In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

• UmVfX1BvaW50/CVE-2024-0015

A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n

• ewilded/CVE-2024-0197-POC

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

• horizon3ai/CVE-2024-0204
• cbeek-r7/CVE-2024-0204
• m-cetin/CVE-2024-0204
• adminlove520/CVE-2024-0204

A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.

• keldnorman/cve-2024-0230-blue

Eine Schwachstelle wurde in Guangzhou Yingke Electronic Technology Ncast bis 2017 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /manage/IPSetup.php der Komponente Guest Login. Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

• jidle123/cve-2024-0305exp

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

• xbz0n/CVE-2024-0399

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

• xbz0n/CVE-2024-0566

A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.

• ysanatomic/io_uring_LPE-CVE-2024-0582
• Forsaken0129/CVE-2024-0582

The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.

• RandomRobbieBF/CVE-2024-0679

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

• Valentin-Metz/writeup_split

The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.

• karlemilnikka/CVE-2024-0710

• kitodd/CVE-2024-0713

Eine kritische Schwachstelle wurde in Project Worlds Online Admission System 1.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei documents.php. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

• keru6k/Online-Admission-System-RCE-PoC

The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

• 0x9567b/CVE-2024-0844

Eine Schwachstelle wurde in Issabel PBX 4.0.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /index.php?menu=asterisk_cli der Komponente Asterisk-Cli. Durch Beeinflussen des Arguments Command mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

• gunzf0x/Issabel-PBX-4.0.0-RCE-Authenticated

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• gbrsh/CVE-2024-1071
• Trackflaw/CVE-2024-1071-Docker
• Matrexdz/CVE-2024-1071
• Matrexdz/CVE-2024-1071-Docker

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.\n\n

• Notselwyn/CVE-2024-1086
• Alicey0719/docker-POC_CVE-2024-1086
• CCIEVoice2009/CVE-2024-1086

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.

• karlemilnikka/CVE-2024-1208-and-CVE-2024-1210

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.

• karlemilnikka/CVE-2024-1209

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n\n\n

• Chocapikk/CVE-2024-1212

In SourceCodester Product Management System 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /supplier.php. Dank Manipulation des Arguments supplier_name/supplier_contact mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

• sajaljat/CVE-2024-1269

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database.

• guillermogm4/CVE-2024-1301---Badgermeter-moni-tool-SQL-Injection

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials.

• guillermogm4/CVE-2024-1302---Badgermeter-moni-tool-Sensitive-information-exposure

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.

• guillermogm4/CVE-2024-1303---Badgermeter-moni-tool-Path-Traversal

Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session.

• guillermogm4/CVE-2024-1304---Badgermeter-moni-tool-Reflected-Cross-Site-Scripting-XSS

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.

• PeterGabaldon/CVE-2024-1346

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication.   \n\n\n\n\n\n\n

• horizon3ai/CVE-2024-1403

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.

• almkuznetsov/CVE-2024-1441

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• rat-c/CVE-2024-1512

An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via launch(share=True), thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on huggingface.co are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.

• DiabloHTB/CVE-2024-1561
• DiabloHTB/Nuclei-Template-CVE-2024-1561

Torrentpier version 2.4.1 allows executing arbitrary commands on the server.\n\nThis is possible because the application is vulnerable to insecure deserialization.\n\n\n\n\n

• sharpicx/CVE-2024-1651-PoC
• hy011121/CVE-2024-1651-exploit-RCE
• Whiteh4tWolf/CVE-2024-1651-PoC

Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.

• lnversed/CVE-2024-1655

The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• kamranhasan/CVE-2024-1698-Exploit

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\ncritical systems.\n\n

• W01fh4cker/ScreenConnect-AuthBypass-RCE
• HussainFathy/CVE-2024-1709
• sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass
• cjybao/CVE-2024-1709-and-CVE-2024-1708

Eine Schwachstelle wurde in Totolink X6000R AX3000 9.4.0cu.852_20230719 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion setWizardCfg der Datei /cgi-bin/cstecgi.cgi der Komponente shttpd. Dank der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

• Icycu123/CVE-2024-1781

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. \n\n

• ox1111/-CVE-2024-1874-

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

• Madan301/CVE-2024-2054

Eine kritische Schwachstelle wurde in Mini-Tmall bis 20231017 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei ?r=tmall/admin/user/1/1. Mit der Manipulation des Arguments orderBy mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

• yuziiiiiiiiii/CVE-2024-2074

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.

• douglasbuzatto/G3-Loop-DoS

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

• uthrasri/CVE-2024-2193

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.\n\n

• adhikara13/CVE-2024-2389

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

• Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.

• Puvipavan/CVE-2024-2667

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• c0d3zilla/CVE-2024-2876

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• herculeszxc/CVE-2024-2879

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n

• mattaperkins/FIX-CVE-2024-2961
• rvizx/CVE-2024-2961

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \r\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

• byinarie/CVE-2024-3094-info
• FabioBaroni/CVE-2024-3094-checker
• lypd0/CVE-2024-3094-Vulnerabity-Checker
• OpensourceICTSolutions/xz_utils-CVE-2024-3094
• bioless/xz_cve-2024-3094_detection
• Hacker-Hermanos/CVE-2024-3094_xz_check
• Fractal-Tess/CVE-2024-3094
• wgetnz/CVE-2024-3094-check
• emirkmo/xz-backdoor-github
• ashwani95/CVE-2024-3094
• harekrishnarai/xz-utils-vuln-checker
• teyhouse/CVE-2024-3094
• alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer
• Horizon-Software-Development/CVE-2024-3094
• hazemkya/CVE-2024-3094-checker
• lockness-Ko/xz-vulnerable-honeypot
• brinhosa/CVE-2024-3094-One-Liner
• isuruwa/CVE-2024-3094
• k4t3pr0/Check-CVE-2024-3094
• Yuma-Tsushima07/CVE-2024-3094
• jfrog/cve-2024-3094-tools
• krascovict/OSINT---CVE-2024-3094-
• Simplifi-ED/CVE-2024-3094-patcher
• gayatriracha/CVE-2024-3094-Nmap-NSE-script
• Mustafa1986/CVE-2024-3094
• MrBUGLF/XZ-Utils_CVE-2024-3094
• galacticquest/cve-2024-3094-detect
• zgimszhd61/cve-2024-3094-detect-tool
• mightysai1997/CVE-2024-3094-info
• mightysai1997/CVE-2024-3094
• mesutgungor/xz-backdoor-vulnerability
• reuteras/CVE-2024-3094
• amlweems/xzbot
• gustavorobertux/CVE-2024-3094
• ackemed/detectar_cve-2024-3094
• 0xlane/xz-cve-2024-3094
• dah4k/CVE-2024-3094
• hackingetico21/revisaxzutils
• devjanger/CVE-2024-3094-XZ-Backdoor-Detector
• ScrimForever/CVE-2024-3094
• pentestfunctions/CVE-2024-3094
• r0binak/xzk8s
• przemoc/xz-backdoor-links
• CyberGuard-Foundation/CVE-2024-3094
• Security-Phoenix-demo/CVE-2024-3094-fix-exploits
• MagpieRYL/CVE-2024-3094-backdoor-env-container
• Bella-Bc/xz-backdoor-CVE-2024-3094-Check
• TheTorjanCaptain/CVE-2024-3094-Checker
• iheb2b/CVE-2024-3094-Checker
• felipecosta09/cve-2024-3094
• weltregie/liblzma-scan
• crfearnworks/ansible-CVE-2024-3094
• robertdebock/ansible-playbook-cve-2024-3094
• badsectorlabs/ludus_xz_backdoor
• Juul/xz-backdoor-scan
• fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094-
• neuralinhibitor/xzwhy

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.\n

• TechieNeurons/CVE-2024-3116_RCE_in_pgadmin_8.4

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

• cdxiaodong/CVE-2024-3154-communication

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• BassamAssiri/CVE-2024-3217-POC

Eine Schwachstelle wurde in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L bis 20240403 entdeckt. Sie wurde als sehr kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /cgi-bin/nas_sharing.cgi der Komponente HTTP GET Request Handler. Mit der Manipulation des Arguments user mit der Eingabe messagebus mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

• nickswink/D-Link-NAS-Devices-Unauthenticated-RCE
• aliask/dinkleberry

Es wurde eine Schwachstelle in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L bis 20240403 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cgi-bin/nas_sharing.cgi der Komponente HTTP GET Request Handler. Durch die Manipulation des Arguments system mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

• Chocapikk/CVE-2024-3273
• adhikara13/CVE-2024-3273
• yarienkiva/honeypot-dlink-CVE-2024-3273
• K3ysTr0K3R/CVE-2024-3273-EXPLOIT
• ThatNotEasy/CVE-2024-3273
• LeopoldSkell/CVE-2024-3273
• mrrobot0o/CVE-2024-3273-

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

• Yuvvi01/CVE-2024-3400
• CerTusHack/CVE-2024-3400-PoC
• 0x0d3ad/CVE-2024-3400
• FoxyProxys/CVE-2024-3400
• momika233/CVE-2024-3400
• MrR0b0t19/CVE-2024-3400
• MurrayR0123/CVE-2024-3400-Compromise-Checker
• AdaniKamal/CVE-2024-3400
• LoanVitor/CVE-2024-3400-
• h4x0r-dz/CVE-2024-3400
• W01fh4cker/CVE-2024-3400-RCE-Scan
• CONDITIONBLACK/CVE-2024-3400-POC
• Chocapikk/CVE-2024-3400
• ihebski/CVE-2024-3400
• index2014/CVE-2024-3400-Checker
• ZephrFish/CVE-2024-3400-Canary
• ak1t4/CVE-2024-3400
• phantomradar/cve-2024-3400-poc
• retkoussa/CVE-2024-3400
• schooldropout1337/CVE-2024-3400
• hahasagined/CVE-2024-3400
• codeblueprint/CVE-2024-3400
• swaybs/CVE-2024-3400
• sxyrxyy/CVE-2024-3400-Check
• Ravaan21/CVE-2024-3400
• pwnj0hn/CVE-2024-3400
• HackingLZ/panrapidcheck
• Kr0ff/cve-2024-3400
• zam89/CVE-2024-3400-pot
• terminalJunki3/CVE-2024-3400-Checker
• 0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection
• marconesler/CVE-2024-3400
• andrelia-hacks/CVE-2024-3400
• tk-sawada/IPLineFinder
• iwallarm/cve-2024-3400

A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an attacker to manipulate the application's configuration by sending specially crafted JSON payloads. This could lead to remote code execution (RCE) by bypassing existing patches designed to mitigate such vulnerabilities.

• ymuraki-csc/cve-2024-3435

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• truonghuuphuc/CVE-2024-3495-Poc

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.

• truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc

The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

• c4cnm/CVE-2024-3867

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.\n

• airbus-cert/CVE-2024-4040
• tucommenceapousser/CVE-2024-4040-Scanner
• rbih-boulanouar/CVE-2024-4040
• Mufti22/CVE-2024-4040
• Stuub/CVE-2024-4040-SSTI-LFI-PoC
• Praison001/CVE-2024-4040-CrushFTP-server
• Mohammaddvd/CVE-2024-4040
• jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerability
• gotr00t0day/CVE-2024-4040
• 1ncendium/CVE-2024-4040

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

• skilfoy/CVE-2024-4323-Exploit-POC
• d0rb/CVE-2024-4323
• yuansec/CVE-2024-4323-dos_poc

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• truonghuuphuc/CVE-2024-4352-Poc

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

• LOURC0D3/CVE-2024-4367-PoC
• s4vvysec/CVE-2024-4367-POC
• spaceraccoon/detect-cve-2024-4367

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.

• MielPopsssssss/CVE-2024-4439
• d0rb/CVE-2024-4439
• xssor-dz/-CVE-2024-4439

A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18

• JoeBeeton/CVE-2024-4701-POC

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

• michredteam/CVE-2024-4761

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.

• RandomRobbieBF/CVE-2024-4875

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.

• banditzCyber0x/CVE-2024-4956
• xungzzz/CVE-2024-4956

• mhtsec/cve-2024-12883

A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.\r\n\r This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.

• Instructor-Team8/CVE-2024-20291-POC

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.

• nettitude/CVE-2024-20356
• SherllyNeo/CVE_2024_20356

Visual Studio Elevation of Privilege Vulnerability

• Wh04m1001/CVE-2024-20656

BitLocker Security Feature Bypass Vulnerability

• nnotwen/Script-For-CVE-2024-20666

Windows libarchive Remote Code Execution Vulnerability

• clearbluejar/CVE-2024-20696

Windows Kernel Elevation of Privilege Vulnerability

• RomanRybachek/CVE-2024-20698

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.

• yoryio/CVE-2024-20767
• m-cetin/CVE-2024-20767
• Chocapikk/CVE-2024-20767
• huyqa/cve-2024-20767
• Praison001/CVE-2024-20767-Adobe-ColdFusion

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

• GlassyAmadeus/CVE-2024-20931
• Leocodefocus/CVE-2024-20931-Poc
• ATonysan/CVE-2024-20931_weblogic
• dinosn/CVE-2024-20931

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

• momika233/CVE-2024-21006

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

• Alaatk/CVE-2024-21107

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

• mansk1es/CVE-2024-21111
• 10cks/CVE-2024-21111-del

Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

• tandasat/CVE-2024-21305

Microsoft Bluetooth Driver Spoofing Vulnerability

• d4rks1d33/C-PoC-for-CVE-2024-21306
• PhucHauDeveloper/BadbBlue

Windows Kernel Elevation of Privilege Vulnerability

• hakaioffsec/CVE-2024-21338
• UMU618/CVE-2024-21338
• varwara/CVE-2024-21338
• Zombie-Kaiser/CVE-2024-21338-x64-build-

Windows Kernel Elevation of Privilege Vulnerability

• exploits-forsale/CVE-2024-21345
• FoxyProxys/CVE-2024-21345

Microsoft Outlook Remote Code Execution Vulnerability

• d0rb/CVE-2024-21378

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

• d0rb/CVE-2024-21388

Internet Shortcut Files Security Feature Bypass Vulnerability

• lsr00ter/CVE-2024-21412_Water-Hydra

Microsoft Outlook Remote Code Execution Vulnerability

• duy-31/CVE-2024-21413
• xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
• r00tb1t/CVE-2024-21413-POC
• CMNatic/CVE-2024-21413
• MSeymenD/CVE-2024-21413
• Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
• ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
• DevAkabari/CVE-2024-21413
• dshabani96/CVE-2024-21413
• X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit
• th3Hellion/CVE-2024-21413

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

• zpxlz/CVE-2024-21626-POC
• NitroCao/CVE-2024-21626
• Wall1e/CVE-2024-21626-POC
• cdxiaodong/CVE-2024-21626
• zhangguanzhang/CVE-2024-21626
• laysakura/CVE-2024-21626-demo
• V0WKeep3r/CVE-2024-21626-runcPOC
• abian2/CVE-2024-21626
• Sk3pper/CVE-2024-21626
• KubernetesBachelor/CVE-2024-21626
• dorser/cve-2024-21626

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.

• 0x33c0unt/CVE-2024-21633

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. This issue has been patched in version 0.5.0b3.dev77.

• ltranquility/CVE-2024-21644-Poc

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. \n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html\n\nYou can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.\n\nThis vulnerability was found internally.

• absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server
• Arbeys/CVE-2024-21683-PoC
• W01fh4cker/CVE-2024-21683-RCE

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

• BishopFox/cve-2024-21762-check
• cleverg0d/CVE-2024-21762-Checker
• h4x0r-dz/CVE-2024-21762
• r4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check
• d0rb/CVE-2024-21762
• lolminerxmrig/multicheck_CVE-2024-21762

\nAn OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

• FeatherStark/CVE-2024-21793

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

• oways/ivanti-CVE-2024-21887
• duy-31/CVE-2023-46805_CVE-2024-21887
• Chocapikk/CVE-2024-21887
• raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887
• seajaysec/Ivanti-Connect-Around-Scan
• mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped
• tucommenceapousser/CVE-2024-21887
• imhunterand/CVE-2024-21887

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

• h4x0r-dz/CVE-2024-21893.py
• Chocapikk/CVE-2024-21893-to-CVE-2024-21887

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

• 0dteam/CVE-2024-22024

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.

• securekomodo/CVE-2024-22026

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

• W01fh4cker/CVE-2024-22120-RCE

Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8.

• RandomRobbieBF/CVE-2024-22145

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.\n

• SeanPesce/CVE-2024-22243
• shellfeel/CVE-2024-22243-CVE-2024-22234

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.\n\nUsers are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1\n\n

• oscerd/CVE-2024-22369

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nPixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\n

• omranisecurity/CVE-2024-22393

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious user could exploit this vulnerability to trigger a cross site scripting attack on an unsuspecting user. This issue has been addressed in the 3.3.0 and 2.47.0 releases of Avo. Users are advised to upgrade.

• tamaloa/avo-CVE-2024-22411

pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release 0.5.0b3.dev78. All users are advised to upgrade.

• mindstorm38/ensimag-secu3a-cve-2024-22416

An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file.

• Orange-418/CVE-2024-22514-Remote-Code-Execution

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.

• Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution
• Orange-418/CVE-2024-22515-File-Upload-Vulnerability

Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.

• pwndorei/CVE-2024-22532

• austino2000/CVE-2024-22534

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.

• zunak/CVE-2024-22640

• zunak/CVE-2024-22641

Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory.

• hacker625/CVE-2024-22752

An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.

• Gray-0men/CVE-2024-22774

• brandon-t-elliott/CVE-2024-22867

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.

• shenhav12/CVE-2024-22889-Plone-v6.0.9

• BurakSevben/CVE-2024-22890

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.

• Jaarden/CVE-2024-22894

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.

• Chocapikk/CVE-2024-22899-to-22903-ExploitChain

• BurakSevben/CVE-2024-22909

An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php

• keru6k/CVE-2024-22922

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.

• NUDTTAN91/CVE-2024-22939

SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.

• keru6k/CVE-2024-22983

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.

• hrtowii/CVE-2024-23208-test

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.

• ox1111/CVE-2024-23334
• sxyrxyy/aiohttp-exploit-CVE-2024-23334-certstream
• z3rObyte/CVE-2024-23334-PoC
• jhonnybonny/CVE-2024-23334
• brian-edgar-re/poc-cve-2024-23334

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.

• abian2/CVE-2024-23652

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

• alexcote1/CVE-2024-23722-poc

The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.

• actuator/yi

An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."

• giovannipajeu1/CVE-2024-23738

An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

• giovannipajeu1/CVE-2024-23739

An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

• giovannipajeu1/CVE-2024-23740

An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

• giovannipajeu1/CVE-2024-23741

An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine.

• giovannipajeu1/CVE-2024-23742

Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."

• giovannipajeu1/CVE-2024-23743

In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS.

• louiselalanne/CVE-2024-23745

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents).

• louiselalanne/CVE-2024-23746

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.

• louiselalanne/CVE-2024-23747

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges.

• Verrideo/CVE-2024-23772

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges.

• Verrideo/CVE-2024-23773

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM privileges.

• Verrideo/CVE-2024-23774

• HazardLab-IO/CVE-2024-23780

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

• jenkinsci-cert/SECURITY-3314-3315
• binganao/CVE-2024-23897
• h4x0r-dz/CVE-2024-23897
• xaitax/CVE-2024-23897
• vmtyan/poc-cve-2024-23897
• yoryio/CVE-2024-23897
• CKevens/CVE-2024-23897
• 10T4/PoC-Fix-jenkins-rce_CVE-2024-23897
• wjlin0/CVE-2024-23897
• Vozec/CVE-2024-23897
• raheel0x01/CVE-2024-23897
• viszsec/CVE-2024-23897
• jopraveen/CVE-2024-23897
• AbraXa5/Jenkins-CVE-2024-23897
• brijne/CVE-2024-23897-RCE
• WLXQqwer/Jenkins-CVE-2024-23897-
• kaanatmacaa/CVE-2024-23897
• Praison001/CVE-2024-23897-Jenkins-Arbitrary-Read-File-Vulnerability
• B4CK4TT4CK/CVE-2024-23897
• godylockz/CVE-2024-23897
• ifconfig-me/CVE-2024-23897
• ThatNotEasy/CVE-2024-23897
• pulentoski/CVE-2024-23897-Arbitrary-file-read
• Nebian/CVE-2024-23897
• Abo5/CVE-2024-23897
• Athulya666/CVE-2024-23897
• murataydemir/CVE-2024-23897
• mil4ne/CVE-2024-23897-Jenkins-4.441
• Maalfer/CVE-2024-23897

Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.

• ELIZEUOPAIN/CVE-2024-24034

Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter.

• ELIZEUOPAIN/CVE-2024-24035

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.

• BurakSevben/CVE-2024-24134

Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.

• BurakSevben/CVE-2024-24135

The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.

• BurakSevben/CVE-2024-24136

• BurakSevben/CVE-2024-24137

• BurakSevben/CVE-2024-24138

Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter.

• BurakSevben/CVE-2024-24139

Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'

• BurakSevben/CVE-2024-24140

Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.

• BurakSevben/CVE-2024-24141

Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.

• BurakSevben/CVE-2024-24142

A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and ‘Patrons Restriction’ components.

• nitipoom-jar/CVE-2024-24336

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.

• nitipoom-jar/CVE-2024-24337

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.

• erick-duarte/CVE-2024-24386

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.

• trustcves/CVE-2024-24396

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.

• trustcves/CVE-2024-24397

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.

• trustcves/CVE-2024-24398

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.

• MAWK0235/CVE-2024-24401

An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.

