-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3f39906
commit b1b0899
Showing
13 changed files
with
276 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--1310745f-1286-4634-8ae9-e14085ea468b.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--5d77bb0a-a3b3-4746-a048-b7ef54526a92", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--1310745f-1286-4634-8ae9-e14085ea468b", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.23916Z", | ||
| "modified": "2024-11-03T00:22:49.23916Z", | ||
| "name": "CVE-2024-10700", | ||
| "description": "A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"name\" to be affected. But it must be assumed that a variety of other parameters is affected too.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-10700" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--3d0e0683-5e5b-4348-a946-842ea919df50.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--a12e58e8-8fe8-478a-ad7d-7f09c351fa3e", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--3d0e0683-5e5b-4348-a946-842ea919df50", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.0324Z", | ||
| "modified": "2024-11-03T00:22:49.0324Z", | ||
| "name": "CVE-2024-51774", | ||
| "description": "qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-51774" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--54f55033-539b-43d2-af46-604b2d91ed71.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--55777aec-f200-49e7-9a9a-51df4983a080", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--54f55033-539b-43d2-af46-604b2d91ed71", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.894547Z", | ||
| "modified": "2024-11-03T00:22:49.894547Z", | ||
| "name": "CVE-2024-8739", | ||
| "description": "The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-8739" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--7661c85e-ac85-493e-b837-70c6825c401b.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--ca4a3a1e-684b-4b54-a554-a41b55da0078", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--7661c85e-ac85-493e-b837-70c6825c401b", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.313556Z", | ||
| "modified": "2024-11-03T00:22:49.313556Z", | ||
| "name": "CVE-2024-9868", | ||
| "description": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-9868" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--84c63fd4-425d-4faa-902b-a6b05e759738.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--734e60eb-5084-4021-823a-7458a47aedc4", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--84c63fd4-425d-4faa-902b-a6b05e759738", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.272546Z", | ||
| "modified": "2024-11-03T00:22:49.272546Z", | ||
| "name": "CVE-2024-10697", | ||
| "description": "A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-10697" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--9a4abc3f-51ce-40db-9ea5-2e139d939fe7.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--5209168f-eacb-452d-a8f1-9d95556e4516", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--9a4abc3f-51ce-40db-9ea5-2e139d939fe7", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.25011Z", | ||
| "modified": "2024-11-03T00:22:49.25011Z", | ||
| "name": "CVE-2024-10701", | ||
| "description": "A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-10701" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--a091def7-66e5-4705-aa47-1f7c2b7eb025.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--709a06b6-abb9-4b3a-ba0d-76c38dfd7bc6", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--a091def7-66e5-4705-aa47-1f7c2b7eb025", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.25249Z", | ||
| "modified": "2024-11-03T00:22:49.25249Z", | ||
| "name": "CVE-2024-10702", | ||
| "description": "A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-10702" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--a939c780-2262-4a11-871f-ef5c70c76fe7.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--9403f37a-64b2-4463-bf24-7071203a5a52", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--a939c780-2262-4a11-871f-ef5c70c76fe7", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.236031Z", | ||
| "modified": "2024-11-03T00:22:49.236031Z", | ||
| "name": "CVE-2024-10698", | ||
| "description": "A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-10698" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--c1eee8ae-70bf-4dcc-a709-47a8ee3c3600.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--229e76ea-2b97-4ed9-8160-5cc55b8eb39d", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--c1eee8ae-70bf-4dcc-a709-47a8ee3c3600", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.322478Z", | ||
| "modified": "2024-11-03T00:22:49.322478Z", | ||
| "name": "CVE-2024-9896", | ||
| "description": "The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-9896" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--c200bbbb-f4f9-492b-81c7-7ed2375bde3a.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--ea6a140a-cce5-4895-b1cd-963276bc8980", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--c200bbbb-f4f9-492b-81c7-7ed2375bde3a", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.241986Z", | ||
| "modified": "2024-11-03T00:22:49.241986Z", | ||
| "name": "CVE-2024-10540", | ||
| "description": "The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-10540" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--d70aab28-4eea-4fd2-a07b-cbd0114bda6d.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--c836d3ef-9c11-46cd-b4b2-d5b662462bda", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--d70aab28-4eea-4fd2-a07b-cbd0114bda6d", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.248256Z", | ||
| "modified": "2024-11-03T00:22:49.248256Z", | ||
| "name": "CVE-2024-10310", | ||
| "description": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-10310" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
22 changes: 22 additions & 0 deletions
22
objects/vulnerability/vulnerability--f56ca9de-38fd-4c15-b8f5-95cb38a19d13.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| { | ||
| "type": "bundle", | ||
| "id": "bundle--88592f84-5ec0-427e-b3d1-d29c247bc102", | ||
| "objects": [ | ||
| { | ||
| "type": "vulnerability", | ||
| "spec_version": "2.1", | ||
| "id": "vulnerability--f56ca9de-38fd-4c15-b8f5-95cb38a19d13", | ||
| "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", | ||
| "created": "2024-11-03T00:22:49.268721Z", | ||
| "modified": "2024-11-03T00:22:49.268721Z", | ||
| "name": "CVE-2024-10699", | ||
| "description": "A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", | ||
| "external_references": [ | ||
| { | ||
| "source_name": "cve", | ||
| "external_id": "CVE-2024-10699" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |