Updated by KhulnaSoft [BOT] 🤖

docs/README.md

@@ -2,11 +2,12 @@
 
 > Automatic monitor github cve using Github Actions
 
-Last generated: 2024-09-10 02:11:08.579495
+Last generated: 2024-09-11 02:10:05.935122
 
 | CVE | Name | Description | Date |
 |---|---|---|---|
 | [CVE-2024-7954](https://www.cve.org/CVERecord?id=CVE-2024-7954) | [Chocapikk/CVE-2024-7954](https://github.com/Chocapikk/CVE-2024-7954) | Unauthenticated Remote Code Execution in SPIP versions up to and including 4.2.12 | 2024-08-10T20:15:41Z |
+| [CVE-2024-7703](https://www.cve.org/CVERecord?id=CVE-2024-7703) | [lfillaz/CVE-2024-7703](https://github.com/lfillaz/CVE-2024-7703) | This repository contains an exploit for CVE-2024-7703 in the ARMember WordPress plugin. It allows attackers with Subscriber-level access or higher to upload SVG files with malicious JavaScript, leading to Stored XSS attacks. This can result in executing scripts when the file is accessed, potentially compromising user sessions or data. | 2024-08-17T14:44:08Z |
 | [CVE-2024-7339](https://www.cve.org/CVERecord?id=CVE-2024-7339) | [RevoltSecurities/CVE-2024-7339](https://github.com/RevoltSecurities/CVE-2024-7339) | An Vulnerability detection and Exploitation tool for  CVE-2024-7339 | 2024-08-05T16:26:18Z |
 | [CVE-2024-7313](https://www.cve.org/CVERecord?id=CVE-2024-7313) | [Wayne-Ker/CVE-2024-7313](https://github.com/Wayne-Ker/CVE-2024-7313) | Custom Proof-of-Concept on XSS to Unauthorized Admin Account Creation via WordPress Plugin Shield Security < 20.0.6 | 2024-08-16T01:01:57Z |
 | [CVE-2024-7188](https://www.cve.org/CVERecord?id=CVE-2024-7188) | [codeb0ss/CVE-2024-7188-PoC](https://github.com/codeb0ss/CVE-2024-7188-PoC) | Mass Exploit < [CVE-2024-7188 - Bylancer Quicklancer] - SQL Injection | 2024-07-30T10:51:24Z |
@@ -110,6 +111,7 @@ Last generated: 2024-09-10 02:11:08.579495
 | [CVE-2024-6366](https://www.cve.org/CVERecord?id=CVE-2024-6366) | [Abdurahmon3236/CVE-2024-6366](https://github.com/Abdurahmon3236/CVE-2024-6366) | no description | 2024-08-03T10:30:49Z |
 | [CVE-2024-6222](https://www.cve.org/CVERecord?id=CVE-2024-6222) | [Florian-Hoth/CVE-2024-6222](https://github.com/Florian-Hoth/CVE-2024-6222) | Docker Extension/Dashboard RCE Vulnerability | 2024-08-06T18:20:46Z |
 | [CVE-2024-6050](https://www.cve.org/CVERecord?id=CVE-2024-6050) | [kac89/CVE-2024-6050](https://github.com/kac89/CVE-2024-6050) | Reflected XSS in SOWA OPAC | 2024-07-01T14:31:37Z |
+| [CVE-2024-6043](https://www.cve.org/CVERecord?id=CVE-2024-6043) | [lfillaz/CVE-2024-6043](https://github.com/lfillaz/CVE-2024-6043) | This Python tool exploits the CVE-2024-6043 vulnerability, which affects the SourceCodester Best House Rental Management System 1.0. The vulnerability allows remote attackers to perform SQL Injection via the `admin_class.php` file, specifically targeting the `username` parameter | 2024-08-17T20:30:28Z |
