/CVE-2024-4956-PoC

* https://github.com/JolyIrsb/CVE-2024-4956

* https://github.com/yagyuufellinluvv/CVE-2024-4956

* https://github.com/UMASANKAR-MG/Path-Traversal-CVE-2024-4956

* https://github.com/Praison001/CVE-2024-4956-Sonatype-Nexus-Repository-Manager

CVE-2024-4937

* https://github.com/OHDUDEOKNICE/CVE-2024-49379

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all
versions up to, and including, 3.0.8 via the abspath parameter. This makes it
possible for unauthenticated attackers to include remote files on the server,
resulting in code execution. This required allow_url_include to be enabled on
the target site in order to exploit.

* https://github.com/Aashay221999/CVE-2024-49368

CVE-2024-4932

A vulnerability, which was classified as critical, was found in SourceCodester
Simple Online Bidding System 1.0. Affected is an unknown function of the file
/simple-online-bidding-system/admin/index.php?page=manage_user. The manipulation
of the argument id leads to sql injection. It is possible to launch the attack
remotely. The exploit has been disclosed to the public and may be used. The
identifier of this vulnerability is VDB-264468.

* https://github.com/RandomRobbieBF/CVE-2024-49328

CVE-2024-4920

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It
has been rated as critical. This issue affects some unknown processing of the
file registerH.php. The manipulation of the argument ima leads to unrestricted
upload. The attack may be initiated remotely. The exploit has been disclosed to
the public and may be used. The associated identifier of this vulnerability is
VDB-264455.

* https://github.com/CSIRTTrizna/CVE-2024-49203

CVE-2024-4903

A vulnerability was found in Tongda OA 2017. It has been declared as critical.
This vulnerability affects unknown code of the file
/general/meeting/manage/delete.php. The manipulation of the argument M_ID_STR
leads to sql injection. The attack can be initiated remotely. The exploit has
been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-264436. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.

* https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039

CVE-2024-4899

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of
its Post settings, which could allow high privilege users such as contributor to
perform Stored Cross-Site Scripting attacks.

* https://github.com/makuga01/CVE-2024-48990-PoC

* https://github.com/ns989/CVE-2024-48990

* https://github.com/felmoltor/CVE-2024-48990

* https://github.com/r0xdeadbeef/CVE-2024-48990-exploit

* https://github.com/Cyb3rFr0g/CVE-2024-48990-PoC

* https://github.com/pentestfunctions/CVE-2024-48990-PoC-Testing

CVE-2024-4898

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is
vulnerable to arbitrary option updates due to a missing authorization checks on
the REST API calls in all versions up to, and including, 0.1.0.38. This makes it
possible for unauthenticated attackers to connect the site to InstaWP API, edit
arbitrary site options and create administrator accounts.

* https://github.com/truonghuuphuc/CVE-2024-4898-Poc

* https://github.com/cve-2024/CVE-2024-4898-Poc

CVE-2024-4895

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV
import functionality in all versions up to, and including, 3.4.2.12 due to
insufficient input sanitization and output escaping. This makes it possible for
unauthenticated attackers to inject arbitrary web scripts in pages that will
execute whenever a user accesses an injected page.

* https://github.com/BrotherOfJhonny/CVE-2024-48955_Overview

CVE-2024-4891

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient
input sanitization and output escaping. This makes it possible for authenticated
attackers, with contributor-level permissions and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected page.

* https://github.com/EQSTLab/CVE-2024-48914

CVE-2024-4885

* https://github.com/sinsinology/CVE-2024-4885

CVE-2024-4883

* https://github.com/sinsinology/CVE-2024-4883

CVE-2024-4879

* https://github.com/Brut-Security/CVE-2024-4879

* https://github.com/bigb0x/CVE-2024-4879

* https://github.com/Mr-r00t11/CVE-2024-4879

* https://github.com/gh-ost00/CVE-2024-4879

* https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning

* https://github.com/tequilasunsh1ne/CVE_2024_4879

* https://github.com/0xWhoami35/CVE-2024-4879

* https://github.com/ShadowByte1/CVE-2024-4879

* https://github.com/jdusane/CVE-2024-4879

* https://github.com/Praison001/CVE-2024-4879-ServiceNow

CVE-2024-4875

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable
to unauthorized modification of data|loss of data due to a missing capability
check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2.
This makes it possible for authenticated attackers, with subscriber-level
permissions and above, to update options such as users_can_register, which can
lead to unauthorized user registration.

* https://github.com/RandomRobbieBF/CVE-2024-4875

CVE-2024-4865

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and
including, 3.10.8 due to insufficient input sanitization and output escaping.
This makes it possible for authenticated attackers, with Contributor-level
access and above, to inject arbitrary web scripts in pages that will execute
whenever a user accesses an injected page.

* https://github.com/paragbagul111/CVE-2024-48652

CVE-2024-4864

* https://github.com/rosembergpro/CVE-2024-48644

CVE-2024-4856

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and
escape a parameter before outputting it back in the page, leading to a Reflected
Cross-Site Scripting which could be used against high privilege users such as
admin or unauthenticated users

* https://github.com/MarioTesoro/CVE-2024-48569

CVE-2024-4842

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: Not a vulnerability

* https://github.com/vighneshnair7/CVE-2024-48427

CVE-2024-4841

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically
within the 'add_reference_to_local_mode' function due to the lack of input
sanitization. This vulnerability affects versions v9.6 to the latest. By
exploiting this vulnerability, an attacker can predict the folders, subfolders,
and files present on the victim's computer. The vulnerability is present in the
way the application handles the 'path' parameter in HTTP requests to the
'/add_reference_to_local_model' endpoint.

* https://github.com/khaliquesX/CVE-2024-48415

CVE-2024-4839

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers
Configurations' function of the parisneo/lollms-webui, versions 9.6 to the
latest. The affected functions include Elastic search Service (under
construction), XTTS service, Petals service, vLLM service, and Motion Ctrl
service, which lack CSRF protection. This vulnerability allows attackers to
deceive users into unwittingly installing the XTTS service among other packages
by submitting a malicious installation request. Successful exploitation results
in attackers tricking users into performing actions without their consent.

* https://github.com/Renzusclarke/CVE-2024-48392-PoC

CVE-2024-4836

* https://github.com/codeb0ss/CVEploiterv2

* https://github.com/OpenXP-Research/CVE-2024-48360

CVE-2024-4835

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11
before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an
attacker can craft a malicious page to exfiltrate sensitive user information.

* https://github.com/OpenXP-Research/CVE-2024-48359

CVE-2024-4832

* https://github.com/trqt/CVE-2024-48322

* https://github.com/osvaldotenorio/cve-2024-48325

* https://github.com/fabiobsj/CVE-2024-48326

CVE-2024-4821

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is
vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode
in all versions up to, and including, 7.1.6 due to insufficient input
sanitization and output escaping on user supplied attributes. This makes it
possible for authenticated attackers, with contributor-level access and above,
to inject arbitrary web scripts in pages that will execute whenever a user
accesses an injected page.

* https://github.com/ajrielrm/CVE-2024-48217

CVE-2024-4820

A vulnerability was found in SourceCodester Online Computer and Laptop Store
1.0. It has been declared as critical. Affected by this vulnerability is an
unknown functionality of the file /classes/SystemSettings.php?f=update_settings.
The manipulation leads to unrestricted upload. The attack can be launched
remotely. The exploit has been disclosed to the public and may be used. The
identifier VDB-263941 was assigned to this vulnerability.

* https://github.com/rohilchaudhry/CVE-2024-48208

CVE-2024-4785

* https://github.com/MarioTesoro/CVE-2024-47854

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a
remote attacker to perform an out of bounds memory write via a crafted HTML
page. (Chromium security severity: High)

* https://github.com/michredteam/CVE-2024-4761

CVE-2024-4757

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF
check in some places, and is missing sanitisation as well as escaping, which
could allow attackers to make logged in admin add Stored XSS payloads via a CSRF
attack

* https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575

* https://github.com/expl0itsecurity/CVE-2024-47575

* https://github.com/hazesecurity/CVE-2024-47575

* https://github.com/maybelookis/CVE-2024-47575

* https://github.com/HazeLook/CVE-2024-47575

* https://github.com/XiaomingX/cve-2024-47575-exp

* https://github.com/groshi/CVE-2024-47575-POC

* https://github.com/krmxd/CVE-2024-47575

* https://github.com/skyalliance/exploit-cve-2024-47575

CVE-2024-4753

* https://github.com/zetraxz/CVE-2024-47533

CVE-2024-4717

A vulnerability was found in Campcodes Complete Web-Based School Management
System 1.0 and classified as problematic. This issue affects some unknown
processing of the file /model/update_classroom.php. The manipulation of the
argument name leads to cross site scripting. The attack may be initiated
remotely. The exploit has been disclosed to the public and may be used. The
associated identifier of this vulnerability is VDB-263795.

* https://github.com/MalwareTech/CVE-2024-47176-Scanner

* https://github.com/l0n3m4n/CVE-2024-47176

* https://github.com/mr-r3b00t/CVE-2024-47176

* https://github.com/aytackalinci/CVE-2024-47176

* https://github.com/gianlu111/CUPS-CVE-2024-47176

* https://github.com/workabhiwin09/CVE-2024-47176

* https://github.com/AxthonyV/CVE-2024-47176

* https://github.com/0x7556/CVE-2024-47176

* https://github.com/gumerzzzindo/CVE-2024-47176

* https://github.com/nma-io/CVE-2024-47176

* https://github.com/tonyarris/CVE-2024-47176-Scanner

CVE-2024-4707

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site
Scripting via the plugin's materialis_contact_form shortcode in all versions up
to, and including, 1.3.41 due to insufficient input sanitization and output
escaping on user supplied attributes. This makes it possible for authenticated
attackers, with contributor-level access and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected page.

* https://github.com/mutkus/CVE-2024-47076

CVE-2024-4706

The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for WordPress is
vulnerable to Stored Cross-Site Scripting via the plugin's 'pintra' shortcode in
all versions up to, and including, 27.2 due to insufficient input sanitization
and output escaping on user supplied attributes. This makes it possible for
authenticated attackers, with contributor-level access and above, to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.

* https://github.com/l8BL/CVE-2024-47066

* https://github.com/saisathvik1/CVE-2024-47062

CVE-2024-4701

A path traversal issue potentially leading to remote code execution in Genie for
all versions prior to 4.3.18

* https://github.com/JoeBeeton/CVE-2024-4701-POC

CVE-2024-4698

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to
Stored Cross-Site Scripting via the 'show_line_text ' and
'slide_button_hover_animation' parameters in versions up to, and including,
10.1.1 due to insufficient input sanitization and output escaping. This makes it
possible for authenticated attackers, with contributor-level permissions and
above, to inject arbitrary web scripts in pages that will execute whenever a
user accesses an injected page.

* https://github.com/vidura2/CVE-2024-46986

CVE-2024-4690

* https://github.com/devhaozi/CVE-2024-46901

CVE-2024-4665

* https://github.com/jackalkarlos/CVE-2024-46658

CVE-2024-4663

The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected
Cross-Site Scripting via the ‘id’ parameter in all versions up to, and
including, 1.2.2 due to insufficient input sanitization and output escaping.
This makes it possible for unauthenticated attackers to inject arbitrary web
scripts in pages that execute if they can successfully trick a user into
performing an action such as clicking on a link.

* https://github.com/h1thub/CVE-2024-46635

CVE-2024-4662

The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution
in all versions up to, and including, 4.8.2 via post metadata. This is due to
the plugin storing custom data in post metadata without an underscore prefix.
This makes it possible for lower privileged users, such as contributors, to
inject arbitrary PHP code via the WordPress user interface and gain elevated
privileges.

* https://github.com/d4lyw/CVE-2024-46627

CVE-2024-4653

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1
and classified as critical. Affected by this issue is some unknown functionality
of the file /xds/outIndex.php. The manipulation of the argument name leads to
sql injection. The attack may be launched remotely. The exploit has been
disclosed to the public and may be used. VDB-263498 is the identifier assigned
to this vulnerability.

* https://github.com/EQSTLab/CVE-2024-46538

* https://github.com/KamenRiderDarker/CVE-2024-46532

CVE-2024-4648

A vulnerability was found in Campcodes Complete Web-Based School Management
System 1.0. It has been rated as problematic. Affected by this issue is some
unknown functionality of the file /view/student_exam_mark_update_form.php. The
manipulation of the argument std_index leads to cross site scripting. The attack
may be launched remotely. The exploit has been disclosed to the public and may
be used. The identifier of this vulnerability is VDB-263492.

* https://github.com/kn32/cve-2024-46483

CVE-2024-4645

A vulnerability was found in SourceCodester Prison Management System 1.0 and
classified as problematic. This issue affects some unknown processing of the
file /Admin/changepassword.php. The manipulation of the argument
txtold_password/txtnew_password/txtconfirm_password leads to cross site
scripting. The attack may be initiated remotely. The exploit has been disclosed
to the public and may be used. The identifier VDB-263489 was assigned to this
vulnerability.

* https://github.com/vidura2/CVE-2024-46451

CVE-2024-4638

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified
as vulnerable due to a lack of neutralized inputs in the web key upload
function. An attacker could modify the intended commands sent to target
functions, which could cause malicious users to execute unauthorized commands.

* https://github.com/nitinronge91/Sensitive-Information-disclosure-via-SPI-flash-firmware-for-Hathway-router-CVE-2024-46383

CVE-2024-4637

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site
Scripting in all versions up to, and including, 6.7.10 due to insufficient input
sanitization and output escaping on the user supplied Elementor 'wrapperid' and
'zindex' display attributes. This makes it possible for authenticated attackers,
with contributor-level access and above, to inject arbitrary web scripts in
pages that will execute whenever a user accesses an injected page.

