From 0f6602ff3fed1fc53187da12891d75d8cc34b522 Mon Sep 17 00:00:00 2001 From: motikan2010-bot <k.agena1993@gmail.com> Date: Mon, 16 Dec 2024 09:31:33 +0900 Subject: [PATCH] Auto Update 2024/12/16 00:31:33 --- 2017/CVE-2017-1000486.json | 8 ++++---- 2020/CVE-2020-0041.json | 24 ++++++++++++------------ 2021/CVE-2021-41773.json | 8 ++++---- 2022/CVE-2022-26134.json | 8 ++++---- 2022/CVE-2022-27254.json | 4 ++-- 2022/CVE-2022-34918.json | 8 ++++---- 2022/CVE-2022-44268.json | 4 ++-- 2024/CVE-2024-0044.json | 4 ++-- 2024/CVE-2024-0582.json | 31 +++++++++++++++++++++++++++++++ 2024/CVE-2024-11680.json | 8 ++++---- 2024/CVE-2024-11972.json | 33 +++++++++++++++++++++++++++++++++ 2024/CVE-2024-21413.json | 8 ++++---- 2024/CVE-2024-21542.json | 33 +++++++++++++++++++++++++++++++++ 2024/CVE-2024-25600.json | 8 ++++---- 2024/CVE-2024-35250.json | 8 ++++---- 2024/CVE-2024-3806.json | 8 ++++---- 2024/CVE-2024-4040.json | 8 ++++---- 2024/CVE-2024-4367.json | 16 ++++++++-------- 2024/CVE-2024-4577.json | 16 ++++++++-------- 2024/CVE-2024-53376.json | 33 +++++++++++++++++++++++++++++++++ 2024/CVE-2024-6387.json | 8 ++++---- README.md | 14 ++++++++++++++ 22 files changed, 222 insertions(+), 78 deletions(-) create mode 100644 2024/CVE-2024-11972.json create mode 100644 2024/CVE-2024-21542.json create mode 100644 2024/CVE-2024-53376.json diff --git a/2017/CVE-2017-1000486.json b/2017/CVE-2017-1000486.json index 0992314270..d30d91094e 100644 --- a/2017/CVE-2017-1000486.json +++ b/2017/CVE-2017-1000486.json @@ -14,10 +14,10 @@ "description": "Primefaces <= 5.2.21, 5.3.8 or 6.0 - Remote Code Execution Exploit", "fork": false, "created_at": "2018-09-03T03:11:24Z", - "updated_at": "2024-10-27T16:31:54Z", + "updated_at": "2024-12-15T22:44:35Z", "pushed_at": "2024-02-27T11:56:02Z", - "stargazers_count": 88, - "watchers_count": 88, + "stargazers_count": 89, + "watchers_count": 89, "has_discussions": false, "forks_count": 25, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 25, - "watchers": 88, + "watchers": 89, "score": 0, "subscribers_count": 2 }, diff --git a/2020/CVE-2020-0041.json b/2020/CVE-2020-0041.json index 575a8eecaf..065dc4bfcc 100644 --- a/2020/CVE-2020-0041.json +++ b/2020/CVE-2020-0041.json @@ -14,10 +14,10 @@ "description": "Exploits for Android Binder bug CVE-2020-0041", "fork": false, "created_at": "2020-03-31T17:53:57Z", - "updated_at": "2024-11-30T07:59:39Z", + "updated_at": "2024-12-15T21:43:47Z", "pushed_at": "2020-04-08T08:55:30Z", - "stargazers_count": 222, - "watchers_count": 222, + "stargazers_count": 223, + "watchers_count": 223, "has_discussions": false, "forks_count": 68, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 68, - "watchers": 222, + "watchers": 223, "score": 0, "subscribers_count": 11 }, @@ -45,10 +45,10 @@ "description": null, "fork": false, "created_at": "2020-08-10T21:34:16Z", - "updated_at": "2024-08-08T04:22:28Z", + "updated_at": "2024-12-15T21:39:25Z", "pushed_at": "2024-12-14T15:52:43Z", - "stargazers_count": 49, - "watchers_count": 49, + "stargazers_count": 50, + "watchers_count": 50, "has_discussions": false, "forks_count": 22, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 22, - "watchers": 49, + "watchers": 50, "score": 0, "subscribers_count": 4 }, @@ -138,10 +138,10 @@ "description": "Adapted CVE-2020-0041 root exploit for Pixel 3", "fork": false, "created_at": "2023-08-29T20:48:56Z", - "updated_at": "2024-08-06T15:58:55Z", + "updated_at": "2024-12-15T21:43:42Z", "pushed_at": "2023-08-29T20:50:29Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -150,7 +150,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 4, + "watchers": 5, "score": 0, "subscribers_count": 1 } diff --git a/2021/CVE-2021-41773.json b/2021/CVE-2021-41773.json index 9877ac1050..7ccf16413c 