• MAWK0235/CVE-2024-24402

• passtheticket/CVE-2024-24409

An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.

• minj-ae/CVE-2024-24488

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.

• xF-9979/CVE-2024-24520

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.\n\nThe Command::arg and Command::args APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.\n\nOn Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.\n\nOne exception though is cmd.exe (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.\n\nDue to the complexity of cmd.exe, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the Command API to return an InvalidInput error when it cannot safely escape an argument. This error will be emitted when spawning the process.\n\nThe fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the CommandExt::raw_arg method to bypass the standard library's escaping logic.

• frostb1ten/CVE-2024-24576-PoC
• brains93/CVE-2024-24576-PoC-Python
• aydinnyunus/CVE-2024-24576-Exploit
• foxoman/CVE-2024-24576-PoC---Nim
• corysabol/batbadbut-demo
• mishalhossin/CVE-2024-24576-PoC-Python
• lpn/CVE-2024-24576.jl
• Gaurav1020/CVE-2024-24576-PoC-Rust
• SheL3G/CVE-2024-24576-PoC-BatBadBut

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not br-mailcow and the output interface is br-mailcow.

• killerbees19/CVE-2024-24760

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

• LOURC0D3/CVE-2024-24787-PoC

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.

• afine-com/CVE-2024-24816

• RandomRobbieBF/CVE-2024-25092

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.

• nettitude/CVE-2024-25153
• rainbowhatrkn/CVE-2024-25153

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.

• shenhav12/CVE-2024-25169-Mezzanine-v6.0.0

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.

• shenhav12/CVE-2024-25170-Mezzanine-v6.0.0

An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack.

• jet-pentest/CVE-2024-25175

Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar.

• Agampreet-Singh/CVE-2024-25202

SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.

• thetrueartist/ABO.CMS-Login-SQLi-CVE-2024-25227
• thetrueartist/ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

• intbjw/CVE-2024-25249

• fbkcs/CVE-2024-25270

• maen08/CVE-2024-25277

• sajaljat/CVE-2024-25278

• sajaljat/CVE-2024-25279

• sajaljat/CVE-2024-25280

• sajaljat/CVE-2024-25281

An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.

• ewilded/CVE-2024-25376-POC

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.

• Ox130e07d/CVE-2024-25381

An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file.

• DriverUnload/cve-2024-25423

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.

• FixedOctocat/CVE-2024-25466

• Chocapikk/CVE-2024-25600
• Christbowel/CVE-2024-25600_Nuclei-Template
• Tornad0007/CVE-2024-25600-Bricks-Builder-plugin-for-WordPress
• hy011121/CVE-2024-25600-wordpress-Exploit-RCE
• K3ysTr0K3R/CVE-2024-25600-EXPLOIT
• 0bl1v10nf0rg0773n/0BL1V10N-CVE-2024-25600-Bricks-Builder-plugin-for-WordPress
• X-Projetion/WORDPRESS-CVE-2024-25600-EXPLOIT-RCE
• RHYru9/CVE-2024-25600-mass

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.

• david-botelho-mariano/exploit-CVE-2024-25723

The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi).

• actuator/com.cn.dq.ipc

• hackintoanetwork/ARC-Browser-Address-Bar-Spoofing-PoC

• sajaljat/CVE-2024-25809

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.

• 0xNslabs/CVE-2024-25832-PoC

\n\n\nAn SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n

• passwa11/CVE-2024-26026
• GRTMALDET/Big-IP-Next-CVE-2024-26026

Windows Kernel Elevation of Privilege Vulnerability

• exploits-forsale/CVE-2024-26218

There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. \n\n

• Roud-Roud-Agency/CVE-2024-26304-RCE-exploits

An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.

• TronciuVlad/CVE-2024-26475

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.

• RoboGR00t/Exploit-CVE-2024-26503

HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.

• hackervegas001/CVE-2024-26521

• sajaljat/CVE-2024-26534

• sajaljat/CVE-2024-26535

• sajaljat/CVE-2024-26560

Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe

• Alaatk/CVE-2024-26574

In the Linux kernel, the following vulnerability has been resolved:\n\namdkfd: use calloc instead of kzalloc to avoid integer overflow\n\nThis uses calloc instead of doing the multiplication which might\noverflow.

• MaherAzzouzi/CVE-2024-26817-amdkfd

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.1.7.2770 build 20240520 and later\nQuTS hero h5.1.7.2770 build 20240520 and later

• watchtowrlabs/CVE-2024-27130
• d0rb/CVE-2024-27130

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

• Chocapikk/CVE-2024-27198
• yoryio/CVE-2024-27198
• W01fh4cker/CVE-2024-27198-RCE
• rampantspark/CVE-2024-27198
• passwa11/CVE-2024-27198-RCE
• CharonDefalt/CVE-2024-27198-RCE
• K3ysTr0K3R/CVE-2024-27198-EXPLOIT
• Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-
• Stuub/RCity-CVE-2024-27198

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

• lockness-Ko/CVE-2024-27316
• aeyesec/CVE-2024-27316_poc

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.

• xct/CVE-2024-27460
• Alaatk/CVE-2024-27460
• 10cks/CVE-2024-27460-installer

• Alaatk/CVE-2024-27462

Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.

• dead1nfluence/Leantime-POC

An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder.

• secunnix/CVE-2024-27518

Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot.

• ioprojecton/dir-3040_dos

Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.

• ally-petitt/CVE-2024-27630

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php

• ally-petitt/CVE-2024-27631

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.

• ally-petitt/CVE-2024-27632

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.

• Thirukrishnan/CVE-2024-27665

• Alaatk/CVE-2024-27673

Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary.

• Alaatk/CVE-2024-27674

• SanjinDedic/FuguHub-8.4-Authenticated-RCE-CVE-2024-27697

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

• R00tkitSMM/CVE-2024-27804

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.\n\n

• truonghuuphuc/CVE-2024-27956
• diego-tella/CVE-2024-27956-RCE
• X-Projetion/CVE-2024-27956-WORDPRESS-RCE-PLUGIN
• FoxyProxys/CVE-2024-27956
• k3ppf0r/CVE-2024-27956
• AiGptCode/WordPress-Auto-Admin-Account-and-Reverse-Shell-cve-2024-27956
• W3BW/CVE-2024-27956-RCE-File-Package

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10.

• truonghuuphuc/CVE-2024-27971-Note

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.\n\n

• truonghuuphuc/CVE-2024-27972-Poc

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.

• lirantal/CVE-2024-27983-nodejs-http2

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

• skyler-ferrante/CVE-2024-28085

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)

• levpachmanov/cve-2024-28088-poc

Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.

• akabe1/Graver

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18.

• T0X1Cx/CVE-2024-28247-Pi-hole-Arbitrary-File-Read

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111 will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the SecurityContext.getUserPrincipal() since it will return null and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-237.

• YongYe-Security/CVE-2024-28255

• Marven11/CVE-2024-28397

Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component.

• heshi906/CVE-2024-28515

An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.

• Alaatk/CVE-2024-28589

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.

• Lq0ne/CVE-2024-28715

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.

• chebuya/CVE-2024-28741-northstar-agent-rce-poc

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

• krnidhi/expat_2.1.1_CVE-2024-28757
• RenukaSelvar/expat_CVE-2024-28757
• saurabh2088/expat_2_1_0_CVE-2024-28757
• saurabh2088/expat_2_1_1_CVE-2024-28757

.NET Framework Information Disclosure Vulnerability

• codewhitesec/HttpRemotingObjRefLeak

An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.

• wutalent/CVE-2024-29269
• YongYe-Security/CVE-2024-29269
• Chocapikk/CVE-2024-29269

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.

• awjkjflkwlekfdjs/CVE-2024-29272

funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in "create a message ."

• QDming/cve

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.

• ThaySolis/CVE-2024-29296
• Lavender-exe/CVE-2024-29296-PoC

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.

• ismailcemunver/CVE-2024-29375

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.

• ally-petitt/CVE-2024-29399

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when register_argc_argv option of PHP is On. In cmd_realtime.php line 119, the $poller_id used as part of the command execution is sourced from $_SERVER['argv'], which can be controlled by URL when register_argc_argv option of PHP is On. And this option is On by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.

• Stuub/CVE-2024-29895-CactiRCE-PoC
• secunnix/CVE-2024-29895
• ticofookfook/CVE-2024-29895.py
• Rubioo02/CVE-2024-29895

SmartScreen Prompt Security Feature Bypass Vulnerability

• Sploitus/CVE-2024-29988-exploit

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.

• blackmagic2023/Envoy-CPU-Exhaustion-Vulnerability-PoC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.\n\n

• truonghuuphuc/CVE-2024-30491-Poc

An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.

• Lucky-lm/CVE-2024-30614

An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame.

• Yashodhanvivek/Firebolt-wristphone-vulnerability

An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go

• chebuya/CVE-2024-30850-chaos-rat-rce-poc

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.

• chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc

• XenoM0rph97/CVE-2024-30896

An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc.

• Athos-Zago/CVE-2024-30973

SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component.

• mortal-sec/CVE-2024-31025

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.

• sh1k4ku/CVE-2024-31497
• edutko/cve-2024-31497
• HugoBond/CVE-2024-31497-POC

• VoltaireYoung/CVE-2024-31719----AMI-Aptio-5-Vulnerability

• HBLocker/CVE-2024-31734

Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file

• restdone/CVE-2024-31771

• FreySolarEye/Exploit-CVE-2024-31777

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.

• Chocapikk/CVE-2024-31819

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.

• Stuub/CVE-2024-31848-PoC

A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

• GKalmus/referaat

The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).

• actuator/com.solarized.firedown

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

• markuta/hooky
• amalmurali47/git_rce
• amalmurali47/hook
• M507/CVE-2024-32002
• safebuffer/CVE-2024-32002
• 10cks/CVE-2024-32002-POC
• 10cks/CVE-2024-32002-hulk
• 10cks/CVE-2024-32002-submod
• 10cks/CVE-2024-32002-smash
• 10cks/CVE-2024-32002-linux-hulk
• 10cks/CVE-2024-32002-linux-submod
• 10cks/CVE-2024-32002-linux-smash
• aitorcastel/poc_CVE-2024-32002
• aitorcastel/poc_CVE-2024-32002_submodule
• 10cks/hook
• jweny/CVE-2024-32002_HOOK
• jweny/CVE-2024-32002_EXP
• CrackerCat/CVE-2024-32002_EXP
• KiranKumarK20/CVE-2024-32002
• jerrydotlam/cve-2024-32002-1
• jerrydotlam/cve-2024-32002-2
• jerrydotlam/cve-2024-32002-3
• Roronoawjd/hook
• Roronoawjd/git_rce
• JJoosh/CVE-2024-32002-Reverse-Shell
• YuanlooSec/CVE-2024-32002-poc
• 1mxml/CVE-2024-32002-poc
• bfengj/CVE-2024-32002-hook
• ycdxsb/CVE-2024-32002-hulk
• ycdxsb/CVE-2024-32002-submod
• bfengj/CVE-2024-32002-Exploit
• vincepsh/CVE-2024-32002
• vincepsh/CVE-2024-32002-hook
• JJoosh/CVE-2024-32002-
• 10cks/CVE-2024-32002-EXP
• WOOOOONG/CVE-2024-32002
• WOOOOONG/hook
• fadhilthomas/poc-git-rce-cve-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

• Wadewfsssss/CVE-2024-32004
• 10cks/CVE-2024-32004-POC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.\n\n

• xbz0n/CVE-2024-32136

• Lucky-lm/CVE-2024-32205

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.