* https://github.com/vidura2/CVE-2024-46377

CVE-2024-4627

* https://github.com/ayato-shitomi/CVE-2024-46278-teedy_1.11_account-takeover

CVE-2024-4625

* https://github.com/barttran2k/POC_CVE-2024-46256

CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6
allows unauthenticated users to modify uploaded files in such a way that PHP
code can be uploaded when an upload file input is included on a form

* https://github.com/h4ckr4v3n/CVE-2024-46209

CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8,
when using Apache and PHP-CGI on Windows, if the system is set up to use certain
code pages, Windows may use "Best-Fit" behavior to replace characters in command
line given to Win32 API functions. PHP CGI module may misinterpret those
characters as PHP options, which may allow a malicious user to pass options to
PHP binary being run, and thus reveal the source code of scripts, run arbitrary
PHP code on the server, etc.

* https://github.com/watchtowrlabs/CVE-2024-4577

* https://github.com/xcanwin/CVE-2024-4577-PHP-RCE

* https://github.com/TAM-K592/CVE-2024-4577

* https://github.com/11whoami99/CVE-2024-4577

* https://github.com/Chocapikk/CVE-2024-4577

* https://github.com/ZephrFish/CVE-2024-4577-PHP-RCE

* https://github.com/huseyinstif/CVE-2024-4577-Nuclei-Template

* https://github.com/gh-ost00/CVE-2024-4577-RCE

* https://github.com/gotr00t0day/CVE-2024-4577

* https://github.com/codeb0ss/CVEploiterv2

* https://github.com/BTtea/CVE-2024-4577-RCE-PoC

* https://github.com/manuelinfosec/CVE-2024-4577

* https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT

* https://github.com/bibo318/CVE-2024-4577-RCE-ATTACK

* https://github.com/l0n3m4n/CVE-2024-4577-RCE

* https://github.com/waived/CVE-2024-4577-PHP-RCE

* https://github.com/Sh0ckFR/CVE-2024-4577

* https://github.com/longhoangth18/CVE-2024-4577

* https://github.com/Junp0/CVE-2024-4577

* https://github.com/aaddmin1122345/cve-2024-4577

* https://github.com/VictorShem/CVE-2024-4577

* https://github.com/zomasec/CVE-2024-4577

* https://github.com/0x20c/CVE-2024-4577-nuclei

* https://github.com/Wh02m1/CVE-2024-4577

* https://github.com/phirojshah/CVE-2024-4577

* https://github.com/JeninSutradhar/CVE-2024-4577-checker

* https://github.com/taida957789/CVE-2024-4577

* https://github.com/ggfzx/CVE-2024-4577

* https://github.com/AlperenY-cs/CVE-2024-4577

* https://github.com/nemu1k5ma/CVE-2024-4577

* https://github.com/XiangDongCJC/CVE-2024-4577-PHP-CGI-RCE

* https://github.com/PhinehasNarh/CVE-2024-4577-LetsDefend-walkthrough

* https://github.com/WanLiChangChengWanLiChang/CVE-2024-4577-RCE-EXP

* https://github.com/zjhzjhhh/CVE-2024-4577

* https://github.com/ohhhh693/CVE-2024-4577

* https://github.com/olebris/CVE-2024-4577

* https://github.com/charis3306/CVE-2024-4577

* https://github.com/bughuntar/CVE-2024-4577

* https://github.com/Sysc4ll3r/CVE-2024-4577

* https://github.com/BitMEXResearch/CVE-2024-4577

* https://github.com/nNoSuger/CVE-2024-4577

* https://github.com/princew88/CVE-2024-4577

* https://github.com/a-roshbaik/CVE-2024-4577

* https://github.com/Jcccccx/CVE-2024-4577

* https://github.com/dbyMelina/CVE-2024-4577

* https://github.com/bl4cksku11/CVE-2024-4577

* https://github.com/sug4r-wr41th/CVE-2024-4577

* https://github.com/ahmetramazank/CVE-2024-4577

* https://github.com/hexedbyte/cve-2024-4577

* https://github.com/d3ck4/Shodan-CVE-2024-4577

* https://github.com/Entropt/CVE-2024-4577_Analysis

* https://github.com/a-roshbaik/CVE-2024-4577-PHP-RCE

* https://github.com/ywChen-NTUST/PHP-CGI-RCE-Scanner

* https://github.com/jakabakos/CVE-2024-4577-PHP-CGI-argument-injection-RCE

* https://github.com/AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577-

CVE-2024-4561

In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability
exists in Whatsup Gold's FaviconController that allows an attacker to send
arbitrary HTTP requests on behalf of the vulnerable server.

* https://github.com/ooooooo-q/puma_header_normalization-CVE-2024-45614

CVE-2024-4558

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a
remote attacker to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: High)

* https://github.com/BenRogozinski/CVE-2024-45589

CVE-2024-4551

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for
WordPress is vulnerable to Local File Inclusion in all versions up to, and
including, 1.3.13 via the display function. This makes it possible for
authenticated attackers, with contributor access and higher, to include and
execute arbitrary php files on the server, allowing the execution of any PHP
code in those files. This can be used to bypass access controls, obtain
sensitive data, or achieve code execution in cases where images and other “safe”
file types can be uploaded and included.

* https://github.com/Chocapikk/CVE-2024-45519

* https://github.com/p33d/CVE-2024-45519

* https://github.com/whiterose7777/CVE-2024-45519

* https://github.com/XiaomingX/cve-2024-45519-poc

CVE-2024-4550

* https://github.com/Avento/CVE-2024-45507_Behinder_Webshell

CVE-2024-4549

A denial of service vulnerability exists in Delta Electronics DIAEnergie
v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe
restarts the system.

* https://github.com/nidhihcl75/external_expat_2.6.2_CVE-2024-45492

CVE-2024-4543

* https://github.com/pankass/CVE-2024-45436

* https://github.com/XiaomingX/cve-2024-45436-exp

CVE-2024-4541

The Custom Product List Table plugin for WordPress is vulnerable to Cross-Site
Request Forgery in all versions up to, and including, 3.0.0. This is due to
missing or incorrect nonce validation when modifying products. This makes it
possible for unauthenticated attackers to add, delete, bulk edit, approve or
cancel products via a forged request granted they can trick a site administrator
into performing an action such as clicking on a link.

* https://github.com/jphetphoumy/traefik-CVE-2024-45410-poc

CVE-2024-4540

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR).
Client-provided parameters were found to be included in plain text in the
KC_RESTART cookie returned by the authorization server's HTTP response to a
request_uri authorization request, possibly leading to an information disclosure
vulnerability.

* https://github.com/synacktiv/CVE-2024-45409

CVE-2024-4538

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This
vulnerability could allow a remote user to obtain a user's event ticket by
creating a specific request with the ticket reference ID, leading to the
exposure of sensitive user data.

* https://github.com/SpiralBL0CK/CVE-2024-45383

* https://github.com/codeb0ss/CVE-2024-45388-PoC

CVE-2024-4526

A vulnerability was found in Campcodes Complete Web-Based School Management
System 1.0 and classified as problematic. This issue affects some unknown
processing of the file /view/student_payment_details3.php. The manipulation of
the argument month leads to cross site scripting. The attack may be initiated
remotely. The exploit has been disclosed to the public and may be used. The
identifier VDB-263129 was assigned to this vulnerability.

* https://github.com/TheHermione/CVE-2024-45264

* https://github.com/TheHermione/CVE-2024-45265

CVE-2024-4524

A vulnerability, which was classified as problematic, was found in Campcodes
Complete Web-Based School Management System 1.0. This affects an unknown part of
the file /view/student_payment_invoice.php. The manipulation of the argument
desc leads to cross site scripting. It is possible to initiate the attack
remotely. The exploit has been disclosed to the public and may be used. The
associated identifier of this vulnerability is VDB-263127.

* https://github.com/verylazytech/CVE-2024-45241

* https://github.com/d4lyw/CVE-2024-45241

CVE-2024-4505

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up
to 20240428. This affects an unknown part of the file
/view/IPV6/ipv6Addr/ip_addr_add_commit.php. The manipulation of the argument
prelen/ethname leads to os command injection. It is possible to initiate the
attack remotely. The exploit has been disclosed to the public and may be used.
The identifier VDB-263109 was assigned to this vulnerability. NOTE: The vendor
was contacted early about this disclosure but did not respond in any way.

* https://github.com/0xbhsu/CVE-2024-45058

CVE-2024-4494

A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as
critical. Affected by this vulnerability is the function formSetUplinkInfo of
the file /goform/setUplinkInfo. The manipulation of the argument pingHostIp2
leads to stack-based buffer overflow. The attack can be launched remotely. The
exploit has been disclosed to the public and may be used. The associated
identifier of this vulnerability is VDB-263083. NOTE: The vendor was contacted
early about this disclosure but did not respond in any way.

* https://github.com/Abdurahmon3236/CVE-2024-44946

* https://github.com/Abdurahmon3236/CVE-2024-44947

CVE-2024-4490

The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for
WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the
‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient
input sanitization and output escaping. This makes it possible for authenticated
attackers, with contributor-level permissions and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected page.

* https://github.com/fru1ts/CVE-2024-44902

CVE-2024-4486

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to
Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions
up to, and including, 2.9 due to insufficient input sanitization and output
escaping on user supplied attributes. This makes it possible for authenticated
attackers, with contributor-level access and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected page.

* https://github.com/ChengZyin/CVE-2024-44867

CVE-2024-4484

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets,
Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site
Scripting via the ‘xai_username’ parameter in versions up to, and including,
5.5.2 due to insufficient input sanitization and output escaping. This makes it
possible for authenticated attackers, with contributor-level permissions and
above, to inject arbitrary web scripts in pages that will execute whenever a
user accesses an injected page.

* https://github.com/extencil/CVE-2024-44849

CVE-2024-4481

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to
Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in
all versions up to, and including, 3.2.36 due to insufficient input sanitization
and output escaping on user supplied attributes. This makes it possible for
authenticated attackers, with contributor-level access and above, to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.

* https://github.com/b1u3st0rm/CVE-2024-44812-PoC

* https://github.com/nitinronge91/Extracting-User-credentials-For-Web-portal-and-WiFi-AP-For-Hathway-Router-CVE-2024-44815-

CVE-2024-4462

The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site
Scripting via admin settings in all versions up to, and including, 1.2.9 due to
insufficient input sanitization and output escaping. This makes it possible for
authenticated attackers, with administrator-level permissions and above, to
inject arbitrary web scripts in pages that will execute whenever a user accesses
an injected page. This only affects multi-site installations and installations
where unfiltered_html has been disabled.

* https://github.com/Fysac/CVE-2024-44625

* https://github.com/merbinr/CVE-2024-44623

CVE-2024-4454

WithSecure Elements Endpoint Protection Link Following Local Privilege
Escalation Vulnerability. This vulnerability allows local attackers to escalate
privileges on affected installations of WithSecure Elements Endpoint Protection.
User interaction on the part of an administrator is required to exploit this
vulnerability. The specific flaw exists within the WithSecure plugin hosting
service. By creating a symbolic link, an attacker can abuse the service to
create a file. An attacker can leverage this vulnerability to escalate
privileges and execute arbitrary code in the context of SYSTEM. Was
ZDI-CAN-23035.

* https://github.com/alphandbelt/CVE-2024-44542

* https://github.com/pointedsec/CVE-2024-44541

CVE-2024-4445

The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is
vulnerable to unauthorized modification of data due to a missing capability
check on the several functions in versions up to, and including, 6.20.01. This
makes it possible for authenticated attackers, with subscriber-level permissions
and above, to edit plugin settings, including storing cross-site scripting, in
multisite environments.

* https://github.com/VoidSecOrg/CVE-2024-44450

CVE-2024-4443

The Business Directory Plugin – Easy Listing Directories for WordPress plugin
for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’
parameter in all versions up to, and including, 6.4.2 due to insufficient
escaping on the user supplied parameter and lack of sufficient preparation on
the existing SQL query. This makes it possible for unauthenticated attackers to
append additional SQL queries into already existing queries that can be used to
extract sensitive information from the database.

* https://github.com/truonghuuphuc/CVE-2024-4443-Poc

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display
names in the Avatar block in various versions up to 6.5.2 due to insufficient
output escaping on the display name. This makes it possible for authenticated
attackers, with contributor-level access and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected page. In
addition, it also makes it possible for unauthenticated attackers to inject
arbitrary web scripts in pages that have the comment block present and display
the comment author's avatar.

* https://github.com/d0rb/CVE-2024-4439

* https://github.com/MielPopsssssss/CVE-2024-4439

* https://github.com/w0r1i0g1ht/CVE-2024-4439

* https://github.com/soltanali0/CVE-2024-4439

* https://github.com/xssor-dz/-CVE-2024-4439

CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to
time-based SQL Injection via the ‘term_id’ parameter in versions up to, and
including, 4.2.6.5 due to insufficient escaping on the user supplied parameter
and lack of sufficient preparation on the existing SQL query. This makes it
possible for unauthenticated attackers to append additional SQL queries into
already existing queries that can be used to extract sensitive information from
the database.

* https://github.com/sahil3276/CVE-2024-44346

* https://github.com/Shauryae1337/CVE-2024-44346

* https://github.com/AndreaF17/PoC-CVE-2024-44349

CVE-2024-4433

Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability in Mr Digital Simple Image Popup allows Stored
XSS.This issue affects Simple Image Popup: from n/a through 2.4.0.

* https://github.com/Brinmon/CVE-2024-44337

CVE-2024-4425

The access control in CemiPark software stores integration (e.g. FTP or SIP)
credentials in plain-text. An attacker who gained unauthorized access to the
device can retrieve clear text passwords used by the system.This issue affects
CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to
provide the specific range of affected products.

* https://github.com/ifpdz/CVE-2024-44258

CVE-2024-4419

The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting
via admin settings in all versions up to, and including, 1.8.3 due to
insufficient input sanitization and output escaping. This makes it possible for
authenticated attackers, with administrator-level permissions and above, to
inject arbitrary web scripts in pages that will execute whenever a user accesses
an injected page. This only affects multi-site installations and installations
where unfiltered_html has been disabled.

* https://github.com/mbog14/CVE-2024-44193

CVE-2024-4413

The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object
Injection in all versions up to, and including, 4.11.1 via deserialization of
untrusted input. This makes it possible for unauthenticated attackers to inject
a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP
chain is present via an additional plugin or theme installed on the target
system, it could allow the attacker to delete arbitrary files, retrieve
sensitive data, or execute code.

* https://github.com/Ununp3ntium115/prevent_cve_2024_44133

CVE-2024-4408

* https://github.com/Azvanzed/CVE-2024-44083

CVE-2024-4406

Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code
Execution Vulnerability. This vulnerability allows remote attackers to execute
arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User
interaction is required to exploit this vulnerability in that the target must
visit a malicious page or open a malicious file. The specific flaw exists within
the integral-dialog-page.html file. When parsing the integralInfo parameter, the
process does not properly sanitize user-supplied data, which can lead to the
injection of an arbitrary script. An attacker can leverage this vulnerability to
execute code in the context of the current user. Was ZDI-CAN-22332.

* https://github.com/Yogehi/cve-2024-4406-xiaomi13pro-exploit-files

CVE-2024-4400

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for
WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter
in versions up to, and including, 1.26.4 due to insufficient input sanitization
and output escaping. This makes it possible for authenticated attackers, with
contributor-level permissions and above, to inject arbitrary web scripts in
pages that will execute whenever a user accesses an injected page.

* https://github.com/absholi7ly/CVE-2024-44000-LiteSpeed-Cache

* https://github.com/geniuszlyy/CVE-2024-44000

* https://github.com/ifqygazhar/CVE-2024-44000-LiteSpeed-Cache

* https://github.com/gbrsh/CVE-2024-44000

CVE-2024-4399

The does not validate a parameter before making a request to it, which could
allow unauthenticated users to perform SSRF attack

* https://github.com/RandomRobbieBF/CVE-2024-43998

CVE-2024-4396

* https://github.com/RandomRobbieBF/CVE-2024-43965

CVE-2024-4391

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via the plugin's Event Calendar widget in all versions up
to, and including, 3.10.7 due to insufficient input sanitization and output
escaping on user supplied attributes. This makes it possible for authenticated
attackers, with contributor-level access and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected page.

* https://github.com/p33d/CVE-2024-43917

* https://github.com/KTN1990/CVE-2024-43918

* https://github.com/RandomRobbieBF/CVE-2024-43919

CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow
arbitrary JavaScript execution in the PDF.js context. This vulnerability affects
Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

* https://github.com/LOURC0D3/CVE-2024-4367-PoC

* https://github.com/s4vvysec/CVE-2024-4367-POC

* https://github.com/spaceraccoon/detect-cve-2024-4367

* https://github.com/Zombie-Kaiser/cve-2024-4367-PoC-fixed

* https://github.com/snyk-labs/pdfjs-vuln-demo

* https://github.com/UnHackerEnCapital/PDFernetRemotelo

* https://github.com/clarkio/pdfjs-vuln-demo

* https://github.com/Scivous/CVE-2024-4367-npm

* https://github.com/Masamuneee/CVE-2024-4367-Analysis

* https://github.com/avalahEE/pdfjs_disable_eval

* https://github.com/pedrochalegre7/CVE-2024-4367-pdf-sample

CVE-2024-4358

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on
IIS, an unauthenticated attacker can gain access to Telerik Report Server
restricted functionality via an authentication bypass vulnerability.

* https://github.com/sinsinology/CVE-2024-4358

* https://github.com/Sk1dr0wz/CVE-2024-4358_Mass_Exploit

* https://github.com/verylazytech/CVE-2024-4358

* https://github.com/jinxongwi/CVE-2024-43582-RCE

* https://github.com/RevoltSecurities/CVE-2024-4358

* https://github.com/gh-ost00/CVE-2024-4358

* https://github.com/Harydhk7/CVE-2024-4358

CVE-2024-4353

* https://github.com/HazeLook/CVE-2024-43532

* https://github.com/expl0itsecurity/CVE-2024-43532

CVE-2024-4352

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of
data, modification of data, loss of data due to a missing capability check on
the 'get_calendar_materials' function. The plugin is also vulnerable to SQL
Injection via the ‘year’ parameter of that function due to insufficient escaping
on the user supplied parameter and lack of sufficient preparation on the
existing SQL query. This makes it possible for authenticated attackers, with
subscriber-level permissions and above, to append additional SQL queries into
already existing queries that can be used to extract sensitive information from
the database.

* https://github.com/truonghuuphuc/CVE-2024-4352-Poc

CVE-2024-4351

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of
data, modification of data, loss of data due to a missing capability check on
the 'authenticate' function in all versions up to, and including, 2.7.0. This
makes it possible for authenticated attackers, with subscriber-level permissions
and above, to gain control of an existing administrator account.

* https://github.com/ZSECURE/CVE-2024-4351

CVE-2024-4346

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary
file deletion in all versions up to, and including, 1.7.13. This is due to the
plugin not properly validating the path of an uploaded file prior to deleting
it. This makes it possible for unauthenticated attackers to delete arbitrary
files, including the wp-config.php file, which can make site takeover and remote
code execution possible.

* https://github.com/tadash10/Detailed-Analysis-and-Mitigation-Strategies-for-CVE-2024-38124-and-CVE-2024-43468

CVE-2024-4341

* https://github.com/0xmupa/CVE-2024-43416-PoC

CVE-2024-4336

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs,
resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the
/adive/admin/tables/add, in multiple parameters. An attacker could retrieve the
session details of an authenticated user.

* https://github.com/p33d/CVE-2024-43363

CVE-2024-4323

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This
issue lies in the embedded http server’s parsing of trace requests and may
result in denial of service conditions, information disclosure, or remote code
execution.

* https://github.com/skilfoy/CVE-2024-4323-Exploit-POC

* https://github.com/d0rb/CVE-2024-4323

* https://github.com/yuansec/CVE-2024-4323-dos_poc

CVE-2024-4320

A remote code execution (RCE) vulnerability exists in the '/install_extension'
endpoint of the parisneo/lollms-webui application, specifically within the
@router.post(&quot;/install_extension&quot;) route handler. The vulnerability
arises due to improper handling of the name parameter in the
ExtensionBuilder().build_extension() method, which allows for local file
inclusion (LFI) leading to arbitrary code execution. An attacker can exploit
this vulnerability by crafting a malicious name parameter that causes the server
to load and execute a __init__.py file from an arbitrary location, such as the
upload directory for discussions. This vulnerability affects the latest version
of parisneo/lollms-webui and can lead to remote code execution without requiring
user interaction, especially when the application is exposed to an external
endpoint or operated in headless mode.

* https://github.com/bolkv/CVE-2024-4320

CVE-2024-4316

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos,
Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress
is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all
versions up to, and including, 3.9.16 due to insufficient input sanitization and
output escaping. This makes it possible for authenticated attackers, with
contributor-level access and above, to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.

* https://github.com/KTN1990/CVE-2024-43160

CVE-2024-4309

SQL injection vulnerability in HubBank affecting version 1.0.2. This
vulnerability could allow an attacker to send a specially crafted SQL query to
the database through different endpoints (/user/transaction.php?id=1,
/user/credit-debit_transaction.php?id=1,/user/view_transaction. php?id=1 and
/user/viewloantrans.php?id=1, id parameter) and retrieve the information stored
in the database.

* https://github.com/hatvix1/CVE-2024-43093

CVE-2024-4304

A Cross-Site Scripting XSS vulnerability has been detected on GT3 Soluciones
SWAL. This vulnerability consists in a reflected XSS in the Titular parameter
inside Gestion 'Documental > Seguimiento de Expedientes > Alta de Expedientes'.

* https://github.com/convisolabs/CVE-2024-43044-jenkins

* https://github.com/v9d0g/CVE-2024-43044-POC

* https://github.com/HwMex0/CVE-2024-43044

CVE-2024-4299

The system configuration interface of HGiga iSherlock (including MailSherlock,
SpamSherock, AuditSherlock) fails to filter special characters in certain
function parameters, allowing remote attackers with administrative privileges to
exploit this vulnerability for Command Injection attacks, enabling execution of
arbitrary system commands.

* https://github.com/thanhh23/CVE-2024-42992

CVE-2024-4295

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to
SQL Injection via the ‘hash’ parameter in all versions up to, and including,
5.7.20 due to insufficient escaping on the user supplied parameter and lack of
sufficient preparation on the existing SQL query. This makes it possible for
unauthenticated attackers to append additional SQL queries into already existing
queries that can be used to extract sensitive information from the database.

* https://github.com/codeb0ss/CVEploiterv2

* https://github.com/truonghuuphuc/CVE-2024-4295-Poc

* https://github.com/cve-2024/CVE-2024-4295-Poc

CVE-2024-4291

A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been
rated as critical. This issue affects the function formAddMacfilterRule of the
file /goform/setBlackRule. The manipulation of the argument deviceList leads to
stack-based buffer overflow. The attack may be initiated remotely. The exploit
has been disclosed to the public and may be used. The associated identifier of
this vulnerability is VDB-262223. NOTE: The vendor was contacted early about
this disclosure but did not respond in any way.

* https://github.com/jeyabalaji711/CVE-2024-42919

CVE-2024-4286

Mintplex-Labs' anything-llm application is vulnerable to improper neutralization
of special elements used in an expression language statement, identified in the
commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises
from the application's handling of user modifications by managers or admins,
allowing for the modification of all existing attributes of the user database
entity without proper checks or sanitization. This flaw can be exploited to
delete user threads, denying users access to their previously submitted data, or
to inject fake threads and/or chat history for social engineering attacks.

* https://github.com/qiupy123/CVE-2024-42861

CVE-2024-4285

* https://github.com/njmbb8/CVE-2024-42850

CVE-2024-4284

A vulnerability in mintplex-labs/anything-llm allows for a denial of service
(DoS) condition through the modification of a user's id attribute to a value of
0. This issue affects the current version of the software, with the latest
commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting this
vulnerability, an attacker, with manager or admin privileges, can render a
chosen account completely inaccessible. The application's mechanism for
suspending accounts does not provide a means to reverse this condition through
the UI, leading to uncontrolled resource consumption. The vulnerability is
introduced due to the lack of input validation and sanitization in the user
modification endpoint and the middleware's token validation logic. This issue
has been addressed in version 1.0.0 of the software.

* https://github.com/njmbb8/CVE-2024-42849

CVE-2024-4283

* https://github.com/CyberSec-Supra/CVE-2024-42834

CVE-2024-4275

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits &
WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site
Scripting via the plugin's Interactive Circle widget in all versions up to, and
including, 5.9.19 due to insufficient input sanitization and output escaping on
user supplied attributes. This makes it possible for authenticated attackers,
with contributor-level access and above, to inject arbitrary web scripts in
pages that will execute whenever a user accesses an injected page.

* https://github.com/1s1ldur/CVE-2024-42758

CVE-2024-4265

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations
for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting
via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to
insufficient input sanitization and output escaping. This makes it possible for
authenticated attackers, with contributor-level permissions and above, to inject
arbitrary web scripts in pages that will execute whenever a user accesses an
injected page.

* https://github.com/sudo-subho/CVE-2024-42657

* https://github.com/sudo-subho/CVE-2024-42658

CVE-2024-4264

A remote code execution (RCE) vulnerability exists in the berriai/litellm
project due to improper control of the generation of code when using the eval
function unsafely in the litellm.get_secret() method. Specifically, when the
server utilizes Google KMS, untrusted data is passed to the eval function
without any sanitization. Attackers can exploit this vulnerability by injecting
malicious values into environment variables through the /config/update endpoint,
which allows for the update of settings in proxy_server_config.yaml.

* https://github.com/rvizx/CVE-2024-42640

* https://github.com/VL4DR/CVE-2024-42642

* https://github.com/KTN1990/CVE-2024-42640

CVE-2024-4246

A vulnerability, which was classified as critical, was found in Tenda i21
1.0.0.14(4656). This affects the function formQosManageDouble_auto. The
manipulation of the argument ssidIndex leads to stack-based buffer overflow. It
is possible to initiate the attack remotely. The identifier VDB-262137 was
assigned to this vulnerability. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.

* https://github.com/fevar54/CVE-2024-42461

CVE-2024-4234

Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability in Sayful Islam Filterable Portfolio allows Stored
XSS.This issue affects Filterable Portfolio: from n/a through 1.6.4.

* https://github.com/partywavesec/CVE-2024-42346

CVE-2024-4232

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L;
Firmware version : v3.2.02) due to lack of encryption or hashing in storing of
passwords within the router's firmware/ database. An attacker with physical
access could exploit this by extracting the firmware and reverse engineer the
binary data to access the plaintext passwords on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to gain
unauthorized access to the targeted system.

* https://github.com/Redfox-Secuirty/Digisol-DG--GR1321-s-Password-Storage-in-Plaintext--CVE-2024-4232

* https://github.com/Redfox-Secuirty/Digisol-DG-GR1321-s-Password-Storage-in-Plaintext-CVE-2024-4232

CVE-2024-4231

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L;
Firmware version : v3.2.02) due to presence of root terminal access on a serial
interface without proper access control. An attacker with physical access could
exploit this by identifying UART pins and accessing the root shell on the
vulnerable system. Successful exploitation of this vulnerability could allow the
attacker to access the sensitive information on the targeted system.