 | [CVE-2024-6028](https://www.cve.org/CVERecord?id=CVE-2024-6028) | [truonghuuphuc/CVE-2024-6028-Poc](https://github.com/truonghuuphuc/CVE-2024-6028-Poc) | CVE-2024-6028 Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter | 2024-06-25T13:55:27Z |
 | [CVE-2024-5961](https://www.cve.org/CVERecord?id=CVE-2024-5961) | [kac89/CVE-2024-5961](https://github.com/kac89/CVE-2024-5961) | Reflected XSS in 2ClickPortal | 2024-07-01T11:17:48Z |
 | [CVE-2024-5947](https://www.cve.org/CVERecord?id=CVE-2024-5947) | [Cappricio-Securities/CVE-2024-5947](https://github.com/Cappricio-Securities/CVE-2024-5947) | Deep Sea Electronics DSE855 - Authentication Bypass | 2024-07-07T14:03:49Z |
@@ -210,6 +212,7 @@ Last generated: 2024-09-10 02:11:08.579495
 | [CVE-2024-4577](https://www.cve.org/CVERecord?id=CVE-2024-4577) | [a-roshbaik/CVE-2024-4577](https://github.com/a-roshbaik/CVE-2024-4577) | no description | 2024-07-24T20:23:03Z |
 | [CVE-2024-4577](https://www.cve.org/CVERecord?id=CVE-2024-4577) | [Jcccccx/CVE-2024-4577](https://github.com/Jcccccx/CVE-2024-4577) | 批量验证POC和EXP | 2024-07-31T10:14:14Z |
 | [CVE-2024-4577](https://www.cve.org/CVERecord?id=CVE-2024-4577) | [ManuelKy08/CVE-2024-4577---RR](https://github.com/ManuelKy08/CVE-2024-4577---RR) | no description | 2024-08-08T14:04:12Z |
+| [CVE-2024-4577](https://www.cve.org/CVERecord?id=CVE-2024-4577) | [bughuntar/CVE-2024-4577](https://github.com/bughuntar/CVE-2024-4577) | CVE-2024-4577 Exploits | 2024-08-17T02:01:57Z |
 | [CVE-2024-45244](https://www.cve.org/CVERecord?id=CVE-2024-45244) | [shanker-sec/hlf-time-oracle](https://github.com/shanker-sec/hlf-time-oracle) | Chaincode for blockchain Hyperledger Fabric provides accurate time to other chaincodes. Thus solving the security problem associated with transaction time manipulation (CVE-2024-45244). | 2024-07-28T19:19:42Z |
 | [CVE-2024-45244](https://www.cve.org/CVERecord?id=CVE-2024-45244) | [shanker-sec/HLF_TxTime_spoofing](https://github.com/shanker-sec/HLF_TxTime_spoofing) | PoC covering the problem of transaction time manipulation (CVE-2024-45244) in the Hyperledger Fabric blockchain. | 2024-06-23T14:56:14Z |
 | [CVE-2024-4484](https://www.cve.org/CVERecord?id=CVE-2024-4484) | [Abo5/CVE-2024-4484](https://github.com/Abo5/CVE-2024-4484) | This script uses HTTParty to detect stored cross-site scripting (XSS) vulnerabilities in WordPress sites using the xai_username parameter. It sends a payload to the specified URL and checks if the payload is reflected in the response, indicating a vulnerability. | 2024-06-12T23:09:39Z |
@@ -244,6 +247,8 @@ Last generated: 2024-09-10 02:11:08.579495
 | [CVE-2024-42850](https://www.cve.org/CVERecord?id=CVE-2024-42850) | [njmbb8/CVE-2024-42850](https://github.com/njmbb8/CVE-2024-42850) | An issue in Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. | 2024-08-15T21:32:29Z |
 | [CVE-2024-42849](https://www.cve.org/CVERecord?id=CVE-2024-42849) | [njmbb8/CVE-2024-42849](https://github.com/njmbb8/CVE-2024-42849) | An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. | 2024-08-15T21:57:29Z |
