diff --git a/2017/CVE-2017-5941.json b/2017/CVE-2017-5941.json
index 48529d0d74..6cf5a0d5cd 100644
--- a/2017/CVE-2017-5941.json
+++ b/2017/CVE-2017-5941.json
@@ -46,7 +46,7 @@
"fork": false,
"created_at": "2023-03-30T06:39:25Z",
"updated_at": "2023-11-15T05:13:25Z",
- "pushed_at": "2024-11-21T18:34:33Z",
+ "pushed_at": "2024-12-12T23:55:36Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
diff --git a/2018/CVE-2018-19320.json b/2018/CVE-2018-19320.json
index af3765d696..906ddea2bc 100644
--- a/2018/CVE-2018-19320.json
+++ b/2018/CVE-2018-19320.json
@@ -76,10 +76,10 @@
"description": "Unsigned driver loader using CVE-2018-19320",
"fork": false,
"created_at": "2022-11-12T05:48:13Z",
- "updated_at": "2024-12-12T12:16:18Z",
+ "updated_at": "2024-12-12T20:58:15Z",
"pushed_at": "2023-04-09T13:50:29Z",
- "stargazers_count": 211,
- "watchers_count": 211,
+ "stargazers_count": 212,
+ "watchers_count": 212,
"has_discussions": false,
"forks_count": 57,
"allow_forking": true,
@@ -88,7 +88,7 @@
"topics": [],
"visibility": "public",
"forks": 57,
- "watchers": 211,
+ "watchers": 212,
"score": 0,
"subscribers_count": 9
}
diff --git a/2019/CVE-2019-18634.json b/2019/CVE-2019-18634.json
index d703b1a396..9fa1c668dc 100644
--- a/2019/CVE-2019-18634.json
+++ b/2019/CVE-2019-18634.json
@@ -324,8 +324,8 @@
"description": "This repo contains both the exploit and the explaination of how this vulnerability is exploited",
"fork": false,
"created_at": "2024-12-11T13:33:42Z",
- "updated_at": "2024-12-12T16:25:42Z",
- "pushed_at": "2024-12-12T16:25:38Z",
+ "updated_at": "2024-12-12T20:40:34Z",
+ "pushed_at": "2024-12-12T20:40:30Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@@ -338,6 +338,6 @@
"forks": 0,
"watchers": 0,
"score": 0,
- "subscribers_count": 0
+ "subscribers_count": 1
}
]
\ No newline at end of file
diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json
index 33509cc5c9..bcb33ec4c6 100644
--- a/2020/CVE-2020-1472.json
+++ b/2020/CVE-2020-1472.json
@@ -107,10 +107,10 @@
"description": "PoC for Zerologon - all research credits go to Tom Tervoort of Secura",
"fork": false,
"created_at": "2020-09-14T16:56:51Z",
- "updated_at": "2024-12-11T16:14:44Z",
+ "updated_at": "2024-12-12T21:54:29Z",
"pushed_at": "2020-11-03T09:45:24Z",
- "stargazers_count": 1198,
- "watchers_count": 1198,
+ "stargazers_count": 1199,
+ "watchers_count": 1199,
"has_discussions": false,
"forks_count": 288,
"allow_forking": true,
@@ -119,7 +119,7 @@
"topics": [],
"visibility": "public",
"forks": 288,
- "watchers": 1198,
+ "watchers": 1199,
"score": 0,
"subscribers_count": 34
},
diff --git a/2021/CVE-2021-1732.json b/2021/CVE-2021-1732.json
index 2a82d3c59c..967223a627 100644
--- a/2021/CVE-2021-1732.json
+++ b/2021/CVE-2021-1732.json
@@ -45,10 +45,10 @@
"description": "CVE-2021-1732 Microsoft Windows 10 本地提权漏 研究及Poc\/Exploit开发",
"fork": false,
"created_at": "2021-03-08T05:07:15Z",
- "updated_at": "2024-11-22T03:14:35Z",
+ "updated_at": "2024-12-12T23:39:03Z",
"pushed_at": "2021-03-08T11:41:19Z",
- "stargazers_count": 80,
- "watchers_count": 80,
+ "stargazers_count": 81,