* https://github.com/Redfox-Secuirty/Digisol-DG-GR1321-s-Improper-Access-Control--CVE-2024--4231

* https://github.com/Redfox-Secuirty/Digisol-DG-GR1321-s-Improper-Access-Control-CVE-2024-4231

CVE-2024-4199

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to
unauthorized access of functionality due to a missing capability check on the
plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it
possible for authenticated attackers, with subscriber access and higher, to
invoke their corresponding functions. This may lead to post creation and
duplication, post content retrieval, post taxonomy manipulation.

* https://github.com/fj016/CVE-2024-41992-PoC

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to
fully validate role changes, which allows an attacker authenticated as a team
admin to promote guests to team admins via crafted HTTP requests.

* https://github.com/OrangeJuiceHU/CVE-2024-41958-PoC

CVE-2024-4166

A vulnerability has been found in Tenda 4G300 1.01.42 and classified as
critical. Affected by this vulnerability is the function sub_41E858. The
manipulation of the argument GO/page leads to stack-based buffer overflow. The
attack can be launched remotely. The identifier VDB-261985 was assigned to this
vulnerability. NOTE: The vendor was contacted early about this disclosure but
did not respond in any way.

* https://github.com/sh3bu/CVE-2024-41662

CVE-2024-4165

A vulnerability, which was classified as critical, was found in Tenda G3
15.11.0.17(9502). Affected is the function modifyDhcpRule of the file
/goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to
stack-based buffer overflow. It is possible to launch the attack remotely. The
exploit has been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-261984. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.

* https://github.com/Fckroun/CVE-2024-41651

CVE-2024-4164

A vulnerability, which was classified as critical, has been found in Tenda G3
15.11.0.17(9502). This issue affects the function formModifyPppAuthWhiteMac of
the file /goform/ModifyPppAuthWhiteMac. The manipulation of the argument
pppoeServerWhiteMacIndex leads to stack-based buffer overflow. The attack may be
initiated remotely. The exploit has been disclosed to the public and may be
used. The associated identifier of this vulnerability is VDB-261983. NOTE: The
vendor was contacted early about this disclosure but did not respond in any way.

* https://github.com/alemusix/CVE-2024-41640

CVE-2024-4162

A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow
attackers malicious read access to memory.

* https://github.com/Redshift-CyberSecurity/CVE-2024-41628

CVE-2024-4131

* https://github.com/Amal264882/CVE-2024-41312.

CVE-2024-4130

* https://github.com/patrickdeanramos/CVE-2024-41302-Bookea-tu-Mesa-is-vulnerable-to-SQL-Injection

* https://github.com/patrickdeanramos/CVE-2024-41301-Bookea-tu-Mesa-is-vulnerable-to-Stored-Cross-Site-Scripting

CVE-2024-4129

Improper Authentication vulnerability in Snow Software AB Snow License Manager
on Windows allows a networked attacker to perform an Authentication Bypass if
Active Directory Authentication is enabled.This issue affects Snow License
Manager: from 9.33.2 through 9.34.0.

* https://github.com/paragbagul111/CVE-2024-41290

CVE-2024-4127

A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as
critical. Affected is the function guestWifiRuleRefresh. The manipulation of the
argument qosGuestDownstream leads to stack-based buffer overflow. It is possible
to launch the attack remotely. VDB-261870 is the identifier assigned to this
vulnerability. NOTE: The vendor was contacted early about this disclosure but
did not respond in any way.

* https://github.com/artemy-ccrsky/CVE-2024-41276

CVE-2024-4111

A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as
critical. Affected by this issue is the function sub_42BD7C of the file
/goform/SetLEDCfg. The manipulation of the argument time leads to stack-based
buffer overflow. The attack may be launched remotely. The exploit has been
disclosed to the public and may be used. VDB-261854 is the identifier assigned
to this vulnerability. NOTE: The vendor was contacted early about this
disclosure but did not respond in any way.

* https://github.com/vvpoglazov/cve-2024-41110-checker

* https://github.com/PauloParoPP/CVE-2024-41110-SCAN

CVE-2024-4110

* https://github.com/d0rb/CVE-2024-41107

CVE-2024-4089

* https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898

* https://github.com/whiterose7777/CVE-2024-40725-CVE-2024-40898

CVE-2024-4072

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce
Website 1.0. It has been classified as problematic. Affected is an unknown
function of the file search.php. The manipulation of the argument txtSearch
leads to cross site scripting. It is possible to launch the attack remotely. The
exploit has been disclosed to the public and may be used. VDB-261798 is the
identifier assigned to this vulnerability.

* https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898

* https://github.com/whiterose7777/CVE-2024-40725-CVE-2024-40898

CVE-2024-4071

A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce
Website 1.0 and classified as critical. This issue affects some unknown
processing of the file prodInfo.php. The manipulation of the argument prodId
leads to sql injection. The attack may be initiated remotely. The exploit has
been disclosed to the public and may be used. The identifier VDB-261797 was
assigned to this vulnerability.

* https://github.com/watchtowrlabs/CVE-2024-40711

* https://github.com/realstatus/CVE-2024-40711-Exp

* https://github.com/XiaomingX/cve-2024-40711-poc

CVE-2024-4067

The NPM package micromatch is vulnerable to Regular Expression Denial of Service
(ReDoS). The vulnerability occurs in micromatch.braces() in index.js because the
pattern .* will greedily match anything. By passing a malicious payload, the
pattern matching will keep backtracking to the input while it doesn't find the
closing bracket. As the input size increases, the consumption time will also
increase until it causes the application to hang or slow down. There was a
merged fix but further testing shows the issue persists. This issue should be
mitigated by using a safe pattern that won't start backtracking the regular
expression due to greedy matching.

* https://github.com/Aakashmom/intent_CVE-2024-40675

* https://github.com/Aakashmom/accounts_CVE-2024-40676-

* https://github.com/Aakashmom/frameworks_base_accounts_CVE-2024-40676

* https://github.com/Aakashmom/G3_libcore_native_CVE-2024-40673

CVE-2024-4066

A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09.
Affected is the function fromAdvSetMacMtuWan of the file
/goform/AdvSetMacMtuWan. The manipulation of the argument
wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer
overflow. It is possible to launch the attack remotely. The exploit has been
disclosed to the public and may be used. The identifier of this vulnerability is
VDB-261792. NOTE: The vendor was contacted early about this disclosure but did
not respond in any way.

* https://github.com/Aakashmom/net_G2.5_CVE-2024-40662

CVE-2024-4065

A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as
critical. This issue affects the function formSetRebootTimer of the file
/goform/SetRebootTimer. The manipulation of the argument rebootTime leads to
stack-based buffer overflow. The attack may be initiated remotely. The exploit
has been disclosed to the public and may be used. The associated identifier of
this vulnerability is VDB-261791. NOTE: The vendor was contacted early about
this disclosure but did not respond in any way.

* https://github.com/nidhihcl75/frameworks_av_AOSP10_r33_CVE-2024-40658

CVE-2024-4061

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some
of its settings, which could allow high privilege users such as admin to perform
Stored Cross-Site Scripting attacks even when the unfiltered_html capability is
disallowed (for example in multisite setup)

* https://github.com/KyssK00L/CVE-2024-40617

CVE-2024-4051

* https://github.com/Jansen-C-Moreira/CVE-2024-40510

* https://github.com/Jansen-C-Moreira/CVE-2024-40511

* https://github.com/Jansen-C-Moreira/CVE-2024-40512

CVE-2024-4050

* https://github.com/Jansen-C-Moreira/CVE-2024-40507

* https://github.com/Jansen-C-Moreira/CVE-2024-40506

* https://github.com/Jansen-C-Moreira/CVE-2024-40508

* https://github.com/Jansen-C-Moreira/CVE-2024-40509

* https://github.com/nitipoom-jar/CVE-2024-40500

CVE-2024-4049

* https://github.com/Dirac231/CVE-2024-40498

* https://github.com/minendie/POC_CVE-2024-40492

CVE-2024-4045

The Popup Builder by OptinMonster – WordPress Popups for Optins, Email
Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and
including, 2.16.1 due to insufficient input sanitization and output escaping.
This makes it possible for authenticated attackers, with contributor-level
permissions and above, to inject arbitrary web scripts in pages that will
execute whenever a user accesses an injected page.

* https://github.com/jeppojeps/CVE-2024-40457-PoC

CVE-2024-4044

A deserialization of untrusted data vulnerability exists in common code used by
FlexLogger and InstrumentStudio that may result in remote code execution.
Successful exploitation requires an attacker to get a user to open a specially
crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior
versions as well as NI InstrumentStudio 2024 Q1 and prior versions.

* https://github.com/Yuma-Tsushima07/CVE-2024-40443

CVE-2024-4043

The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via the plugin's 'wpupg-text' shortcode in all versions up
to, and including, 3.9.1 due to insufficient input sanitization and output
escaping on user supplied attributes. This makes it possible for authenticated
attackers, with contributor-level access and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected page.

* https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN

CVE-2024-4042

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post
Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site
Scripting via the 'class' attribute of the menu-wrap-item block in all versions
up to, and including, 2.2.80 due to insufficient input sanitization and output
escaping. This makes it possible for authenticated attackers, with
contributor-level access and above, to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.

* https://github.com/alpernae/CVE-2024-40422

* https://github.com/j3r1ch0123/CVE-2024-40422

* https://github.com/codeb0ss/CVE-2024-40422-PoC

CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions
before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote
attackers to read files from the filesystem outside of the VFS Sandbox, bypass
authentication to gain administrative access, and perform remote code execution
on the server.

* https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC

* https://github.com/airbus-cert/CVE-2024-4040

* https://github.com/rbih-boulanouar/CVE-2024-4040

* https://github.com/gotr00t0day/CVE-2024-4040

* https://github.com/geniuszlyy/GenCrushSSTIExploit

* https://github.com/Mohammaddvd/CVE-2024-4040

* https://github.com/jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerability

* https://github.com/entroychang/CVE-2024-4040

* https://github.com/tucommenceapousser/CVE-2024-4040-Scanner

* https://github.com/olebris/CVE-2024-4040

* https://github.com/0xN7y/CVE-2024-4040

* https://github.com/Mufti22/CVE-2024-4040

* https://github.com/1ncendium/CVE-2024-4040

* https://github.com/rahisec/CVE-2024-4040

* https://github.com/Praison001/CVE-2024-4040-CrushFTP-server

* https://github.com/safeer-accuknox/CrushFTP-cve-2024-4040-poc

CVE-2024-4034

The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via
a Post Author's name in all versions up to, and including, 3.4.8 due to
insufficient input sanitization and output escaping when the latest posts
feature is enabled on the homepage. This makes it possible for authenticated
attackers, with contributor-level access and above, to inject arbitrary web
scripts in pages that will execute whenever a user accesses an injected page.

* https://github.com/bigb0x/CVE-2024-40348

* https://github.com/codeb0ss/CVE-2024-40348-PoC

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain
IPv4 and IPv6 addresses were designated as “globally reachable” or “private”.
This affected the is_private and is_global properties of the
ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and
ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance
with the latest information from the IANA Special-Purpose Address Registries.
CPython 3.12.4 and 3.13.0a6 contain updated information from these registries
and thus have the intended behavior.

* https://github.com/aleksey-vi/CVE-2024-40324

CVE-2024-4031

Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on
Windows allows Local Execution of Code.

* https://github.com/3v1lC0d3/RCE-QloApps-CVE-2024-40318

CVE-2024-4011

* https://github.com/Abdurahmon3236/CVE-2024-40110

* https://github.com/sudo-subho/nepstech-xpon-router-CVE-2024-40119

CVE-2024-4008

FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version
1.3.0.33) allows attacker to take control via access to local KNX Bus-System

* https://github.com/perras/CVE-2024-40080

CVE-2024-3994

The Tutor LMS – eLearning and online course solution plugin for WordPress is
vulnerable to Stored Cross-Site Scripting via the plugin's
'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2
due to insufficient input sanitization and output escaping on user supplied
attributes. This makes it possible for authenticated attackers, with
contributor-level access and above, to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.

* https://github.com/truonghuuphuc/CVE-2024-39943-Poc

* https://github.com/tequilasunsh1ne/CVE_2024_39943

CVE-2024-3992

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its
settings, which could allow high privilege users such as admin to perform Stored
Cross-Site Scripting attacks even when the unfiltered_html capability is
disallowed (for example in multisite setup)

* https://github.com/rxerium/CVE-2024-39929

* https://github.com/michael-david-fry/CVE-2024-39929

CVE-2024-3984

The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress
is vulnerable to Stored Cross-Site Scripting via the plugin's
'embedsocial_reviews' shortcode in all versions up to, and including, 1.1.29 due
to insufficient input sanitization and output escaping on user supplied
attributes. This makes it possible for authenticated attackers, with
contributor-level access and above, to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.

* https://github.com/ph1ns/CVE-2024-39844

CVE-2024-3970

Server Side Request Forgery vulnerability has been discovered in OpenText™
iManager 3.2.6.0200. This could lead to senstive information disclosure by
directory traversal.

* https://github.com/LOURC0D3/CVE-2024-39700-PoC

CVE-2024-3961

The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing
Pages plugin for WordPress is vulnerable to unauthorized modification of data
due to a missing capability check on the tag_subscriber function in all versions
up to, and including, 2.4.9. This makes it possible for unauthenticated
attackers to subscribe users to tags. Financial damages may occur to site owners
if their API quota is exceeded.