 | [CVE-2024-42758](https://www.cve.org/CVERecord?id=CVE-2024-42758) | [1s1ldur/CVE-2024-42758](https://github.com/1s1ldur/CVE-2024-42758) | CVE-2024-42758 - Dokuwiki (indexmenu plugin) - XSS Vulnerability | 2024-08-15T13:59:50Z |
+| [CVE-2024-42658](https://www.cve.org/CVERecord?id=CVE-2024-42658) | [sudo-subho/CVE-2024-42658](https://github.com/sudo-subho/CVE-2024-42658) | CVE-2024-42658 An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookies parameter | 2024-08-17T03:02:20Z |
+| [CVE-2024-42657](https://www.cve.org/CVERecord?id=CVE-2024-42657) | [sudo-subho/CVE-2024-42657](https://github.com/sudo-subho/CVE-2024-42657) | CVE-2024-42657 An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process. | 2024-08-17T02:55:14Z |
 | [CVE-2024-42461](https://www.cve.org/CVERecord?id=CVE-2024-42461) | [fevar54/CVE-2024-42461](https://github.com/fevar54/CVE-2024-42461) | Se han identificado problemas en la verificación de firmas ECDSA y EDDSA en el proyecto Wycheproof. Las comprobaciones ausentes durante la etapa de decodificación de firmas permiten agregar o eliminar bytes cero, lo que afecta la capacidad de envío de correos. | 2024-08-06T21:56:15Z |
 | [CVE-2024-4232](https://www.cve.org/CVERecord?id=CVE-2024-4232) | [Redfox-Secuirty/Digisol-DG-GR1321-s-Password-Storage-in-Plaintext-CVE-2024-4232](https://github.com/Redfox-Secuirty/Digisol-DG-GR1321-s-Password-Storage-in-Plaintext-CVE-2024-4232) | no description | 2024-06-18T11:05:06Z |
 | [CVE-2024-4232](https://www.cve.org/CVERecord?id=CVE-2024-4232) | [Redfox-Secuirty/Digisol-DG--GR1321-s-Password-Storage-in-Plaintext--CVE-2024-4232](https://github.com/Redfox-Secuirty/Digisol-DG--GR1321-s-Password-Storage-in-Plaintext--CVE-2024-4232) | no description | 2024-07-04T06:30:19Z |
@@ -334,6 +339,7 @@ Last generated: 2024-09-10 02:11:08.579495
 | [CVE-2024-38077](https://www.cve.org/CVERecord?id=CVE-2024-38077) | [qi4L/CVE-2024-38077](https://github.com/qi4L/CVE-2024-38077) | RDL的堆溢出导致的RCE | 2024-08-09T05:00:44Z |
 | [CVE-2024-38077](https://www.cve.org/CVERecord?id=CVE-2024-38077) | [BBD-YZZ/fyne-gui](https://github.com/BBD-YZZ/fyne-gui) | CVE-2024-38077,仅支持扫描测试~ | 2024-08-15T07:14:00Z |
 | [CVE-2024-38063](https://www.cve.org/CVERecord?id=CVE-2024-38063) | [diegoalbuquerque/CVE-2024-38063](https://github.com/diegoalbuquerque/CVE-2024-38063) | mitigation script by disabling ipv6 of all interfaces | 2024-08-15T12:41:01Z |
+| [CVE-2024-38063](https://www.cve.org/CVERecord?id=CVE-2024-38063) | [noradlb1/CVE-2024-38063-VB](https://github.com/noradlb1/CVE-2024-38063-VB) | CVE-2024-38063 VB | 2024-08-17T01:11:12Z |
 | [CVE-2024-3806](https://www.cve.org/CVERecord?id=CVE-2024-3806) | [truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc](https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc) | CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta | 2024-05-10T16:13:07Z |
