mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2023/12/13 18:59:38

Browse source
This commit is contained in:
motikan2010-bot 2023-12-14 03:59:38 +09:00
parent 99dd9bbfa0
commit 2fb72ae6aa
49 changed files with 821 additions and 124 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
2011/CVE-2011-2523.json
View file

@ -389,12 +389,12 @@
"description": "Python exploit for CVE-2011-2523 (VSFTPD 2.3.4 Backdoor Command Execution)",
"fork": false,
"created_at": "2023-11-28T10:52:33Z",
"updated_at": "2023-11-28T11:03:46Z",
"updated_at": "2023-12-13T13:37:13Z",
"pushed_at": "2023-11-28T13:36:42Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -407,8 +407,8 @@
"vsftpd-exploit"
],
"visibility": "public",
"forks": 0,
"watchers": 0,
"forks": 1,
"watchers": 3,
"score": 0,
"subscribers_count": 1
}

32
2016/CVE-2016-4631.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 63757542,
"name": "tiffdisabler",
"full_name": "hansnielsen\/tiffdisabler",
"owner": {
"login": "hansnielsen",
"id": 1776705,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1776705?v=4",
"html_url": "https:\/\/github.com\/hansnielsen"
},
"html_url": "https:\/\/github.com\/hansnielsen\/tiffdisabler",
"description": "Disables ImageIO TIFF support to protect against CVE-2016-4631",
"fork": false,
"created_at": "2016-07-20T06:47:07Z",
"updated_at": "2018-09-18T00:11:49Z",
"pushed_at": "2016-07-24T12:58:14Z",
"stargazers_count": 10,
"watchers_count": 10,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 10,
"score": 0,
"subscribers_count": 3
}
]

30
2016/CVE-2016-6662.json
View file

@ -1,4 +1,34 @@
[
{
"id": 68207529,
"name": "mysqld_safe-CVE-2016-6662-patch",
"full_name": "konstantin-kelemen\/mysqld_safe-CVE-2016-6662-patch",
"owner": {
"login": "konstantin-kelemen",
"id": 19798607,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19798607?v=4",
"html_url": "https:\/\/github.com\/konstantin-kelemen"
},
"html_url": "https:\/\/github.com\/konstantin-kelemen\/mysqld_safe-CVE-2016-6662-patch",
"description": "MySQL server CVE-2016-6662 patch playbook",
"fork": false,
"created_at": "2016-09-14T13:12:21Z",
"updated_at": "2016-09-14T13:12:21Z",
"pushed_at": "2016-09-15T11:26:19Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 2
},
{
"id": 68305019,
"name": "ansible-mysql-cve-2016-6662",

8
2017/CVE-2017-11882.json
View file

@ -73,10 +73,10 @@
"description": "CVE-2017-11882 from https:\/\/github.com\/embedi\/CVE-2017-11882",
"fork": false,
"created_at": "2017-11-21T05:55:53Z",
"updated_at": "2023-12-08T14:48:00Z",
"updated_at": "2023-12-13T13:12:43Z",
"pushed_at": "2017-11-29T03:33:53Z",
"stargazers_count": 534,
"watchers_count": 534,
"stargazers_count": 535,
"watchers_count": 535,
"has_discussions": false,
"forks_count": 263,
"allow_forking": true,
@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 263,
"watchers": 534,
"watchers": 535,
"score": 0,
"subscribers_count": 28
},

8
2017/CVE-2017-7921.json
View file

@ -13,10 +13,10 @@
"description": "Hikvision camera CVE-2017-7921-EXP",
"fork": false,
"created_at": "2020-04-27T11:49:40Z",
"updated_at": "2023-10-30T07:34:54Z",
"updated_at": "2023-12-13T16:11:21Z",
"pushed_at": "2023-12-04T15:47:16Z",
"stargazers_count": 76,
"watchers_count": 76,
"stargazers_count": 77,
"watchers_count": 77,
"has_discussions": false,
"forks_count": 16,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 16,
"watchers": 76,
"watchers": 77,
"score": 0,
"subscribers_count": 3
},

8
2018/CVE-2018-15133.json
View file

@ -163,10 +163,10 @@
"description": "Exploit for Laravel Remote Code Execution with API_KEY (CVE-2018-15133)",
"fork": false,
"created_at": "2020-11-13T16:33:52Z",
"updated_at": "2023-12-09T07:12:54Z",
"updated_at": "2023-12-13T16:44:26Z",
"pushed_at": "2020-12-31T20:34:30Z",
"stargazers_count": 39,
"watchers_count": 39,
"stargazers_count": 40,
"watchers_count": 40,
"has_discussions": false,
"forks_count": 17,
"allow_forking": true,
@ -175,7 +175,7 @@
"topics": [],
"visibility": "public",
"forks": 17,
"watchers": 39,
"watchers": 40,
"score": 0,
"subscribers_count": 2
},

8
2018/CVE-2018-6242.json
View file

@ -13,10 +13,10 @@
"description": "My first Android app: Launch Fusée Gelée payloads from stock Android (CVE-2018-6242)",
"fork": false,
"created_at": "2018-04-28T11:50:00Z",
"updated_at": "2023-12-11T04:51:03Z",
"updated_at": "2023-12-13T14:30:27Z",
"pushed_at": "2022-12-11T10:44:39Z",
"stargazers_count": 503,
"watchers_count": 503,
"stargazers_count": 505,
"watchers_count": 505,
"has_discussions": false,
"forks_count": 61,
"allow_forking": true,
@ -32,7 +32,7 @@
],
"visibility": "public",
"forks": 61,
"watchers": 503,
"watchers": 505,
"score": 0,
"subscribers_count": 57
},

2
2018/CVE-2018-6574.json
View file

@ -2459,6 +2459,6 @@
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
"subscribers_count": 1
}
]

8
2019/CVE-2019-11358.json
View file

@ -81,10 +81,10 @@
"description": "patches for SNYK-JS-JQUERY-565129, SNYK-JS-JQUERY-567880, CVE-2020-1102, CVE-2020-11023, includes the patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428",
"fork": false,
"created_at": "2020-04-14T19:12:01Z",
"updated_at": "2023-08-29T13:31:22Z",
"updated_at": "2023-12-13T13:47:00Z",
"pushed_at": "2022-08-22T12:00:56Z",
"stargazers_count": 20,
"watchers_count": 20,
"stargazers_count": 21,
"watchers_count": 21,
"has_discussions": false,
"forks_count": 11,
"allow_forking": true,
@ -105,7 +105,7 @@
],
"visibility": "public",
"forks": 11,
"watchers": 20,
"watchers": 21,
"score": 0,
"subscribers_count": 7
},

30
2019/CVE-2019-2215.json
View file

@ -119,6 +119,36 @@
"score": 0,
"subscribers_count": 9
},
{
"id": 237150232,
"name": "CVE-2019-2215",
"full_name": "LIznzn\/CVE-2019-2215",
"owner": {
"login": "LIznzn",
"id": 8838409,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8838409?v=4",
"html_url": "https:\/\/github.com\/LIznzn"
},
"html_url": "https:\/\/github.com\/LIznzn\/CVE-2019-2215",
"description": "Temproot for Bravia TV via CVE-2019-2215.",
"fork": false,
"created_at": "2020-01-30T06:06:32Z",
"updated_at": "2023-10-05T08:39:58Z",
"pushed_at": "2020-02-20T02:41:44Z",
"stargazers_count": 22,
"watchers_count": 22,
"has_discussions": false,
"forks_count": 8,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 8,
"watchers": 22,
"score": 0,
"subscribers_count": 5
},
{
"id": 241095749,
"name": "cve-2019-2215",

8
2020/CVE-2020-1102.json
View file

@ -13,10 +13,10 @@
"description": "patches for SNYK-JS-JQUERY-565129, SNYK-JS-JQUERY-567880, CVE-2020-1102, CVE-2020-11023, includes the patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428",
"fork": false,
"created_at": "2020-04-14T19:12:01Z",
"updated_at": "2023-08-29T13:31:22Z",
"updated_at": "2023-12-13T13:47:00Z",
"pushed_at": "2022-08-22T12:00:56Z",
"stargazers_count": 20,
"watchers_count": 20,
"stargazers_count": 21,
"watchers_count": 21,
"has_discussions": false,
"forks_count": 11,
"allow_forking": true,
@ -37,7 +37,7 @@
],
"visibility": "public",
"forks": 11,
"watchers": 20,
"watchers": 21,
"score": 0,
"subscribers_count": 7
}

4
2020/CVE-2020-1938.json
View file

@ -78,13 +78,13 @@
"stargazers_count": 113,
"watchers_count": 113,
"has_discussions": false,
"forks_count": 72,
"forks_count": 71,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 72,
"forks": 71,
"watchers": 113,
"score": 0,
"subscribers_count": 3

8
2020/CVE-2020-2551.json
View file

@ -94,10 +94,10 @@
"description": "how detect CVE-2020-2551 poc exploit python Weblogic RCE with IIOP",
"fork": false,
"created_at": "2020-01-19T13:01:32Z",
"updated_at": "2023-12-13T06:42:09Z",
"updated_at": "2023-12-13T12:35:21Z",
"pushed_at": "2023-03-05T12:40:59Z",
"stargazers_count": 208,
"watchers_count": 208,
"stargazers_count": 209,
"watchers_count": 209,
"has_discussions": false,
"forks_count": 49,
"allow_forking": true,
@ -106,7 +106,7 @@
"topics": [],
"visibility": "public",
"forks": 49,
"watchers": 208,
"watchers": 209,
"score": 0,
"subscribers_count": 5
},

8
2020/CVE-2020-2555.json
View file

@ -163,10 +163,10 @@
"description": "poc for CVE-2020-2555",
"fork": false,
"created_at": "2021-11-15T09:06:42Z",
"updated_at": "2022-01-09T06:09:40Z",
"updated_at": "2023-12-13T14:06:34Z",
"pushed_at": "2021-11-15T09:16:25Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -175,7 +175,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 2
}

8
2021/CVE-2021-22205.json
View file

@ -133,10 +133,10 @@
"description": "CVE-2021-22205& GitLab CE\/EE RCE",
"fork": false,
"created_at": "2021-10-29T04:30:45Z",
"updated_at": "2023-12-08T12:43:37Z",
"updated_at": "2023-12-13T17:02:01Z",
"pushed_at": "2022-11-16T08:14:33Z",
"stargazers_count": 244,
"watchers_count": 244,
"stargazers_count": 246,
"watchers_count": 246,
"has_discussions": false,
"forks_count": 102,
"allow_forking": true,
@ -147,7 +147,7 @@
],
"visibility": "public",
"forks": 102,
"watchers": 244,
"watchers": 246,
"score": 0,
"subscribers_count": 3
},

8
2021/CVE-2021-34473.json
View file

@ -193,10 +193,10 @@
"description": "CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability",
"fork": false,
"created_at": "2022-06-29T12:37:31Z",
"updated_at": "2023-12-13T05:49:12Z",
"updated_at": "2023-12-13T16:01:00Z",
"pushed_at": "2022-06-30T08:36:58Z",
"stargazers_count": 23,
"watchers_count": 23,
"stargazers_count": 24,
"watchers_count": 24,
"has_discussions": false,
"forks_count": 5,
"allow_forking": true,
@ -205,7 +205,7 @@
"topics": [],
"visibility": "public",
"forks": 5,
"watchers": 23,
"watchers": 24,
"score": 0,
"subscribers_count": 2
},