+ "watchers_count": 81,
"has_discussions": false,
"forks_count": 27,
"allow_forking": true,
@@ -57,7 +57,7 @@
"topics": [],
"visibility": "public",
"forks": 27,
- "watchers": 80,
+ "watchers": 81,
"score": 0,
"subscribers_count": 2
},
diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json
index 4e91e5f9f8..5305bb8e69 100644
--- a/2021/CVE-2021-44228.json
+++ b/2021/CVE-2021-44228.json
@@ -3749,10 +3749,10 @@
"description": "A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 ",
"fork": false,
"created_at": "2021-12-13T03:57:50Z",
- "updated_at": "2024-12-11T22:08:09Z",
+ "updated_at": "2024-12-12T21:22:23Z",
"pushed_at": "2022-11-23T18:23:24Z",
- "stargazers_count": 3405,
- "watchers_count": 3405,
+ "stargazers_count": 3404,
+ "watchers_count": 3404,
"has_discussions": true,
"forks_count": 740,
"allow_forking": true,
@@ -3761,7 +3761,7 @@
"topics": [],
"visibility": "public",
"forks": 740,
- "watchers": 3405,
+ "watchers": 3404,
"score": 0,
"subscribers_count": 55
},
diff --git a/2022/CVE-2022-27499.json b/2022/CVE-2022-27499.json
index 5e0db400b7..1933ee15f5 100644
--- a/2022/CVE-2022-27499.json
+++ b/2022/CVE-2022-27499.json
@@ -14,10 +14,10 @@
"description": "CVE-2022-27499",
"fork": false,
"created_at": "2022-01-07T03:45:41Z",
- "updated_at": "2024-04-09T14:45:26Z",
+ "updated_at": "2024-12-12T20:41:30Z",
"pushed_at": "2023-01-16T14:30:40Z",
- "stargazers_count": 1,
- "watchers_count": 1,
+ "stargazers_count": 2,
+ "watchers_count": 2,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@@ -32,7 +32,7 @@
],
"visibility": "public",
"forks": 1,
- "watchers": 1,
+ "watchers": 2,
"score": 0,
"subscribers_count": 3
}
diff --git a/2022/CVE-2022-39275.json b/2022/CVE-2022-39275.json
index fcab04a87a..b8cb8eddc6 100644
--- a/2022/CVE-2022-39275.json
+++ b/2022/CVE-2022-39275.json
@@ -15,7 +15,7 @@
"fork": false,
"created_at": "2024-11-15T22:21:16Z",
"updated_at": "2024-11-15T22:24:28Z",
- "pushed_at": "2024-11-22T21:38:50Z",
+ "pushed_at": "2024-12-12T21:02:01Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
diff --git a/2023/CVE-2023-30253.json b/2023/CVE-2023-30253.json
index 64911de83f..d476b50953 100644
--- a/2023/CVE-2023-30253.json
+++ b/2023/CVE-2023-30253.json
@@ -76,10 +76,10 @@
"description": "Reverse Shell POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253), PHP Code Injection",
"fork": false,
"created_at": "2024-05-27T15:10:12Z",
- "updated_at": "2024-12-06T04:48:34Z",
+ "updated_at": "2024-12-12T20:32:55Z",
"pushed_at": "2024-05-28T15:10:20Z",
- "stargazers_count": 37,
- "watchers_count": 37,
+ "stargazers_count": 36,
+ "watchers_count": 36,
"has_discussions": false,
"forks_count": 5,
"allow_forking": true,
@@ -88,7 +88,7 @@
"topics": [],
"visibility": "public",
"forks": 5,
- "watchers": 37,
+ "watchers": 36,
"score": 0,
"subscribers_count": 1
},
diff --git a/2023/CVE-2023-40028.json b/2023/CVE-2023-40028.json
index 63a9587d2f..983568fe23 100644
--- a/2023/CVE-2023-40028.json
+++ b/2023/CVE-2023-40028.json
@@ -60,5 +60,36 @@
"watchers": 0,
"score": 0,
"subscribers_count": 1
+ },
+ {