* https://github.com/Abdurahmon3236/-CVE-2024-39614

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code'
parameter in all versions up to, and including, 3.10.3 due to insufficient
escaping on the user supplied parameter and lack of sufficient preparation on
the existing SQL query. This makes it possible for unauthenticated attackers to
append additional SQL queries into already existing queries that can be used to
extract sensitive information from the database.

* https://github.com/truonghuuphuc/CVE-2024-3922-Poc

CVE-2024-3867

The archive-tainacan-collection theme for WordPress is vulnerable to Reflected
Cross-Site Scripting due to the use of add_query_arg without appropriate
escaping on the URL in version 2.7.2. This makes it possible for unauthenticated
attackers to inject arbitrary web scripts in pages that execute if they can
successfully trick a user into performing an action such as clicking on a link.

* https://github.com/c4cnm/CVE-2024-3867

CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all
versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type',
'slideshow_type' and 'post_layout' post meta. This makes it possible for
authenticated attackers, with contributor-level and above permissions, to
include and execute arbitrary files on the server, allowing the execution of any
PHP code in those files. This can be used to bypass access controls, obtain
sensitive data, or achieve code execution in cases where php file type can be
uploaded and included. This was partially patched in version 7.1.0 and fully
patched in version 7.1.1.

* https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc

CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all
versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This
makes it possible for unauthenticated attackers to include and execute arbitrary
files on the server, allowing the execution of any PHP code in those files. This
can be used to bypass access controls, obtain sensitive data, or achieve code
execution in cases where php file type can be uploaded and included.

* https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc

CVE-2024-3656

* https://github.com/h4x0r-dz/CVE-2024-3656

CVE-2024-3596

* https://github.com/alperenugurlu/CVE-2024-3596-Detector

CVE-2024-3552

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and
escape a parameter before using it in a SQL statement via an AJAX action
available to unauthenticated users, leading to a SQL injection with different
techniques like UNION, Time-Based and Error-Based.

* https://github.com/truonghuuphuc/CVE-2024-3552-Poc

CVE-2024-3495

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL
Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including,
2.7.2 due to insufficient escaping on the user supplied parameter and lack of
sufficient preparation on the existing SQL query. This makes it possible for
unauthenticated attackers to append additional SQL queries into already existing
queries that can be used to extract sensitive information from the database.

* https://github.com/truonghuuphuc/CVE-2024-3495-Poc

* https://github.com/zomasec/CVE-2024-3495-POC

* https://github.com/issamiso/CVE-2024-2876

CVE-2024-3435

A path traversal vulnerability exists in the 'save_settings' endpoint of the
parisneo/lollms-webui application, affecting versions up to the latest release
before 9.5. The vulnerability arises due to insufficient sanitization of the
'config' parameter in the 'apply_settings' function, allowing an attacker to
manipulate the application's configuration by sending specially crafted JSON
payloads. This could lead to remote code execution (RCE) by bypassing existing
patches designed to mitigate such vulnerabilities.

* https://github.com/ymuraki-csc/cve-2024-3435

CVE-2024-3400

A command injection as a result of arbitrary file creation vulnerability in the
GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS
versions and distinct feature configurations may enable an unauthenticated
attacker to execute arbitrary code with root privileges on the firewall. Cloud
NGFW, Panorama appliances, and Prisma Access are not impacted by this
vulnerability.

* https://github.com/h4x0r-dz/CVE-2024-3400

* https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan

* https://github.com/0x0d3ad/CVE-2024-3400

* https://github.com/ihebski/CVE-2024-3400

* https://github.com/momika233/CVE-2024-3400

* https://github.com/Chocapikk/CVE-2024-3400

* https://github.com/ak1t4/CVE-2024-3400

* https://github.com/Yuvvi01/CVE-2024-3400

* https://github.com/AdaniKamal/CVE-2024-3400

* https://github.com/zam89/CVE-2024-3400-pot

* https://github.com/schooldropout1337/CVE-2024-3400

* https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection

* https://github.com/marconesler/CVE-2024-3400

* https://github.com/retkoussa/CVE-2024-3400

* https://github.com/swaybs/CVE-2024-3400

* https://github.com/ZephrFish/CVE-2024-3400-Canary

* https://github.com/CerTusHack/CVE-2024-3400-PoC

* https://github.com/HackingLZ/panrapidcheck

* https://github.com/CONDITIONBLACK/CVE-2024-3400-POC

* https://github.com/tfrederick74656/cve-2024-3400-poc

* https://github.com/iwallarm/cve-2024-3400

* https://github.com/Kr0ff/cve-2024-3400

* https://github.com/FoxyProxys/CVE-2024-3400

* https://github.com/LoanVitor/CVE-2024-3400-

* https://github.com/codeblueprint/CVE-2024-3400

* https://github.com/workshop748/CVE-2024-3400

* https://github.com/andrelia-hacks/CVE-2024-3400

* https://github.com/hahasagined/CVE-2024-3400

* https://github.com/MrR0b0t19/CVE-2024-3400

* https://github.com/pwnj0hn/CVE-2024-3400

* https://github.com/Ravaan21/CVE-2024-3400

* https://github.com/sxyrxyy/CVE-2024-3400-Check

* https://github.com/terminalJunki3/CVE-2024-3400-Checker

* https://github.com/index2014/CVE-2024-3400-Checker

* https://github.com/MurrayR0123/CVE-2024-3400-Compromise-Checker

* https://github.com/tk-sawada/IPLineFinder

CVE-2024-3293

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is
vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all
versions up to, and including, 4.6.18 due to insufficient escaping on the user
supplied parameter and lack of sufficient preparation on the existing SQL query.
This makes it possible for authenticated attackers, with contributor-level
access and above, to append additional SQL queries into already existing queries
that can be used to extract sensitive information from the database.

* https://github.com/truonghuuphuc/CVE-2024-3293-Poc

CVE-2024-3273

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as
critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to
20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi
of the component HTTP GET Request Handler. The manipulation of the argument
system leads to command injection. It is possible to launch the attack remotely.
The exploit has been disclosed to the public and may be used. The identifier of
this vulnerability is VDB-259284. NOTE: This vulnerability only affects products
that are no longer supported by the maintainer. NOTE: Vendor was contacted early
and confirmed immediately that the product is end-of-life. It should be retired
and replaced.

* https://github.com/Chocapikk/CVE-2024-3273

* https://github.com/adhikara13/CVE-2024-3273

* https://github.com/ThatNotEasy/CVE-2024-3273

* https://github.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT

* https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE

* https://github.com/LeopoldSkell/CVE-2024-3273

* https://github.com/mrrobot0o/CVE-2024-3273-

* https://github.com/yarienkiva/honeypot-dlink-CVE-2024-3273

* https://github.com/OIivr/Turvan6rkus-CVE-2024-3273

* https://github.com/X-Projetion/CVE-2024-3273-D-Link-Remote-Code-Execution-RCE

CVE-2024-3272

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very
critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up
to 20240403. This issue affects some unknown processing of the file
/cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The
manipulation of the argument user with the input messagebus leads to hard-coded
credentials. The attack may be initiated remotely. The exploit has been
disclosed to the public and may be used. The associated identifier of this
vulnerability is VDB-259283. NOTE: This vulnerability only affects products that
are no longer supported by the maintainer. NOTE: Vendor was contacted early and
confirmed immediately that the product is end-of-life. It should be retired and
replaced.

* https://github.com/aliask/dinkleberry

* https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE

CVE-2024-3217

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the
'attribute_value' and 'attribute_id' parameters in all versions up to, and
including, 1.3.0 due to insufficient escaping on the user supplied parameter and
lack of sufficient preparation on the existing SQL query. This makes it possible
for authenticated attackers, with subscriber-level access and above, to append
additional SQL queries into already existing queries that can be used to extract
sensitive information from the database.

* https://github.com/BassamAssiri/CVE-2024-3217-POC

CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is
encrypted using the client’s session key. This key is different for each new
session, which protects it from brute force attacks. However, the ticket it
contains is encrypted using the target principal key directly. For user
principals, this key is a hash of a public per-principal randomly-generated salt
and the user’s password. If a principal is compromised it means the attacker
would be able to retrieve tickets encrypted to any principal, all of them being
encrypted by their own key directly. By taking these tickets and salts offline,
the attacker could run brute force attacks to find character strings able to
decrypt tickets when combined to a principal salt (i.e. find the principal’s
password).

* https://github.com/c2micro/ipapocket

* https://github.com/Cyxow/CVE-2024-3183-POC

CVE-2024-3177

A security issue was discovered in Kubernetes where users may be able to launch
containers that bypass the mountable secrets policy enforced by the
ServiceAccount admission plugin when using containers, init containers, and
ephemeral containers with the envFrom field populated. The policy ensures pods
running with a service account may only reference secrets specified in the
service account’s secrets field. Kubernetes clusters are only affected if the
ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets
annotation are used together with containers, init containers, and ephemeral
containers with the envFrom field populated.

* https://github.com/Cgv-Dev/Metasploit-Module-TFM

CVE-2024-3116

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability
through the validate binary path API. This vulnerability allows attackers to
execute arbitrary code on the server hosting PGAdmin, posing a severe risk to
the database management system's integrity and the security of the underlying
data.

* https://github.com/TechieNeurons/CVE-2024-3116_RCE_in_pgadmin_8.4

CVE-2024-3105

The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for
WordPress is vulnerable to Remote Code Execution in all versions up to, and
including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not
restricting the usage of the functionality to high level authorized users. This
makes it possible for authenticated attackers, with contributor-level access and
above, to execute code on the server.

* https://github.com/hunThubSpace/CVE-2024-3105-PoC

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with
version 5.6.0. Through a series of complex obfuscations, the liblzma build
process extracts a prebuilt object file from a disguised test file existing in
the source code, which is then used to modify specific functions in the liblzma
code. This results in a modified liblzma library that can be used by any
software linked against this library, intercepting and modifying the data
interaction with this library.

* https://github.com/amlweems/xzbot

* https://github.com/lockness-Ko/xz-vulnerable-honeypot

* https://github.com/FabioBaroni/CVE-2024-3094-checker

* https://github.com/byinarie/CVE-2024-3094-info

* https://github.com/jfrog/cve-2024-3094-tools

* https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer

* https://github.com/0xlane/xz-cve-2024-3094

* https://github.com/robertdfrench/ifuncd-up

* https://github.com/teyhouse/CVE-2024-3094

* https://github.com/emirkmo/xz-backdoor-github

* https://github.com/r0binak/xzk8s

* https://github.com/wgetnz/CVE-2024-3094-check

* https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check

* https://github.com/robertdebock/ansible-role-cve_2024_3094

* https://github.com/badsectorlabs/ludus_xz_backdoor

* https://github.com/Yuma-Tsushima07/CVE-2024-3094

* https://github.com/crfearnworks/ansible-CVE-2024-3094

* https://github.com/neuralinhibitor/xzwhy

* https://github.com/gustavorobertux/CVE-2024-3094

* https://github.com/felipecosta09/cve-2024-3094

* https://github.com/pentestfunctions/CVE-2024-3094

* https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker

* https://github.com/ScrimForever/CVE-2024-3094

* https://github.com/Horizon-Software-Development/CVE-2024-3094

* https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check

* https://github.com/przemoc/xz-backdoor-links

* https://github.com/reuteras/CVE-2024-3094

* https://github.com/DANO-AMP/CVE-2024-3094

* https://github.com/galacticquest/cve-2024-3094-detect

* https://github.com/robertdebock/ansible-playbook-cve-2024-3094

* https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits

* https://github.com/brinhosa/CVE-2024-3094-One-Liner

* https://github.com/isuruwa/CVE-2024-3094

* https://github.com/mesutgungor/xz-backdoor-vulnerability

* https://github.com/bsekercioglu/cve2024-3094-Checker

* https://github.com/bioless/xz_cve-2024-3094_detection

* https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector

* https://github.com/ashwani95/CVE-2024-3094

* https://github.com/Fractal-Tess/CVE-2024-3094

* https://github.com/dah4k/CVE-2024-3094

* https://github.com/shefirot/CVE-2024-3094

* https://github.com/Mustafa1986/CVE-2024-3094

* https://github.com/mightysai1997/CVE-2024-3094

* https://github.com/Simplifi-ED/CVE-2024-3094-patcher

* https://github.com/ackemed/detectar_cve-2024-3094

* https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker

* https://github.com/hazemkya/CVE-2024-3094-checker

* https://github.com/mightysai1997/CVE-2024-3094-info

* https://github.com/iheb2b/CVE-2024-3094-Checker

* https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094

* https://github.com/buluma/ansible-role-cve_2024_3094

* https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094

* https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script

* https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container

* https://github.com/weltregie/liblzma-scan

* https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione

* https://github.com/hackingetico21/revisaxzutils

* https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094-

* https://github.com/Juul/xz-backdoor-scan

* https://github.com/harekrishnarai/xz-utils-vuln-checker

CVE-2024-2997

A vulnerability was found in Bdtask Multi-Store Inventory Management System up
to 20240320. It has been declared as problematic. Affected by this vulnerability
is an unknown functionality. The manipulation of the argument Category
Name/Model Name/Brand Name/Unit Name leads to cross site scripting. The attack
can be launched remotely. The exploit has been disclosed to the public and may
be used. The associated identifier of this vulnerability is VDB-258199. NOTE:
The vendor was contacted early about this disclosure but did not respond in any
way.

* https://github.com/lfillaz/CVE-2024-2997

CVE-2024-2961

The iconv() function in the GNU C Library versions 2.39 and older may overflow
the output buffer passed to it by up to 4 bytes when converting strings to the
ISO-2022-CN-EXT character set, which may be used to crash an application or
overwrite a neighbouring variable.