8
2021/CVE-2021-35211.json
View file

@ -73,10 +73,10 @@
"description": null,
"fork": false,
"created_at": "2022-01-14T05:52:17Z",
"updated_at": "2023-12-04T18:12:43Z",
"updated_at": "2023-12-13T18:38:30Z",
"pushed_at": "2022-01-14T05:56:09Z",
"stargazers_count": 32,
"watchers_count": 32,
"stargazers_count": 33,
"watchers_count": 33,
"has_discussions": false,
"forks_count": 9,
"allow_forking": true,
@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 32,
"watchers": 33,
"score": 0,
"subscribers_count": 4
}

12
2021/CVE-2021-4034.json
View file

@ -938,12 +938,12 @@
"description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation",
"fork": false,
"created_at": "2022-01-26T14:26:10Z",
"updated_at": "2023-12-12T10:50:10Z",
"updated_at": "2023-12-13T16:15:44Z",
"pushed_at": "2022-06-21T14:52:05Z",
"stargazers_count": 916,
"watchers_count": 916,
"stargazers_count": 917,
"watchers_count": 917,
"has_discussions": false,
"forks_count": 176,
"forks_count": 177,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -951,8 +951,8 @@
"cve-2021-4034"
],
"visibility": "public",
"forks": 176,
"watchers": 916,
"forks": 177,
"watchers": 917,
"score": 0,
"subscribers_count": 14
},

98
2021/CVE-2021-41773.json
View file

@ -59,6 +59,36 @@
"score": 0,
"subscribers_count": 2
},
{
"id": 413901787,
"name": "CVE-2021-41773",
"full_name": "knqyf263\/CVE-2021-41773",
"owner": {
"login": "knqyf263",
"id": 2253692,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2253692?v=4",
"html_url": "https:\/\/github.com\/knqyf263"
},
"html_url": "https:\/\/github.com\/knqyf263\/CVE-2021-41773",
"description": "Path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) ",
"fork": false,
"created_at": "2021-10-05T16:45:41Z",
"updated_at": "2023-12-08T12:43:35Z",
"pushed_at": "2021-10-06T05:40:34Z",
"stargazers_count": 10,
"watchers_count": 10,
"has_discussions": false,
"forks_count": 7,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 7,
"watchers": 10,
"score": 0,
"subscribers_count": 3
},
{
"id": 413916578,
"name": "CVE-2021-41773-PoC",
@ -312,6 +342,36 @@
"score": 0,
"subscribers_count": 2
},
{
"id": 414050354,
"name": "CVE-2021-41773-PoC",
"full_name": "habibiefaried\/CVE-2021-41773-PoC",
"owner": {
"login": "habibiefaried",
"id": 4345690,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4345690?v=4",
"html_url": "https:\/\/github.com\/habibiefaried"
},
"html_url": "https:\/\/github.com\/habibiefaried\/CVE-2021-41773-PoC",
"description": "PoC for CVE-2021-41773 with docker to demonstrate",
"fork": false,
"created_at": "2021-10-06T03:01:41Z",
"updated_at": "2023-09-28T11:32:04Z",
"pushed_at": "2021-10-06T05:39:24Z",
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 4,
"watchers": 5,
"score": 0,
"subscribers_count": 2
},
{
"id": 414082287,
"name": "CVE-2021-41773-POC",
@ -342,6 +402,36 @@
"score": 0,
"subscribers_count": 2
},
{
"id": 414082633,
"name": "cve-2021-41773-nse",
"full_name": "TAI-REx\/cve-2021-41773-nse",
"owner": {
"login": "TAI-REx",
"id": 78527947,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/78527947?v=4",
"html_url": "https:\/\/github.com\/TAI-REx"
},
"html_url": "https:\/\/github.com\/TAI-REx\/cve-2021-41773-nse",
"description": "CVE-2021-41773.nse",
"fork": false,
"created_at": "2021-10-06T05:36:22Z",
"updated_at": "2021-11-26T18:07:10Z",
"pushed_at": "2021-10-06T05:23:16Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 414108838,
"name": "CVE-2021-41773",
@ -416,10 +506,10 @@
"description": "Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)",
"fork": false,
"created_at": "2021-10-06T13:39:57Z",
"updated_at": "2023-09-28T11:32:05Z",
"updated_at": "2023-12-13T13:48:24Z",
"pushed_at": "2021-10-06T14:15:45Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 5,
"allow_forking": true,
@ -428,7 +518,7 @@
"topics": [],
"visibility": "public",
"forks": 5,
"watchers": 4,
"watchers": 5,
"score": 0,
"subscribers_count": 2
},

30
2022/CVE-2022-1329.json
View file

@ -94,5 +94,35 @@
"watchers": 3,
"score": 0,
"subscribers_count": 1
},
{
"id": 594762176,
"name": "CVE-2022-1329",
"full_name": "dexit\/CVE-2022-1329",
"owner": {
"login": "dexit",
"id": 6205151,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6205151?v=4",
"html_url": "https:\/\/github.com\/dexit"
},
"html_url": "https:\/\/github.com\/dexit\/CVE-2022-1329",
"description": "The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~\/core\/app\/modules\/onboarding\/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to o CVE project by @Sn0wAlice",
"fork": false,
"created_at": "2023-01-29T15:13:34Z",
"updated_at": "2023-02-20T12:39:20Z",
"pushed_at": "2022-12-28T12:11:47Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

30
2022/CVE-2022-20473.json
View file

@ -1,4 +1,34 @@
[
{
"id": 584289667,
"name": "frameworks_minikin_AOSP10_r33_CVE-2022-20473",
"full_name": "Trinadh465\/frameworks_minikin_AOSP10_r33_CVE-2022-20473",
"owner": {
"login": "Trinadh465",
"id": 102574296,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/102574296?v=4",
"html_url": "https:\/\/github.com\/Trinadh465"
},
"html_url": "https:\/\/github.com\/Trinadh465\/frameworks_minikin_AOSP10_r33_CVE-2022-20473",
"description": null,
"fork": false,
"created_at": "2023-01-02T05:55:37Z",
"updated_at": "2023-01-02T05:55:37Z",
"pushed_at": null,
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 584624006,
"name": "frameworks_minikin_AOSP10_r33-CVE-2022-20473",

