diff --git a/mapping.csv b/mapping.csv
index 455b4465548..e8cf8e35325 100644
--- a/mapping.csv
+++ b/mapping.csv
@@ -251537,3 +251537,125 @@ vulnerability,CVE-2023-45872,vulnerability--df221b41-ae44-4336-b7ab-d4f30638ebbf
vulnerability,CVE-2023-37154,vulnerability--666d6a6c-9a1e-4862-81d9-78dbe8f01f66
vulnerability,CVE-2023-36325,vulnerability--ccdc5430-e653-442e-b446-b1cfb31e97bf
vulnerability,CVE-2023-46586,vulnerability--de757597-08f6-41bb-8f01-01278e25493c
+vulnerability,CVE-2024-48902,vulnerability--564c0cc9-1387-499d-be85-53c4d7b85e38
+vulnerability,CVE-2024-48949,vulnerability--3fe6847e-308b-4155-be34-7f326d9d1585
+vulnerability,CVE-2024-48957,vulnerability--21bb57d0-bf27-4414-9ea9-73bf976651fd
+vulnerability,CVE-2024-48958,vulnerability--e8442283-a572-463f-aab8-f75c2475e952
+vulnerability,CVE-2024-45149,vulnerability--630d9151-986d-44b6-83d0-f4c7fa84b9ef
+vulnerability,CVE-2024-45127,vulnerability--7f8d875a-c20f-46bd-a6c3-032d83fb02cd
+vulnerability,CVE-2024-45134,vulnerability--19988fe6-cc99-43f1-8cdf-7967c3caef5d
+vulnerability,CVE-2024-45124,vulnerability--2a20c9a7-91ca-497f-9199-3241f92955c2
+vulnerability,CVE-2024-45130,vulnerability--f712a5bc-c410-4362-abaa-2de3190679e9
+vulnerability,CVE-2024-45125,vulnerability--b6f1d86f-ec61-44a1-97bf-72bb6d396239
+vulnerability,CVE-2024-45116,vulnerability--4f4d5f4e-442e-4df4-b9eb-552a18f163a4
+vulnerability,CVE-2024-45117,vulnerability--1f33f2cd-e2e1-4629-aaca-c36525b427e2
+vulnerability,CVE-2024-45132,vulnerability--47b96018-9dc0-447d-8a84-8896743021b5
+vulnerability,CVE-2024-45115,vulnerability--c3ab9ecd-a9b7-48a5-a5c1-5d630905df0e
+vulnerability,CVE-2024-45122,vulnerability--33c3414f-5447-47de-89b3-e12b5c3008de
+vulnerability,CVE-2024-45148,vulnerability--46f4deca-3001-4ece-ad6e-8d1f8ab2e302
+vulnerability,CVE-2024-45128,vulnerability--d271415c-2d12-4024-b44f-e554abd1b363
+vulnerability,CVE-2024-45133,vulnerability--0ccf63d9-9df6-4f9e-83cf-b14a1f45be11
+vulnerability,CVE-2024-45131,vulnerability--dc91940b-ba38-4beb-ab8c-a08e7b9af362
+vulnerability,CVE-2024-45118,vulnerability--ecb54fc5-4f9e-4d73-ace6-bc4d899b5bb6
+vulnerability,CVE-2024-45120,vulnerability--dd9ef3c6-4784-453a-88de-78ee9a6de6a0
+vulnerability,CVE-2024-45119,vulnerability--77939ecd-49ff-4af0-9581-d36e7765e922
+vulnerability,CVE-2024-45123,vulnerability--e571e40e-f472-4bc6-84b2-42bc205ee021
+vulnerability,CVE-2024-45121,vulnerability--69aaf09e-b12b-4bbd-9da1-a7660ded0857
+vulnerability,CVE-2024-45129,vulnerability--3bfbaec8-cbb6-4277-b2e0-4462b990d98d
+vulnerability,CVE-2024-45135,vulnerability--1e44f613-39ff-44ed-a8f7-32ee1c6d7675
+vulnerability,CVE-2024-9794,vulnerability--ea422f2b-9f31-410c-8808-9a6d8400896e
+vulnerability,CVE-2024-9520,vulnerability--b296e57a-aebe-449a-93ec-9b42df6c0d49
+vulnerability,CVE-2024-9804,vulnerability--8a1d585d-ee1e-4079-a276-a769f0dc7802
+vulnerability,CVE-2024-9457,vulnerability--94291c5d-8bed-4f3a-bebf-81b5bdc840e7
+vulnerability,CVE-2024-9074,vulnerability--6d94f2db-5cb4-423c-b764-47439b1688a3
+vulnerability,CVE-2024-9816,vulnerability--dd7e7c15-fa37-4a7c-abc1-aa72e072b76d
+vulnerability,CVE-2024-9814,vulnerability--99ffa287-c7d0-46ae-812d-f73a0a65d02a
+vulnerability,CVE-2024-9180,vulnerability--de9925cf-d237-49e7-9b5f-c990cd4babc9
+vulnerability,CVE-2024-9522,vulnerability--abd7d33c-980f-4305-8076-71e56b353a8f
+vulnerability,CVE-2024-9156,vulnerability--de911bab-f693-4d1b-a9ff-dfb54b58ce3c
+vulnerability,CVE-2024-9312,vulnerability--13941a10-1d4b-46cf-9b27-923cd0d3528d
+vulnerability,CVE-2024-9808,vulnerability--22e3a623-59c8-45ef-aac6-7ad6d60d30a4
+vulnerability,CVE-2024-9067,vulnerability--caa527fb-1854-4b58-b955-c36beffa64ef
+vulnerability,CVE-2024-9793,vulnerability--e3779ca0-ef98-4d58-897f-46abb6bcf32f
+vulnerability,CVE-2024-9066,vulnerability--a4bd9f1e-cb2f-4f14-8ffb-9761591f65cd
+vulnerability,CVE-2024-9785,vulnerability--c10b6eab-69b0-493a-8b2c-2046dc2b5797
+vulnerability,CVE-2024-9780,vulnerability--3bf67cf4-e2ed-46be-8b71-0b34783b4439
+vulnerability,CVE-2024-9596,vulnerability--263e7f49-af5d-4104-8d59-479b20b59b41
+vulnerability,CVE-2024-9581,vulnerability--090319be-4bac-4df5-a5c5-8438a41961fa
+vulnerability,CVE-2024-9781,vulnerability--7c2f6847-22c9-41d6-be40-edede501a164
+vulnerability,CVE-2024-9798,vulnerability--317b401b-7534-4d31-854f-73d8a945ca0a
+vulnerability,CVE-2024-9685,vulnerability--958658a1-70b6-49cc-a182-139f682495a5
+vulnerability,CVE-2024-9788,vulnerability--b291d011-ab34-41e7-9e26-7c7df603f68d
+vulnerability,CVE-2024-9022,vulnerability--194a5e02-1037-4a76-bcfd-7afc39e13d52
+vulnerability,CVE-2024-9812,vulnerability--dc1f9c5b-a4d9-4e50-8d21-06ffa3a629a7
+vulnerability,CVE-2024-9519,vulnerability--64823fe2-9781-4c5c-ba90-43a3ac10f48c
+vulnerability,CVE-2024-9815,vulnerability--86a5c6d9-baec-4622-b026-f9eb185a4cad
+vulnerability,CVE-2024-9786,vulnerability--6811e025-0890-4477-810b-a352ffd601a5
+vulnerability,CVE-2024-9784,vulnerability--7beb75cf-5027-45c1-ad92-c5aefe2918f7
+vulnerability,CVE-2024-9205,vulnerability--0abd9477-1bc4-40bb-858d-4f40094e89d3
+vulnerability,CVE-2024-9809,vulnerability--0e9f8ce6-bb27-46b8-9503-22991f65fc84
+vulnerability,CVE-2024-9805,vulnerability--9f3f7052-14c9-48c7-a660-cdbfd82fe8a3
+vulnerability,CVE-2024-9518,vulnerability--57756ccd-3aec-4cb9-b86c-beed7951046c
+vulnerability,CVE-2024-9796,vulnerability--242bcc95-d302-4477-9236-2960e7bea5ed
+vulnerability,CVE-2024-9065,vulnerability--bde182f8-534f-46e3-83f6-899262bba25c
+vulnerability,CVE-2024-9783,vulnerability--cd0834c7-294f-47d5-adbe-787b923d59a4
+vulnerability,CVE-2024-9487,vulnerability--91bc0540-1516-4f98-b106-f994052f9281
+vulnerability,CVE-2024-9802,vulnerability--f8717102-7f90-4a00-8040-869a89e64ff1
+vulnerability,CVE-2024-9792,vulnerability--f922732d-3340-4f16-b9b8-04062084f3a8
+vulnerability,CVE-2024-9787,vulnerability--a39f7c55-356b-4427-810a-f7810f4340b8
+vulnerability,CVE-2024-9799,vulnerability--8bbd82c9-ad4d-4e9d-bc6b-a153002cf499
+vulnerability,CVE-2024-9810,vulnerability--35f7c804-d401-4252-ac7a-5b7ca766eeba
+vulnerability,CVE-2024-9789,vulnerability--d46cc30a-3099-46d1-9113-172a4743c76b
+vulnerability,CVE-2024-9201,vulnerability--1a44c1f5-b807-4fbb-bb2e-0d78423fb82c
+vulnerability,CVE-2024-9782,vulnerability--e9b9a676-0931-4cbb-b404-8c02db38ac1b
+vulnerability,CVE-2024-9790,vulnerability--488f9341-1cef-4752-a21e-a08cf2a41f86
+vulnerability,CVE-2024-9817,vulnerability--31c7c7ed-df86-4d6a-a7d7-82143b847872
+vulnerability,CVE-2024-9064,vulnerability--ffea44d4-8456-4ab0-80c3-5ad1246e2af9
+vulnerability,CVE-2024-9803,vulnerability--7dc9e28a-f899-4557-b25e-78f6ec98e4f3
+vulnerability,CVE-2024-9797,vulnerability--d8460459-569a-411d-a004-b4aa029c5684
+vulnerability,CVE-2024-9623,vulnerability--4452d646-48ab-4b5d-b872-0ff65424d58c
+vulnerability,CVE-2024-9072,vulnerability--220301e4-5031-4500-ad0f-6eaacd1d2aee
+vulnerability,CVE-2024-9057,vulnerability--2977581b-af2b-4cae-a5cb-06402c43818a
+vulnerability,CVE-2024-9811,vulnerability--ebe735f9-79bc-47f8-8130-8def92239ac0
+vulnerability,CVE-2024-9806,vulnerability--9a2094f3-cbac-4b02-87d0-35b106ea0796
+vulnerability,CVE-2024-9807,vulnerability--1889b192-c4b2-4707-8ffd-b091445f5478
+vulnerability,CVE-2024-9813,vulnerability--c8d8131a-950b-465d-bf60-48c92bcf60c6
+vulnerability,CVE-2024-9818,vulnerability--e0db58be-b746-4920-9e71-0d6a5dd2b4b7
+vulnerability,CVE-2024-9377,vulnerability--6e3da507-27d4-485b-be54-a63191370297
+vulnerability,CVE-2024-47636,vulnerability--7fd6cfee-97f7-4cde-8c83-ebafd1bcf9a3
+vulnerability,CVE-2024-47870,vulnerability--dced5125-da45-49a4-a687-da211219ffe9
+vulnerability,CVE-2024-47962,vulnerability--a028920b-c455-4fef-bee7-4876cfa3fd23
+vulnerability,CVE-2024-47167,vulnerability--2bf3a62c-27ff-4bf5-8a03-1cb222625968
+vulnerability,CVE-2024-47084,vulnerability--71a22ed2-1377-4e5a-94f1-7a86f412db4a
+vulnerability,CVE-2024-47869,vulnerability--ddea1bf1-3ccc-4af5-a38e-ec0106ac6086
+vulnerability,CVE-2024-47867,vulnerability--9813ffc6-5c52-41b4-8675-d05d6310f536
+vulnerability,CVE-2024-47168,vulnerability--573dd0eb-628d-4ee1-a47c-ac56ca5fd7f0
+vulnerability,CVE-2024-47868,vulnerability--dfa21733-7119-4cd8-9298-1b1116850546
+vulnerability,CVE-2024-47966,vulnerability--27bd8da5-89b7-46a1-9779-2c419b9b4ff3
+vulnerability,CVE-2024-47164,vulnerability--10bf3d08-e098-4846-96a1-cfbf4d045484
+vulnerability,CVE-2024-47166,vulnerability--bd61ee97-de4d-467a-bd99-4651d7f2e64b
+vulnerability,CVE-2024-47648,vulnerability--54ae5512-e8f6-4b65-9322-96e79eb11502
+vulnerability,CVE-2024-47872,vulnerability--5ed66275-c1ef-457a-a63a-488ed66226ae
+vulnerability,CVE-2024-47964,vulnerability--2988316c-b051-4e47-860f-04b8bed21cef
+vulnerability,CVE-2024-47354,vulnerability--c007a635-6863-4778-b36f-102a34cc20cd
+vulnerability,CVE-2024-47965,vulnerability--8f0e9de8-7c9e-4954-8793-e6fbe400fe21
+vulnerability,CVE-2024-47165,vulnerability--15110e2c-fe91-4d07-92ed-42a43b418b62
+vulnerability,CVE-2024-47871,vulnerability--f0bd0bb7-8b72-404e-8df2-eae1687c6d91
+vulnerability,CVE-2024-47963,vulnerability--40f0750d-06de-49b0-a748-44215fab8b78
+vulnerability,CVE-2024-7049,vulnerability--89d06ba3-c603-4b96-ad89-9d5e03fba2ed
+vulnerability,CVE-2024-7048,vulnerability--235ac6da-7737-436c-b7a4-4ec64f01e448
+vulnerability,CVE-2024-8977,vulnerability--25a8ab2d-beac-4be5-9a42-332b659f81b8
+vulnerability,CVE-2024-8513,vulnerability--558f5d76-18a6-482e-8b36-5a28c9528e2d
+vulnerability,CVE-2024-8477,vulnerability--2101b3a0-ff9e-4443-9374-d0a0bf18560c
+vulnerability,CVE-2024-8987,vulnerability--93be5f9c-4828-4f5b-a721-d8d510140469
+vulnerability,CVE-2024-8729,vulnerability--c0d5d955-86c4-4e9e-9bf0-8fbcacfbdc24
+vulnerability,CVE-2024-22068,vulnerability--361da62f-f531-4f11-93e1-4fcb9399c86e
+vulnerability,CVE-2024-35202,vulnerability--14fceddf-fa99-4b5e-9081-865d11efb771
+vulnerability,CVE-2024-36917,vulnerability--ea11ec69-737e-4756-870f-1d28d0556c08
+vulnerability,CVE-2024-36936,vulnerability--4ddbbe35-6611-4889-b3ba-ac694f32238b
+vulnerability,CVE-2024-36051,vulnerability--a15a5228-95b2-4717-a36f-9f1605892ea4
+vulnerability,CVE-2024-4658,vulnerability--dcb1e498-66ce-4946-89d5-8e849c96215a
+vulnerability,CVE-2024-6157,vulnerability--30dca618-4397-4e0f-a5d7-d722e596aff0
+vulnerability,CVE-2024-6747,vulnerability--2711ceb8-45b1-4d5e-9448-85f011c09053
+vulnerability,CVE-2024-6530,vulnerability--0c534c58-0e5c-4251-bbb8-b80d9a11634e
+vulnerability,CVE-2023-25581,vulnerability--bf93eb7b-f18f-4fbe-86da-d92b631ec836
diff --git a/objects/vulnerability/vulnerability--090319be-4bac-4df5-a5c5-8438a41961fa.json b/objects/vulnerability/vulnerability--090319be-4bac-4df5-a5c5-8438a41961fa.json
new file mode 100644
index 00000000000..d0950250eb5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--090319be-4bac-4df5-a5c5-8438a41961fa.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0f29e3cd-c817-440d-aef9-31e6edfcb00d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--090319be-4bac-4df5-a5c5-8438a41961fa",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.442893Z",
+ "modified": "2024-10-11T00:20:18.442893Z",
+ "name": "CVE-2024-9581",
+ "description": "The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9581"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0abd9477-1bc4-40bb-858d-4f40094e89d3.json b/objects/vulnerability/vulnerability--0abd9477-1bc4-40bb-858d-4f40094e89d3.json
new file mode 100644
index 00000000000..a0d3f5f8721
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0abd9477-1bc4-40bb-858d-4f40094e89d3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dd5de4a3-50c3-4295-bb6b-aa1867033f03",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0abd9477-1bc4-40bb-858d-4f40094e89d3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.464141Z",
+ "modified": "2024-10-11T00:20:18.464141Z",
+ "name": "CVE-2024-9205",
+ "description": "The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9205"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0c534c58-0e5c-4251-bbb8-b80d9a11634e.json b/objects/vulnerability/vulnerability--0c534c58-0e5c-4251-bbb8-b80d9a11634e.json
new file mode 100644
index 00000000000..b553d737198
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0c534c58-0e5c-4251-bbb8-b80d9a11634e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--264eb20b-6112-4915-8a85-fbfcfb2a8924",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0c534c58-0e5c-4251-bbb8-b80d9a11634e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:20.458224Z",
+ "modified": "2024-10-11T00:20:20.458224Z",
+ "name": "CVE-2024-6530",
+ "description": "A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6530"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0ccf63d9-9df6-4f9e-83cf-b14a1f45be11.json b/objects/vulnerability/vulnerability--0ccf63d9-9df6-4f9e-83cf-b14a1f45be11.json
new file mode 100644
index 00000000000..963db9938fc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0ccf63d9-9df6-4f9e-83cf-b14a1f45be11.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--287476c4-9a9c-4be3-8004-c0482e22528f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0ccf63d9-9df6-4f9e-83cf-b14a1f45be11",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.387565Z",
+ "modified": "2024-10-11T00:20:18.387565Z",
+ "name": "CVE-2024-45133",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45133"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0e9f8ce6-bb27-46b8-9503-22991f65fc84.json b/objects/vulnerability/vulnerability--0e9f8ce6-bb27-46b8-9503-22991f65fc84.json
new file mode 100644
index 00000000000..da5b92836d7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0e9f8ce6-bb27-46b8-9503-22991f65fc84.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5e2eab25-472e-4b23-bf45-8ef73d8d7f6d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0e9f8ce6-bb27-46b8-9503-22991f65fc84",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.465137Z",
+ "modified": "2024-10-11T00:20:18.465137Z",
+ "name": "CVE-2024-9809",
+ "description": "A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=delete_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9809"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--10bf3d08-e098-4846-96a1-cfbf4d045484.json b/objects/vulnerability/vulnerability--10bf3d08-e098-4846-96a1-cfbf4d045484.json
new file mode 100644
index 00000000000..1a8ebb4c353
--- /dev/null
+++ b/objects/vulnerability/vulnerability--10bf3d08-e098-4846-96a1-cfbf4d045484.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dc2e5dd5-f603-4f76-b2f6-38944a5098cc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--10bf3d08-e098-4846-96a1-cfbf4d045484",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.605415Z",
+ "modified": "2024-10-11T00:20:18.605415Z",
+ "name": "CVE-2024-47164",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file paths using `..` (parent directory) sequences. Attackers could potentially access restricted files if they are able to exploit this flaw, although the difficulty is high. This primarily impacts users relying on Gradio’s blocklist or directory access validation, particularly when handling file uploads. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually sanitize and normalize file paths in their Gradio deployment before passing them to the `is_in_or_equal` function. Ensuring that all file paths are properly resolved and absolute can help mitigate the bypass vulnerabilities caused by the improper handling of `..` sequences or malformed paths.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47164"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--13941a10-1d4b-46cf-9b27-923cd0d3528d.json b/objects/vulnerability/vulnerability--13941a10-1d4b-46cf-9b27-923cd0d3528d.json
new file mode 100644
index 00000000000..9b5b80f3dec
--- /dev/null
+++ b/objects/vulnerability/vulnerability--13941a10-1d4b-46cf-9b27-923cd0d3528d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--21b45ed3-a387-449d-ae3c-1c295d0884bb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--13941a10-1d4b-46cf-9b27-923cd0d3528d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.426731Z",
+ "modified": "2024-10-11T00:20:18.426731Z",
+ "name": "CVE-2024-9312",
+ "description": "Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9312"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--14fceddf-fa99-4b5e-9081-865d11efb771.json b/objects/vulnerability/vulnerability--14fceddf-fa99-4b5e-9081-865d11efb771.json
new file mode 100644
index 00000000000..2eaaa64679a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--14fceddf-fa99-4b5e-9081-865d11efb771.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--319e06e4-7a6c-4dd5-8494-f587ed5e5e31",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--14fceddf-fa99-4b5e-9081-865d11efb771",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.563673Z",
+ "modified": "2024-10-11T00:20:19.563673Z",
+ "name": "CVE-2024-35202",
+ "description": "Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-35202"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--15110e2c-fe91-4d07-92ed-42a43b418b62.json b/objects/vulnerability/vulnerability--15110e2c-fe91-4d07-92ed-42a43b418b62.json
new file mode 100644
index 00000000000..23ac6c485ea
--- /dev/null
+++ b/objects/vulnerability/vulnerability--15110e2c-fe91-4d07-92ed-42a43b418b62.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--15c75f8a-791f-4641-b78a-a0c90b646c09",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--15110e2c-fe91-4d07-92ed-42a43b418b62",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.619154Z",
+ "modified": "2024-10-11T00:20:18.619154Z",
+ "name": "CVE-2024-47165",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **CORS origin validation accepting a null origin**. When a Gradio server is deployed locally, the `localhost_aliases` variable includes \"null\" as a valid origin. This allows attackers to make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leading to data theft, such as user authentication tokens or uploaded files. This impacts users running Gradio locally, especially those using basic authentication. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually modify the `localhost_aliases` list in their local Gradio deployment to exclude \"null\" as a valid origin. By removing this value, the Gradio server will no longer accept requests from sandboxed iframes or sources with a null origin, mitigating the potential for exploitation.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47165"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1889b192-c4b2-4707-8ffd-b091445f5478.json b/objects/vulnerability/vulnerability--1889b192-c4b2-4707-8ffd-b091445f5478.json
new file mode 100644
index 00000000000..802a0042fdd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1889b192-c4b2-4707-8ffd-b091445f5478.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b606fb90-da23-48dc-82d7-94cbffd0e2d3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1889b192-c4b2-4707-8ffd-b091445f5478",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.502052Z",
+ "modified": "2024-10-11T00:20:18.502052Z",
+ "name": "CVE-2024-9807",
+ "description": "A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.8.8 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9807"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--194a5e02-1037-4a76-bcfd-7afc39e13d52.json b/objects/vulnerability/vulnerability--194a5e02-1037-4a76-bcfd-7afc39e13d52.json
new file mode 100644
index 00000000000..b518605d7c5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--194a5e02-1037-4a76-bcfd-7afc39e13d52.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--378adbc5-d691-40b4-b4a2-530f46b45147",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--194a5e02-1037-4a76-bcfd-7afc39e13d52",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.452731Z",
+ "modified": "2024-10-11T00:20:18.452731Z",
+ "name": "CVE-2024-9022",
+ "description": "The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9022"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--19988fe6-cc99-43f1-8cdf-7967c3caef5d.json b/objects/vulnerability/vulnerability--19988fe6-cc99-43f1-8cdf-7967c3caef5d.json
new file mode 100644
index 00000000000..7903804da86
--- /dev/null
+++ b/objects/vulnerability/vulnerability--19988fe6-cc99-43f1-8cdf-7967c3caef5d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1773153f-e87c-40fc-84b2-f4b9f03e4d90",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--19988fe6-cc99-43f1-8cdf-7967c3caef5d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.304652Z",
+ "modified": "2024-10-11T00:20:18.304652Z",
+ "name": "CVE-2024-45134",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45134"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1a44c1f5-b807-4fbb-bb2e-0d78423fb82c.json b/objects/vulnerability/vulnerability--1a44c1f5-b807-4fbb-bb2e-0d78423fb82c.json
new file mode 100644