+ "id": 902533209,
+ "name": "Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028",
+ "full_name": "0xDTC\/Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028",
+ "owner": {
+ "login": "0xDTC",
+ "id": 95960398,
+ "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/95960398?v=4",
+ "html_url": "https:\/\/github.com\/0xDTC",
+ "user_view_type": "public"
+ },
+ "html_url": "https:\/\/github.com\/0xDTC\/Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028",
+ "description": "CVE-2023-40028 affects Ghost, an open source content management system, where versions prior to 5.59.1 allow authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system.",
+ "fork": false,
+ "created_at": "2024-12-12T18:50:58Z",
+ "updated_at": "2024-12-12T19:30:34Z",
+ "pushed_at": "2024-12-12T19:30:30Z",
+ "stargazers_count": 0,
+ "watchers_count": 0,
+ "has_discussions": false,
+ "forks_count": 0,
+ "allow_forking": true,
+ "is_template": false,
+ "web_commit_signoff_required": false,
+ "topics": [],
+ "visibility": "public",
+ "forks": 0,
+ "watchers": 0,
+ "score": 0,
+ "subscribers_count": 0
}
]
\ No newline at end of file
diff --git a/2024/CVE-2024-1939.json b/2024/CVE-2024-1939.json
index d4eff0ad66..c924dd5812 100644
--- a/2024/CVE-2024-1939.json
+++ b/2024/CVE-2024-1939.json
@@ -14,10 +14,10 @@
"description": "For V8CTF M122",
"fork": false,
"created_at": "2024-08-25T12:08:54Z",
- "updated_at": "2024-11-18T10:55:45Z",
+ "updated_at": "2024-12-12T23:59:01Z",
"pushed_at": "2024-08-25T12:42:14Z",
- "stargazers_count": 10,
- "watchers_count": 10,
+ "stargazers_count": 11,
+ "watchers_count": 11,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
- "watchers": 10,
+ "watchers": 11,
"score": 0,
"subscribers_count": 1
}
diff --git a/2024/CVE-2024-26229.json b/2024/CVE-2024-26229.json
index 28920e239c..20edecc1f8 100644
--- a/2024/CVE-2024-26229.json
+++ b/2024/CVE-2024-26229.json
@@ -45,10 +45,10 @@
"description": "Windows LPE",
"fork": false,
"created_at": "2024-06-11T08:03:29Z",
- "updated_at": "2024-12-04T12:14:02Z",
+ "updated_at": "2024-12-12T23:45:20Z",
"pushed_at": "2024-06-11T20:41:59Z",
- "stargazers_count": 108,
- "watchers_count": 108,
+ "stargazers_count": 109,
+ "watchers_count": 109,
"has_discussions": false,
"forks_count": 23,
"allow_forking": true,
@@ -57,7 +57,7 @@
"topics": [],
"visibility": "public",
"forks": 23,
- "watchers": 108,
+ "watchers": 109,
"score": 0,
"subscribers_count": 1
},
diff --git a/2024/CVE-2024-38998.json b/2024/CVE-2024-38998.json
new file mode 100644
index 0000000000..8375b87881
--- /dev/null
+++ b/2024/CVE-2024-38998.json
@@ -0,0 +1,33 @@
+[
+ {
+ "id": 902615056,
+ "name": "PP_CVE-2024-38998",
+ "full_name": "AlbedoPrime\/PP_CVE-2024-38998",
+ "owner": {
+ "login": "AlbedoPrime",
+ "id": 128452420,
+ "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/128452420?v=4",
+ "html_url": "https:\/\/github.com\/AlbedoPrime",
+ "user_view_type": "public"
+ },
+ "html_url": "https:\/\/github.com\/AlbedoPrime\/PP_CVE-2024-38998",