32
2022/CVE-2022-20607.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 598379401,
"name": "CVE-2022-20607",
"full_name": "sumeetIT\/CVE-2022-20607",
"owner": {
"login": "sumeetIT",
"id": 54736912,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/54736912?v=4",
"html_url": "https:\/\/github.com\/sumeetIT"
},
"html_url": "https:\/\/github.com\/sumeetIT\/CVE-2022-20607",
"description": "In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N\/A CVE project by @Sn0wAlice",
"fork": false,
"created_at": "2023-02-07T01:28:29Z",
"updated_at": "2023-02-20T12:01:39Z",
"pushed_at": "2022-12-27T12:10:40Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

4
2022/CVE-2022-25765.json
View file

@ -48,13 +48,13 @@
"stargazers_count": 21,
"watchers_count": 21,
"has_discussions": false,
"forks_count": 10,
"forks_count": 11,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 10,
"forks": 11,
"watchers": 21,
"score": 0,
"subscribers_count": 1

30
2022/CVE-2022-28346.json
View file

@ -58,5 +58,35 @@
"watchers": 23,
"score": 0,
"subscribers_count": 3
},
{
"id": 609374925,
"name": "CVE-2022-28346",
"full_name": "vincentinttsh\/CVE-2022-28346",
"owner": {
"login": "vincentinttsh",
"id": 14941597,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/14941597?v=4",
"html_url": "https:\/\/github.com\/vincentinttsh"
},
"html_url": "https:\/\/github.com\/vincentinttsh\/CVE-2022-28346",
"description": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.",
"fork": false,
"created_at": "2023-03-04T01:43:58Z",
"updated_at": "2022-08-24T08:06:59Z",
"pushed_at": "2022-05-15T00:53:22Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
}
]

32
2022/CVE-2022-29170.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 594668634,
"name": "CVE-2022-29170",
"full_name": "yijikeji\/CVE-2022-29170",
"owner": {
"login": "yijikeji",
"id": 42433368,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/42433368?v=4",
"html_url": "https:\/\/github.com\/yijikeji"
},
"html_url": "https:\/\/github.com\/yijikeji\/CVE-2022-29170",
"description": "Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesnt call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5. CVE project by @Sn0wAlice",
"fork": false,
"created_at": "2023-01-29T09:10:44Z",
"updated_at": "2023-02-20T13:57:30Z",
"pushed_at": "2022-12-29T07:40:17Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

30
2022/CVE-2022-29455.json
View file

@ -59,6 +59,36 @@
"score": 0,
"subscribers_count": 1
},
{
"id": 584983892,
"name": "CVE-2022-29455",
"full_name": "5l1v3r1\/CVE-2022-29455",
"owner": {
"login": "5l1v3r1",
"id": 34143537,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/34143537?v=4",
"html_url": "https:\/\/github.com\/5l1v3r1"
},
"html_url": "https:\/\/github.com\/5l1v3r1\/CVE-2022-29455",
"description": "DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. ",
"fork": false,
"created_at": "2023-01-04T02:40:39Z",
"updated_at": "2023-01-04T02:40:35Z",
"pushed_at": "2022-11-27T18:46:07Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 585658055,
"name": "CVE-2022-29455",

8
2022/CVE-2022-3602.json
View file

@ -13,10 +13,10 @@
"description": "Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3",
"fork": false,
"created_at": "2022-10-28T09:51:41Z",
"updated_at": "2023-12-08T12:42:11Z",
"updated_at": "2023-12-13T13:10:17Z",
"pushed_at": "2022-11-18T15:47:17Z",
"stargazers_count": 533,
"watchers_count": 533,
"stargazers_count": 534,
"watchers_count": 534,
"has_discussions": false,
"forks_count": 114,
"allow_forking": true,
@ -30,7 +30,7 @@
],
"visibility": "public",
"forks": 114,
"watchers": 533,
"watchers": 534,
"score": 0,
"subscribers_count": 47
},

32
2022/CVE-2022-40363.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 590734045,
"name": "CVE-2022-40363",
"full_name": "Olafdaf\/CVE-2022-40363",
"owner": {
"login": "Olafdaf",
"id": 123042506,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/123042506?v=4",
"html_url": "https:\/\/github.com\/Olafdaf"
},
"html_url": "https:\/\/github.com\/Olafdaf\/CVE-2022-40363",
"description": "A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file. CVE project by @Sn0wAlice",
"fork": false,
"created_at": "2023-01-19T04:19:42Z",
"updated_at": "2023-12-05T04:28:03Z",
"pushed_at": "2022-12-29T11:12:27Z",
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 5,
"score": 0,
"subscribers_count": 0
}
]

32
2022/CVE-2022-40769.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 594246349,
"name": "CVE-2022-40769",
"full_name": "PLSRcoin\/CVE-2022-40769",
"owner": {
"login": "PLSRcoin",
"id": 99826299,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/99826299?v=4",
"html_url": "https:\/\/github.com\/PLSRcoin"
},
"html_url": "https:\/\/github.com\/PLSRcoin\/CVE-2022-40769",
"description": "profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022. CVE project by @Sn0wAlice",
"fork": false,
"created_at": "2023-01-28T00:12:31Z",
"updated_at": "2023-02-20T14:52:04Z",
"pushed_at": "2022-12-29T15:29:39Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