index 00000000000..ec78f7e1a1d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1a44c1f5-b807-4fbb-bb2e-0d78423fb82c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e1606113-5fc0-4c34-b81a-8142a58654c0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1a44c1f5-b807-4fbb-bb2e-0d78423fb82c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.484734Z",
+ "modified": "2024-10-11T00:20:18.484734Z",
+ "name": "CVE-2024-9201",
+ "description": "The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9201"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1e44f613-39ff-44ed-a8f7-32ee1c6d7675.json b/objects/vulnerability/vulnerability--1e44f613-39ff-44ed-a8f7-32ee1c6d7675.json
new file mode 100644
index 00000000000..b30f48b6fda
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1e44f613-39ff-44ed-a8f7-32ee1c6d7675.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c5785327-7106-497e-9b15-a809f63b3695",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1e44f613-39ff-44ed-a8f7-32ee1c6d7675",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.405077Z",
+ "modified": "2024-10-11T00:20:18.405077Z",
+ "name": "CVE-2024-45135",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45135"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1f33f2cd-e2e1-4629-aaca-c36525b427e2.json b/objects/vulnerability/vulnerability--1f33f2cd-e2e1-4629-aaca-c36525b427e2.json
new file mode 100644
index 00000000000..f087b9e094c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1f33f2cd-e2e1-4629-aaca-c36525b427e2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b565981d-ea40-46d3-98a9-c8decceb7451",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1f33f2cd-e2e1-4629-aaca-c36525b427e2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.354148Z",
+ "modified": "2024-10-11T00:20:18.354148Z",
+ "name": "CVE-2024-45117",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45117"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2101b3a0-ff9e-4443-9374-d0a0bf18560c.json b/objects/vulnerability/vulnerability--2101b3a0-ff9e-4443-9374-d0a0bf18560c.json
new file mode 100644
index 00000000000..f2493fbc58d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2101b3a0-ff9e-4443-9374-d0a0bf18560c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7da303f1-c6b8-4635-abe8-6ae51e837e21",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2101b3a0-ff9e-4443-9374-d0a0bf18560c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.046732Z",
+ "modified": "2024-10-11T00:20:19.046732Z",
+ "name": "CVE-2024-8477",
+ "description": "The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8477"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--21bb57d0-bf27-4414-9ea9-73bf976651fd.json b/objects/vulnerability/vulnerability--21bb57d0-bf27-4414-9ea9-73bf976651fd.json
new file mode 100644
index 00000000000..8a74707e926
--- /dev/null
+++ b/objects/vulnerability/vulnerability--21bb57d0-bf27-4414-9ea9-73bf976651fd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f3c6150f-09f6-40d1-8ae8-0cd820b9a310",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--21bb57d0-bf27-4414-9ea9-73bf976651fd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.230434Z",
+ "modified": "2024-10-11T00:20:18.230434Z",
+ "name": "CVE-2024-48957",
+ "description": "execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48957"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--220301e4-5031-4500-ad0f-6eaacd1d2aee.json b/objects/vulnerability/vulnerability--220301e4-5031-4500-ad0f-6eaacd1d2aee.json
new file mode 100644
index 00000000000..eaa87cf58f2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--220301e4-5031-4500-ad0f-6eaacd1d2aee.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--10fc7b34-1ff2-4db3-9803-a760024fa030",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--220301e4-5031-4500-ad0f-6eaacd1d2aee",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.49603Z",
+ "modified": "2024-10-11T00:20:18.49603Z",
+ "name": "CVE-2024-9072",
+ "description": "The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9072"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--22e3a623-59c8-45ef-aac6-7ad6d60d30a4.json b/objects/vulnerability/vulnerability--22e3a623-59c8-45ef-aac6-7ad6d60d30a4.json
new file mode 100644
index 00000000000..4a228b59b95
--- /dev/null
+++ b/objects/vulnerability/vulnerability--22e3a623-59c8-45ef-aac6-7ad6d60d30a4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3b3ebc0d-e126-47b7-b8f9-4db51efbffe4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--22e3a623-59c8-45ef-aac6-7ad6d60d30a4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.42789Z",
+ "modified": "2024-10-11T00:20:18.42789Z",
+ "name": "CVE-2024-9808",
+ "description": "A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=products/view_product. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9808"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--235ac6da-7737-436c-b7a4-4ec64f01e448.json b/objects/vulnerability/vulnerability--235ac6da-7737-436c-b7a4-4ec64f01e448.json
new file mode 100644
index 00000000000..968375cd6f5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--235ac6da-7737-436c-b7a4-4ec64f01e448.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--36b462f1-7a7f-4472-bc0f-84464a75db7b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--235ac6da-7737-436c-b7a4-4ec64f01e448",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.744402Z",
+ "modified": "2024-10-11T00:20:18.744402Z",
+ "name": "CVE-2024-7048",
+ "description": "In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7048"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--242bcc95-d302-4477-9236-2960e7bea5ed.json b/objects/vulnerability/vulnerability--242bcc95-d302-4477-9236-2960e7bea5ed.json
new file mode 100644
index 00000000000..5904b7690c9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--242bcc95-d302-4477-9236-2960e7bea5ed.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d41d1a86-1cea-4700-9bd0-64f01bfcdfc2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--242bcc95-d302-4477-9236-2960e7bea5ed",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.46998Z",
+ "modified": "2024-10-11T00:20:18.46998Z",
+ "name": "CVE-2024-9796",
+ "description": "The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9796"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--25a8ab2d-beac-4be5-9a42-332b659f81b8.json b/objects/vulnerability/vulnerability--25a8ab2d-beac-4be5-9a42-332b659f81b8.json
new file mode 100644
index 00000000000..25d73757eaa
--- /dev/null
+++ b/objects/vulnerability/vulnerability--25a8ab2d-beac-4be5-9a42-332b659f81b8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--24b467af-7cf0-4106-9f42-af23ad40de3d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--25a8ab2d-beac-4be5-9a42-332b659f81b8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.020526Z",
+ "modified": "2024-10-11T00:20:19.020526Z",
+ "name": "CVE-2024-8977",
+ "description": "An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8977"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--263e7f49-af5d-4104-8d59-479b20b59b41.json b/objects/vulnerability/vulnerability--263e7f49-af5d-4104-8d59-479b20b59b41.json
new file mode 100644
index 00000000000..f564187bafa
--- /dev/null
+++ b/objects/vulnerability/vulnerability--263e7f49-af5d-4104-8d59-479b20b59b41.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--20193417-b924-424d-8a38-39403650275d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--263e7f49-af5d-4104-8d59-479b20b59b41",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.441518Z",
+ "modified": "2024-10-11T00:20:18.441518Z",
+ "name": "CVE-2024-9596",
+ "description": "An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9596"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2711ceb8-45b1-4d5e-9448-85f011c09053.json b/objects/vulnerability/vulnerability--2711ceb8-45b1-4d5e-9448-85f011c09053.json
new file mode 100644
index 00000000000..8cfc57ae54e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2711ceb8-45b1-4d5e-9448-85f011c09053.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--98de9141-56ff-46fd-aa82-08bad3fda7fa",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2711ceb8-45b1-4d5e-9448-85f011c09053",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:20.453403Z",
+ "modified": "2024-10-11T00:20:20.453403Z",
+ "name": "CVE-2024-6747",
+ "description": "Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6747"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--27bd8da5-89b7-46a1-9779-2c419b9b4ff3.json b/objects/vulnerability/vulnerability--27bd8da5-89b7-46a1-9779-2c419b9b4ff3.json
new file mode 100644
index 00000000000..0f3dfb2277c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--27bd8da5-89b7-46a1-9779-2c419b9b4ff3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c6cef2fb-9848-49a0-853c-73fd3031fc55",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--27bd8da5-89b7-46a1-9779-2c419b9b4ff3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.597449Z",
+ "modified": "2024-10-11T00:20:18.597449Z",
+ "name": "CVE-2024-47966",
+ "description": "Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47966"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2977581b-af2b-4cae-a5cb-06402c43818a.json b/objects/vulnerability/vulnerability--2977581b-af2b-4cae-a5cb-06402c43818a.json
new file mode 100644
index 00000000000..65fcf9fc393
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2977581b-af2b-4cae-a5cb-06402c43818a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--33dfabbd-9143-4f48-ba66-aa7751e5b969",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2977581b-af2b-4cae-a5cb-06402c43818a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.497178Z",
+ "modified": "2024-10-11T00:20:18.497178Z",
+ "name": "CVE-2024-9057",
+ "description": "The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘feed_id’ attribute in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9057"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2988316c-b051-4e47-860f-04b8bed21cef.json b/objects/vulnerability/vulnerability--2988316c-b051-4e47-860f-04b8bed21cef.json
new file mode 100644
index 00000000000..b3a689bf837
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2988316c-b051-4e47-860f-04b8bed21cef.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d6afb58f-9d85-4325-98f2-e5a3fa1c011d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2988316c-b051-4e47-860f-04b8bed21cef",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.614946Z",
+ "modified": "2024-10-11T00:20:18.614946Z",