100644 --- a/2021/CVE-2021-41773.json +++ b/2021/CVE-2021-41773.json @@ -2383,10 +2383,10 @@ "description": "Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773", "fork": false, "created_at": "2022-03-12T21:24:55Z", - "updated_at": "2024-12-14T22:41:12Z", + "updated_at": "2024-12-15T22:43:51Z", "pushed_at": "2022-03-12T21:30:58Z", - "stargazers_count": 102, - "watchers_count": 102, + "stargazers_count": 103, + "watchers_count": 103, "has_discussions": false, "forks_count": 34, "allow_forking": true, @@ -2404,7 +2404,7 @@ ], "visibility": "public", "forks": 34, - "watchers": 102, + "watchers": 103, "score": 0, "subscribers_count": 2 }, diff --git a/2022/CVE-2022-26134.json b/2022/CVE-2022-26134.json index 96138ccf5c..db54a1f325 100644 --- a/2022/CVE-2022-26134.json +++ b/2022/CVE-2022-26134.json @@ -441,10 +441,10 @@ "description": null, "fork": false, "created_at": "2022-06-05T20:35:38Z", - "updated_at": "2024-07-15T13:43:50Z", + "updated_at": "2024-12-15T22:44:39Z", "pushed_at": "2022-06-08T15:35:44Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "has_discussions": false, "forks_count": 5, "allow_forking": true, @@ -453,7 +453,7 @@ "topics": [], "visibility": "public", "forks": 5, - "watchers": 6, + "watchers": 7, "score": 0, "subscribers_count": 1 }, diff --git a/2022/CVE-2022-27254.json b/2022/CVE-2022-27254.json index 9a3e21bc87..68c9939fe6 100644 --- a/2022/CVE-2022-27254.json +++ b/2022/CVE-2022-27254.json @@ -19,13 +19,13 @@ "stargazers_count": 454, "watchers_count": 454, "has_discussions": false, - "forks_count": 55, + "forks_count": 56, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 55, + "forks": 56, "watchers": 454, "score": 0, "subscribers_count": 21 diff --git a/2022/CVE-2022-34918.json b/2022/CVE-2022-34918.json index c47c466ae7..6df2473585 100644 --- a/2022/CVE-2022-34918.json +++ b/2022/CVE-2022-34918.json @@ -14,10 +14,10 @@ "description": null, "fork": false, "created_at": "2022-07-19T12:46:45Z", - "updated_at": "2024-11-06T09:16:42Z", + "updated_at": "2024-12-15T22:43:28Z", "pushed_at": "2022-09-06T14:05:22Z", - "stargazers_count": 243, - "watchers_count": 243, + "stargazers_count": 244, + "watchers_count": 244, "has_discussions": false, "forks_count": 35, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 35, - "watchers": 243, + "watchers": 244, "score": 0, "subscribers_count": 12 }, diff --git a/2022/CVE-2022-44268.json b/2022/CVE-2022-44268.json index 403dc0ecd5..fa5231fc4f 100644 --- a/2022/CVE-2022-44268.json +++ b/2022/CVE-2022-44268.json @@ -112,7 +112,7 @@ "stargazers_count": 5, "watchers_count": 5, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -121,7 +121,7 @@ "imagemagick" ], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 5, "score": 0, "subscribers_count": 3 diff --git a/2024/CVE-2024-0044.json b/2024/CVE-2024-0044.json index da0684722f..504fcdfb7e 100644 --- a/2024/CVE-2024-0044.json +++ b/2024/CVE-2024-0044.json @@ -50,13 +50,13 @@ "stargazers_count": 264, "watchers_count": 264, "has_discussions": false, - "forks_count": 60, + "forks_count": 61, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 60, + "forks": 61, "watchers": 264, "score": 0, "subscribers_count": 7 diff --git a/2024/CVE-2024-0582.json b/2024/CVE-2024-0582.json index 2495b16806..e7bb52b963 100644 --- a/2024/CVE-2024-0582.json +++ b/2024/CVE-2024-0582.json @@ -136,5 +136,36 @@ "watchers": 10, "score": 0, "subscribers_count": 1 + }, + { + "id": 903915508, + "name": "CVE-2024-0582", + "full_name": "101010zyl\/CVE-2024-0582", + "owner": { + "login": "101010zyl", + "id": 64526492, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/64526492?v=4", + "html_url": "https:\/\/github.com\/101010zyl", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/101010zyl\/CVE-2024-0582", + "description": "A