32
2022/CVE-2022-41076.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 595651423,
"name": "CVE-2022-41076",
"full_name": "5l1v3r1\/CVE-2022-41076",
"owner": {
"login": "5l1v3r1",
"id": 34143537,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/34143537?v=4",
"html_url": "https:\/\/github.com\/5l1v3r1"
},
"html_url": "https:\/\/github.com\/5l1v3r1\/CVE-2022-41076",
"description": "PowerShell Remote Code Execution Vulnerability. CVE project by @Sn0wAlice",
"fork": false,
"created_at": "2023-01-31T14:32:39Z",
"updated_at": "2023-02-20T12:06:24Z",
"pushed_at": "2022-12-27T16:03:57Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
}
]

32
2022/CVE-2022-41114.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 584184679,
"name": "CVE-2022-41114",
"full_name": "gmh5225\/CVE-2022-41114",
"owner": {
"login": "gmh5225",
"id": 13917777,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/13917777?v=4",
"html_url": "https:\/\/github.com\/gmh5225"
},
"html_url": "https:\/\/github.com\/gmh5225\/CVE-2022-41114",
"description": "Windows Bind Filter Driver Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice",
"fork": false,
"created_at": "2023-01-01T18:30:30Z",
"updated_at": "2023-02-20T12:35:54Z",
"pushed_at": "2022-12-28T09:34:52Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
}
]

30
2022/CVE-2022-41352.json
View file

@ -66,6 +66,36 @@
"score": 0,
"subscribers_count": 2
},
{
"id": 651133271,
"name": "cve-2022-41352-zimbra-rce-1",
"full_name": "lolminerxmrig\/cve-2022-41352-zimbra-rce-1",
"owner": {
"login": "lolminerxmrig",
"id": 108659226,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/108659226?v=4",
"html_url": "https:\/\/github.com\/lolminerxmrig"
},
"html_url": "https:\/\/github.com\/lolminerxmrig\/cve-2022-41352-zimbra-rce-1",
"description": null,
"fork": false,
"created_at": "2023-06-08T15:08:23Z",
"updated_at": "2023-12-10T16:15:47Z",
"pushed_at": "2022-11-21T07:10:46Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 729969528,
"name": "cve-2022-41352-zimbra-rce",

8
2023/CVE-2023-21716.json
View file

@ -43,10 +43,10 @@
"description": "RTF Crash POC Python 3.11 Windows 10",
"fork": false,
"created_at": "2023-03-07T15:03:43Z",
"updated_at": "2023-12-11T06:17:48Z",
"updated_at": "2023-12-13T16:09:56Z",
"pushed_at": "2023-03-07T15:17:47Z",
"stargazers_count": 47,
"watchers_count": 47,
"stargazers_count": 48,
"watchers_count": 48,
"has_discussions": false,
"forks_count": 13,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 13,
"watchers": 47,
"watchers": 48,
"score": 0,
"subscribers_count": 3
},

8
2023/CVE-2023-21752.json
View file

@ -13,10 +13,10 @@
"description": null,
"fork": false,
"created_at": "2023-01-10T15:59:26Z",
"updated_at": "2023-12-12T19:53:52Z",
"updated_at": "2023-12-13T13:10:19Z",
"pushed_at": "2023-01-13T09:01:20Z",
"stargazers_count": 292,
"watchers_count": 292,
"stargazers_count": 293,
"watchers_count": 293,
"has_discussions": false,
"forks_count": 66,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 66,
"watchers": 292,
"watchers": 293,
"score": 0,
"subscribers_count": 5
},

8
2023/CVE-2023-25136.json
View file

@ -133,10 +133,10 @@
"description": "OpenSSH 9.1 vulnerability mass scan and exploit",
"fork": false,
"created_at": "2023-04-28T19:46:03Z",
"updated_at": "2023-10-15T22:02:58Z",
"updated_at": "2023-12-13T18:52:53Z",
"pushed_at": "2023-04-28T20:29:10Z",
"stargazers_count": 5,
"watchers_count": 5,
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -145,7 +145,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 5,
"watchers": 6,
"score": 0,
"subscribers_count": 1
},

35
2023/CVE-2023-26035.json
View file

@ -31,5 +31,40 @@
"watchers": 2,
"score": 0,
"subscribers_count": 1
},
{
"id": 731218902,
"name": "CVE-2023-26035",
"full_name": "heapbytes\/CVE-2023-26035",
"owner": {
"login": "heapbytes",
"id": 56447720,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/56447720?v=4",
"html_url": "https:\/\/github.com\/heapbytes"
},
"html_url": "https:\/\/github.com\/heapbytes\/CVE-2023-26035",
"description": "POC script for CVE-2023-26035 (zoneminder 1.36.32) ",
"fork": false,
"created_at": "2023-12-13T15:40:24Z",
"updated_at": "2023-12-13T15:46:28Z",
"pushed_at": "2023-12-13T15:43:54Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"cve-2023-26035",
"exploit",
"poc",
"zoneminder"
],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

12
2023/CVE-2023-27524.json
View file

@ -13,19 +13,19 @@
"description": "Basic PoC for CVE-2023-27524: Insecure Default Configuration in Apache Superset",
"fork": false,
"created_at": "2023-04-25T04:59:05Z",
"updated_at": "2023-12-12T19:04:49Z",
"updated_at": "2023-12-13T18:45:12Z",
"pushed_at": "2023-09-09T01:20:49Z",
"stargazers_count": 88,
"watchers_count": 88,
"stargazers_count": 89,
"watchers_count": 89,
"has_discussions": false,
"forks_count": 27,
"forks_count": 28,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 27,
"watchers": 88,
"forks": 28,
"watchers": 89,
"score": 0,
"subscribers_count": 6
},