• asdfjkl11/CVE-2024-32238
• FuBoLuSec/CVE-2024-32238

The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM.

• liyansong2018/CVE-2024-32258

SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.

• chucrutis/CVE-2024-32369

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.

• chucrutis/CVE-2024-32370

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0.

• chucrutis/CVE-2024-32371

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.

• NN0b0dy/CVE-2024-32399

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.

• absholi7ly/FreeRDP-Out-of-Bounds-Read-CVE-2024-32459-

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EverPress Mailster allows PHP Local File Inclusion.This issue affects Mailster: from n/a through 4.0.6.

• truonghuuphuc/CVE-2024-32523-Poc

• Stuub/CVE-2024-32640-SQLI-MuraCMS
• 0x3f3c/CVE-2024-32640-SQLI-MuraCMS

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.\n\n

• truonghuuphuc/CVE-2024-32709-Poc

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQTS 4.5.4.2627 build 20231225 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTS hero h4.5.4.2626 build 20231225 and later\nQuTScloud c5.1.5.2651 and later\n

• 3W1nd4r/CVE-2024-32766-RCE

Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution.

• HBLocker/CVE-2024-33078

• balckgu1/Poc

File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.

• julio-cfa/CVE-2024-33438

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.\n\n

• absholi7ly/WordPress-XStore-theme-SQL-Injection

• fuzzlove/soplanning-1.52-exploits

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.

• Neo-XeD/CVE-2024-33775

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.\n\n

• xbz0n/CVE-2024-33911

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.

• dovankha/CVE-2024-34220

Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.

• dovankha/CVE-2024-34221

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.

• dovankha/CVE-2024-34222

Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.

• dovankha/CVE-2024-34223

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.

• dovankha/CVE-2024-34224

Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.

• dovankha/CVE-2024-34225

SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.

• dovankha/CVE-2024-34226

Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.

• 3309899621/CVE-2024-34310

Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a /. This vulnerability was fixed in Next.js 14.1.1.

• Voorivex/CVE-2024-34351

Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.

• Toxich4/CVE-2024-34469

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.

• osvaldotenorio/CVE-2024-34470

An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading.

• osvaldotenorio/CVE-2024-34471

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database.

• osvaldotenorio/CVE-2024-34472

Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.

• Alaatk/CVE-2024-34474

Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature.

• silent6trinity/CVE-2024-34582

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be executed when an admin opens the attached file in back office. The script injected can access the session and the security token, which allows it to perform any authenticated action in the scope of the administrator's right. This vulnerability is patched in 8.1.6. A workaround is to disable the customer-thread feature-flag.

• aelmokhtar/CVE-2024-34716_PoC

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add

• Gr-1m/CVE-2024-34958-1

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.

• carsonchan12345/CVE-2024-35475

• DxRvs/vaultize_CVE-2024-36079

• CBaekhyunC/cve-2024-65230

• sanderswannalive/sumkaluissessss

• Symbolexe/CVE-2024-1642470

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96\n\n

• ASkyeye/CVE-2023-0045
• es0j/CVE-2023-0045

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

• amirzargham/CVE-2023-0099-exploit

The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.

• b0marek/CVE-2023-0156

The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.

• b0marek/CVE-2023-0157

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.

• im-hanzou/EVCer

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

• TurtleARM/CVE-2023-0179-PoC
• H4K6/CVE-2023-0179-PoC

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

• twwd/CVE-2023-0264

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e\n

• SeanHeelan/claude_opus_cve_2023_0266

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

• bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad
• Small-ears/CVE-2023-0297
• JacobEbben/CVE-2023-0297
• overgrowncarrot1/CVE-2023-0297

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.

• mhaskar/CVE-2023-0315

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

• veritas501/CVE-2023-0386
• Satheesh575555/linux-4.19.72_CVE-2023-0386
• xkaneiki/CVE-2023-0386
• chenaotian/CVE-2023-0386
• CKevens/CVE-2023-0386
• hshivhare67/kernel_v4.19.72_CVE-2023-0386
• sxlmnwb/CVE-2023-0386
• Fanxiaoyao66/CVE-2023-0386
• puckiestyle/CVE-2023-0386
• letsr00t/CVE-2023-0386
• churamanib/CVE-2023-0386
• EstamelGG/CVE-2023-0386-libs

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.\n\nWhen CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt TCP_ULP operation does not require any privilege.\n\nWe recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c

• hshivhare67/kernel_v4.19.72_CVE-2023-0461

A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe -policy' argument to the command line utilities or by calling the\nX509_VERIFY_PARAM_set1_policies()' function.

• Trinadh465/Openssl_1.1.1g_CVE-2023-0464

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.

• RandomRobbieBF/CVE-2023-0630

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

• BishopFox/CVE-2022-22274_CVE-2023-0656

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

• 0xf4n9x/CVE-2023-0669
• cataliniovita/CVE-2023-0669
• Griffin-01/CVE-2023-0669
• yosef0x01/CVE-2023-0669-Analysis
• Avento/CVE-2023-0669

Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n

• gonzxph/CVE-2023-0748

• amirzargham/CVE-2023-08-21-exploit

Es wurde eine kritische Schwachstelle in EasyNAS 1.1.0 entdeckt. Es betrifft die Funktion system der Datei /backup.pl. Durch Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

• xbz0n/CVE-2023-0830

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.

• 0xsu3ks/CVE-2023-0860

NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges.\nThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\n\n

• seifallahhomrani1/CVE-2023-0861-POC

Es wurde eine kritische Schwachstelle in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 für WordPress ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei admin-ajax.php. Durch Manipulation des Arguments upload_name mit unbekannten Daten kann eine relative path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

• Nickguitar/Drag-and-Drop-Multiple-File-Uploader-PRO-Path-Traversal

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.\n\n

• hh-hunter/ml-CVE-2023-1177
• iumiro/CVE-2023-1177-MLFlow
• tiyeume25112004/CVE-2023-1177-rebuild

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

• diego-tella/CVE-2023-1326-PoC
• Pol-Ruiz/CVE-2023-1326
• c0d3cr4f73r/CVE-2023-1326

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.

• Penkyzduyi/CVE-2023-1337

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

• Voyag3r-Security/CVE-2023-1389
• Terminal1337/CVE-2023-1389

In Simple Art Gallery 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion sliderPicSubmit der Datei adminHome.php. Mit der Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.

• 0xxtoby/CVE-2023-1415

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address.

• karlemilnikka/CVE-2023-1430

Es wurde eine Schwachstelle in jeecg-boot 3.5.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei jmreport/qurestSql. Durch Beeinflussen des Arguments apiSelectId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

• gobysec/CVE-2023-1454
• cjybao/CVE-2023-1454
• CKevens/CVE-2023-1454-EXP
• BugFor-Pings/CVE-2023-1454
• padbergpete47/CVE-2023-1454
• Sweelg/CVE-2023-1454-Jeecg-Boot-qurestSql-SQLvuln
• shad0w0sec/CVE-2023-1454-EXP

Es wurde eine kritische Schwachstelle in code-projects Responsive Hotel Site 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei messages.php der Komponente Newsletter Log Handler. Durch Beeinflussen des Arguments title mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

• Decemberus/BugHub

Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.

• 0xsu3ks/CVE-2023-1665

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

• ohnonoyesyes/CVE-2023-1671
• W01fh4cker/CVE-2023-1671-POC
• csffs/cve-2023-1671

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

• Chocapikk/CVE-2023-1698
• deIndra/CVE-2023-1698
• thedarknessdied/WAGO-CVE-2023-1698

\nImproper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".\n\n\n\n\n\n

• jhonnybonny/Bitrix24DoS

The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor.

• weizman/CVE-2023-1767

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

• lrh2000/CVE-2023-2002

A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.

• bluefrostsecurity/CVE-2023-2008

The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

• thatformat/Hvv2023
• druxter-x/PHP-CVE-2023-2023-2640-POC-Escalation

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.

• team890/CVE-2023-2024

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

• insoxin/CVE-2023-2033
• sandumjacob/CVE-2023-2033-Analysis
• gretchenfrage/CVE-2023-2033-analysis
• mistymntncop/CVE-2023-2033
• tianstcht/CVE-2023-2033

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query.

• SchmidAlex/nex-forms_SQL-Injection-CVE-2023-2114

The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

• 0xn4d/poc-cve-xss-encoded-wp-inventory-manager-plugin

Es wurde eine kritische Schwachstelle in Campcodes Coffee Shop POS System 1.0 entdeckt. Es betrifft eine unbekannte Funktion der Datei /admin/user/manage_user.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

• zwxxb/CVE-2023-2215

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.

• ixiacom/CVE-2023-2249

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.

• elweth-sec/CVE-2023-2255
• SaintMichae64/CVE-2023-2255

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.

• RxRCoder/CVE-2023-2437

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

• mnqazi/CVE-2023-2516

Eine kritische Schwachstelle wurde in Weaver E-Office 9.5 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei App/Ajax/ajax.php?action=mobile_upload_save. Mittels Manipulieren des Arguments upload_quwan mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

• bingtangbanli/cve-2023-2523-and-cve-2023-2648
• Any3ite/CVE-2023-2523

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

• 0xn4d/poc-cve-xss-inventory-press-plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

• mnqazi/CVE-2023-2591

Es wurde eine Schwachstelle in SourceCodester Food Ordering Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Registration. Durch die Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.

• thehackingverse/CVE-2023-2594

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

• ysanatomic/io_uring_LPE-CVE-2023-2598

The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber

• lukinneberg/CVE-2023-2636

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

• OllaPapito/gameoverlay
• luanoliveira350/GameOverlayFS
• g1vi/CVE-2023-2640-CVE-2023-32629
• musorblyat/CVE-2023-2640-CVE-2023-32629
• SanjayRagavendar/Ubuntu-GameOver-Lay
• Nkipohcs/CVE-2023-2640-CVE-2023-32629
• K5LK/CVE-2023-2640-32629

Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.

• hshivhare67/OpenSSL_1.1.1g_CVE-2023-2650

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

• RandomRobbieBF/CVE-2023-2732
• Jenderal92/WP-CVE-2023-2732
• ThatNotEasy/CVE-2023-2732

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

• pashayogi/CVE-2023-2744

Es wurde eine problematische Schwachstelle in Ellucian Ethos Identity bis 5.10.5 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei /cas/logout. Durch Manipulation des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 5.10.6 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

• cberman/CVE-2023-2822-demo

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

• Occamsec/CVE-2023-2825
• yuimarudev/CVE-2023-2825
• Tornad0007/CVE-2023-2825-Gitlab
• Rubikcuv5/CVE-2023-2825
• caopengyan/CVE-2023-2825

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.