+ "name": "CVE-2024-47964",
+ "description": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47964"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2a20c9a7-91ca-497f-9199-3241f92955c2.json b/objects/vulnerability/vulnerability--2a20c9a7-91ca-497f-9199-3241f92955c2.json
new file mode 100644
index 00000000000..79a71778360
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2a20c9a7-91ca-497f-9199-3241f92955c2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3327c7ca-9616-41bd-b5db-a46665c550c4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2a20c9a7-91ca-497f-9199-3241f92955c2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.306883Z",
+ "modified": "2024-10-11T00:20:18.306883Z",
+ "name": "CVE-2024-45124",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45124"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2bf3a62c-27ff-4bf5-8a03-1cb222625968.json b/objects/vulnerability/vulnerability--2bf3a62c-27ff-4bf5-8a03-1cb222625968.json
new file mode 100644
index 00000000000..a24e9724e07
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2bf3a62c-27ff-4bf5-8a03-1cb222625968.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b504c1f4-bc2b-4432-82c3-600ade706aeb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2bf3a62c-27ff-4bf5-8a03-1cb222625968",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.576394Z",
+ "modified": "2024-10-11T00:20:18.576394Z",
+ "name": "CVE-2024-47167",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47167"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--30dca618-4397-4e0f-a5d7-d722e596aff0.json b/objects/vulnerability/vulnerability--30dca618-4397-4e0f-a5d7-d722e596aff0.json
new file mode 100644
index 00000000000..b705c78e252
--- /dev/null
+++ b/objects/vulnerability/vulnerability--30dca618-4397-4e0f-a5d7-d722e596aff0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--83d1373f-1a3f-45cd-8ea6-90e746fda619",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--30dca618-4397-4e0f-a5d7-d722e596aff0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:20.431251Z",
+ "modified": "2024-10-11T00:20:20.431251Z",
+ "name": "CVE-2024-6157",
+ "description": "An attacker who successfully exploited these vulnerabilities could cause the robot to stop.\n\n\n\nA vulnerability exists in the PROFINET stack included in the RobotWare versions listed below. \n\nThis vulnerability arises under specific condition when specially crafted message is processed by the system.\n\nBelow are reported vulnerabilities in the Robot Ware versions. \n\n* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6157"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--317b401b-7534-4d31-854f-73d8a945ca0a.json b/objects/vulnerability/vulnerability--317b401b-7534-4d31-854f-73d8a945ca0a.json
new file mode 100644
index 00000000000..4993d6d0ded
--- /dev/null
+++ b/objects/vulnerability/vulnerability--317b401b-7534-4d31-854f-73d8a945ca0a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--090e223f-d618-4b5d-a805-f768f6437a24",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--317b401b-7534-4d31-854f-73d8a945ca0a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.446585Z",
+ "modified": "2024-10-11T00:20:18.446585Z",
+ "name": "CVE-2024-9798",
+ "description": "The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9798"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--31c7c7ed-df86-4d6a-a7d7-82143b847872.json b/objects/vulnerability/vulnerability--31c7c7ed-df86-4d6a-a7d7-82143b847872.json
new file mode 100644
index 00000000000..64fb26aac16
--- /dev/null
+++ b/objects/vulnerability/vulnerability--31c7c7ed-df86-4d6a-a7d7-82143b847872.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c87ebf63-1e93-48d3-b0d2-ddb135c47b13",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--31c7c7ed-df86-4d6a-a7d7-82143b847872",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.489154Z",
+ "modified": "2024-10-11T00:20:18.489154Z",
+ "name": "CVE-2024-9817",
+ "description": "A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9817"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--33c3414f-5447-47de-89b3-e12b5c3008de.json b/objects/vulnerability/vulnerability--33c3414f-5447-47de-89b3-e12b5c3008de.json
new file mode 100644
index 00000000000..57ddb8cd4f6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--33c3414f-5447-47de-89b3-e12b5c3008de.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e36480ef-c8fc-4205-8bd1-9ecb5bb2f1b5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--33c3414f-5447-47de-89b3-e12b5c3008de",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.377683Z",
+ "modified": "2024-10-11T00:20:18.377683Z",
+ "name": "CVE-2024-45122",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45122"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--35f7c804-d401-4252-ac7a-5b7ca766eeba.json b/objects/vulnerability/vulnerability--35f7c804-d401-4252-ac7a-5b7ca766eeba.json
new file mode 100644
index 00000000000..f6a5bfe74d3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--35f7c804-d401-4252-ac7a-5b7ca766eeba.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b52865c1-88e4-45f1-ba2f-0bd7a927b24c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--35f7c804-d401-4252-ac7a-5b7ca766eeba",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.482152Z",
+ "modified": "2024-10-11T00:20:18.482152Z",
+ "name": "CVE-2024-9810",
+ "description": "A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file sort2_user.php. The manipulation of the argument qualification leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9810"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--361da62f-f531-4f11-93e1-4fcb9399c86e.json b/objects/vulnerability/vulnerability--361da62f-f531-4f11-93e1-4fcb9399c86e.json
new file mode 100644
index 00000000000..ded10db8bf8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--361da62f-f531-4f11-93e1-4fcb9399c86e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dbbca8a2-9f00-417e-85d3-e8974a055510",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--361da62f-f531-4f11-93e1-4fcb9399c86e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.18422Z",
+ "modified": "2024-10-11T00:20:19.18422Z",
+ "name": "CVE-2024-22068",
+ "description": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-22068"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3bf67cf4-e2ed-46be-8b71-0b34783b4439.json b/objects/vulnerability/vulnerability--3bf67cf4-e2ed-46be-8b71-0b34783b4439.json
new file mode 100644
index 00000000000..70d7c9bf639
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3bf67cf4-e2ed-46be-8b71-0b34783b4439.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5a617fcf-e5f0-47c9-8c34-fbbf56202f6a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3bf67cf4-e2ed-46be-8b71-0b34783b4439",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.440069Z",
+ "modified": "2024-10-11T00:20:18.440069Z",
+ "name": "CVE-2024-9780",
+ "description": "ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9780"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3bfbaec8-cbb6-4277-b2e0-4462b990d98d.json b/objects/vulnerability/vulnerability--3bfbaec8-cbb6-4277-b2e0-4462b990d98d.json
new file mode 100644
index 00000000000..f5a60d39897
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3bfbaec8-cbb6-4277-b2e0-4462b990d98d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e7225a9e-dd45-427f-81f4-ae963288b54e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3bfbaec8-cbb6-4277-b2e0-4462b990d98d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.401281Z",
+ "modified": "2024-10-11T00:20:18.401281Z",
+ "name": "CVE-2024-45129",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45129"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3fe6847e-308b-4155-be34-7f326d9d1585.json b/objects/vulnerability/vulnerability--3fe6847e-308b-4155-be34-7f326d9d1585.json
new file mode 100644
index 00000000000..d68eea86edf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3fe6847e-308b-4155-be34-7f326d9d1585.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1389f9bb-effe-4baa-bfcf-d2dbb0abc6ab",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3fe6847e-308b-4155-be34-7f326d9d1585",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.221838Z",
+ "modified": "2024-10-11T00:20:18.221838Z",
+ "name": "CVE-2024-48949",
+ "description": "The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\" validation.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48949"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--40f0750d-06de-49b0-a748-44215fab8b78.json b/objects/vulnerability/vulnerability--40f0750d-06de-49b0-a748-44215fab8b78.json
new file mode 100644
index 00000000000..dfda310aa01
--- /dev/null
+++ b/objects/vulnerability/vulnerability--40f0750d-06de-49b0-a748-44215fab8b78.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0d8ef14f-c88c-438b-ba3e-eb0b4b5ab2c1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--40f0750d-06de-49b0-a748-44215fab8b78",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.62561Z",
+ "modified": "2024-10-11T00:20:18.62561Z",
+ "name": "CVE-2024-47963",
+ "description": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47963"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4452d646-48ab-4b5d-b872-0ff65424d58c.json b/objects/vulnerability/vulnerability--4452d646-48ab-4b5d-b872-0ff65424d58c.json
new file mode 100644
index 00000000000..bf7792a21f5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4452d646-48ab-4b5d-b872-0ff65424d58c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b7560e6e-5a52-4f04-81cb-30fdead02377",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4452d646-48ab-4b5d-b872-0ff65424d58c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.494172Z",
+ "modified": "2024-10-11T00:20:18.494172Z",
+ "name": "CVE-2024-9623",
+ "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9623"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--46f4deca-3001-4ece-ad6e-8d1f8ab2e302.json b/objects/vulnerability/vulnerability--46f4deca-3001-4ece-ad6e-8d1f8ab2e302.json
new file mode 100644
index 00000000000..b4e613db38c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--46f4deca-3001-4ece-ad6e-8d1f8ab2e302.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cf9d0f93-d2f0-4413-b9ea-0edd5119a48e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--46f4deca-3001-4ece-ad6e-8d1f8ab2e302",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.381326Z",