8
2023/CVE-2023-30547.json
View file

@ -13,10 +13,10 @@
"description": "PoC Exploit for VM2 Sandbox Escape Vulnerability",
"fork": false,
"created_at": "2023-12-10T08:32:26Z",
"updated_at": "2023-12-13T11:34:26Z",
"updated_at": "2023-12-13T14:20:03Z",
"pushed_at": "2023-12-11T07:11:30Z",
"stargazers_count": 31,
"watchers_count": 31,
"stargazers_count": 32,
"watchers_count": 32,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 31,
"watchers": 32,
"score": 0,
"subscribers_count": 1
}

8
2023/CVE-2023-31546.json
View file

@ -13,10 +13,10 @@
"description": null,
"fork": false,
"created_at": "2023-12-12T07:41:07Z",
"updated_at": "2023-12-12T07:41:07Z",
"updated_at": "2023-12-13T15:54:23Z",
"pushed_at": "2023-12-13T09:30:21Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
}

8
2023/CVE-2023-33246.json
View file

@ -73,10 +73,10 @@
"description": "Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit",
"fork": false,
"created_at": "2023-06-01T02:17:20Z",
"updated_at": "2023-12-07T01:50:59Z",
"updated_at": "2023-12-13T16:20:00Z",
"pushed_at": "2023-06-04T12:19:12Z",
"stargazers_count": 65,
"watchers_count": 65,
"stargazers_count": 66,
"watchers_count": 66,
"has_discussions": false,
"forks_count": 7,
"allow_forking": true,
@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 7,
"watchers": 65,
"watchers": 66,
"score": 0,
"subscribers_count": 1
},

8
2023/CVE-2023-36427.json
View file

@ -13,10 +13,10 @@
"description": "Report and exploit of CVE-2023-36427",
"fork": false,
"created_at": "2023-10-09T16:55:18Z",
"updated_at": "2023-12-12T02:00:38Z",
"updated_at": "2023-12-13T17:30:08Z",
"pushed_at": "2023-11-22T15:31:34Z",
"stargazers_count": 79,
"watchers_count": 79,
"stargazers_count": 80,
"watchers_count": 80,
"has_discussions": false,
"forks_count": 14,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 14,
"watchers": 79,
"watchers": 80,
"score": 0,
"subscribers_count": 3
}

8
2023/CVE-2023-38831.json
View file

@ -43,10 +43,10 @@
"description": "CVE-2023-38831 winrar exploit generator",
"fork": false,
"created_at": "2023-08-25T09:44:08Z",
"updated_at": "2023-12-12T19:51:49Z",
"updated_at": "2023-12-13T18:33:09Z",
"pushed_at": "2023-11-26T06:46:44Z",
"stargazers_count": 710,
"watchers_count": 710,
"stargazers_count": 711,
"watchers_count": 711,
"has_discussions": false,
"forks_count": 129,
"allow_forking": true,
@ -59,7 +59,7 @@
],
"visibility": "public",
"forks": 129,
"watchers": 710,
"watchers": 711,
"score": 0,
"subscribers_count": 9
},

8
2023/CVE-2023-41993.json
View file

@ -13,10 +13,10 @@
"description": null,
"fork": false,
"created_at": "2023-10-15T12:14:18Z",
"updated_at": "2023-12-13T06:48:03Z",
"updated_at": "2023-12-13T18:31:23Z",
"pushed_at": "2023-10-20T23:04:03Z",
"stargazers_count": 166,
"watchers_count": 166,
"stargazers_count": 168,
"watchers_count": 168,
"has_discussions": false,
"forks_count": 29,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 29,
"watchers": 166,
"watchers": 168,
"score": 0,
"subscribers_count": 8
},

8
2023/CVE-2023-44487.json
View file

@ -13,10 +13,10 @@
"description": "Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487",
"fork": false,
"created_at": "2023-10-10T14:20:42Z",
"updated_at": "2023-12-12T13:54:32Z",
"updated_at": "2023-12-13T13:10:23Z",
"pushed_at": "2023-10-14T16:43:31Z",
"stargazers_count": 196,
"watchers_count": 196,
"stargazers_count": 197,
"watchers_count": 197,
"has_discussions": false,
"forks_count": 44,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 44,
"watchers": 196,
"watchers": 197,
"score": 0,
"subscribers_count": 6
},

32
2023/CVE-2023-4636.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 731273709,
"name": "CVE-2023-4636",
"full_name": "ThatNotEasy\/CVE-2023-4636",
"owner": {
"login": "ThatNotEasy",
"id": 25004320,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25004320?v=4",
"html_url": "https:\/\/github.com\/ThatNotEasy"
},
"html_url": "https:\/\/github.com\/ThatNotEasy\/CVE-2023-4636",
"description": "Unauthenticated Remote Code Execution with default Imagick",
"fork": false,
"created_at": "2023-12-13T17:59:02Z",
"updated_at": "2023-12-13T18:06:18Z",
"pushed_at": "2023-12-13T18:06:15Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2023/CVE-2023-4911.json
View file

@ -73,10 +73,10 @@
"description": "CVE-2023-4911 proof of concept",
"fork": false,
"created_at": "2023-10-04T14:32:49Z",
"updated_at": "2023-12-11T06:17:52Z",
"updated_at": "2023-12-13T13:10:23Z",
"pushed_at": "2023-10-08T23:24:24Z",
"stargazers_count": 156,
"watchers_count": 156,
"stargazers_count": 157,
"watchers_count": 157,
"has_discussions": false,
"forks_count": 30,
"allow_forking": true,
@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 30,
"watchers": 156,
"watchers": 157,
"score": 0,
"subscribers_count": 3
},

10
2023/CVE-2023-50164.json
View file

@ -13,10 +13,10 @@
"description": "A critical security vulnerability, identified as CVE-2023-50164 (CVE: 9.8) was found in Apache Struts, allowing attackers to manipulate file upload parameters that can potentially lead to unauthorized path traversal and remote code execution (RCE).",
"fork": false,
"created_at": "2023-12-13T09:31:36Z",
"updated_at": "2023-12-13T09:31:36Z",
"pushed_at": "2023-12-13T09:31:36Z",
"stargazers_count": 0,
"watchers_count": 0,
"updated_at": "2023-12-13T18:43:35Z",
"pushed_at": "2023-12-13T13:18:18Z",
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 4,
"score": 0,
"subscribers_count": 0
}