+ "description": "Uma vulnerabilidade (CVE-2024-38998) foi identificada na versão 2.3.6 do módulo JavaScript requirejs. Ela explora prototype pollution na função config, permitindo que invasores modifiquem Object.prototype com entradas maliciosas. Isso pode causar DoS, execução remota de código (RCE) ou XSS. A gravidade é crítica (CVSS 9.8). ",
+ "fork": false,
+ "created_at": "2024-12-12T23:19:44Z",
+ "updated_at": "2024-12-12T23:21:00Z",
+ "pushed_at": "2024-12-12T23:20:56Z",
+ "stargazers_count": 0,
+ "watchers_count": 0,
+ "has_discussions": false,
+ "forks_count": 0,
+ "allow_forking": true,
+ "is_template": false,
+ "web_commit_signoff_required": false,
+ "topics": [],
+ "visibility": "public",
+ "forks": 0,
+ "watchers": 0,
+ "score": 0,
+ "subscribers_count": 0
+ }
+]
\ No newline at end of file
diff --git a/2024/CVE-2024-40711.json b/2024/CVE-2024-40711.json
index 8e01dd09ab..faf8b9e50d 100644
--- a/2024/CVE-2024-40711.json
+++ b/2024/CVE-2024-40711.json
@@ -50,13 +50,13 @@
"stargazers_count": 33,
"watchers_count": 33,
"has_discussions": false,
- "forks_count": 5,
+ "forks_count": 6,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
- "forks": 5,
+ "forks": 6,
"watchers": 33,
"score": 0,
"subscribers_count": 1
diff --git a/2024/CVE-2024-42327.json b/2024/CVE-2024-42327.json
index 6cd7fd2088..883a2cc436 100644
--- a/2024/CVE-2024-42327.json
+++ b/2024/CVE-2024-42327.json
@@ -107,10 +107,10 @@
"description": "POC for CVE-2024-42327, an authenticated SQL Injection in Zabbix through the user.get API Method",
"fork": false,
"created_at": "2024-12-07T21:25:40Z",
- "updated_at": "2024-12-11T00:48:46Z",
+ "updated_at": "2024-12-12T22:27:55Z",
"pushed_at": "2024-12-08T12:27:53Z",
- "stargazers_count": 1,
- "watchers_count": 1,
+ "stargazers_count": 2,
+ "watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@@ -119,7 +119,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
- "watchers": 1,
+ "watchers": 2,
"score": 0,
"subscribers_count": 1
},
@@ -169,8 +169,8 @@
"description": "writeup cve-2024-42327",
"fork": false,
"created_at": "2024-12-12T01:32:26Z",
- "updated_at": "2024-12-12T18:15:09Z",
- "pushed_at": "2024-12-12T18:15:05Z",
+ "updated_at": "2024-12-12T19:21:47Z",
+ "pushed_at": "2024-12-12T19:21:44Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
diff --git a/2024/CVE-2024-46538.json b/2024/CVE-2024-46538.json
index decd8ffede..8c9550cc8d 100644
--- a/2024/CVE-2024-46538.json
+++ b/2024/CVE-2024-46538.json
@@ -55,10 +55,10 @@
"description": "based on [EQSTLab](https:\/\/github.com\/EQSTLab)",
"fork": false,
"created_at": "2024-12-04T15:51:40Z",
- "updated_at": "2024-12-11T16:49:18Z",
+ "updated_at": "2024-12-12T23:58:51Z",
"pushed_at": "2024-12-04T16:00:45Z",
- "stargazers_count": 2,
- "watchers_count": 2,
+ "stargazers_count": 3,
+ "watchers_count": 3,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@@ -67,7 +67,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
- "watchers": 2,
+ "watchers": 3,
"score": 0,
"subscribers_count": 1
}
diff --git a/2024/CVE-2024-48990.json b/2024/CVE-2024-48990.json
index fb237da507..db4858180a 100644
--- a/2024/CVE-2024-48990.json
+++ b/2024/CVE-2024-48990.json