• Alucard0x1/CVE-2023-2833

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

• mnqazi/CVE-2023-2859

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.

• cfielding-r7/poc-cve-2023-2868
• cashapp323232/CVE-2023-2868CVE-2023-2868
• krmxd/CVE-2023-2868

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

• RandomRobbieBF/CVE-2023-2877

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.

• d0rb/CVE-2023-2916

In DedeCMS bis 5.7.106 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei uploads/dede/article_allowurl_edit.php. Durch das Manipulieren des Arguments allurls mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

• CN016/DedeCMS-getshell-CVE-2023-2928-

Es wurde eine kritische Schwachstelle in code-projects Bus Dispatch and Information System 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei delete_bus.php. Durch die Manipulation des Arguments busid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

• Spr1te76/CVE-2023-2951

The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.

• RandomRobbieBF/CVE-2023-2982
• H4K6/CVE-2023-2982-POC
• LoaiEsam37/CVE-2023-2982
• wshinkle/CVE-2023-2982

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, who are typically customers. Further security hardening was introduced in version 5.15.1 that ensures sites are no longer vulnerable through historical check-out links, and additional hardening was introduced in version 5.15.2 that ensured null key values wouldn't permit the authentication bypass.

• Ayantaker/CVE-2023-2986
• Alucard0x1/CVE-2023-2986

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

• mnqazi/CVE-2023-3009

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.\n\n

• Phamchie/CVE-2023-3047
• Kimsovannareth/Phamchie

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.

• im-hanzou/MSAPer

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

• mistymntncop/CVE-2023-3079

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation.

• AmirWhiteHat/CVE-2023-3124

Es wurde eine problematische Schwachstelle in y_project RuoYi bis 4.7.7 ausgemacht. Es betrifft die Funktion filterKeyword. Mit der Manipulation des Arguments value mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden.

• George0Papasotiriou/CVE-2023-3163-SQL-Injection-Prevention

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to reset the plugin's settings. NOTE: After attempting to contact the developer with no response, and reporting this to the WordPress plugin's team 30 days ago we are disclosing this issue as it still is not updated.

• drnull03/POC-CVE-2023-3244

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

• lrh2000/StackRot

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.

• TurtleARM/CVE-2023-3338-DECPwn

Eine kritische Schwachstelle wurde in Ruijie RG-BCR860 2.5.13 gefunden. Dies betrifft einen unbekannten Teil der Komponente Network Diagnostic Page. Durch das Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

• yuanjinyuyuyu/CVE-2023-3450
• caopengyan/CVE-2023-3450

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.

• leoanggal1/CVE-2023-3452-PoC

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

• gbrsh/CVE-2023-3460
• rizqimaulanaa/CVE-2023-3460
• yon3zu/Mass-CVE-2023-3460
• EmadYaY/CVE-2023-3460
• diego-tella/CVE-2023-3460
• Rajneeshkarya/CVE-2023-3460
• BlackReaperSK/CVE-2023-3460_POC
• julienbrs/exploit-CVE-2023-3460

Unauthenticated remote code execution\n

• telekom-security/cve-2023-3519-citrix-scanner
• securekomodo/citrixInspector
• mr-r3b00t/CVE-2023-3519
• d0rb/CVE-2023-3519
• dorkerdevil/CitrixFall
• BishopFox/CVE-2023-3519
• SalehLardhi/CVE-2023-3519
• KR0N-SECURITY/CVE-2023-3519
• passwa11/CVE-2023-3519
• rwincey/cve-2023-3519
• mandiant/citrix-ioc-scanner-cve-2023-3519
• Chocapikk/CVE-2023-3519
• JonaNeidhart/CVE-2023-3519-BackdoorCheck
• Mohammaddvd/CVE-2023-3519

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.

• pray77/CVE-2023-3640

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n

• vpxuser/CVE-2023-3710-POC

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n

• vpxuser/CVE-2023-3711-POC

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. \n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n

• vpxuser/CVE-2023-3712-POC

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. \n\n

• StayBeautiful-collab/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK
• jhonnybonny/CVE-2023-3824

In Dahua Smart Park Management bis 20230713 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /emap/devicePoint_addImgIco?hasSubsystem=true. Durch Manipulation des Arguments upload mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

• zh-byte/CVE-2023-3836

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.

• ashangp923/CVE-2023-3971

• Trinadh465/linux-4.1.15_CVE-2023-4128

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.

• miguelc49/CVE-2023-4145-2
• miguelc49/CVE-2023-4145-1
• miguelc49/CVE-2023-4145-3

Es wurde eine kritische Schwachstelle in Tongda OA gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei general/system/seal_manage/iweboffice/delete_seal.php. Dank der Manipulation des Arguments DELETE_STR mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 11.10 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

• mvpyyds/CVE-2023-4165

In Tongda OA wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei general/system/seal_manage/dianju/delete_log.php. Dank Manipulation des Arguments DELETE_STR mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 11.10 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

• mvpyyds/CVE-2023-4166

In Ruijie RG-EW1200G 1.0(1)B1P5 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /api/sys/set_passwd der Komponente Administrator Password Handler. Durch Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

• thedarknessdied/CVE-2023-4169_CVE-2023-3306_CVE-2023-4415

In mooSocial mooStore 3.1.6 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk.

• d0rb/CVE-2023-4174

A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.\n\nWhen route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\n\nWe recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.\n\n

• hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.

• revan-ar/CVE-2023-4278

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

• b0marek/CVE-2023-4279

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.

• b0marek/CVE-2023-4281

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.

• b0marek/CVE-2023-4294

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

• xcanwin/CVE-2023-4357-Chrome-XXE
• OgulcanUnveren/CVE-2023-4357-APT-Style-exploitation
• passwa11/CVE-2023-4357-APT-Style-exploitation
• sunu11/chrome-CVE-2023-4357
• WinnieZy/CVE-2023-4357

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

• tianstcht/CVE-2023-4427

In jeecgboot JimuReport bis 1.6.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Komponente Template Handler. Durch Manipulation mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.6.1 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

• ilikeoyt/CVE-2023-4450-Attack

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

• 0xn4d/poc-cve-xss-uploading-svg

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

• b0marek/CVE-2023-4549

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

• Cappricio-Securities/CVE-2023-4568

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

• E1A/CVE-2023-4596
• X-Projetion/CVE-2023-4596-Vulnerable-Exploit-and-Checker-Version

The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.

• b0marek/CVE-2023-4631

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.

• Patrowl/CVE-2023-4634

The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

• ThatNotEasy/CVE-2023-4636

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.

• Songg45/CVE-2023-4683-Test

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.

• mnqazi/CVE-2023-4696

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.

• mnqazi/CVE-2023-4698

Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.\n\n\n\n\n\n\n

• Scottzxor/Citrix-Bleed-Buffer-Overread-Demo

In IBOS OA 4.5.5 wurde eine kritische Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Datei ?r=diary/default/del der Komponente Delete Logs Handler. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

• wudidike/CVE-2023-4741

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

• buptsb/CVE-2023-4762
• sherlocksecurity/CVE-2023-4762-Code-Review

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.

• b0marek/CVE-2023-4800

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

• mistymntncop/CVE-2023-4863
• bbaranoff/CVE-2023-4863
• talbeerysec/BAD-WEBP-CVE-2023-4863
• OITApps/Find-VulnerableElectronVersion
• GTGalaxi/ElectronVulnerableVersion
• murphysecurity/libwebp-checker
• LiveOverflow/webp-CVE-2023-4863
• caoweiquan322/NotEnough
• CrackerCat/CVE-2023-4863-
• alsaeroth/CVE-2023-4863-POC

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

• Green-Avocado/CVE-2023-4911
• leesh3288/CVE-2023-4911
• RickdeJager/CVE-2023-4911
• xiaoQ1z/CVE-2023-4911
• silent6trinity/looney-tuneables
• hadrian3689/looney-tunables-CVE-2023-4911
• ruycr4ft/CVE-2023-4911
• guffre/CVE-2023-4911
• chaudharyarjun/LooneyPwner
• KernelKrise/CVE-2023-4911
• Diego-AltF4/CVE-2023-4911
• teraGL/looneyCVE
• snurkeburk/Looney-Tunables
• puckiestyle/CVE-2023-4911
• yanfernandess/Looney-Tunables-CVE-2023-4911
• NishanthAnand21/CVE-2023-4911-PoC

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. \n\n\n\n

• Chocapikk/CVE-2023-4966
• dinosn/citrix_cve-2023-4966
• senpaisamp/Netscaler-CVE-2023-4966-POC
• mlynchcogent/CVE-2023-4966-POC
• IceBreakerCode/CVE-2023-4966
• 0xKayala/CVE-2023-4966
• certat/citrix-logchecker
• RevoltSecurities/CVE-2023-4966
• s-bt/CVE-2023-4966
• byte4RR4Y/CVE-2023-4966
• jmussmann/cve-2023-4966-iocs
• morganwdavis/overread

Es wurde eine Schwachstelle in Planno 23.04.04 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Comment Handler. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

• PH03N1XSP/CVE-2023-5024

Ingress nginx annotation injection causes arbitrary command execution.\n

• r0binak/CVE-2023-5043

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.\n

• r0binak/CVE-2023-5044
• 4ARMED/cve-2023-5044
• KubernetesBachelor/CVE-2023-5044

The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.

• RandomRobbieBF/CVE-2023-5070

In H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 bis 20230908 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /userLogin.asp der Komponente Config File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.

• kuangxiaotu/CVE-H3C-Report

A use-after-free vulnerability was found in drivers/nvme/target/tcp.cinnvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

• rockrid3r/CVE-2023-5178

The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• RandomRobbieBF/CVE-2023-5204

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

• UT-Security/cve-2023-5217-poc
• Trinadh465/platform_external_libvpx_v1.8.0_CVE-2023-5217
• Trinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217

In eeroOS bis 6.16.4-11 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente Ethernet Interface. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

• nomis/eero-zero-length-ipv6-options-header-dos

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

• sagsooz/CVE-2023-5360
• phankz/Worpress-CVE-2023-5360
• nastar-id/CVE-2023-5360
• Chocapikk/CVE-2023-5360
• tucommenceapousser/CVE-2023-5360
• Jenderal92/WP-CVE-2023-5360
• Pushkarup/CVE-2023-5360
• 1337r0j4n/CVE-2023-5360
• angkerithhack001/CVE-2023-5360-PoC

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• RandomRobbieBF/CVE-2023-5412

Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.