32
2023/CVE-2023-5561.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 731244611,
"name": "CVE-2023-5561-PoC",
"full_name": "pog007\/CVE-2023-5561-PoC",
"owner": {
"login": "pog007",
"id": 124298592,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/124298592?v=4",
"html_url": "https:\/\/github.com\/pog007"
},
"html_url": "https:\/\/github.com\/pog007\/CVE-2023-5561-PoC",
"description": "WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack",
"fork": false,
"created_at": "2023-12-13T16:43:18Z",
"updated_at": "2023-12-13T16:43:59Z",
"pushed_at": "2023-12-13T16:47:37Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

74
README.md
View file

@ -748,6 +748,13 @@
- [Patrowl/CVE-2023-4634](https://github.com/Patrowl/CVE-2023-4634)
### CVE-2023-4636 (2023-09-04)
<code>The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
</code>
- [ThatNotEasy/CVE-2023-4636](https://github.com/ThatNotEasy/CVE-2023-4636)
### CVE-2023-4683 (2023-08-31)
<code>NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.
@ -947,6 +954,13 @@
- [obelia01/CVE-2023-5546](https://github.com/obelia01/CVE-2023-5546)
### CVE-2023-5561 (2023-10-16)
<code>WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
</code>
- [pog007/CVE-2023-5561-PoC](https://github.com/pog007/CVE-2023-5561-PoC)
### CVE-2023-5965 (2023-11-30)
<code>An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.
@ -1951,6 +1965,7 @@
</code>
- [rvizx/CVE-2023-26035](https://github.com/rvizx/CVE-2023-26035)
- [heapbytes/CVE-2023-26035](https://github.com/heapbytes/CVE-2023-26035)
### CVE-2023-26048 (2023-04-18)
@ -6200,6 +6215,7 @@
- [AkuCyberSec/CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit](https://github.com/AkuCyberSec/CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit)
- [mcdulltii/CVE-2022-1329](https://github.com/mcdulltii/CVE-2022-1329)
- [Grazee/CVE-2022-1329-WordPress-Elementor-RCE](https://github.com/Grazee/CVE-2022-1329-WordPress-Elementor-RCE)
- [dexit/CVE-2022-1329](https://github.com/dexit/CVE-2022-1329)
### CVE-2022-1386 (2022-05-16)
@ -6868,6 +6884,7 @@
<code>In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173
</code>
- [Trinadh465/frameworks_minikin_AOSP10_r33_CVE-2022-20473](https://github.com/Trinadh465/frameworks_minikin_AOSP10_r33_CVE-2022-20473)
- [Trinadh465/frameworks_minikin_AOSP10_r33-CVE-2022-20473](https://github.com/Trinadh465/frameworks_minikin_AOSP10_r33-CVE-2022-20473)
### CVE-2022-20489 (2023-01-24)
@ -6906,6 +6923,13 @@
- [Supersonic/CVE-2022-20494](https://github.com/Supersonic/CVE-2022-20494)
### CVE-2022-20607 (2022-12-16)
<code>In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A
</code>
- [sumeetIT/CVE-2022-20607](https://github.com/sumeetIT/CVE-2022-20607)
### CVE-2022-20699 (2022-02-10)
<code>Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
@ -8834,6 +8858,7 @@
- [YouGina/CVE-2022-28346](https://github.com/YouGina/CVE-2022-28346)
- [DeEpinGh0st/CVE-2022-28346](https://github.com/DeEpinGh0st/CVE-2022-28346)
- [vincentinttsh/CVE-2022-28346](https://github.com/vincentinttsh/CVE-2022-28346)
### CVE-2022-28368 (2022-04-02)
@ -8985,6 +9010,13 @@
- [EgeBalci/CVE-2022-29154](https://github.com/EgeBalci/CVE-2022-29154)
### CVE-2022-29170 (2022-05-20)
<code>Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesnt call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds.
</code>
- [yijikeji/CVE-2022-29170](https://github.com/yijikeji/CVE-2022-29170)
### CVE-2022-29221 (2022-05-24)
<code>Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
@ -9036,6 +9068,7 @@
- [GULL2100/Wordpress_xss-CVE-2022-29455](https://github.com/GULL2100/Wordpress_xss-CVE-2022-29455)
- [akhilkoradiya/CVE-2022-29455](https://github.com/akhilkoradiya/CVE-2022-29455)
- [5l1v3r1/CVE-2022-29455](https://github.com/5l1v3r1/CVE-2022-29455)
- [yaudahbanh/CVE-2022-29455](https://github.com/yaudahbanh/CVE-2022-29455)
- [0xkucing/CVE-2022-29455](https://github.com/0xkucing/CVE-2022-29455)
- [tucommenceapousser/CVE-2022-29455](https://github.com/tucommenceapousser/CVE-2022-29455)
@ -10725,6 +10758,13 @@
- [h4md153v63n/CVE-2022-40348_Intern-Record-System-Cross-site-Scripting-V1.0-Vulnerability-Unauthenticated](https://github.com/h4md153v63n/CVE-2022-40348_Intern-Record-System-Cross-site-Scripting-V1.0-Vulnerability-Unauthenticated)
### CVE-2022-40363 (2022-09-29)
<code>A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file.
</code>
- [Olafdaf/CVE-2022-40363](https://github.com/Olafdaf/CVE-2022-40363)
### CVE-2022-40470 (2022-11-21)
<code>Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.