 | [CVE-2024-38041](https://www.cve.org/CVERecord?id=CVE-2024-38041) | [varwara/CVE-2024-38041](https://github.com/varwara/CVE-2024-38041) | Kernel pointers copied to output user mode buffer with ioctl 0x22A014 in the appid.sys driver. | 2024-07-21T02:29:18Z |
 | [CVE-2024-38036](https://www.cve.org/CVERecord?id=CVE-2024-38036) | [hnytgl/CVE-2024-38036](https://github.com/hnytgl/CVE-2024-38036) | 排查ipv6使用情况 | 2024-08-16T01:38:21Z |
@@ -369,6 +375,7 @@ Last generated: 2024-09-10 02:11:08.579495
 | [CVE-2024-36991](https://www.cve.org/CVERecord?id=CVE-2024-36991) | [Cappricio-Securities/CVE-2024-36991](https://github.com/Cappricio-Securities/CVE-2024-36991) | Path traversal vulnerability in Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10 that allows reading sensitive files. | 2024-07-10T09:42:08Z |
 | [CVE-2024-36991](https://www.cve.org/CVERecord?id=CVE-2024-36991) | [bigb0x/CVE-2024-36991](https://github.com/bigb0x/CVE-2024-36991) | POC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file. | 2024-07-06T00:49:40Z |
 | [CVE-2024-36877](https://www.cve.org/CVERecord?id=CVE-2024-36877) | [jjensn/CVE-2024-36877](https://github.com/jjensn/CVE-2024-36877) | Exploit POC for CVE-2024-36877 | 2024-08-09T15:33:04Z |
+| [CVE-2024-36877](https://www.cve.org/CVERecord?id=CVE-2024-36877) | [CERTologists/POC-CVE-2024-36877](https://github.com/CERTologists/POC-CVE-2024-36877) | no description | 2024-08-17T20:47:52Z |
 | [CVE-2024-36842](https://www.cve.org/CVERecord?id=CVE-2024-36842) | [abbiy/Backdooring-Oncord-Android-Sterio-](https://github.com/abbiy/Backdooring-Oncord-Android-Sterio-) | CVE-2024-36842, Creating Persistent Backdoor on Oncord+ android/ios car infotaiment using malicious script! | 2024-05-09T12:28:11Z |
 | [CVE-2024-36837](https://www.cve.org/CVERecord?id=CVE-2024-36837) | [phtcloud-dev/CVE-2024-36837](https://github.com/phtcloud-dev/CVE-2024-36837) | CVE-2024-36837 POC | 2024-06-15T16:44:51Z |
 | [CVE-2024-36821](https://www.cve.org/CVERecord?id=CVE-2024-36821) | [IvanGlinkin/CVE-2024-36821](https://github.com/IvanGlinkin/CVE-2024-36821) | The public reference that contains the minimum require information for the vulnerability covered by CVE-2024-36821 | 2024-06-10T15:52:02Z |
@@ -600,6 +607,7 @@ Last generated: 2024-09-10 02:11:08.579495
 | [CVE-2024-32002](https://www.cve.org/CVERecord?id=CVE-2024-32002) | [NishanthAnand21/CVE-2024-32002-PoC](https://github.com/NishanthAnand21/CVE-2024-32002-PoC) | PoC of CVE-2024-32002 - Remote Code Execution while cloning special-crafted local repositories | 2024-07-30T14:58:00Z |
 | [CVE-2024-32002](https://www.cve.org/CVERecord?id=CVE-2024-32002) | [daemon-reconfig/CVE-2024-32002](https://github.com/daemon-reconfig/CVE-2024-32002) | A Reverse shell generator for gitlab-shell vulnerability cve 2024-32002 | 2024-07-28T14:22:01Z |
 | [CVE-2024-32002](https://www.cve.org/CVERecord?id=CVE-2024-32002) | [chrisWalker11/running-CVE-2024-32002-locally-for-tesing](https://github.com/chrisWalker11/running-CVE-2024-32002-locally-for-tesing) | adapting CVE-2024-32002 for running offline and locally | 2024-08-02T18:44:00Z |