data-only attack based on CVE-2024-0582", + "fork": false, + "created_at": "2024-12-15T21:56:41Z", + "updated_at": "2024-12-15T22:21:17Z", + "pushed_at": "2024-12-15T22:21:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2024/CVE-2024-11680.json b/2024/CVE-2024-11680.json index 47f04043d7..4cf7dd3c39 100644 --- a/2024/CVE-2024-11680.json +++ b/2024/CVE-2024-11680.json @@ -14,10 +14,10 @@ "description": "This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration issues.", "fork": false, "created_at": "2024-12-04T18:42:43Z", - "updated_at": "2024-12-12T16:35:40Z", + "updated_at": "2024-12-15T23:55:02Z", "pushed_at": "2024-12-11T23:45:31Z", - "stargazers_count": 11, - "watchers_count": 11, + "stargazers_count": 10, + "watchers_count": 10, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 11, + "watchers": 10, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-11972.json b/2024/CVE-2024-11972.json new file mode 100644 index 0000000000..e26bff413b --- /dev/null +++ b/2024/CVE-2024-11972.json @@ -0,0 +1,33 @@ +[ + { + "id": 903941456, + "name": "exploit-CVE-2024-11972", + "full_name": "JunTakemura\/exploit-CVE-2024-11972", + "owner": { + "login": "JunTakemura", + "id": 76585599, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76585599?v=4", + "html_url": "https:\/\/github.com\/JunTakemura", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/JunTakemura\/exploit-CVE-2024-11972", + "description": "Exploit for CVE-2024-11972, Hunk Companion < 1.9.0 Unauthorized Plugin Installation", + "fork": false, + "created_at": "2024-12-15T23:54:15Z", + "updated_at": "2024-12-16T00:15:27Z", + "pushed_at": "2024-12-16T00:15:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-21413.json b/2024/CVE-2024-21413.json index 6521706f55..bc7d9480a9 100644 --- a/2024/CVE-2024-21413.json +++ b/2024/CVE-2024-21413.json @@ -45,10 +45,10 @@ "description": "Microsoft-Outlook-Remote-Code-Execution-Vulnerability", "fork": false, "created_at": "2024-02-16T15:17:59Z", - "updated_at": "2024-12-12T17:05:29Z", + "updated_at": "2024-12-15T22:10:15Z", "pushed_at": "2024-02-19T20:00:35Z", - "stargazers_count": 708, - "watchers_count": 708, + "stargazers_count": 709, + "watchers_count": 709, "has_discussions": false, "forks_count": 153, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 153, - "watchers": 708, + "watchers": 709, "score": 0, "subscribers_count": 10 }, diff --git a/2024/CVE-2024-21542.json b/2024/CVE-2024-21542.json new file mode 100644 index 0000000000..32ed0682d9 --- /dev/null +++ b/2024/CVE-2024-21542.json @@ -0,0 +1,33 @@ +[ + { + "id": 903920080, + "name": "Poc-CVE-2024-21542", + "full_name": "L3ster1337\/Poc-CVE-2024-21542", + "owner": { + "login": "L3ster1337", + "id": 44538226, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44538226?v=4", + "html_url": "https:\/\/github.com\/L3ster1337", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/L3ster1337\/Poc-CVE-2024-21542", + "description": null, + "fork": false, + "created_at": "2024-12-15T22:17:15Z", + "updated_at": "2024-12-15T22:33:02Z", + "pushed_at": "2024-12-15T22:32:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-25600.json b/2024/CVE-2024-25600.json index 75d245e16e..01e3db48f1 100644 --- a/2024/CVE-2024-25600.json +++ b/2024/CVE-2024-25600.json @@ -14,10 +14,10 @@ "description": "Unauthenticated Remote Code Execution – Bricks <= 1.9.6", "fork": false, "created_at": "2024-02-20T20:16:09Z", - "updated_at": "2024-12-06T23:49:37Z", + "updated_at": "2024-12-15T22:44:06Z", "pushed_at": "2024-02-25T21:50:09Z", - "stargazers_count": 152, - "watchers_count": 152, + "stargazers_count": 153, + "watchers_count": 153, "has_discussions": false, "forks_count": 33, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 