+ "modified": "2024-10-11T00:20:18.381326Z",
+ "name": "CVE-2024-45148",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45148"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--47b96018-9dc0-447d-8a84-8896743021b5.json b/objects/vulnerability/vulnerability--47b96018-9dc0-447d-8a84-8896743021b5.json
new file mode 100644
index 00000000000..ad3d36d1ec2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--47b96018-9dc0-447d-8a84-8896743021b5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--33d5b489-17fa-449d-ba8a-1c7d255217a8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--47b96018-9dc0-447d-8a84-8896743021b5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.361723Z",
+ "modified": "2024-10-11T00:20:18.361723Z",
+ "name": "CVE-2024-45132",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45132"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--488f9341-1cef-4752-a21e-a08cf2a41f86.json b/objects/vulnerability/vulnerability--488f9341-1cef-4752-a21e-a08cf2a41f86.json
new file mode 100644
index 00000000000..3e21b46ed77
--- /dev/null
+++ b/objects/vulnerability/vulnerability--488f9341-1cef-4752-a21e-a08cf2a41f86.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5ee4a48c-a7f2-4ebb-aa85-b3924364b721",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--488f9341-1cef-4752-a21e-a08cf2a41f86",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.487666Z",
+ "modified": "2024-10-11T00:20:18.487666Z",
+ "name": "CVE-2024-9790",
+ "description": "A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9790"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4ddbbe35-6611-4889-b3ba-ac694f32238b.json b/objects/vulnerability/vulnerability--4ddbbe35-6611-4889-b3ba-ac694f32238b.json
new file mode 100644
index 00000000000..dc1f65b4438
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4ddbbe35-6611-4889-b3ba-ac694f32238b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a5cf27d4-a55b-45f3-9801-28d391548bd2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4ddbbe35-6611-4889-b3ba-ac694f32238b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.70469Z",
+ "modified": "2024-10-11T00:20:19.70469Z",
+ "name": "CVE-2024-36936",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/unaccepted: touch soft lockup during memory accept\n\nCommit 50e782a86c98 (\"efi/unaccepted: Fix soft lockups caused by\nparallel memory acceptance\") has released the spinlock so other CPUs can\ndo memory acceptance in parallel and not triggers softlockup on other\nCPUs.\n\nHowever the softlock up was intermittent shown up if the memory of the\nTD guest is large, and the timeout of softlockup is set to 1 second:\n\n RIP: 0010:_raw_spin_unlock_irqrestore\n Call Trace:\n ? __hrtimer_run_queues\n \n ? hrtimer_interrupt\n ? watchdog_timer_fn\n ? __sysvec_apic_timer_interrupt\n ? __pfx_watchdog_timer_fn\n ? sysvec_apic_timer_interrupt\n \n ? __hrtimer_run_queues\n \n ? hrtimer_interrupt\n ? asm_sysvec_apic_timer_interrupt\n ? _raw_spin_unlock_irqrestore\n ? __sysvec_apic_timer_interrupt\n ? sysvec_apic_timer_interrupt\n accept_memory\n try_to_accept_memory\n do_huge_pmd_anonymous_page\n get_page_from_freelist\n __handle_mm_fault\n __alloc_pages\n __folio_alloc\n ? __tdx_hypercall\n handle_mm_fault\n vma_alloc_folio\n do_user_addr_fault\n do_huge_pmd_anonymous_page\n exc_page_fault\n ? __do_huge_pmd_anonymous_page\n asm_exc_page_fault\n __handle_mm_fault\n\nWhen the local irq is enabled at the end of accept_memory(), the\nsoftlockup detects that the watchdog on single CPU has not been fed for\na while. That is to say, even other CPUs will not be blocked by\nspinlock, the current CPU might be stunk with local irq disabled for a\nwhile, which hurts not only nmi watchdog but also softlockup.\n\nChao Gao pointed out that the memory accept could be time costly and\nthere was similar report before. Thus to avoid any softlocup detection\nduring this stage, give the softlockup a flag to skip the timeout check\nat the end of accept_memory(), by invoking touch_softlockup_watchdog().",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-36936"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4f4d5f4e-442e-4df4-b9eb-552a18f163a4.json b/objects/vulnerability/vulnerability--4f4d5f4e-442e-4df4-b9eb-552a18f163a4.json
new file mode 100644
index 00000000000..d608dbd5122
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4f4d5f4e-442e-4df4-b9eb-552a18f163a4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6b51929c-7193-4907-a73b-a3f9aed3cbcb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4f4d5f4e-442e-4df4-b9eb-552a18f163a4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.314995Z",
+ "modified": "2024-10-11T00:20:18.314995Z",
+ "name": "CVE-2024-45116",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45116"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--54ae5512-e8f6-4b65-9322-96e79eb11502.json b/objects/vulnerability/vulnerability--54ae5512-e8f6-4b65-9322-96e79eb11502.json
new file mode 100644
index 00000000000..52929e92886
--- /dev/null
+++ b/objects/vulnerability/vulnerability--54ae5512-e8f6-4b65-9322-96e79eb11502.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3374c640-7e27-4e98-9ae6-98c6d25fd9e6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--54ae5512-e8f6-4b65-9322-96e79eb11502",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.610047Z",
+ "modified": "2024-10-11T00:20:18.610047Z",
+ "name": "CVE-2024-47648",
+ "description": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47648"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--558f5d76-18a6-482e-8b36-5a28c9528e2d.json b/objects/vulnerability/vulnerability--558f5d76-18a6-482e-8b36-5a28c9528e2d.json
new file mode 100644
index 00000000000..0834f51be28
--- /dev/null
+++ b/objects/vulnerability/vulnerability--558f5d76-18a6-482e-8b36-5a28c9528e2d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5f0d7858-b5f8-4862-b7d4-087bef3c35bb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--558f5d76-18a6-482e-8b36-5a28c9528e2d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.045675Z",
+ "modified": "2024-10-11T00:20:19.045675Z",
+ "name": "CVE-2024-8513",
+ "description": "The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8513"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--564c0cc9-1387-499d-be85-53c4d7b85e38.json b/objects/vulnerability/vulnerability--564c0cc9-1387-499d-be85-53c4d7b85e38.json
new file mode 100644
index 00000000000..e1511f6dadb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--564c0cc9-1387-499d-be85-53c4d7b85e38.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--63bda276-23fc-4c8e-b604-7156e87d4e96",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--564c0cc9-1387-499d-be85-53c4d7b85e38",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.201983Z",
+ "modified": "2024-10-11T00:20:18.201983Z",
+ "name": "CVE-2024-48902",
+ "description": "In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48902"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--573dd0eb-628d-4ee1-a47c-ac56ca5fd7f0.json b/objects/vulnerability/vulnerability--573dd0eb-628d-4ee1-a47c-ac56ca5fd7f0.json
new file mode 100644
index 00000000000..5c472b21b72
--- /dev/null
+++ b/objects/vulnerability/vulnerability--573dd0eb-628d-4ee1-a47c-ac56ca5fd7f0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f6a658a1-fb47-4df8-b616-9e8f159d4ece",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--573dd0eb-628d-4ee1-a47c-ac56ca5fd7f0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.592457Z",
+ "modified": "2024-10-11T00:20:18.592457Z",
+ "name": "CVE-2024-47168",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. Users are advised to upgrade to gradio>=4.44 to address this issue. There are no known workarounds for this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47168"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--57756ccd-3aec-4cb9-b86c-beed7951046c.json b/objects/vulnerability/vulnerability--57756ccd-3aec-4cb9-b86c-beed7951046c.json
new file mode 100644
index 00000000000..2c41e883135
--- /dev/null
+++ b/objects/vulnerability/vulnerability--57756ccd-3aec-4cb9-b86c-beed7951046c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--50188b3d-d011-4c73-a05c-ecb35f6a246e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--57756ccd-3aec-4cb9-b86c-beed7951046c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.468672Z",
+ "modified": "2024-10-11T00:20:18.468672Z",
+ "name": "CVE-2024-9518",
+ "description": "The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9518"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5ed66275-c1ef-457a-a63a-488ed66226ae.json b/objects/vulnerability/vulnerability--5ed66275-c1ef-457a-a63a-488ed66226ae.json
new file mode 100644
index 00000000000..54585ba1f49
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5ed66275-c1ef-457a-a63a-488ed66226ae.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4f6415e6-8b2d-451f-8a4a-bda5e3255e54",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5ed66275-c1ef-457a-a63a-488ed66226ae",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.613389Z",
+ "modified": "2024-10-11T00:20:18.613389Z",
+ "name": "CVE-2024-47872",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execute in their browser, allowing attackers to perform unauthorized actions or steal sensitive information from their sessions. This impacts any Gradio server that allows file uploads, particularly those using components that process or display user-uploaded files. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can restrict the types of files that can be uploaded to the Gradio server by limiting uploads to non-executable file types such as images or text. Additionally, developers can implement server-side validation to sanitize uploaded files, ensuring that HTML, JavaScript, and SVG files are properly handled or rejected before being stored or displayed to users.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47872"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--630d9151-986d-44b6-83d0-f4c7fa84b9ef.json b/objects/vulnerability/vulnerability--630d9151-986d-44b6-83d0-f4c7fa84b9ef.json
new file mode 100644
index 00000000000..38d265b1db4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--630d9151-986d-44b6-83d0-f4c7fa84b9ef.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ae75db4a-932a-430d-9c3f-200c855c12cf",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--630d9151-986d-44b6-83d0-f4c7fa84b9ef",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.29538Z",