+| [CVE-2024-32002](https://www.cve.org/CVERecord?id=CVE-2024-32002) | [sanan2004/CVE-2024-32002](https://github.com/sanan2004/CVE-2024-32002) | POC | 2024-08-17T16:43:26Z |
 | [CVE-2024-320002](https://www.cve.org/CVERecord?id=CVE-2024-320002) | [bonnettheo/hook](https://github.com/bonnettheo/hook) | submodule for CVE-2024-320002 | 2024-06-20T09:02:23Z |
 | [CVE-2024-31989](https://www.cve.org/CVERecord?id=CVE-2024-31989) | [vt0x78/CVE-2024-31989](https://github.com/vt0x78/CVE-2024-31989) | Exploit for CVE-2024-31989. | 2024-07-17T14:23:52Z |
 | [CVE-2024-31982](https://www.cve.org/CVERecord?id=CVE-2024-31982) | [k3lpi3b4nsh33/CVE-2024-31982](https://github.com/k3lpi3b4nsh33/CVE-2024-31982) | no description | 2024-06-22T08:47:20Z |
@@ -3463,6 +3471,7 @@ Last generated: 2024-09-10 02:11:08.579495
 | [CVE-2022-27665](https://www.cve.org/CVERecord?id=CVE-2022-27665) | [dievus/CVE-2022-27665](https://github.com/dievus/CVE-2022-27665) | Reflected XSS via AngularJS Sandbox Escape Expressions in IPSwitch WS_FTP Server 8.6.0 | 2022-03-23T14:20:58Z |
 | [CVE-2022-26965](https://www.cve.org/CVERecord?id=CVE-2022-26965) | [SkDevilS/Pluck-Exploitation-by-skdevils](https://github.com/SkDevilS/Pluck-Exploitation-by-skdevils) | # Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated) # Date: 13.03.2022 # Exploit Author: Ashish Koli (Shikari) # Vendor Homepage: https://github.com/pluck-cms/pluck # Version: 4.7.16 # Tested on Ubuntu 20.04.3 LTS # CVE: CVE-2022-26965 | 2023-08-04T20:32:08Z |
 | [CVE-2022-26923](https://www.cve.org/CVERecord?id=CVE-2022-26923) | [evilashz/PIGADVulnScanner](https://github.com/evilashz/PIGADVulnScanner) | 检测域内常见一把梭漏洞，包括：NoPac、ZeroLogon、CVE-2022-26923、PrintNightMare | 2023-10-17T06:29:44Z |
+| [CVE-2022-26923](https://www.cve.org/CVERecord?id=CVE-2022-26923) | [Gh-Badr/CVE-2022-26923](https://github.com/Gh-Badr/CVE-2022-26923) | A proof of concept exploiting CVE-2022-26923. | 2023-11-28T16:13:36Z |
 | [CVE-2022-26904](https://www.cve.org/CVERecord?id=CVE-2022-26904) | [0nyx-hkr/cve_2022_26904](https://github.com/0nyx-hkr/cve_2022_26904) | This is to create ruby version to python of ruby exploit | 2023-08-24T15:43:32Z |
 | [CVE-2022-2650](https://www.cve.org/CVERecord?id=CVE-2022-2650) | [StevenAmador/CVE-2022-2650](https://github.com/StevenAmador/CVE-2022-2650) | Improper Restriction of Excessive Authentication Attempts (Brute Force) on wger workout application | 2022-11-24T21:01:49Z |
 | [CVE-2022-26488](https://www.cve.org/CVERecord?id=CVE-2022-26488) | [techspence/PyPATHPwner](https://github.com/techspence/PyPATHPwner) | POC Exploit for CVE-2022-26488 - Python for Windows (CPython) escalation of privilege vulnerability, discovered by the Lockheed Martin Red Team. | 2023-04-27T04:30:29Z |
@@ -3570,6 +3579,7 @@ Last generated: 2024-09-10 02:11:08.579495