33, - "watchers": 152, + "watchers": 153, "score": 0, "subscribers_count": 3 }, diff --git a/2024/CVE-2024-35250.json b/2024/CVE-2024-35250.json index ddd2577734..05ec0fabaa 100644 --- a/2024/CVE-2024-35250.json +++ b/2024/CVE-2024-35250.json @@ -14,10 +14,10 @@ "description": "PoC for the Untrusted Pointer Dereference in the ks.sys driver", "fork": false, "created_at": "2024-10-13T19:30:20Z", - "updated_at": "2024-12-14T18:10:42Z", + "updated_at": "2024-12-16T00:30:08Z", "pushed_at": "2024-11-29T16:56:23Z", - "stargazers_count": 220, - "watchers_count": 220, + "stargazers_count": 221, + "watchers_count": 221, "has_discussions": false, "forks_count": 46, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 46, - "watchers": 220, + "watchers": 221, "score": 0, "subscribers_count": 6 }, diff --git a/2024/CVE-2024-3806.json b/2024/CVE-2024-3806.json index 56fb9c761c..54b57c254c 100644 --- a/2024/CVE-2024-3806.json +++ b/2024/CVE-2024-3806.json @@ -14,10 +14,10 @@ "description": "CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta", "fork": false, "created_at": "2024-05-10T16:13:07Z", - "updated_at": "2024-08-09T05:21:42Z", + "updated_at": "2024-12-15T18:49:18Z", "pushed_at": "2024-05-10T17:58:19Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 7, + "watchers": 8, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-4040.json b/2024/CVE-2024-4040.json index 405d18617d..93e50cba06 100644 --- a/2024/CVE-2024-4040.json +++ b/2024/CVE-2024-4040.json @@ -138,10 +138,10 @@ "description": "CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support", "fork": false, "created_at": "2024-04-25T19:51:38Z", - "updated_at": "2024-12-03T18:32:16Z", + "updated_at": "2024-12-15T22:44:40Z", "pushed_at": "2024-07-07T23:47:58Z", - "stargazers_count": 55, - "watchers_count": 55, + "stargazers_count": 56, + "watchers_count": 56, "has_discussions": false, "forks_count": 7, "allow_forking": true, @@ -165,7 +165,7 @@ ], "visibility": "public", "forks": 7, - "watchers": 55, + "watchers": 56, "score": 0, "subscribers_count": 2 }, diff --git a/2024/CVE-2024-4367.json b/2024/CVE-2024-4367.json index 70a57fa62a..a3722801f7 100644 --- a/2024/CVE-2024-4367.json +++ b/2024/CVE-2024-4367.json @@ -14,10 +14,10 @@ "description": "CVE-2024-4367 & CVE-2024-34342 Proof of Concept", "fork": false, "created_at": "2024-05-20T10:02:23Z", - "updated_at": "2024-12-05T08:06:40Z", + "updated_at": "2024-12-15T22:43:58Z", "pushed_at": "2024-06-07T03:28:00Z", - "stargazers_count": 139, - "watchers_count": 139, + "stargazers_count": 140, + "watchers_count": 140, "has_discussions": false, "forks_count": 20, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 20, - "watchers": 139, + "watchers": 140, "score": 0, "subscribers_count": 2 }, @@ -216,10 +216,10 @@ "description": "This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367", "fork": false, "created_at": "2024-06-17T11:39:41Z", - "updated_at": "2024-11-25T04:23:00Z", + "updated_at": "2024-12-15T22:43:59Z", "pushed_at": "2024-06-20T13:40:31Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -228,7 +228,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 7, + "watchers": 8, "score": 0, "subscribers_count": 6 }, diff --git a/2024/CVE-2024-4577.json b/2024/CVE-2024-4577.json index 63d6b6b925..b85030daec 100644 --- a/2024/CVE-2024-4577.json +++ b/2024/CVE-2024-4577.json @@ -169,10 +169,10 @@ "description": "PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC", "fork": false, "created_at": "2024-06-07T09:52:54Z", - "updated_at": "2024-12-14T02:25:02Z", + "updated_at": "2024-12-15T22:44:00Z", "pushed_at": "2024-06-22T15:13:52Z", - "stargazers_count": 240, - "watchers_count": 240, + "stargazers_count": 241, + "watchers_count": 241, "has_discussions": false, "forks_count": 