* https://github.com/ambionics/cnext-exploits

* https://github.com/rvizx/CVE-2024-2961

* https://github.com/mattaperkins/FIX-CVE-2024-2961

* https://github.com/kjdfklha/CVE-2024-2961_poc

* https://github.com/tnishiox/cve-2024-2961

* https://github.com/absolutedesignltd/iconvfix

* https://github.com/exfil0/test_iconv

CVE-2024-2928

A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow,
specifically in version 2.9.2, which was fixed in version 2.11.3. This
vulnerability arises from the application's failure to properly validate URI
fragments for directory traversal sequences such as '../'. An attacker can
exploit this flaw by manipulating the fragment part of the URI to read arbitrary
files on the local file system, including sensitive files like '/etc/passwd'.
The vulnerability is a bypass to a previous patch that only addressed similar
manipulation within the URI's query string, highlighting the need for
comprehensive validation of all parts of a URI to prevent LFI attacks.

* https://github.com/nuridincersaygili/CVE-2024-2928

CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a
remote attacker to execute arbitrary code via a crafted HTML page. (Chromium
security severity: High)

* https://github.com/rycbar77/CVE-2024-2887

* https://github.com/PumpkinBridge/Chrome-CVE-2024-2887-RCE-POC

CVE-2024-2879

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the
ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient
escaping on the user supplied parameter and lack of sufficient preparation on
the existing SQL query. This makes it possible for unauthenticated attackers to
append additional SQL queries into already existing queries that can be used to
extract sensitive information from the database.

* https://github.com/herculeszxc/CVE-2024-2879

CVE-2024-2876

The Email Subscribers by Icegram Express – Email Marketing, Newsletters,
Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL
Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all
versions up to, and including, 5.7.14 due to insufficient escaping on the user
supplied parameter and lack of sufficient preparation on the existing SQL query.
This makes it possible for unauthenticated attackers to append additional SQL
queries into already existing queries that can be used to extract sensitive
information from the database.

* https://github.com/c0d3zilla/CVE-2024-2876

* https://github.com/0xAgun/CVE-2024-2876

* https://github.com/skyrowalker/CVE-2024-2876

* https://github.com/issamiso/CVE-2024-2876

* https://github.com/Quantum-Hacker/CVE-2024-2876

CVE-2024-2667

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is
vulnerable to arbitrary file uploads due to insufficient file validation in the
/wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and
including, 0.1.0.22. This makes it possible for unauthenticated attackers to
upload arbitrary files.

* https://github.com/Puvipavan/CVE-2024-2667

CVE-2024-2653

amphp/http will collect CONTINUATION frames in an unbounded buffer and will not
check a limit until it has received the set END_HEADERS flag, resulting in an
OOM crash.

* https://github.com/lockness-Ko/CVE-2024-27316

CVE-2024-2432

A privilege escalation (PE) vulnerability in the Palo Alto Networks
GlobalProtect app on Windows devices enables a local user to execute programs
with elevated privileges. However, execution requires that the local user is
able to successfully exploit a race condition.

* https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP

CVE-2024-2389

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command
injection vulnerability has been identified. An unauthenticated user can gain
entry to the system via the Flowmon management interface, allowing for the
execution of arbitrary system commands.

* https://github.com/adhikara13/CVE-2024-2389

CVE-2024-2257

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L;
Firmware version : v3.2.02) due to improper implementation of password policies.
An attacker with physical access could exploit this by creating password that do
not adhere to the defined security standards/policy on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to expose
the router to potential security threats.

* https://github.com/Redfox-Secuirty/Digisol-DG--GR1321-s-Password-Policy-Bypass--CVE--2024-2257

* https://github.com/Redfox-Secuirty/Digisol-DG-GR1321-s-Password-Policy-Bypass-CVE-2024-2257

CVE-2024-2242

The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site
Scripting via the ‘active-tab’ parameter in all versions up to, and including,
5.9 due to insufficient input sanitization and output escaping. This makes it
possible for unauthenticated attackers to inject arbitrary web scripts in pages
that execute if they can successfully trick a user into performing an action
such as clicking on a link.

* https://github.com/RandomRobbieBF/CVE-2024-2242

CVE-2024-2193

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU
architectures supporting speculative execution (related to Spectre V1) has been
disclosed. An unauthenticated attacker can exploit this vulnerability to
disclose arbitrary data from the CPU using race conditions to access the
speculative executable code paths.

* https://github.com/uthrasri/CVE-2024-2193

CVE-2024-2188

Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting
firmware version 1.0.11 build 2022052. This vulnerability could allow an
unauthenticated attacker to create a port mapping rule via a SOAP request and
store a malicious JavaScript payload within that rule, which could result in an
execution of the JavaScript payload when the rule is loaded.

* https://github.com/hacefresko/CVE-2024-2188

CVE-2024-2169

Implementations of UDP application protocol are vulnerable to network loops. An
unauthenticated attacker can use maliciously-crafted packets against a
vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse
of resources.

* https://github.com/douglasbuzatto/G3-Loop-DoS

CVE-2024-2122

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is
vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all
versions up to, and including, 2.4.15 due to insufficient input sanitization and
output escaping. This makes it possible for authenticated attackers, with
contributor-level access and above, to inject arbitrary web scripts in pages
that will execute whenever a user accesses an injected page.

* https://github.com/codeb0ss/CVE-2024-2122-PoC

CVE-2024-2074

A vulnerability was found in Mini-Tmall up to 20231017 and classified as
critical. This issue affects some unknown processing of the file
?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql
injection. The attack may be initiated remotely. The exploit has been disclosed
to the public and may be used. The identifier VDB-255389 was assigned to this
vulnerability.

* https://github.com/yuziiiiiiiiii/CVE-2024-2074

CVE-2024-2054

The Artica-Proxy administrative web application will deserialize arbitrary PHP
objects supplied by unauthenticated users and subsequently enable code execution
as the "www-data" user.

* https://github.com/Madan301/CVE-2024-2054

CVE-2024-1939

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote
attacker to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: High)

* https://github.com/rycbar77/CVE-2024-1939

CVE-2024-1931

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a
vulnerability that can cause denial of service by a certain code path that can
lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE
records from responses with size higher than the client's advertised buffer
size. Before removing all the EDE records however, it would try to see if
trimming the extra text fields on those records would result in an acceptable
size while still retaining the EDE codes. Due to an unchecked condition, the
code that trims the text of the EDE records could loop indefinitely. This
happens when Unbound would reply with attached EDE information on a positive
reply and the client's buffer size is smaller than the needed space to include
EDE records. The vulnerability can only be triggered when the 'ede: yes' option
is used; non default configuration. From version 1.19.2 on, the code is fixed to
avoid looping indefinitely.

* https://github.com/passer12/CVE-2024-1931-reproduction

CVE-2024-1900

Improper session management in the identity provider authentication flow in
Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an
identity provider to stay authenticated after his user is disabled or deleted in
the identity provider such as Okta or Microsoft O365. The user will stay
authenticated until the Devolutions Server token expiration.

* https://github.com/adminlove520/cve-2024-19002

CVE-2024-1874

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5,
when using proc_open() command with array syntax, due to insufficient escaping,
if the arguments of the executed command are controlled by a malicious user, the
user can supply arguments that would execute arbitrary commands in Windows
shell.

* https://github.com/Tgcohce/CVE-2024-1874

* https://github.com/ox1111/-CVE-2024-1874-

CVE-2024-1800

In Progress Telerik Report Server versions prior to 2024 Q1 (10.0.24.130), a
remote code execution attack is possible through an insecure deserialization
vulnerability.

* https://github.com/sinsinology/CVE-2024-4358

* https://github.com/gh-ost00/CVE-2024-4358

CVE-2024-1781

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has
been rated as critical. This issue affects the function setWizardCfg of the file
/cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command
injection. The exploit has been disclosed to the public and may be used. The
identifier VDB-254573 was assigned to this vulnerability. NOTE: The vendor was
contacted early about this disclosure but did not respond in any way.

* https://github.com/Icycu123/CVE-2024-1781

CVE-2024-1709

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication
Bypass Using an Alternate Path or Channel vulnerability, which may allow an
attacker direct access to confidential information or critical systems.

* https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE

* https://github.com/HussainFathy/CVE-2024-1709

* https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709

* https://github.com/codeb0ss/CVE-2024-1709-PoC

* https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708

* https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass

* https://github.com/AhmedMansour93/Event-ID-229-Rule-Name-SOC262-CVE-2024-1709-

CVE-2024-1708

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal
vulnerability, which may allow an attacker the ability to execute remote code or
directly impact confidential data or critical systems.

* https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE

* https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708

CVE-2024-1698

The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup &
Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL
Injection via the 'type' parameter in all versions up to, and including, 2.8.2
due to insufficient escaping on the user supplied parameter and lack of
sufficient preparation on the existing SQL query. This makes it possible for
unauthenticated attackers to append additional SQL queries into already existing
queries that can be used to extract sensitive information from the database.

* https://github.com/kamranhasan/CVE-2024-1698-Exploit

* https://github.com/codeb0ss/CVE-2024-1698-PoC

* https://github.com/jesicatjan/WordPress-NotificationX-CVE-2024-1698

* https://github.com/shanglyu/CVE-2024-1698

CVE-2024-1655

Certain ASUS WiFi routers models has an OS Command Injection vulnerability,
allowing an authenticated remote attacker to execute arbitrary system commands
by sending a specially crafted request.

* https://github.com/lnversed/CVE-2024-1655

CVE-2024-1651

Torrentpier version 2.4.1 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to insecure
deserialization.

* https://github.com/sharpicx/CVE-2024-1651-PoC

* https://github.com/hy011121/CVE-2024-1651-exploit-RCE

* https://github.com/Whiteh4tWolf/CVE-2024-1651-PoC

CVE-2024-1642

The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions
up to, and including, 4.6.0.1. This is due to missing or incorrect nonce
validation on the 'posting_bulk' function. This makes it possible for
unauthenticated attackers to delete arbitrary posts via a forged request granted
they can trick a site administrator into performing an action such as clicking
on a link.

* https://github.com/Symbolexe/CVE-2024-1642470

CVE-2024-1561

An issue was discovered in gradio-app/gradio, where the /component_server
endpoint improperly allows the invocation of any method on a Component class
with attacker-controlled arguments. Specifically, by exploiting the
move_resource_to_block_cache() method of the Block class, an attacker can copy
any file on the filesystem to a temporary directory and subsequently retrieve
it. This vulnerability enables unauthorized local file read access, posing a
significant risk especially when the application is exposed to the internet via
launch(share=True), thereby allowing remote attackers to read files on the host
machine. Furthermore, gradio apps hosted on huggingface.co are also affected,
potentially leading to the exposure of sensitive information such as API keys
and credentials stored in environment variables.

* https://github.com/DiabloHTB/CVE-2024-1561

* https://github.com/DiabloHTB/Nuclei-Template-CVE-2024-1561

CVE-2024-1512

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin
for WordPress is vulnerable to union based SQL Injection via the 'user'
parameter of the /lms/stm-lms/order/items REST route in all versions up to, and
including, 3.2.5 due to insufficient escaping on the user supplied parameter and
lack of sufficient preparation on the existing SQL query. This makes it possible
for unauthenticated attackers to append additional SQL queries into already
existing queries that can be used to extract sensitive information from the
database.

* https://github.com/rat-c/CVE-2024-1512

CVE-2024-1441

An off-by-one error flaw was found in the udevListInterfacesByStatus() function
in libvirt when the number of interfaces exceeds the size of the names array.
This issue can be reproduced by sending specially crafted data to the libvirt
daemon, allowing an unprivileged client to perform a denial of service attack by
causing the libvirt daemon to crash.

* https://github.com/almkuznetsov/CVE-2024-1441

CVE-2024-1403

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14,
12.8.1 on all platforms supported by the OpenEdge product, an authentication
bypass vulnerability has been identified. The vulnerability is a bypass to
authentication based on a failure to properly handle username and password.
Certain unexpected content passed into the credentials can lead to unauthorized
access without proper authentication.

* https://github.com/horizon3ai/CVE-2024-1403

CVE-2024-1380

The Relevanssi – A Better Search plugin for WordPress is vulnerable to
unauthorized access of data due to a missing capability check on the
relevanssi_export_log_check() function in all versions up to, and including,
4.22.0. This makes it possible for unauthenticated attackers to export the query
log data. The vendor has indicated that they may look into adding a capability
check for proper authorization control, however, this vulnerability is
theoretically patched as is.

* https://github.com/RandomRobbieBF/CVE-2024-1380

CVE-2024-1346

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This
vulnerability allows an attacker to calculate the root password of the MySQL
database used by LaborOfficeFree using two constants.

* https://github.com/PeterGabaldon/CVE-2024-1346

CVE-2024-1304

Cross-site scripting vulnerability in Badger Meter Monitool that affects
versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to
send a specially crafted javascript payload to an authenticated user and
partially hijack their browser session.

* https://github.com/guillermogm4/CVE-2024-1304---Badgermeter-moni-tool-Reflected-Cross-Site-Scripting-XSS

CVE-2024-1303

Incorrectly limiting the path to a restricted directory vulnerability in Badger
Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability
allows an authenticated attacker to retrieve any file from the device using the
download-file functionality.

* https://github.com/guillermogm4/CVE-2024-1303---Badgermeter-moni-tool-Path-Traversal

CVE-2024-1302

Information exposure vulnerability in Badger Meter Monitool affecting versions
up to 4.6.3 and earlier. A local attacker could change the application's file
parameter to a log file obtaining all sensitive information such as database
credentials.

* https://github.com/guillermogm4/CVE-2024-1302---Badgermeter-moni-tool-Sensitive-information-exposure

CVE-2024-1301

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3
and earlier. A remote attacker could send a specially crafted SQL query to the
server via the j_username parameter and retrieve the information stored in the
database.