+ "modified": "2024-10-11T00:20:18.29538Z",
+ "name": "CVE-2024-45149",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45149"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--64823fe2-9781-4c5c-ba90-43a3ac10f48c.json b/objects/vulnerability/vulnerability--64823fe2-9781-4c5c-ba90-43a3ac10f48c.json
new file mode 100644
index 00000000000..32cac81f1b7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--64823fe2-9781-4c5c-ba90-43a3ac10f48c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5a3c0853-f235-403e-87b1-d213e4a86e11",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--64823fe2-9781-4c5c-ba90-43a3ac10f48c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.45667Z",
+ "modified": "2024-10-11T00:20:18.45667Z",
+ "name": "CVE-2024-9519",
+ "description": "The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9519"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6811e025-0890-4477-810b-a352ffd601a5.json b/objects/vulnerability/vulnerability--6811e025-0890-4477-810b-a352ffd601a5.json
new file mode 100644
index 00000000000..3882515471b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6811e025-0890-4477-810b-a352ffd601a5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--78d00419-97e0-4e9c-806f-e45c0eeaafe2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6811e025-0890-4477-810b-a352ffd601a5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.459295Z",
+ "modified": "2024-10-11T00:20:18.459295Z",
+ "name": "CVE-2024-9786",
+ "description": "A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9786"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--69aaf09e-b12b-4bbd-9da1-a7660ded0857.json b/objects/vulnerability/vulnerability--69aaf09e-b12b-4bbd-9da1-a7660ded0857.json
new file mode 100644
index 00000000000..21a456f1790
--- /dev/null
+++ b/objects/vulnerability/vulnerability--69aaf09e-b12b-4bbd-9da1-a7660ded0857.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d4e8415e-8136-44b8-bc84-903eb3d62961",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--69aaf09e-b12b-4bbd-9da1-a7660ded0857",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.400227Z",
+ "modified": "2024-10-11T00:20:18.400227Z",
+ "name": "CVE-2024-45121",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45121"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6d94f2db-5cb4-423c-b764-47439b1688a3.json b/objects/vulnerability/vulnerability--6d94f2db-5cb4-423c-b764-47439b1688a3.json
new file mode 100644
index 00000000000..64f58988943
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6d94f2db-5cb4-423c-b764-47439b1688a3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9e06e448-0ab4-45df-aa37-7ec94d027ceb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6d94f2db-5cb4-423c-b764-47439b1688a3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.41603Z",
+ "modified": "2024-10-11T00:20:18.41603Z",
+ "name": "CVE-2024-9074",
+ "description": "The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9074"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6e3da507-27d4-485b-be54-a63191370297.json b/objects/vulnerability/vulnerability--6e3da507-27d4-485b-be54-a63191370297.json
new file mode 100644
index 00000000000..3a1c432f084
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6e3da507-27d4-485b-be54-a63191370297.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6d082988-52bf-4e9d-92fd-cab1d53a7213",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6e3da507-27d4-485b-be54-a63191370297",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.507812Z",
+ "modified": "2024-10-11T00:20:18.507812Z",
+ "name": "CVE-2024-9377",
+ "description": "The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9377"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--71a22ed2-1377-4e5a-94f1-7a86f412db4a.json b/objects/vulnerability/vulnerability--71a22ed2-1377-4e5a-94f1-7a86f412db4a.json
new file mode 100644
index 00000000000..14b64e5649a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--71a22ed2-1377-4e5a-94f1-7a86f412db4a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--32e3d651-e41a-4540-8189-dbe89606cbc1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--71a22ed2-1377-4e5a-94f1-7a86f412db4a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.579355Z",
+ "modified": "2024-10-11T00:20:18.579355Z",
+ "name": "CVE-2024-47084",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication. Users are advised to upgrade to `gradio>4.44` to address this issue. As a workaround, users can manually enforce stricter CORS origin validation by modifying the `CustomCORSMiddleware` class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47084"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--77939ecd-49ff-4af0-9581-d36e7765e922.json b/objects/vulnerability/vulnerability--77939ecd-49ff-4af0-9581-d36e7765e922.json
new file mode 100644
index 00000000000..288257109fb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--77939ecd-49ff-4af0-9581-d36e7765e922.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fe24396c-78e6-4a75-9c4e-e9bad7d0cdd7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--77939ecd-49ff-4af0-9581-d36e7765e922",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.395036Z",
+ "modified": "2024-10-11T00:20:18.395036Z",
+ "name": "CVE-2024-45119",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs and have a low impact on both confidentiality and integrity. Exploitation of this issue does not require user interaction and scope is changed.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45119"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7beb75cf-5027-45c1-ad92-c5aefe2918f7.json b/objects/vulnerability/vulnerability--7beb75cf-5027-45c1-ad92-c5aefe2918f7.json
new file mode 100644
index 00000000000..0ba8dd2a06b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7beb75cf-5027-45c1-ad92-c5aefe2918f7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e6c41ae3-981b-4c90-865e-2c6f5ea2c410",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7beb75cf-5027-45c1-ad92-c5aefe2918f7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.461591Z",
+ "modified": "2024-10-11T00:20:18.461591Z",
+ "name": "CVE-2024-9784",
+ "description": "A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9784"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7c2f6847-22c9-41d6-be40-edede501a164.json b/objects/vulnerability/vulnerability--7c2f6847-22c9-41d6-be40-edede501a164.json
new file mode 100644
index 00000000000..e6850b879fd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7c2f6847-22c9-41d6-be40-edede501a164.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--77553182-be4f-4274-bad1-397f838ee832",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7c2f6847-22c9-41d6-be40-edede501a164",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.445587Z",
+ "modified": "2024-10-11T00:20:18.445587Z",
+ "name": "CVE-2024-9781",
+ "description": "AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9781"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7dc9e28a-f899-4557-b25e-78f6ec98e4f3.json b/objects/vulnerability/vulnerability--7dc9e28a-f899-4557-b25e-78f6ec98e4f3.json
new file mode 100644
index 00000000000..90b2fc6191f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7dc9e28a-f899-4557-b25e-78f6ec98e4f3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--968d557a-6f80-43c8-90d3-ad3e7dedf531",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7dc9e28a-f899-4557-b25e-78f6ec98e4f3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.491621Z",
+ "modified": "2024-10-11T00:20:18.491621Z",
+ "name": "CVE-2024-9803",
+ "description": "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file blooddetails.php. The manipulation of the argument Availibility leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9803"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7f8d875a-c20f-46bd-a6c3-032d83fb02cd.json b/objects/vulnerability/vulnerability--7f8d875a-c20f-46bd-a6c3-032d83fb02cd.json
new file mode 100644
index 00000000000..dac39e2d3d3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7f8d875a-c20f-46bd-a6c3-032d83fb02cd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--63a40c28-d093-467f-94e9-08f0704e9854",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7f8d875a-c20f-46bd-a6c3-032d83fb02cd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.29851Z",
+ "modified": "2024-10-11T00:20:18.29851Z",
+ "name": "CVE-2024-45127",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45127"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7fd6cfee-97f7-4cde-8c83-ebafd1bcf9a3.json b/objects/vulnerability/vulnerability--7fd6cfee-97f7-4cde-8c83-ebafd1bcf9a3.json
new file mode 100644
index 00000000000..445a87e472a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7fd6cfee-97f7-4cde-8c83-ebafd1bcf9a3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ca3cafc1-d417-477d-bf9c-f3413c2b3449",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7fd6cfee-97f7-4cde-8c83-ebafd1bcf9a3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.566837Z",
+ "modified": "2024-10-11T00:20:18.566837Z",
+ "name": "CVE-2024-47636",
+ "description": "Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47636"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--86a5c6d9-baec-4622-b026-f9eb185a4cad.json b/objects/vulnerability/vulnerability--86a5c6d9-baec-4622-b026-f9eb185a4cad.json
new file mode 100644
index 00000000000..1da731fb10d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--86a5c6d9-baec-4622-b026-f9eb185a4cad.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a5665de0-d628-43a9-bfdf-abfca75a3622",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--86a5c6d9-baec-4622-b026-f9eb185a4cad",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.458234Z",
+ "modified": "2024-10-11T00:20:18.458234Z",
+ "name": "CVE-2024-9815",
+ "description": "A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9815"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--89d06ba3-c603-4b96-ad89-9d5e03fba2ed.json b/objects/vulnerability/vulnerability--89d06ba3-c603-4b96-ad89-9d5e03fba2ed.json
new file mode 100644
index 00000000000..e78235728b9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--89d06ba3-c603-4b96-ad89-9d5e03fba2ed.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0cb0363a-7599-46da-b5cb-03b36a005a98",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--89d06ba3-c603-4b96-ad89-9d5e03fba2ed",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.728624Z",