52, "allow_forking": true, @@ -181,7 +181,7 @@ "topics": [], "visibility": "public", "forks": 52, - "watchers": 240, + "watchers": 241, "score": 0, "subscribers_count": 4 }, @@ -510,10 +510,10 @@ "description": "PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template", "fork": false, "created_at": "2024-06-08T12:23:35Z", - "updated_at": "2024-11-16T19:51:48Z", + "updated_at": "2024-12-15T22:43:59Z", "pushed_at": "2024-06-19T16:19:57Z", - "stargazers_count": 24, - "watchers_count": 24, + "stargazers_count": 25, + "watchers_count": 25, "has_discussions": false, "forks_count": 10, "allow_forking": true, @@ -529,7 +529,7 @@ ], "visibility": "public", "forks": 10, - "watchers": 24, + "watchers": 25, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-53376.json b/2024/CVE-2024-53376.json new file mode 100644 index 0000000000..00394c30ed --- /dev/null +++ b/2024/CVE-2024-53376.json @@ -0,0 +1,33 @@ +[ + { + "id": 903925414, + "name": "CVE-2024-53376", + "full_name": "ThottySploity\/CVE-2024-53376", + "owner": { + "login": "ThottySploity", + "id": 119318084, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/119318084?v=4", + "html_url": "https:\/\/github.com\/ThottySploity", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/ThottySploity\/CVE-2024-53376", + "description": "CyberPanel authenticated RCE < 2.3.8", + "fork": false, + "created_at": "2024-12-15T22:40:52Z", + "updated_at": "2024-12-15T23:04:47Z", + "pushed_at": "2024-12-15T23:04:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-6387.json b/2024/CVE-2024-6387.json index 33af34996e..ffea85073d 100644 --- a/2024/CVE-2024-6387.json +++ b/2024/CVE-2024-6387.json @@ -14,10 +14,10 @@ "description": "a signal handler race condition in OpenSSH's server (sshd)", "fork": false, "created_at": "2024-07-01T10:55:29Z", - "updated_at": "2024-12-14T04:05:34Z", + "updated_at": "2024-12-15T23:08:09Z", "pushed_at": "2024-07-01T10:54:02Z", - "stargazers_count": 469, - "watchers_count": 469, + "stargazers_count": 470, + "watchers_count": 470, "has_discussions": false, "forks_count": 181, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 181, - "watchers": 469, + "watchers": 470, "score": 0, "subscribers_count": 5 }, diff --git a/README.md b/README.md index e392b70a4f..5ca014b5a1 100644 --- a/README.md +++ b/README.md @@ -191,6 +191,7 @@ - [Forsaken0129/CVE-2024-0582](https://github.com/Forsaken0129/CVE-2024-0582) - [0ptyx/cve-2024-0582](https://github.com/0ptyx/cve-2024-0582) - [geniuszlyy/CVE-2024-0582](https://github.com/geniuszlyy/CVE-2024-0582) +- [101010zyl/CVE-2024-0582](https://github.com/101010zyl/CVE-2024-0582) ### CVE-2024-0588 (2024-04-09) @@ -2307,6 +2308,9 @@ - [samogod/CVE-2024-11728](https://github.com/samogod/CVE-2024-11728) +### CVE-2024-11972 +- [JunTakemura/exploit-CVE-2024-11972](https://github.com/JunTakemura/exploit-CVE-2024-11972) + ### CVE-2024-12155 (2024-12-06) <code>The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. @@ -2574,6 +2578,13 @@ - [XiaomingX/cve-2024-21534-poc](https://github.com/XiaomingX/cve-2024-21534-poc) - [verylazytech/cve-2024-21534](https://github.com/verylazytech/cve-2024-21534) +### CVE-2024-21542 (2024-12-10) + +<code>Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function. +</code> + +- [L3ster1337/Poc-CVE-2024-21542](https://github.com/L3ster1337/Poc-CVE-2024-21542) + ### CVE-2024-21626 (2024-01-31) <code>runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. @@ -7415,6 +7426,9 @@ - [ThottySploity/CVE-2024-53375](https://github.com/ThottySploity/CVE-2024-53375) +### CVE-2024-53376 +- [ThottySploity/CVE-2024-53376](https://github.com/ThottySploity/CVE-2024-53376) + ### CVE-2024-53617 (2024-12-02) <code>A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.