* https://github.com/guillermogm4/CVE-2024-1301---Badgermeter-moni-tool-SQL-Injection

CVE-2024-1288

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to
unauthorized modification of data due to a missing capability check on the
'saswp_reviews_form_render' function in all versions up to, and including, 1.26.
This makes it possible for authenticated attackers, with contributor access and
above, to modify the plugin's stored reCaptcha site and secret keys, potentially
breaking the reCaptcha functionality.

* https://github.com/mhtsec/cve-2024-12883

CVE-2024-1269

A vulnerability has been found in SourceCodester Product Management System 1.0
and classified as problematic. This vulnerability affects unknown code of the
file /supplier.php. The manipulation of the argument
supplier_name/supplier_contact leads to cross site scripting. The attack can be
initiated remotely. The exploit has been disclosed to the public and may be
used. The identifier of this vulnerability is VDB-253012.

* https://github.com/sajaljat/CVE-2024-1269

CVE-2024-1212

Unauthenticated remote attackers can access the system through the LoadMaster
management interface, enabling arbitrary system command execution.

* https://github.com/Chocapikk/CVE-2024-1212

* https://github.com/nak000/CVE-2024-1212

CVE-2024-1210

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information
Exposure in all versions up to, and including, 4.10.1 via API. This makes it
possible for unauthenticated attackers to obtain access to quizzes.

* https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210

CVE-2024-1209

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information
Exposure in all versions up to, and including, 4.10.1 via direct file access due
to insufficient protection of uploaded assignments. This makes it possible for
unauthenticated attackers to obtain those uploads.

* https://github.com/karlemilnikka/CVE-2024-1209

CVE-2024-1208

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information
Exposure in all versions up to, and including, 4.10.2 via API. This makes it
possible for unauthenticated attackers to obtain access to quiz questions.

* https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210

* https://github.com/Cappricio-Securities/CVE-2024-1208

* https://github.com/Cappricio-Securities/.github

CVE-2024-1207

The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via
the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to,
and including, 9.9 due to insufficient escaping on the user supplied parameter
and lack of sufficient preparation on the existing SQL query. This makes it
possible for unauthenticated attackers to append additional SQL queries into
already existing queries that can be used to extract sensitive information from
the database.

* https://github.com/sahar042/CVE-2024-1207

CVE-2024-1143

Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting
(XSS), which could allow for the leakage of user sessions and subsequent
authentication bypass.

* https://github.com/windz3r0day/CVE-2024-11432

CVE-2024-1142

Path Traversal in Sonatype IQ Server from version 143 allows remote
authenticated attackers to overwrite or delete files via a specially crafted
request. Version 171 fixes this issue.

* https://github.com/windz3r0day/CVE-2024-11428

CVE-2024-1141

A vulnerability was found in python-glance-store. The issue occurs when the
package logs the access_key for the glance-store when the DEBUG log level is
enabled.

* https://github.com/windz3r0day/CVE-2024-11412

CVE-2024-1138

The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition
contains a vulnerability that allows a low privileged attacker with network
access to execute a privilege escalation on the affected ftlserver. Affected
releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions
6.10.1 and below.

* https://github.com/windz3r0day/CVE-2024-11381

* https://github.com/windz3r0day/CVE-2024-11388

* https://github.com/windz3r0day/CVE-2024-11387

CVE-2024-1131

* https://github.com/famixcm/CVE-2024-11319

* https://github.com/xthalach/CVE-2024-11318

CVE-2024-1120

The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales
Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable
to unauthorized access of data due to a missing capability check on the
download_tools_settings() function in all versions up to, and including, 2.17.0.
This makes it possible for unauthenticated attackers to export system
information that can aid attackers in an attack.

* https://github.com/NSQAQ/CVE-2024-11201

CVE-2024-1119

The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized
access of data due to a missing capability check on the export_tips_to_csv()
function in all versions up to, and including, 1.3.1. This makes it possible for
unauthenticated attackers to export the plugin's order fees.

* https://github.com/windz3r0day/CVE-2024-11199

CVE-2024-1112

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus
Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker
to execute arbitrary code via a long filename argument.

* https://github.com/FoKiiin/CVE-2024-11120

* https://github.com/enessakircolak/CVE-2024-1112

CVE-2024-1101

* https://github.com/hatvix1/CVE-2024-11016

CVE-2024-1096

Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by
triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B,
0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F,
0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the
fildds.sys driver.

* https://github.com/FoKiiin/CVE-2024-10961

CVE-2024-1095

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for
WordPress is vulnerable to unauthorized access of data due to a missing
capability check on the settings_export() function in all versions up to, and
including, 1.3.5.4. This makes it possible for unauthenticated attackers to
export the plugin's settings.

* https://github.com/reinh3rz/CVE-2024-10958-WPPA-Exploit

CVE-2024-1092

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video
Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data
modification due to a missing capability check on the feedzy dashboard in all
versions up to, and including, 4.4.1. This makes it possible for authenticated
attackers, with contributor access or higher, to create, edit or delete feed
categories created by them.

* https://github.com/RandomRobbieBF/CVE-2024-10924

* https://github.com/FoKiiin/CVE-2024-10924

* https://github.com/dua1337/Exploit-for-CVE-2024-10924

* https://github.com/MattJButler/CVE-2024-10924

* https://github.com/julesbsz/CVE-2024-10924

* https://github.com/Trackflaw/CVE-2024-10924-Wordpress-Docker

CVE-2024-1091

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to
unauthorized modification of data due to a missing capability check on the
reinitialize function in all versions up to, and including, 3.1.13. This makes
it possible for authenticated attackers, with subscriber-level access and above,
to remove all plugin data.

* https://github.com/verylazytech/CVE-2024-10914

* https://github.com/imnotcha0s/CVE-2024-10914

* https://github.com/ThemeHackers/CVE-2024-10914

* https://github.com/Bu0uCat/D-Link-NAS-CVE-2024-10914-

* https://github.com/Egi08/CVE-2024-10914

CVE-2024-1086

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables
component can be exploited to achieve local privilege escalation. The
nft_verdict_init() function allows positive values as drop error within the hook
verdict, and hence the nf_hook_slow() function can cause a double free
vulnerability when NF_DROP is issued with a drop error which resembles
NF_ACCEPT. We recommend upgrading past commit
f342de4e2f33e0e39165d8639387aa6c19dff660.

* https://github.com/Notselwyn/CVE-2024-1086

* https://github.com/Alicey0719/docker-POC_CVE-2024-1086

* https://github.com/xzx482/CVE-2024-1086

* https://github.com/feely666/CVE-2024-1086

* https://github.com/CCIEVoice2009/CVE-2024-1086

* https://github.com/kevcooper/CVE-2024-1086-checker

CVE-2024-1079

The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data
due to a missing capability check on the ays_show_results() function in all
versions up to, and including, 6.5.2.4. This makes it possible for
unauthenticated attackers to fetch arbitrary quiz results which can contain PII.

* https://github.com/windz3r0day/CVE-2024-10793

CVE-2024-1072

The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming
Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized
modification of data due to a missing capability check on the
seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21.
This makes it possible for unauthenticated attackers to change the contents of
coming-soon, maintenance pages, login and 404 pages set up with the plugin.
Version 6.15.22 addresses this issue but introduces a bug affecting admin pages.
We suggest upgrading to 6.15.23.

* https://github.com/RandomRobbieBF/CVE-2024-10728

CVE-2024-1071

The Ultimate Member – User Profile, Registration, Login, Member Directory,
Content Restriction & Membership Plugin plugin for WordPress is vulnerable to
SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to
insufficient escaping on the user supplied parameter and lack of sufficient
preparation on the existing SQL query. This makes it possible for
unauthenticated attackers to append additional SQL queries into already existing
queries that can be used to extract sensitive information from the database.

* https://github.com/gh-ost00/CVE-2024-1071-SQL-Injection

* https://github.com/gbrsh/CVE-2024-1071

* https://github.com/Dogu589/WordPress-Exploit-CVE-2024-1071

* https://github.com/Matrexdz/CVE-2024-1071

* https://github.com/Trackflaw/CVE-2024-1071-Docker

* https://github.com/Matrexdz/CVE-2024-1071-Docker

* https://github.com/Spid3heX/CVE-2024-1071-PoC-Script

CVE-2024-1062

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of
service when writing a value larger than 256 chars in log_entry_attr.

* https://github.com/RandomRobbieBF/CVE-2024-10629

CVE-2024-1060

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a
remote attacker to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: High)

* https://github.com/bevennyamande/CVE-2024-10605

CVE-2024-1059

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139
allowed a remote attacker to potentially exploit stack corruption via a crafted
HTML page. (Chromium security severity: High)

* https://github.com/windz3r0day/CVE-2024-10592

CVE-2024-1058

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via the onclick parameter in all versions up to, and
including, 1.58.3 due to insufficient input sanitization and output escaping.
This makes it possible for authenticated attackers with contributor access or
higher to inject arbitrary web scripts in pages that will execute whenever a
user accesses an injected page. 1.58.3 offers a partial fix.

* https://github.com/RandomRobbieBF/CVE-2024-10586

CVE-2024-1055

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
plugin's buttons in all versions up to, and including, 2.7.14 due to
insufficient input sanitization and output escaping on user supplied URL values.
This makes it possible for authenticated attackers with contributor-level and
above permissions to inject arbitrary web scripts in pages that will execute
whenever a user accesses an injected page.

* https://github.com/bevennyamande/CVE-2024-10557

CVE-2024-1050

The Import and export users and customers plugin for WordPress is vulnerable to
unauthorized modification of data due to a missing capability check on the
ajax_force_reset_password_delete_metas() function in all versions up to, and
including, 1.26.5. This makes it possible for authenticated attackers, with
subscriber-level access and above, to delete all forced password resets.

* https://github.com/Jenderal92/CVE-2024-10508

* https://github.com/ubaii/CVE-2024-10508

CVE-2024-1047

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized
modification of data due to a missing capability check on the
register_reference() function in all versions up to, and including, 2.10.28.
This makes it possible for unauthenticated attackers to update the connected API
keys.

* https://github.com/RandomRobbieBF/CVE-2024-10470

CVE-2024-1044

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to
unauthorized modification of data due to a missing capability check on the
'submit_review' function in all versions up to, and including, 5.38.12. This
makes it possible for unauthenticated attackers to submit reviews with arbitrary
email addresses regardless of whether reviews are globally enabled.

* https://github.com/bevennyamande/CVE-2024-10448

* https://github.com/g-u-i-d/CVE-2024-10449-patch

CVE-2024-1041

The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin
for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's
settings in all versions up to, and including, 3.1.9 due to insufficient input
sanitization and output escaping as well as insufficient access control on the
settings. This makes it possible for authenticated attackers, with subscriber
access and above, to inject arbitrary web scripts in pages that will execute
whenever a user accesses an injected page.

* https://github.com/K1nako0/CVE-2024-10410

CVE-2024-1035

A vulnerability has been found in openBI up to 1.0.8 and classified as critical.
This vulnerability affects the function uploadIcon of the file
/application/index/controller/Icon.php. The manipulation of the argument image
leads to unrestricted upload. The attack can be initiated remotely. The exploit
has been disclosed to the public and may be used. VDB-252310 is the identifier
assigned to this vulnerability.

* https://github.com/K1nako0/CVE-2024-10355

* https://github.com/K1nako0/CVE-2024-10354

CVE-2024-1024

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and
classified as problematic. This vulnerability affects unknown code of the
component New Account Handler. The manipulation of the argument First Name/Last
Name with the input <script>alert(1)</script> leads to cross site scripting. The
attack can be initiated remotely. The exploit has been disclosed to the public
and may be used. The identifier of this vulnerability is VDB-252292.

* https://github.com/RandomRobbieBF/CVE-2024-10245

CVE-2024-1022

A vulnerability, which was classified as problematic, was found in CodeAstro
Simple Student Result Management System 5.6. This affects an unknown part of the
file /add_classes.php of the component Add Class Page. The manipulation of the
argument Class Name leads to cross site scripting. It is possible to initiate
the attack remotely. The exploit has been disclosed to the public and may be
used. The associated identifier of this vulnerability is VDB-252291.

* https://github.com/mochizuki875/CVE-2024-10220-githooks

CVE-2024-1014

Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3
affecting versions 03.07.03 and higher. An attacker could interrupt the
availability of the administration panel by sending multiple ICMP packets.

* https://github.com/holypryx/CVE-2024-10140

CVE-2024-1001

A vulnerability classified as critical has been found in Totolink N200RE
9.3.5u.6139_B20201216. Affected is the function main of the file
/cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It
is possible to launch the attack remotely. The exploit has been disclosed to the
public and may be used. VDB-252270 is the identifier assigned to this
vulnerability. NOTE: The vendor was contacted early about this disclosure but
did not respond in any way.

* https://github.com/windz3r0day/CVE-2024-10015

CVE-2024-0986

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical.
This issue affects some unknown processing of the file
/index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of
the argument Command leads to os command injection. The attack may be initiated
remotely. The exploit has been disclosed to the public and may be used. The
associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was
contacted early about this disclosure but did not respond in any way.

* https://github.com/gunzf0x/Issabel-PBX-4.0.0-RCE-Authenticated

CVE-2024-0944

A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated
as problematic. Affected by this issue is some unknown functionality of the file
/cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack
may be launched remotely. The complexity of an attack is rather high. The
exploitation is known to be difficult. The exploit has been disclosed to the
public and may be used. The identifier of this vulnerability is VDB-252188.
NOTE: The vendor was contacted early about this disclosure but did not respond
in any way.