• Ylarod/CVE-2023-5521

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

• juweihuitao/MpOperationLogs

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

• cli-ish/CVE-2023-5539

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

• cli-ish/CVE-2023-5540

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

• obelia01/CVE-2023-5546

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

• pog007/CVE-2023-5561-PoC

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\n\n

• uthrasri/CVE-2023-5717

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

• miguelc49/CVE-2023-5720-2
• miguelc49/CVE-2023-5720-1
• miguelc49/CVE-2023-5720-3

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.

• Arszilla/CVE-2023-5808

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.\n\n

• HadessCS/CVE-2023-5961

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.

• pedrojosenavasperez/cve-2023-5965

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.

• pedrojosenavasperez/cve-2023-5966

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

• FireWolfWang/CVE-2023-6019
• miguelc49/CVE-2023-6019-2
• miguelc49/CVE-2023-6019-1
• miguelc49/CVE-2023-6019-3
• Clydeston/CVE-2023-6019

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

• pctripsesp/CVE-2023-6036

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

• motikan2010/CVE-2023-6063-PoC
• hackersroot/CVE-2023-6063-PoC
• thesafdari/CVE-2023-6063

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.\n\n

• SmileTabLabo/CVE-2023-6241

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

• elpe-pinillo/CVE-2023-6246

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.

• RandomRobbieBF/CVE-2023-6289

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.\n\n * webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA \n\n * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA \n\n * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB \n\n * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA\n\n

• illixion/root-my-webos-tv

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

• Arszilla/CVE-2023-6538

Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

• Roonye660/CVE-2023-6548-POC

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.

• Chocapikk/CVE-2023-6553
• motikan2010/CVE-2023-6553-PoC
• kiddenta/CVE-2023-6553

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

• mimiloveexe/CVE-2023-6567-poc

\nIn WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.\n\n

• sharmashreejaa/CVE-2023-6595

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.

• krn966/CVE-2023-6634

In PHPEMS 6.x/7.x/8.x/9.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung in der Bibliothek lib/session.cls.php der Komponente Session Data Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

• qfmy1024/CVE-2023-6654

• cli-ish/CVE-2023-6661

• cli-ish/CVE-2023-6663

The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.

• RandomRobbieBF/CVE-2023-6700

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

• DedSec-47/Metasploit-Exploits-CVE-2023-6710
• DedSec-47/CVE-2023-6710

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.

• UlyssesSaicha/CVE-2023-6875
• gbrsh/CVE-2023-6875
• hatlesswizard/CVE-2023-6875

In Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /php/ping.php. Mittels Manipulieren des Arguments jsondata[ip] mit der Eingabe netstat -ano mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 4.1.0 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

• FuBoLuSec/CVE-2023-6895
• nles-crt/CVE-2023-6895

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

• w2xim3/CVE-2023-6933

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.

• RandomRobbieBF/CVE-2023-6985

A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.

• ewilded/CVE-2023-7016-POC

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

• V1lu0/CVE-2023-7028
• RandomRobbieBF/CVE-2023-7028
• duy-31/CVE-2023-7028
• Vozec/CVE-2023-7028
• yoryio/CVE-2023-7028
• Esonhugh/gitlab_honeypot
• Shimon03/CVE-2023-7028-Account-Take-Over-Gitlab
• thanhlam-attt/CVE-2023-7028
• Trackflaw/CVE-2023-7028-Docker
• mochammadrafi/CVE-2023-7028
• hackeremmen/gitlab-exploit

Eine kritische Schwachstelle wurde in PHPGurukul Hospital Management System 1.0 entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion der Komponente Admin Dashboard. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

• sharathc213/CVE-2023-7172

Es wurde eine problematische Schwachstelle in PHPGurukul Hospital Management System 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei registration.php. Durch das Beeinflussen des Arguments First Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

• sharathc213/CVE-2023-7173

A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device.\r\n\r This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.\r\n

• lnversed/CVE-2023-20025

A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software.

• 0zer0d4y/FuegoTest

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.

• nokn0wthing/CVE-2023-20052
• cY83rR0H1t/CVE-2023-20052

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

• RegularITCat/CVE-2023-20073

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database.

• redfr0g/CVE-2023-20110

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.

• fullspectrumdev/RancidCrisco

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.\r\n\r This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.

• Wh04m1001/CVE-2023-20178

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.

• raystr-atearedteam/CVE-2023-20198-checker
• Atea-Redteam/CVE-2023-20198
• securityphoenix/cisco-CVE-2023-20198-tester
• emomeni/Simple-Ansible-for-CVE-2023-20198
• ZephrFish/CVE-2023-20198-Checker
• JoyGhoshs/CVE-2023-20198
• Tounsi007/CVE-2023-20198
• alekos3/CVE_2023_20198_Detector
• reket99/Cisco_CVE-2023-20198
• iveresk/cve-2023-20198
• sohaibeb/CVE-2023-20198
• fox-it/cisco-ios-xe-implant-detection
• Pushkarup/CVE-2023-20198
• Shadow0ps/CVE-2023-20198-Scanner
• kacem-expereo/CVE-2023-20198
• mr-r3b00t/CVE-2023-20198-IOS-XE-Scanner
• ohlawd/CVE-2023-20198
• IceBreakerCode/CVE-2023-20198
• RevoltSecurities/CVE-2023-20198
• smokeintheshell/CVE-2023-20198
• netbell/CVE-2023-20198-Fix
• Vulnmachines/Cisco_CVE-2023-20198
• W01fh4cker/CVE-2023-20198-RCE

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.

• peter5he1by/CVE-2023-20209

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

• smokeintheshell/CVE-2023-20273

\n\n\nInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n

• zeze-zeze/HITCON-2023-Demo-CVE-2023-20562
• passwa11/HITCON-2023-Demo-CVE-2023-20562

A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n

• Freax13/cve-2023-20573-poc

\nAn issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\n\n\n\n\n\n\n

• sbaresearch/stop-zenbleed-win

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

• limo520/CVE-2023-20860

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

• sinsinology/CVE-2023-20887
• miko550/CVE-2023-20887
• Malwareman007/CVE-2023-20887

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243130512

• Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-20909
• Trinadh465/platform_frameworks_base_AOSP10_r33_CVE-2023-20909

In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498

• Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-20911

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n

• pazhanivel07/platform_frameworks_base_AOSP_10_r33_CVE-2023-20918
• Trinadh465/platform_frameworks_base_CVE-2023-20918

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132

• Trinadh465/frameworks_base_android-6.0.1_r22_CVE-2023-20921

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753

• Trinadh465/frameworks_av_CVE-2023-20933
• hshivhare67/platform_frameworks_av_AOSP10_r33_CVE-2023-20933

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890

• Trinadh465/frameworks_base_CVE-2023-20943
• hshivhare67/platform_frameworks_base_AOSP10_r33_CVE-2023-20943

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558

• Trinadh465/frameworks_base_CVE-2023-20944
• hshivhare67/platform_frameworks_base_AOSP10_r33_CVE-2023-20944

In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813

• Trinadh465/packages_apps_Settings_AOSP10_r33_CVE-2023-20955

In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519

• pwnipc/BadParcel
• Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-20963

In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A

• qixils/AntiCropalypse
• infobyte/CVE-2023-21036
• notaSWE/gocropalypse
• lordofpipes/acropadetect

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238298970

• Trinadh465/packages_apps_Settings_CVE-2023-21086

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255

• Trinadh465/frameworks_native_AOSP-10_r33_CVE-2023-21094

In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325

• Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21097
• uthrasri/frameworks_base_AOSP10_r33_CVE-2023-21097

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597

• Trinadh465/frameworks_base_AOSP10_CVE-2023-21109r33_
• Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21109

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004

• Trinadh465/frameworks_native_AOSP-10_r33_CVE-2023-21118
• Satheesh575555/frameworks_native_AOSP10_r33_CVE-2023-21118

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417

• hshivhare67/Framework_base_AOSP10_r33_CVE-2023-21144_old
• hshivhare67/Framework_base_AOSP10_r33_CVE-2023-21144

In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n

• Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21238

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n

• Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21246

In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.\n\n

• Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21251

In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n

• Trinadh465/frameworks_base_AOSP-4.2.2_r1_CVE-2023-21272
• pazhanivel07/platform_frameworks_base_AOSP_10_r33_CVE-2023-21272

In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n

• Trinadh465/packages_apps_ManagedProvisioning_AOSP10_r33_CVE-2023-21275

In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n

• Trinadh465/platform_frameworks_base_CVE-2023-21281

In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.\n\n

• Trinadh465/external_aac_AOSP10_r33_CVE-2023-21282
• Trinadh465/external_aac_android-4.2.2_r1_CVE-2023-21282

In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.\n\n

• Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21284

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n

• uthrasri/framework_base_CVE-2023-21285_NoPatch
• krnidhi/frameworks_base_AOSP10_r33_CVE-2023-21285

In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n

• Trinadh465/platform_frameworks_base_CVE-2023-21286

In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.\n\n

• Trinadh465/platform_frameworks_base_CVE-2023-21288

Microsoft Message Queuing Remote Code Execution Vulnerability

• zoemurmure/CVE-2023-21554-PoC
• 3tternp/CVE-2023-21554

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

• hacksysteam/CVE-2023-21608
• Malwareman007/CVE-2023-21608

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

• hd3s5aa/CVE-2023-21674

Microsoft Exchange Server Remote Code Execution Vulnerability

• N1k0la-T/CVE-2023-21707

Microsoft Word Remote Code Execution Vulnerability

• FeatherStark/CVE-2023-21716
• Xnuvers007/CVE-2023-21716
• gyaansastra/CVE-2023-21716
• mikesxrs/CVE-2023-21716_YARA_Results
• CKevens/CVE-2023-21716-POC
• hv0l/CVE-2023-21716_exploit
• JMousqueton/CVE-2023-21716
• Lord-of-the-IoT/CVE-2023-21716
• MojithaR/CVE-2023-21716-EXPLOIT.py

Windows Bluetooth Driver Elevation of Privilege Vulnerability

• gmh5225/CVE-2023-21739

Microsoft SharePoint Server Remote Code Execution Vulnerability

• ohnonoyesyes/CVE-2023-21742

Windows NTLM Elevation of Privilege Vulnerability

• Muhammad-Ali007/LocalPotato_CVE-2023-21746

Windows Backup Service Elevation of Privilege Vulnerability

• Wh04m1001/CVE-2023-21752
• yosef0x01/CVE-2023-21752

Windows Overlay Filter Information Disclosure Vulnerability

• Y3A/cve-2023-21766

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

• chompie1337/Windows_LPE_AFD_CVE-2023-21768
• cl4ym0re/cve-2023-21768-compiled
• SamuelTulach/nullmap
• Malwareman007/CVE-2023-21768
• HKxiaoli/Windows_AFD_LPE_CVE-2023-21768
• CKevens/CVE-2023-21768-POC
• h1bAna/CVE-2023-21768
• zoemurmure/CVE-2023-21768-AFD-for-WinSock-EoP-exploit
• Rosayxy/Recreate-cve-2023-21768
• Ha0-Y/CVE-2023-21768
• xboxoneresearch/CVE-2023-21768-dotnet

Windows Graphics Component Remote Code Execution Vulnerability

• Elizarfish/CVE-2023-21823

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

• hktalent/CVE-2023-21837

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

• DXask88MA/Weblogic-CVE-2023-21839
• ASkyeye/CVE-2023-21839
• Firebasky/CVE-2023-21839
• houqe/POC_CVE-2023-21839
• kw3h4/CVE-2023-21839-metasploit-scanner
• MMarch7/weblogic_CVE-2023-21839_POC-EXP
• Romanc9/Gui-poc-test
• dinosn/CVE-2024-20931

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

• zwxxb/CVE-2023-21887

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

• MMarch7/weblogic_CVE-2023-21931_POC-EXP

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

• Y4Sec-Team/CVE-2023-21939

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).