@ -10806,6 +10846,13 @@
- [williamkhepri/CVE-2022-40687-metasploit-scanner](https://github.com/williamkhepri/CVE-2022-40687-metasploit-scanner)
### CVE-2022-40769 (2022-09-18)
<code>profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
</code>
- [PLSRcoin/CVE-2022-40769](https://github.com/PLSRcoin/CVE-2022-40769)
### CVE-2022-40799 (2022-11-28)
<code>Data Integrity Failure in 'Backup Config' in D-Link DNR-322L &lt;= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.
@ -10858,6 +10905,13 @@
- [NathanScottGithub/CVE-2022-41049-POC](https://github.com/NathanScottGithub/CVE-2022-41049-POC)
### CVE-2022-41076 (2022-12-13)
<code>PowerShell Remote Code Execution Vulnerability
</code>
- [5l1v3r1/CVE-2022-41076](https://github.com/5l1v3r1/CVE-2022-41076)
### CVE-2022-41080 (2022-11-09)
<code>Microsoft Exchange Server Elevation of Privilege Vulnerability
@ -10888,6 +10942,13 @@
- [g-gill24/WinRE-Patch](https://github.com/g-gill24/WinRE-Patch)
- [dsn1321/KB5025175-CVE-2022-41099](https://github.com/dsn1321/KB5025175-CVE-2022-41099)
### CVE-2022-41114 (2022-11-09)
<code>Windows Bind Filter Driver Elevation of Privilege Vulnerability
</code>
- [gmh5225/CVE-2022-41114](https://github.com/gmh5225/CVE-2022-41114)
### CVE-2022-41218 (2022-09-21)
<code>In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
@ -10930,6 +10991,7 @@
- [segfault-it/cve-2022-41352](https://github.com/segfault-it/cve-2022-41352)
- [Cr4ckC4t/cve-2022-41352-zimbra-rce](https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce)
- [lolminerxmrig/cve-2022-41352-zimbra-rce-1](https://github.com/lolminerxmrig/cve-2022-41352-zimbra-rce-1)
- [qailanet/cve-2022-41352-zimbra-rce](https://github.com/qailanet/cve-2022-41352-zimbra-rce)
### CVE-2022-41358 (2022-10-19)
@ -16796,6 +16858,7 @@
- [Vulnmachines/cve-2021-41773](https://github.com/Vulnmachines/cve-2021-41773)
- [numanturle/CVE-2021-41773](https://github.com/numanturle/CVE-2021-41773)
- [knqyf263/CVE-2021-41773](https://github.com/knqyf263/CVE-2021-41773)
- [ZephrFish/CVE-2021-41773-PoC](https://github.com/ZephrFish/CVE-2021-41773-PoC)
- [iilegacyyii/PoC-CVE-2021-41773](https://github.com/iilegacyyii/PoC-CVE-2021-41773)
- [masahiro331/CVE-2021-41773](https://github.com/masahiro331/CVE-2021-41773)
@ -16804,7 +16867,9 @@
- [lorddemon/CVE-2021-41773-PoC](https://github.com/lorddemon/CVE-2021-41773-PoC)
- [Ls4ss/CVE-2021-41773_CVE-2021-42013](https://github.com/Ls4ss/CVE-2021-41773_CVE-2021-42013)
- [itsecurityco/CVE-2021-41773](https://github.com/itsecurityco/CVE-2021-41773)
- [habibiefaried/CVE-2021-41773-PoC](https://github.com/habibiefaried/CVE-2021-41773-PoC)
- [creadpag/CVE-2021-41773-POC](https://github.com/creadpag/CVE-2021-41773-POC)
- [TAI-REx/cve-2021-41773-nse](https://github.com/TAI-REx/cve-2021-41773-nse)
- [blasty/CVE-2021-41773](https://github.com/blasty/CVE-2021-41773)
- [PentesterGuruji/CVE-2021-41773](https://github.com/PentesterGuruji/CVE-2021-41773)
- [jbovet/CVE-2021-41773](https://github.com/jbovet/CVE-2021-41773)
@ -24257,6 +24322,7 @@
- [raystyle/CVE-2019-2215](https://github.com/raystyle/CVE-2019-2215)
- [kangtastic/cve-2019-2215](https://github.com/kangtastic/cve-2019-2215)
- [marcinguy/CVE-2019-2215](https://github.com/marcinguy/CVE-2019-2215)
- [LIznzn/CVE-2019-2215](https://github.com/LIznzn/CVE-2019-2215)
- [DimitriFourny/cve-2019-2215](https://github.com/DimitriFourny/cve-2019-2215)
- [qre0ct/android-kernel-exploitation-ashfaq-CVE-2019-2215](https://github.com/qre0ct/android-kernel-exploitation-ashfaq-CVE-2019-2215)
- [sharif-dev/AndroidKernelVulnerability](https://github.com/sharif-dev/AndroidKernelVulnerability)
@ -33777,6 +33843,13 @@
- [saelo/jscpwn](https://github.com/saelo/jscpwn)
- [hdbreaker/WebKit-CVE-2016-4622](https://github.com/hdbreaker/WebKit-CVE-2016-4622)
### CVE-2016-4631 (2016-07-21)
<code>ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
</code>
- [hansnielsen/tiffdisabler](https://github.com/hansnielsen/tiffdisabler)
### CVE-2016-4655 (2016-08-25)
<code>The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
@ -34028,6 +34101,7 @@
<code>Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
</code>
- [konstantin-kelemen/mysqld_safe-CVE-2016-6662-patch](https://github.com/konstantin-kelemen/mysqld_safe-CVE-2016-6662-patch)
- [meersjo/ansible-mysql-cve-2016-6662](https://github.com/meersjo/ansible-mysql-cve-2016-6662)
- [KosukeShimofuji/CVE-2016-6662](https://github.com/KosukeShimofuji/CVE-2016-6662)
- [Ashrafdev/MySQL-Remote-Root-Code-Execution](https://github.com/Ashrafdev/MySQL-Remote-Root-Code-Execution)