* https://github.com/Artemisxxx37/cve-2024-0944

CVE-2024-0906

The f(x) Private Site plugin for WordPress is vulnerable to Sensitive
Information Exposure in all versions up to, and including, 1.2.1 via the API.
This makes it possible for unauthenticated attackers to obtain page and post
contents of a site protected with this plugin.

* https://github.com/sudoCreate258/lab1_patch

CVE-2024-0783

A vulnerability was found in Project Worlds Online Admission System 1.0 and
classified as critical. This issue affects some unknown processing of the file
documents.php. The manipulation leads to unrestricted upload. The attack may be
initiated remotely. The exploit has been disclosed to the public and may be
used. The associated identifier of this vulnerability is VDB-251699.

* https://github.com/keru6k/Online-Admission-System-RCE-PoC

CVE-2024-0762

Potential buffer overflow in unsafe UEFI variable handling in Phoenix
SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™
for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for
Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel
Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet
Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake:
from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from
4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1
before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before
4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before
4.5.1.15.

* https://github.com/tadash10/Detect-CVE-2024-0762

CVE-2024-0757

The Insert or Embed Articulate Content into WordPress plugin through
4.3000000023 is not properly filtering which file extensions are allowed to be
imported on the server, allowing the uploading of malicious code within zip
files

* https://github.com/hunThubSpace/CVE-2024-0757-Exploit

CVE-2024-0741

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory
leading to a potentially exploitable crash. This vulnerability affects Firefox <
122, Firefox ESR < 115.7, and Thunderbird < 115.7.

* https://github.com/HyHy100/Firefox-ANGLE-CVE-2024-0741

CVE-2024-0713

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28871.
Reason: This candidate is a reservation duplicate of CVE-2020-28871. Notes: All
CVE users should reference CVE-2020-28871 instead of this candidate. All
references and descriptions in this candidate have been removed to prevent
accidental usage.

* https://github.com/kitodd/CVE-2024-0713

CVE-2024-0710

The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in
all versions up to, and including, 1.5.5. This is due to insufficient input
validation. This makes it possible for unauthenticated attackers to tamper with
the generation of a unique ID on a form submission and replace the generated
unique ID with a user-controlled one, leading to a loss of integrity in cases
where the ID's uniqueness is relied upon in a security-specific context.

* https://github.com/karlemilnikka/CVE-2024-0710

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with
user-controlled data of multiple hundred bytes in length could occur in the
line_bytes_split() function, potentially leading to an application crash and
denial of service.

* https://github.com/Valentin-Metz/writeup_split

CVE-2024-0679

The ColorMag theme for WordPress is vulnerable to unauthorized access due to a
missing capability check on the plugin_action_callback() function in all
versions up to, and including, 3.1.2. This makes it possible for authenticated
attackers, with subscriber-level access and above, to install and activate
arbitrary plugins.

* https://github.com/RandomRobbieBF/CVE-2024-0679

CVE-2024-0624

The Paid Memberships Pro – Content Restriction, User Registration, & Paid
Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery
in all versions up to, and including, 2.12.7. This is due to missing or
incorrect nonce validation on the pmpro_update_level_order() function. This
makes it possible for unauthenticated attackers to update the order of levels
via a forged request granted they can trick a site administrator into performing
an action such as clicking on a link.

* https://github.com/kodaichodai/CVE-2024-0624

CVE-2024-0623

The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request
Forgery in all versions up to, and including, 1.31.1.1. This is due to missing
or incorrect nonce validation on the vbp_clear_patterns_cache() function. This
makes it possible for unauthenticated attackers to clear the patterns cache via
a forged request granted they can trick a site administrator into performing an
action such as clicking on a link.

* https://github.com/kodaichodai/CVE-2024-0623

CVE-2024-0590

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request
Forgery in all versions up to, and including, 0.9.3. This is due to missing
nonce validation on the edit_clarity_project_id() function. This makes it
possible for unauthenticated attackers to change the project id and add
malicious JavaScript via a forged request granted they can trick a site
administrator into performing an action such as clicking on a link.

* https://github.com/kodaichodai/CVE-2024-0590

CVE-2024-0588

The Paid Memberships Pro – Content Restriction, User Registration, & Paid
Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery
in all versions up to, and including, 2.12.10. This is due to missing nonce
validation on the pmpro_lifter_save_streamline_option() function. This makes it
possible for unauthenticated attackers to enable the streamline setting with
Lifter LMS via a forged request granted they can trick a site administrator into
performing an action such as clicking on a link.

* https://github.com/kodaichodai/CVE-2024-0588

CVE-2024-0582

A memory leak flaw was found in the Linux kernel’s io_uring functionality in how
a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and
then frees it. This flaw allows a local user to crash or potentially escalate
their privileges on the system.

* https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582

* https://github.com/geniuszlyy/CVE-2024-0582

* https://github.com/Forsaken0129/CVE-2024-0582

* https://github.com/0ptyx/cve-2024-0582

CVE-2024-0566

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and
escape a parameter before using it in a SQL statement, leading to a SQL
injection exploitable by high privilege users such as admin.

* https://github.com/xbz0n/CVE-2024-0566

CVE-2024-0509

The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to
Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up
to, and including, 1.0.3 due to insufficient input sanitization and output
escaping. This makes it possible for unauthenticated attackers to inject
arbitrary web scripts in pages that execute if they can successfully trick a
user into performing an action such as clicking on a link.

* https://github.com/kodaichodai/CVE-2024-0509

CVE-2024-0507

An attacker with access to a Management Console user account with the editor
role could escalate privileges through a command injection vulnerability in the
Management Console. This vulnerability affected all versions of GitHub
Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13
This vulnerability was reported via the GitHub Bug Bounty program.

* https://github.com/convisolabs/CVE-2024-0507_CVE-2024-0200-github

CVE-2024-0399

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly
sanitise and escape a parameter before using it in a SQL statement, leading to
an SQL injection exploitable by Subscriber+ role.

* https://github.com/xbz0n/CVE-2024-0399

CVE-2024-0379

The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress
is vulnerable to Cross-Site Request Forgery in all versions up to, and
including, 2.2.1. This is due to missing or incorrect nonce validation on the
ctf_auto_save_tokens function. This makes it possible for unauthenticated
attackers to update the site's twitter API token and secret via a forged request
granted they can trick a site administrator into performing an action such as
clicking on a link.

* https://github.com/kodaichodai/CVE-2024-0379

CVE-2024-0352

A vulnerability classified as critical was found in Likeshop up to
2.5.7.20210311. This vulnerability affects the function
FileServer::userFormImage of the file server/application/api/controller/File.php
of the component HTTP POST Request Handler. The manipulation of the argument
file leads to unrestricted upload. The attack can be initiated remotely. The
exploit has been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-250120.

* https://github.com/Cappricio-Securities/CVE-2024-0352

CVE-2024-0324

The User Profile Builder – Beautiful User Registration Forms, User Profiles &
User Role Editor plugin for WordPress is vulnerable to unauthorized modification
of data due to a missing capability check on the
'wppb_two_factor_authentication_settings_update' function in all versions up to,
and including, 3.10.8. This makes it possible for unauthenticated attackers to
enable or disable the 2FA functionality present in the Premium version of the
plugin for arbitrary user roles.

* https://github.com/kodaichodai/CVE-2024-0324

CVE-2024-0311

A malicious insider can bypass the existing policy of Skyhigh Client Proxy
without a valid release code.

* https://github.com/calligraf0/CVE-2024-0311

CVE-2024-0305

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to
2017 and classified as problematic. Affected by this issue is some unknown
functionality of the file /manage/IPSetup.php of the component Guest Login. The
manipulation leads to information disclosure. The attack may be launched
remotely. The exploit has been disclosed to the public and may be used. The
identifier of this vulnerability is VDB-249872.

* https://github.com/jidle123/cve-2024-0305exp

CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7
do not have authorisation in an AJAX action, allowing unauthenticated users to
retrieve email addresses of any users on the blog

* https://github.com/Cappricio-Securities/CVE-2024-0235

CVE-2024-0230

A session management issue was addressed with improved checks. This issue is
fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access
to the accessory may be able to extract its Bluetooth pairing key and monitor
Bluetooth traffic.

* https://github.com/keldnorman/cve-2024-0230-blue

CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an
unauthorized user to create an admin user via the administration portal.

* https://github.com/gobysec/Goby

* https://github.com/gobysec/GobyVuls

* https://github.com/horizon3ai/CVE-2024-0204

* https://github.com/cbeek-r7/CVE-2024-0204

* https://github.com/m-cetin/CVE-2024-0204

* https://github.com/adminlove520/CVE-2024-0204

CVE-2024-0200

An unsafe reflection vulnerability was identified in GitHub Enterprise Server
that could lead to reflection injection. This vulnerability could lead to the
execution of user-controlled methods and remote code execution. To exploit this
bug, an actor would need to be logged into an account on the GHES instance with
the organization owner role. This vulnerability affected all versions of GitHub
Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5,
and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.

* https://github.com/convisolabs/CVE-2024-0507_CVE-2024-0200-github

CVE-2024-0197

A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on
Windows allows an attacker to escalate their privilege level via local access.

* https://github.com/ewilded/CVE-2024-0197-POC

CVE-2024-0195

A vulnerability, which was classified as critical, was found in spider-flow
0.4.3. Affected is the function FunctionService.saveFunction of the file
src/main/java/org/spiderflow/controller/FunctionController.java. The
manipulation leads to code injection. It is possible to launch the attack
remotely. The exploit has been disclosed to the public and may be used.
VDB-249510 is the identifier assigned to this vulnerability.

* https://github.com/MuhammadWaseem29/CVE-2024-0195-SpiderFlow

* https://github.com/gh-ost00/CVE-2024-0195-SpiderFlow

* https://github.com/Cappricio-Securities/CVE-2024-0195

* https://github.com/hack-with-rohit/CVE-2024-0195-SpiderFlow

CVE-2024-0190

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and
classified as problematic. This issue affects some unknown processing of the
file add_quiz.php of the component Quiz Handler. The manipulation of the
argument Quiz Title/Quiz Description with the input
</title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack may
be initiated remotely. The exploit has been disclosed to the public and may be
used. The associated identifier of this vulnerability is VDB-249503.

* https://github.com/codeb0ss/CVE-2024-0190-PoC

CVE-2024-0049

In multiple locations, there is a possible out of bounds write due to a heap
buffer overflow. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation.

* https://github.com/Aakashmom/frameworks_av_android10_r33_CVE-2024-0049

* https://github.com/nidhihcl75/frameworks_av_AOSP10_r33_CVE-2024-0049

CVE-2024-0044

In createSessionInternal of PackageInstallerService.java, there is a possible
run-as any app due to improper input validation. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation.

* https://github.com/pl4int3xt/CVE-2024-0044

* https://github.com/canyie/CVE-2024-0044

* https://github.com/scs-labrat/android_autorooter

* https://github.com/Re13orn/CVE-2024-0044-EXP

* https://github.com/MrW0l05zyn/cve-2024-0044

* https://github.com/nahid0x1/CVE-2024-0044

* https://github.com/hunter24x24/cve_2024_0044

* https://github.com/007CRIPTOGRAFIA/c-CVE-2024-0044

* https://github.com/a-roshbaik/cve_2024_0044

* https://github.com/Kai2er/CVE-2024-0044-EXP

* https://github.com/nexussecelite/EvilDroid

CVE-2024-0040

In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to
a heap buffer overflow. This could lead to remote information disclosure with no
additional execution privileges needed. User interaction is not needed for
exploitation.

* https://github.com/uthrasri/frameworks_av_CVE-2024-0040

* https://github.com/nidhihcl75/frameworks_av_AOSP10_r33_CVE-2024-0040

CVE-2024-0039

In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds
write due to a missing bounds check. This could lead to remote code execution
with no additional execution privileges needed. User interaction is not needed
for exploitation.

* https://github.com/41yn14/CVE-2024-0039-Exploit

* https://github.com/23Nero/fix-02-failure-CVE-2024-31319-CVE-2024-0039

CVE-2024-0030

In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds
read due to an incorrect bounds check. This could lead to local information
disclosure with no additional execution privileges needed. User interaction is
not needed for exploitation.

* https://github.com/uthrasri/system_bt_CVE-2024-0030

CVE-2024-0023

In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of
bounds write due to an incorrect bounds check. This could lead to local
escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation.

* https://github.com/AbrarKhan/G3_Frameworks_av_CVE-2024-0023

* https://github.com/Aakashmom/frameworks_av_android10_r33_CVE-2024-0023

CVE-2024-0015

In convertToComponentName of DreamService.java, there is a possible way to
launch arbitrary protected activities due to intent redirection. This could lead
to local escalation of privilege with User execution privileges needed. User
interaction is not needed for exploitation.

* https://github.com/UmVfX1BvaW50/CVE-2024-0015

CVE-2024-0012

* https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012

* https://github.com/Sachinart/CVE-2024-0012-POC

* https://github.com/hazesecurity/CVE-2024-0012

* https://github.com/greaselovely/CVE-2024-0012

* https://github.com/VegetableLasagne/CVE-2024-0012

* https://github.com/iSee857/CVE-2024-0012-poc

* https://github.com/XiaomingX/cve-2024-0012-poc

* https://github.com/PunitTailor55/Paloalto-CVE-2024-0012

CVE-2024-0001

* https://github.com/jiupta/CVE-2024-0001-EXP

* https://github.com/RobloxSecurityResearcher/RobloxVulnerabilityCVE-2024-0001

pocorexp.nsa.im Open in urlscan Pro 188.114.97.3 Public Scan

Form analysis 1 forms found in the DOM

Text Content

pocorexp.nsa.im Open in urlscan Pro
188.114.97.3 Public Scan

Form analysis
1 forms found in the DOM