CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

Github link:
https://github.com/ex-arny/CVE-2024-34102-RCE

CVE-2024-28995

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Github link:
https://github.com/Praison001/CVE-2024-28995-SolarWinds-Serv-U

CVE-2024-37032

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.

Github link:
https://github.com/Bi0x/CVE-2024-37032

CVE-2024-33883

The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.

Github link:
https://github.com/Grantzile/PoC-CVE-2024-33883

CVE-2024-33111

D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.

Github link:
https://github.com/FaLLenSKiLL1/CVE-2024-33111

CVE-2024-33113

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.

Github link:
https://github.com/tekua/CVE-2024-33113

CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Github link:
https://github.com/truonghuuphuc/CVE-2024-6028-Poc

CVE-2019-9053

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

Github link:
https://github.com/TeymurNovruzov/CVE-2019-9053-python3-remastered

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method.

Github link:
https://github.com/absholi7ly/PHP-Injection-in-M4-PDF-Extensions

CVE-2023-25690

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.

Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:

RewriteEngine on
RewriteRule "^/here/(.*)" "https://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ https://example.com:8080/

Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.

Github link:
https://github.com/g4nkd/CVE-2023-25690-PoC

CVE-2024-33113

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.

Github link:
https://github.com/FaLLenSKiLL1/CVE-2024-33113

CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.

Github link:
https://github.com/mbadanoiu/CVE-2019-9849

CVE-2024-5806

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass in limited scenarios.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

Github link:
https://github.com/watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806

CVE-2023-30253

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

Github link:
https://github.com/dollarboysushil/Dolibarr-17.0.0-Exploit-CVE-2023-30253

CVE-2018-9995

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

Github link:
https://github.com/A-Alabdoo/CVE-DVr

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Github link:
https://github.com/DEVisions/CVE-2024-29868

CVE-2023-23388

Windows Bluetooth Driver Elevation of Privilege Vulnerability

Github link:
https://github.com/ynwarcs/CVE-2023-23388

CVE-2024-34313

An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint.

Github link:
https://github.com/vincentscode/CVE-2024-34313

CVE-2024-34312

Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js.

Github link:
https://github.com/vincentscode/CVE-2024-34312

CVE-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

Github link:
https://github.com/Yitian26/git_rce