+ "modified": "2024-10-11T00:20:18.728624Z",
+ "name": "CVE-2024-7049",
+ "description": "In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7049"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8a1d585d-ee1e-4079-a276-a769f0dc7802.json b/objects/vulnerability/vulnerability--8a1d585d-ee1e-4079-a276-a769f0dc7802.json
new file mode 100644
index 00000000000..ac13ced6709
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8a1d585d-ee1e-4079-a276-a769f0dc7802.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2e10f4f7-bcce-4675-b260-dabc13c18830",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8a1d585d-ee1e-4079-a276-a769f0dc7802",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.41375Z",
+ "modified": "2024-10-11T00:20:18.41375Z",
+ "name": "CVE-2024-9804",
+ "description": "A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9804"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8bbd82c9-ad4d-4e9d-bc6b-a153002cf499.json b/objects/vulnerability/vulnerability--8bbd82c9-ad4d-4e9d-bc6b-a153002cf499.json
new file mode 100644
index 00000000000..3dd3ec88e9a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8bbd82c9-ad4d-4e9d-bc6b-a153002cf499.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--778fc440-8ba2-4084-bdb9-590c54493949",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8bbd82c9-ad4d-4e9d-bc6b-a153002cf499",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.479705Z",
+ "modified": "2024-10-11T00:20:18.479705Z",
+ "name": "CVE-2024-9799",
+ "description": "A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation of the argument email_address/address/company_name/job_title/jobDescriptionparameter leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9799"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8f0e9de8-7c9e-4954-8793-e6fbe400fe21.json b/objects/vulnerability/vulnerability--8f0e9de8-7c9e-4954-8793-e6fbe400fe21.json
new file mode 100644
index 00000000000..be69dc7544b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8f0e9de8-7c9e-4954-8793-e6fbe400fe21.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--05ba1bb8-2d25-41f7-be0f-8847ebb812e7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8f0e9de8-7c9e-4954-8793-e6fbe400fe21",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.617843Z",
+ "modified": "2024-10-11T00:20:18.617843Z",
+ "name": "CVE-2024-47965",
+ "description": "Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47965"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--91bc0540-1516-4f98-b106-f994052f9281.json b/objects/vulnerability/vulnerability--91bc0540-1516-4f98-b106-f994052f9281.json
new file mode 100644
index 00000000000..1911a6aaa4a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--91bc0540-1516-4f98-b106-f994052f9281.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a7fc7c42-9b66-4083-af2b-a4191a12e19d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--91bc0540-1516-4f98-b106-f994052f9281",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.47459Z",
+ "modified": "2024-10-11T00:20:18.47459Z",
+ "name": "CVE-2024-9487",
+ "description": "An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9487"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--93be5f9c-4828-4f5b-a721-d8d510140469.json b/objects/vulnerability/vulnerability--93be5f9c-4828-4f5b-a721-d8d510140469.json
new file mode 100644
index 00000000000..94f6184fb1e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--93be5f9c-4828-4f5b-a721-d8d510140469.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--206f9450-dffa-49c0-81cc-ad29522472ab",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--93be5f9c-4828-4f5b-a721-d8d510140469",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.049868Z",
+ "modified": "2024-10-11T00:20:19.049868Z",
+ "name": "CVE-2024-8987",
+ "description": "The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8987"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--94291c5d-8bed-4f3a-bebf-81b5bdc840e7.json b/objects/vulnerability/vulnerability--94291c5d-8bed-4f3a-bebf-81b5bdc840e7.json
new file mode 100644
index 00000000000..84c5a941388
--- /dev/null
+++ b/objects/vulnerability/vulnerability--94291c5d-8bed-4f3a-bebf-81b5bdc840e7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8a4fcca2-57dd-47b0-896b-0df151ccd710",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--94291c5d-8bed-4f3a-bebf-81b5bdc840e7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.414857Z",
+ "modified": "2024-10-11T00:20:18.414857Z",
+ "name": "CVE-2024-9457",
+ "description": "The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9457"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--958658a1-70b6-49cc-a182-139f682495a5.json b/objects/vulnerability/vulnerability--958658a1-70b6-49cc-a182-139f682495a5.json
new file mode 100644
index 00000000000..c1d51bfe287
--- /dev/null
+++ b/objects/vulnerability/vulnerability--958658a1-70b6-49cc-a182-139f682495a5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--473751f2-ff2f-4ae9-b6d8-6b28c8e84581",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--958658a1-70b6-49cc-a182-139f682495a5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.447631Z",
+ "modified": "2024-10-11T00:20:18.447631Z",
+ "name": "CVE-2024-9685",
+ "description": "The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9685"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9813ffc6-5c52-41b4-8675-d05d6310f536.json b/objects/vulnerability/vulnerability--9813ffc6-5c52-41b4-8675-d05d6310f536.json
new file mode 100644
index 00000000000..5b32f9eb91e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9813ffc6-5c52-41b4-8675-d05d6310f536.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3455ebbf-d157-45ab-a02d-abf3186881a8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9813ffc6-5c52-41b4-8675-d05d6310f536",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.587907Z",
+ "modified": "2024-10-11T00:20:18.587907Z",
+ "name": "CVE-2024-47867",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47867"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--99ffa287-c7d0-46ae-812d-f73a0a65d02a.json b/objects/vulnerability/vulnerability--99ffa287-c7d0-46ae-812d-f73a0a65d02a.json
new file mode 100644
index 00000000000..dbf64906641
--- /dev/null
+++ b/objects/vulnerability/vulnerability--99ffa287-c7d0-46ae-812d-f73a0a65d02a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f1f6ac73-c3fb-407b-9dec-f3c8149e8648",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--99ffa287-c7d0-46ae-812d-f73a0a65d02a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.419352Z",
+ "modified": "2024-10-11T00:20:18.419352Z",
+ "name": "CVE-2024-9814",
+ "description": "A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. Affected is an unknown function of the file product/update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9814"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9a2094f3-cbac-4b02-87d0-35b106ea0796.json b/objects/vulnerability/vulnerability--9a2094f3-cbac-4b02-87d0-35b106ea0796.json
new file mode 100644
index 00000000000..8164c265628
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9a2094f3-cbac-4b02-87d0-35b106ea0796.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3d4ddcc1-addc-4eeb-aeb2-acc3529f6b63",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9a2094f3-cbac-4b02-87d0-35b106ea0796",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.500377Z",
+ "modified": "2024-10-11T00:20:18.500377Z",
+ "name": "CVE-2024-9806",
+ "description": "A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields of the component Room Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.7 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9806"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9f3f7052-14c9-48c7-a660-cdbfd82fe8a3.json b/objects/vulnerability/vulnerability--9f3f7052-14c9-48c7-a660-cdbfd82fe8a3.json
new file mode 100644
index 00000000000..d11718b7b04
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9f3f7052-14c9-48c7-a660-cdbfd82fe8a3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--35eb301c-4b31-4895-87f7-0ee4ced16882",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9f3f7052-14c9-48c7-a660-cdbfd82fe8a3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.466931Z",
+ "modified": "2024-10-11T00:20:18.466931Z",
+ "name": "CVE-2024-9805",
+ "description": "A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"hospital\".",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9805"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a028920b-c455-4fef-bee7-4876cfa3fd23.json b/objects/vulnerability/vulnerability--a028920b-c455-4fef-bee7-4876cfa3fd23.json
new file mode 100644
index 00000000000..98f7b2b0dc6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a028920b-c455-4fef-bee7-4876cfa3fd23.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6fed2270-36fb-42e8-bc75-8dd9bc19281b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a028920b-c455-4fef-bee7-4876cfa3fd23",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.575133Z",
+ "modified": "2024-10-11T00:20:18.575133Z",
+ "name": "CVE-2024-47962",
+ "description": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47962"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a15a5228-95b2-4717-a36f-9f1605892ea4.json b/objects/vulnerability/vulnerability--a15a5228-95b2-4717-a36f-9f1605892ea4.json
new file mode 100644
index 00000000000..4f1c9c77f36
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a15a5228-95b2-4717-a36f-9f1605892ea4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3f68a3ae-c918-4d30-b7aa-06f5ed833735",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a15a5228-95b2-4717-a36f-9f1605892ea4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.736772Z",
+ "modified": "2024-10-11T00:20:19.736772Z",
+ "name": "CVE-2024-36051",
+ "description": "In btcd before 0.24.2, removeOpcodeByData mishandles the consensus rules for legacy signature verification. There can be a standard transaction that would be considered valid by Bitcoin Core but invalid by btcd.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-36051"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a39f7c55-356b-4427-810a-f7810f4340b8.json b/objects/vulnerability/vulnerability--a39f7c55-356b-4427-810a-f7810f4340b8.json
new file mode 100644