@@ -14,19 +14,19 @@
"description": "PoC for CVE-2024-48990",
"fork": false,
"created_at": "2024-11-20T18:41:25Z",
- "updated_at": "2024-12-12T13:17:01Z",
+ "updated_at": "2024-12-12T20:25:15Z",
"pushed_at": "2024-11-20T18:49:33Z",
- "stargazers_count": 89,
- "watchers_count": 89,
+ "stargazers_count": 90,
+ "watchers_count": 90,
"has_discussions": false,
- "forks_count": 15,
+ "forks_count": 16,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
- "forks": 15,
- "watchers": 89,
+ "forks": 16,
+ "watchers": 90,
"score": 0,
"subscribers_count": 1
},
diff --git a/2024/CVE-2024-50623.json b/2024/CVE-2024-50623.json
index d96f75b5fa..9a1148d0d7 100644
--- a/2024/CVE-2024-50623.json
+++ b/2024/CVE-2024-50623.json
@@ -14,19 +14,19 @@
"description": "Cleo Unrestricted file upload and download PoC (CVE-2024-50623)",
"fork": false,
"created_at": "2024-12-11T14:19:55Z",
- "updated_at": "2024-12-12T15:14:47Z",
+ "updated_at": "2024-12-12T19:41:32Z",
"pushed_at": "2024-12-11T14:23:19Z",
- "stargazers_count": 11,
- "watchers_count": 11,
+ "stargazers_count": 12,
+ "watchers_count": 12,
"has_discussions": false,
- "forks_count": 2,
+ "forks_count": 3,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
- "forks": 2,
- "watchers": 11,
+ "forks": 3,
+ "watchers": 12,
"score": 0,
"subscribers_count": 0
}
diff --git a/2024/CVE-2024-9061.json b/2024/CVE-2024-9061.json
index e4c0e12bc1..d54d37a3d5 100644
--- a/2024/CVE-2024-9061.json
+++ b/2024/CVE-2024-9061.json
@@ -14,10 +14,10 @@
"description": "WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add",
"fork": false,
"created_at": "2024-10-16T07:57:48Z",
- "updated_at": "2024-10-18T17:57:08Z",
+ "updated_at": "2024-12-12T19:21:27Z",
"pushed_at": "2024-10-16T07:59:43Z",
- "stargazers_count": 1,
- "watchers_count": 1,
+ "stargazers_count": 2,
+ "watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
- "watchers": 1,
+ "watchers": 2,
"score": 0,
"subscribers_count": 1
}
diff --git a/README.md b/README.md
index 43da4989ee..b8b0c20089 100644
--- a/README.md
+++ b/README.md
@@ -5715,6 +5715,13 @@
- [BBD-YZZ/CVE-2024-38856-RCE](https://github.com/BBD-YZZ/CVE-2024-38856-RCE)
- [XiaomingX/cve-2024-38856-poc](https://github.com/XiaomingX/cve-2024-38856-poc)
+### CVE-2024-38998 (2024-07-01)
+
+jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
+
+
+- [AlbedoPrime/PP_CVE-2024-38998](https://github.com/AlbedoPrime/PP_CVE-2024-38998)
+
### CVE-2024-39031 (2024-07-09)
In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when creating an event and then add the administrator or any user to the event. When the invited user (victim) views their own profile, the payload will be executed on their side, even if they do not click on the event.
@@ -13248,6 +13255,7 @@
- [0xyassine/CVE-2023-40028](https://github.com/0xyassine/CVE-2023-40028)
- [BBSynapse/CVE-2023-40028](https://github.com/BBSynapse/CVE-2023-40028)
+- [0xDTC/Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028](https://github.com/0xDTC/Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028)
### CVE-2023-40031 (2023-08-25)