• Avento/CVE-2023-21971_Analysis

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).

• emad-almousa/CVE-2023-22074

Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.

• aeyesec/CVE-2023-22432

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links, the objects directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253.\n\nA fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with --recurse-submodules. Instead, consider cloning repositories without recursively cloning their submodules, and instead run git submodule update at each layer. Before doing so, inspect each new .gitmodules file to ensure that it does not contain suspicious module URLs.

• smash8tap/CVE-2023-22490_PoC

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. \r\n\r\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

• ErikWynter/CVE-2023-22515-Scan
• j3seer/CVE-2023-22515-POC
• Chocapikk/CVE-2023-22515
• ad-calcium/CVE-2023-22515
• kh4sh3i/CVE-2023-22515
• sincere9/CVE-2023-22515
• Le1a/CVE-2023-22515
• Vulnmachines/confluence-cve-2023-22515
• iveresk/CVE-2023-22515
• youcannotseemeagain/CVE-2023-22515_RCE
• DsaHen/cve-2023-22515-exp
• joaoviictorti/CVE-2023-22515
• C1ph3rX13/CVE-2023-22515
• AIex-3/confluence-hack
• LucasPDiniz/CVE-2023-22515
• aaaademo/Confluence-EvilJar
• edsonjt81/CVE-2023-22515-Scan.
• INTfinityConsulting/cve-2023-22515
• CalegariMindSec/Exploit-CVE-2023-22515
• rxerium/CVE-2023-22515
• fyx1t/NSE--CVE-2023-22515

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. \n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

• ForceFledgling/CVE-2023-22518
• davidfortytwo/CVE-2023-22518
• RevoltSecurities/CVE-2023-22518
• 0x0d3ad/CVE-2023-22518
• C1ph3rX13/CVE-2023-22518
• bibo318/CVE-2023-22518
• Lilly-dox/Exploit-CVE-2023-22518

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.

• imperva/CVE-2023-22524
• ron-imperva/CVE-2023-22524

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.\n\nMost recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

• Avento/CVE-2023-22527_Confluence_RCE
• Sudistark/patch-diff-CVE-2023-22527
• ga0we1/CVE-2023-22527_Confluence_RCE
• Drun1baby/CVE-2023-22527
• cleverg0d/CVE-2023-22527
• thanhlam-attt/CVE-2023-22527
• Manh130902/CVE-2023-22527-POC
• VNCERT-CC/CVE-2023-22527-confluence
• Vozec/CVE-2023-22527
• C1ph3rX13/CVE-2023-22527
• Niuwoo/CVE-2023-22527
• Chocapikk/CVE-2023-22527
• RevoltSecurities/CVE-2023-22527
• yoryio/CVE-2023-22527
• Privia-Security/CVE-2023-22527
• MaanVader/CVE-2023-22527-POC
• adminlove520/CVE-2023-22527
• YongYe-Security/CVE-2023-22527
• Boogipop/CVE-2023-22527-Godzilla-MEMSHELL
• M0untainShley/CVE-2023-22527-MEMSHELL
• vulncheck-oss/cve-2023-22527

The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remote attackers to cause a denial of service (memory consumption) by engaging in client activity, such as establishing and then terminating a connection. This occurs because malloc is used but free is not.

• viswagb/CVE-2023-22551

Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.

• sofianeelhor/CVE-2023-22621-POC

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

• n3m1sys/CVE-2023-22809-sudoedit-privesc
• M4fiaB0y/CVE-2023-22809
• CKevens/CVE-2023-22809-sudo-POC
• hello4r1end/patch_CVE-2023-22809
• Chan9Yan9/CVE-2023-22809
• pashayogi/CVE-2023-22809
• asepsaepdin/CVE-2023-22809
• Toothless5143/CVE-2023-22809

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.

• vianic/CVE-2023-22855

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.\n\n

• jakabakos/CVE-2023-22884-Airflow-SQLi

Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts.

• Saboor-Hakimi/CVE-2023-22894
• ductan2/CVE-2023-22894

Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password.

• nonamecoder/CVE-2023-22906

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).

• eduardosantos1989/CVE-2023-22941

Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.

• t3l3machus/CVE-2023-22960

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

• gbrsh/CVE-2023-22974

• OmarAtallahh/CVE-2023-23138

Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal.

• S4nshine/CVE-2023-23169

IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task.

• pinarsadioglu/CVE-2023-23192
• Penkyzduyi/CVE-2023-23192

Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php.

• tuannq2299/CVE-2023-23279

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.

• Timorlover/CVE-2023-23333
• Mr-xn/CVE-2023-23333
• emanueldosreis/nmap-CVE-2023-23333-exploit

Microsoft Excel Denial of Service Vulnerability

• LucaBarile/CVE-2023-23396

Microsoft Outlook Elevation of Privilege Vulnerability

• sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
• j0eyv/CVE-2023-23397
• alicangnll/CVE-2023-23397
• grn-bogo/CVE-2023-23397
• ka7ana/CVE-2023-23397
• api0cradle/CVE-2023-23397-POC-Powershell
• im007/CVE-2023-23397
• cleverg0d/CVE-2023-23397-PoC-PowerShell
• ahmedkhlief/CVE-2023-23397-POC
• BillSkiCO/CVE-2023-23397_EXPLOIT
• djackreuter/CVE-2023-23397-PoC
• moneertv/CVE-2023-23397
• ahmedkhlief/CVE-2023-23397-POC-Using-Interop-Outlook
• Trackflaw/CVE-2023-23397
• SecCTechs/CVE-2023-23397
• tiepologian/CVE-2023-23397
• BronzeBee/cve-2023-23397
• stevesec/CVE-2023-23397
• madelynadams9/CVE-2023-23397-Report
• Zeppperoni/CVE-2023-23397-Patch
• jacquesquail/CVE-2023-23397
• CKevens/CVE-2023-23397-POC
• vlad-a-man/CVE-2023-23397
• Muhammad-Ali007/OutlookNTLM_CVE-2023-23397
• Pushkarup/CVE-2023-23397
• ducnorth2712/CVE-2023-23397
• alsaeroth/CVE-2023-23397-POC
• TheUnknownSoul/CVE-2023-23397-PoW

The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.

• r3nt0n/CVE-2023-23488-PoC
• cybfar/CVE-2023-23488-pmpro-2.8

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

• DarthOCE/MonkeyJB

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

• Mav3r1ck0x1/CVE-2023-23583-Reptar-

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. \n\nThis issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.

• X1r0z/Dubbo-RCE
• YYHYlh/Apache-Dubbo-CVE-2023-23638-exp
• CKevens/CVE-2023-23638-Tools

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

• yusinomy/CVE-2023-23752
• Saboor-Hakimi/CVE-2023-23752
• Vulnmachines/joomla_CVE-2023-23752
• sw0rd1ight/CVE-2023-23752
• wangking1/CVE-2023-23752-poc
• ibaiw/joomla_CVE-2023-23752
• ifacker/CVE-2023-23752-Joomla
• z3n70/CVE-2023-23752
• keyuan15/CVE-2023-23752
• adriyansyah-mf/CVE-2023-23752
• haxor1337x/Mass-Checker-CVE-2023-23752
• GhostToKnow/CVE-2023-23752
• gibran-abdillah/CVE-2023-23752
• Jenderal92/Joomla-CVE-2023-23752
• Acceis/exploit-CVE-2023-23752
• karthikuj/CVE-2023-23752-Docker
• 0xNahim/CVE-2023-23752
• adhikara13/CVE-2023-23752
• AkbarWiraN/Joomla-Scanner
• Ge-Per/Scanner-CVE-2023-23752
• ThatNotEasy/CVE-2023-23752
• wibuheker/Joomla-CVE-2023-23752
• Sweelg/CVE-2023-23752
• MrP4nda1337/CVE-2023-23752
• lainonz/CVE-2023-23752
• yTxZx/CVE-2023-23752
• AlissonFaoli/CVE-2023-23752
• Pushkarup/CVE-2023-23752
• cybernetwiz/CVE-2023-23752
• Youns92/Joomla-v4.2.8---CVE-2023-23752
• Ly0kha/Joomla-CVE-2023-23752-Exploit-Script
• r3dston3/CVE-2023-23752
• svaltheim/CVE-2023-23752
• Fernando-olv/Joomla-CVE-2023-23752
• K3ysTr0K3R/CVE-2023-23752-EXPLOIT
• hadrian3689/CVE-2023-23752_Joomla
• C1ph3rX13/CVE-2023-23752
• JeneralMotors/CVE-2023-23752
• gunzf0x/CVE-2023-23752
• TindalyTn/CVE-2023-23752
• shellvik/CVE-2023-23752
• Rival420/CVE-2023-23752
• JohnDoeAnonITA/CVE-2023-23752
• 0xWhoami35/CVE-2023-23752
• mariovata/CVE-2023-23752-Python
• 0xx01/CVE-2023-23752
• c0d3cr4f73r/CVE-2023-23752
• mil4ne/CVE-2023-23752-Joomla-v4.2.8

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing &lt;image&gt; tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.\n

• motikan2010/CVE-2023-23924

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use git apply --stat to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.

• bruno-1337/CVE-2023-23946-POC

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.

• deetl/CVE-2023-24055
• alt3kx/CVE-2023-24055_PoC
• Cyb3rtus/keepass_CVE-2023-24055_yara_rule
• duckbillsecurity/CVE-2023-24055
• julesbozouklian/PoC_CVE-2023-24055
• digital-dev/KeePass-TriggerLess
• zwlsix/KeePass-CVE-2023-24055

Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.

• gmh5225/CVE-2023-24059

Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.

• overgrowncarrot1/CVE-2023-24078
• rio128128/CVE-2023-24078
• ag-rodriguez/CVE-2023-24078

• badboycxcc/CVE-2023-24100

Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s).

• momo1239/CVE-2023-24203-and-CVE-2023-24204

Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php.