 | [CVE-2022-21661](https://www.cve.org/CVERecord?id=CVE-2022-21661) | [Wack0/batondrop_armv7](https://github.com/Wack0/batondrop_armv7) | An implementation of baton drop (CVE-2022-21894) for armv7 (MSM8960) | 2023-03-11T14:38:13Z |
 | [CVE-2022-21445](https://www.cve.org/CVERecord?id=CVE-2022-21445) | [StevenMeow/CVE-2022-21445](https://github.com/StevenMeow/CVE-2022-21445) | CVE-2022-21445 | 2023-08-07T05:59:13Z |
 | [CVE-2022-21445](https://www.cve.org/CVERecord?id=CVE-2022-21445) | [szymonh/android-gadget](https://github.com/szymonh/android-gadget) | CVE-2022-20009 - Description and sample exploit for Android USB Gadgets | 2023-08-06T10:01:32Z |
+| [CVE-2022-21392](https://www.cve.org/CVERecord?id=CVE-2022-21392) | [mbadanoiu/CVE-2022-21392](https://github.com/mbadanoiu/CVE-2022-21392) | CVE-2022-21392: Local Privilege Escalation via NMR SUID in Oracle Enterprise Manager | 2023-12-08T20:13:23Z |
 | [CVE-2022-21306](https://www.cve.org/CVERecord?id=CVE-2022-21306) | [hktalent/CVE-2022-21306](https://github.com/hktalent/CVE-2022-21306) | POC，EXP，chatGPT for me，只能给一些思路，全部不可用 | 2023-04-07T03:59:07Z |
 | [CVE-2022-2078](https://www.cve.org/CVERecord?id=CVE-2022-2078) | [delsploit/CVE-2022-2078](https://github.com/delsploit/CVE-2022-2078) | no description | 2023-03-06T12:49:29Z |
 | [CVE-2022-20493](https://www.cve.org/CVERecord?id=CVE-2022-20493) | [Trinadh465/frameworks_base_CVE-2022-20493](https://github.com/Trinadh465/frameworks_base_CVE-2022-20493) | no description | 2023-05-31T09:18:01Z |
@@ -3893,6 +3903,7 @@ Last generated: 2024-09-10 02:11:08.579495
 | [CVE-2021-33104](https://www.cve.org/CVERecord?id=CVE-2021-33104) | [Sma-Das/Log4j-PoC](https://github.com/Sma-Das/Log4j-PoC) | An educational Proof of Concept for the Log4j Vulnerability (CVE-2021-44228) in Minecraft | 2023-03-14T18:49:36Z |
 | [CVE-2021-33044](https://www.cve.org/CVERecord?id=CVE-2021-33044) | [haingn/LoHongCam-CVE-2021-33044](https://github.com/haingn/LoHongCam-CVE-2021-33044) | no description | 2023-10-22T14:02:49Z |
 | [CVE-2021-32789](https://www.cve.org/CVERecord?id=CVE-2021-32789) | [and0x00/CVE-2021-32789](https://github.com/and0x00/CVE-2021-32789) | 💣 Wordpress WooCommerce users dump exploit | 2023-02-17T19:51:24Z |
+| [CVE-2021-32682](https://www.cve.org/CVERecord?id=CVE-2021-32682) | [nickswink/CVE-2021-32682](https://github.com/nickswink/CVE-2021-32682) | elFinder Commands Injection (CVE-2021-32682) | 2023-11-10T16:16:47Z |
 | [CVE-2021-32399](https://www.cve.org/CVERecord?id=CVE-2021-32399) | [nanopathi/linux-4.19.72_CVE-2021-32399](https://github.com/nanopathi/linux-4.19.72_CVE-2021-32399) | no description | 2022-04-01T10:29:20Z |
 | [CVE-2021-32399](https://www.cve.org/CVERecord?id=CVE-2021-32399) | [0xmaximus/Home-Demolisher](https://github.com/0xmaximus/Home-Demolisher) | PoC for CVE-2021-31166 and CVE-2022-21907 | 2022-11-22T09:10:36Z |
 | [CVE-2021-32305](https://www.cve.org/CVERecord?id=CVE-2021-32305) | [sz-guanx/CVE-2021-32305](https://github.com/sz-guanx/CVE-2021-32305) | no description | 2023-02-27T05:38:27Z |