• angelopioamirante/CVE-2023-24317

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

• H4R335HR/CVE-2023-24329-PoC
• Pandante-Central/CVE-2023-24329-codeql-test
• JawadPy/CVE-2023-24329-Exploit

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting

• SirBugs/CVE-2023-24488-PoC
• Abo5/CVE-2023-24488
• securitycipher/CVE-2023-24488
• NSTCyber/CVE-2023-24488-SIEM-Sigma-Rule
• raytheon0x21/CVE-2023-24488

\nA vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

• adhikara13/CVE-2023-24489-ShareFile
• whalebone7/CVE-2023-24489-poc

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.

• Argonx21/CVE-2023-24517

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.

• skulkarni-mv/goIssue_dunfell
• skulkarni-mv/goIssue_kirkstone

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.

• abbisQQ/CVE-2023-24610

• hatjwe/CVE-2023-24706

An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.

• DRAGOWN/Injection-vulnerability-in-Paradox-Security-Systems-IPR512-CVE-2023-24709-PoC

• mahaloz/netgear-pwnagent

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.

• csffs/CVE-2023-24775-and-CVE-2023-24780

Microsoft SharePoint Server Remote Code Execution Vulnerability

• former-farmer/CVE-2023-24955-PoC

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.\n\n\n

• nice1st/CVE-2023-24998

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

• jfrog/jfrog-CVE-2023-25136-OpenSSH_Double-Free
• ticofookfook/CVE-2023-25136
• Christbowel/CVE-2023-25136
• adhikara13/CVE-2023-25136
• nhakobyan685/CVE-2023-25136
• axylisdead/CVE-2023-25136_POC
• H4K6/CVE-2023-25136
• Business1sg00d/CVE-2023-25136
• malvika-thakur/CVE-2023-25136

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore encode functions setting to mitigate strEndsWith, strStartsWith and PropertyIsLike misuse and enable the PostGIS DataStore preparedStatements setting to mitigate the FeatureId misuse.

• win3zz/CVE-2023-25157
• 0x2458bughunt/CVE-2023-25157
• murataydemir/CVE-2023-25157-and-CVE-2023-25158
• 7imbitz/CVE-2023-25157-checker
• Rubikcuv5/CVE-2023-25157
• dr-cable-tv/Geoserver-CVE-2023-25157

A possible security vulnerability has been identified in Apache Kafka Connect API.\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\nWhen configuring the connector via the Kafka Connect REST API, an authenticated operator can set the sasl.jaas.config\nproperty for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the\nproducer.override.sasl.jaas.config, consumer.override.sasl.jaas.config, or admin.override.sasl.jaas.config properties.\nThis will allow the server to connect to the attacker's LDAP server\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\nAttacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath.\n\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\nclient override policy that permits them.\n\nSince Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage\nin SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0. \n\nWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\nin addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\n

• ohnonoyesyes/CVE-2023-25194
• YongYe-Security/CVE-2023-25194
• vulncheck-oss/cve-2023-25194

• Trackflaw/CVE-2023-25202

• Trackflaw/CVE-2023-25203

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.

• FzBacon/CVE-2023-25234_Tenda_AC6_stack_overflow

Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.

• trustcves/CVE-2023-25260

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.

• trustcves/CVE-2023-25261

Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather than the client. Therefore, the server causes outbound traffic and potentially imports data. An attacker may also leverage this behaviour to exfiltrate data of machines on the internal network of the server hosting the Stimulsoft Reporting Designer (Web).

• trustcves/CVE-2023-25262

In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.

• trustcves/CVE-2023-25263

Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.

• brainkok/CVE-2023-25292
• tucommenceapousser/CVE-2023-25292

• qi4L/CVE-2023-25610

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.\n\n\n

• tbachvarova/linux-apache-fix-mod_rewrite-spaceInURL
• dhmosfunk/CVE-2023-25690-POC
• thanhlam-attt/CVE-2023-25690

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.

• sgwgsw/LAB-CVE-2023-25725

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the replacements and the where option in the same query.

• bde574786/Sequelize-1day-CVE-2023-25813

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.

• dhmosfunk/HTTP3ONSTEROIDS

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.

• rvizx/CVE-2023-26035
• heapbytes/CVE-2023-26035
• Yuma-Tsushima07/CVE-2023-26035
• Faelian/zoneminder_CVE-2023-26035

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with @MultipartConfig) that call HttpServletRequest.getParameter() or HttpServletRequest.getParts() may cause OutOfMemoryError when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of fileSizeThreshold=0 which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw OutOfMemoryError. However, the server may be able to recover after the OutOfMemoryError and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter maxRequestSize which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).

• Trinadh465/jetty_9.4.31_CVE-2023-26048
• hshivhare67/Jetty-v9.4.31_CVE-2023-26048

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d" will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.

• hshivhare67/Jetty_v9.4.31_CVE-2023-26049

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).

• horizon3ai/CVE-2023-26067

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

• CUCUMBERanOrSNCompany/SealSecurityAssignment
• ronmadar/Open-Source-Seal-Security

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\rNote: It was not proven that this vulnerability can crash the process.

• tadhglewis/apollo-koa-minimal

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.

• tucommenceapousser/CVE-2023-26255-Exp
• Nian-Stars/CVE-2023-26255-6

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.

• 0x7eTeam/CVE-2023-26256
• xhs-d/CVE-2023-26256
• qs119/CVE-2023-26256
• jcad123/CVE-2023-26256

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.

• mdsecactivebreach/CVE-2023-26258-ArcServe

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.

• istern/CVE-2023-26262

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a \nmalicious local user.\n\nAdministrators are advised to disable JMX, or set up a JMX password.\n\nNote that version 3.7.4 onward will set up a JMX password automatically for Guice users.\n\n\n

• mbadanoiu/CVE-2023-26269

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

• yosef0x01/CVE-2023-26360
• jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.

• d0rb/CVE-2023-26469

The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.

• RupturaInfoSec/CVE-2023-26563-26564-26565

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

• D1G17/CVE-2023-26602

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.

• Trinadh465/linux-4.1.15_CVE-2023-26607

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.

• D1G17/CVE-2023-26609

ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).

• bigzooooz/CVE-2023-26692

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.

• Zeyad-Azima/CVE-2023-26818

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.

• leekenghwa/CVE-2023-26852-Textpattern-v4.8.8-and-

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.

• lionelmusonza/CVE-2023-26866

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

• FzBacon/CVE-2023-26976_tenda_AC6_stack_overflow

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.

• bypazs/CVE-2023-26982
• bypazs/Duplicate-of-CVE-2023-26982

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

• bypazs/CVE-2023-26984

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

• fivex3/CVE-2023-27035

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

• DarokNET/CVE-2023-27100
• fabdotnet/CVE-2023-27100

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

• entr0pie/CVE-2023-27163
• seanrdev/cve-2023-27163
• overgrowncarrot1/CVE-2023-27163
• ThickCoco/CVE-2023-27163-POC
• davuXVI/CVE-2023-27163
• HusenjanDev/CVE-2023-27163-AND-Mailtrail-v0.53
• rvizx/CVE-2023-27163
• thomas-osgood/CVE-2023-27163
• cowsecurity/CVE-2023-27163
• samh4cks/CVE-2023-27163-InternalProber
• Hamibubu/CVE-2023-27163
• KharimMchatta/basketcraft
• MasterCode112/CVE-2023-27163
• Rubioo02/CVE-2023-27163
• madhavmehndiratta/CVE-2023-27163

An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.

• FzBacon/CVE-2023-27216_D-Link_DSL-3782_Router_command_injection

Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-18933.

• Impalabs/CVE-2023-27326
• Malwareman007/CVE-2023-27326

Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Toolgate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-18964.

• kn32/parallels-plist-escape

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.

• MaanVader/CVE-2023-27350-POC
• imancybersecurity/CVE-2023-27350-POC
• horizon3ai/CVE-2023-27350
• adhikara13/CVE-2023-27350
• ThatNotEasy/CVE-2023-27350
• Jenderal92/CVE-2023-27350
• ASG-CASTLE/CVE-2023-27350
• rasan2001/CVE-2023-27350

Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.

• qwqdanchun/CVE-2023-27363
• webraybtl/CVE-2023-27363
• CN016/-Foxit-PDF-CVE-2023-27363-

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

• nuts7/CVE-2023-27372
• Chocapikk/CVE-2023-27372
• 0SPwn/CVE-2023-27372-PoC
• izzz0/CVE-2023-27372-POC
• ThatNotEasy/CVE-2023-27372
• redboltsec/CVE-2023-27372-PoC

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.

• 3lp4tr0n/CVE-2023-27470_Exercise

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.\n\nAll superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.\nAdd a strong SECRET_KEY to your superset_config.py file like:\n\nSECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>\n\nAlternatively you can set it with SUPERSET_SECRET_KEY environment variable.\n

• horizon3ai/CVE-2023-27524
• Okaytc/Superset_auth_bypass_check
• antx-code/CVE-2023-27524
• MaanVader/CVE-2023-27524-POC
• ThatNotEasy/CVE-2023-27524
• TardC/CVE-2023-27524
• necroteddy/CVE-2023-27524
• jakabakos/CVE-2023-27524-Apache-Superset-Auth-Bypass-and-RCE
• CN016/Apache-Superset-SECRET_KEY-CVE-2023-27524-
• NguyenCongHaiNam/Research-CVE-2023-27524
• karthi-the-hacker/CVE-2023-27524
• Cappricio-Securities/CVE-2023-27524

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

• horizon3ai/CVE-2023-27532
• sfewer-r7/CVE-2023-27532

The n8n package 0.218.0 for Node.js allows Information Disclosure.

• david-botelho-mariano/exploit-CVE-2023-27564

Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file.

• OpenL2D/moc3ingbird

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.

• vagnerd/CVE-2023-27587-PoC

The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface.

• happy0717/CVE-2023-27703

Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).

• happy0717/CVE-2023-27704

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.

• G37SYS73M/CVE-2023-27742

BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.

• eyJhb/blackvue-cve-2023

Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent

• tristao-marinho/CVE-2023-27842
• cowsecurity/CVE-2023-27842

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

• rio128128/CVE-2023-27997-POC
• BishopFox/CVE-2023-27997-check
• imbas007/CVE-2023-27997-Check
• puckiestyle/cve-2023-27997
• TechinsightsPro/ShodanFortiOS
• Cyb3rEnthusiast/CVE-2023-27997
• lexfo/xortigate-cve-2023-27997
• delsploit/CVE-2023-27997
• awchjimmy/CVE-2023-27997-tutorial

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.

• gbrsh/CVE-2023-28121
• im-hanzou/Mass-CVE-2023-28121
• rio128128/Mass-CVE-2023-28121-kdoec
• C04LA/CVE-2023-28121
• Jenderal92/WP-CVE-2023-28121
• 1337nemojj/CVE-2023-28121

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.

• spotlightishere/inputcontrol

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

• acceleratortroll/acceleratortroll

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

• h1bAna/CVE-2023-28218

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

• Y3A/CVE-2023-28229

DHCP Server Service Remote Code Execution Vulnerability

• glavstroy/CVE-2023-28231