index 00000000000..a103b3f2269
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a39f7c55-356b-4427-810a-f7810f4340b8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a39a9393-e443-4d4e-82c2-23c3de2b9b5a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a39f7c55-356b-4427-810a-f7810f4340b8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.478341Z",
+ "modified": "2024-10-11T00:20:18.478341Z",
+ "name": "CVE-2024-9787",
+ "description": "A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9787"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a4bd9f1e-cb2f-4f14-8ffb-9761591f65cd.json b/objects/vulnerability/vulnerability--a4bd9f1e-cb2f-4f14-8ffb-9761591f65cd.json
new file mode 100644
index 00000000000..08a7a302542
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a4bd9f1e-cb2f-4f14-8ffb-9761591f65cd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--16fa0b20-9f45-4f27-881f-455a8f519a36",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a4bd9f1e-cb2f-4f14-8ffb-9761591f65cd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.434935Z",
+ "modified": "2024-10-11T00:20:18.434935Z",
+ "name": "CVE-2024-9066",
+ "description": "The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9066"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--abd7d33c-980f-4305-8076-71e56b353a8f.json b/objects/vulnerability/vulnerability--abd7d33c-980f-4305-8076-71e56b353a8f.json
new file mode 100644
index 00000000000..1eb66fa3327
--- /dev/null
+++ b/objects/vulnerability/vulnerability--abd7d33c-980f-4305-8076-71e56b353a8f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9947f3de-562e-4040-b69b-502af0039519",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--abd7d33c-980f-4305-8076-71e56b353a8f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.424051Z",
+ "modified": "2024-10-11T00:20:18.424051Z",
+ "name": "CVE-2024-9522",
+ "description": "The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9522"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b291d011-ab34-41e7-9e26-7c7df603f68d.json b/objects/vulnerability/vulnerability--b291d011-ab34-41e7-9e26-7c7df603f68d.json
new file mode 100644
index 00000000000..534d02b1c4b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b291d011-ab34-41e7-9e26-7c7df603f68d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b7e1202b-b8b2-4ba3-9125-0f7b54cfe56a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b291d011-ab34-41e7-9e26-7c7df603f68d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.451008Z",
+ "modified": "2024-10-11T00:20:18.451008Z",
+ "name": "CVE-2024-9788",
+ "description": "A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9788"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b296e57a-aebe-449a-93ec-9b42df6c0d49.json b/objects/vulnerability/vulnerability--b296e57a-aebe-449a-93ec-9b42df6c0d49.json
new file mode 100644
index 00000000000..ba55856b660
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b296e57a-aebe-449a-93ec-9b42df6c0d49.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2bfe6e93-43d1-45c5-b339-7b40cb29d4e5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b296e57a-aebe-449a-93ec-9b42df6c0d49",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.412636Z",
+ "modified": "2024-10-11T00:20:18.412636Z",
+ "name": "CVE-2024-9520",
+ "description": "The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9520"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b6f1d86f-ec61-44a1-97bf-72bb6d396239.json b/objects/vulnerability/vulnerability--b6f1d86f-ec61-44a1-97bf-72bb6d396239.json
new file mode 100644
index 00000000000..b53cddea276
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b6f1d86f-ec61-44a1-97bf-72bb6d396239.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8ebd1707-8109-4e37-bf08-8a33f54d27b4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b6f1d86f-ec61-44a1-97bf-72bb6d396239",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.309703Z",
+ "modified": "2024-10-11T00:20:18.309703Z",
+ "name": "CVE-2024-45125",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45125"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bd61ee97-de4d-467a-bd99-4651d7f2e64b.json b/objects/vulnerability/vulnerability--bd61ee97-de4d-467a-bd99-4651d7f2e64b.json
new file mode 100644
index 00000000000..6b28cd22dd0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bd61ee97-de4d-467a-bd99-4651d7f2e64b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d6e4495d-021c-4bfc-98ce-4948ed874284",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bd61ee97-de4d-467a-bd99-4651d7f2e64b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.606848Z",
+ "modified": "2024-10-11T00:20:18.606848Z",
+ "name": "CVE-2024-47166",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Although the traversal is limited to a single directory level, it could expose proprietary or sensitive code that developers intended to keep private. This impacts users who have developed custom Gradio components and are hosting them on publicly accessible servers. Users are advised to upgrade to `gradio>=4.44` to address this issue. As a workaround, developers can sanitize the file paths and ensure that components are not stored in publicly accessible directories.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47166"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bde182f8-534f-46e3-83f6-899262bba25c.json b/objects/vulnerability/vulnerability--bde182f8-534f-46e3-83f6-899262bba25c.json
new file mode 100644
index 00000000000..a95c1425874
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bde182f8-534f-46e3-83f6-899262bba25c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ae89a83a-45ce-4e32-8000-fff5671bdf54",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bde182f8-534f-46e3-83f6-899262bba25c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.470946Z",
+ "modified": "2024-10-11T00:20:18.470946Z",
+ "name": "CVE-2024-9065",
+ "description": "The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9065"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bf93eb7b-f18f-4fbe-86da-d92b631ec836.json b/objects/vulnerability/vulnerability--bf93eb7b-f18f-4fbe-86da-d92b631ec836.json
new file mode 100644
index 00000000000..08b7d487f84
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bf93eb7b-f18f-4fbe-86da-d92b631ec836.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ec3acb46-779a-41a7-b17b-aaf0c0db653b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bf93eb7b-f18f-4fbe-86da-d92b631ec836",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:27.804927Z",
+ "modified": "2024-10-11T00:20:27.804927Z",
+ "name": "CVE-2023-25581",
+ "description": "pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-25581"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c007a635-6863-4778-b36f-102a34cc20cd.json b/objects/vulnerability/vulnerability--c007a635-6863-4778-b36f-102a34cc20cd.json
new file mode 100644
index 00000000000..deda8a15bd6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c007a635-6863-4778-b36f-102a34cc20cd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4989ade1-fd14-4e9e-ba42-ec805107630f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c007a635-6863-4778-b36f-102a34cc20cd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.616026Z",
+ "modified": "2024-10-11T00:20:18.616026Z",
+ "name": "CVE-2024-47354",
+ "description": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47354"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c0d5d955-86c4-4e9e-9bf0-8fbcacfbdc24.json b/objects/vulnerability/vulnerability--c0d5d955-86c4-4e9e-9bf0-8fbcacfbdc24.json
new file mode 100644
index 00000000000..28a5707fadf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c0d5d955-86c4-4e9e-9bf0-8fbcacfbdc24.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ca1dd94c-c10c-4240-9a2d-b19269a879fa",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c0d5d955-86c4-4e9e-9bf0-8fbcacfbdc24",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.074501Z",
+ "modified": "2024-10-11T00:20:19.074501Z",
+ "name": "CVE-2024-8729",
+ "description": "The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8729"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c10b6eab-69b0-493a-8b2c-2046dc2b5797.json b/objects/vulnerability/vulnerability--c10b6eab-69b0-493a-8b2c-2046dc2b5797.json
new file mode 100644
index 00000000000..abbd0d7a027
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c10b6eab-69b0-493a-8b2c-2046dc2b5797.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a6147950-5e6c-499c-9c51-b1fb804b616e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c10b6eab-69b0-493a-8b2c-2046dc2b5797",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.436888Z",
+ "modified": "2024-10-11T00:20:18.436888Z",
+ "name": "CVE-2024-9785",
+ "description": "A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9785"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c3ab9ecd-a9b7-48a5-a5c1-5d630905df0e.json b/objects/vulnerability/vulnerability--c3ab9ecd-a9b7-48a5-a5c1-5d630905df0e.json
new file mode 100644
index 00000000000..2ac4d1c42a6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c3ab9ecd-a9b7-48a5-a5c1-5d630905df0e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3569c31d-7ccf-4249-b6a5-066fdb13ab55",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c3ab9ecd-a9b7-48a5-a5c1-5d630905df0e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.375811Z",
+ "modified": "2024-10-11T00:20:18.375811Z",
+ "name": "CVE-2024-45115",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45115"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c8d8131a-950b-465d-bf60-48c92bcf60c6.json b/objects/vulnerability/vulnerability--c8d8131a-950b-465d-bf60-48c92bcf60c6.json
new file mode 100644
index 00000000000..1c87ede59fa
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c8d8131a-950b-465d-bf60-48c92bcf60c6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5f76a4c5-bfbd-4a31-83bf-d2645b6c186c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c8d8131a-950b-465d-bf60-48c92bcf60c6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.504461Z",
+ "modified": "2024-10-11T00:20:18.504461Z",
+ "name": "CVE-2024-9813",
+ "description": "A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9813"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--caa527fb-1854-4b58-b955-c36beffa64ef.json b/objects/vulnerability/vulnerability--caa527fb-1854-4b58-b955-c36beffa64ef.json
new file mode 100644
index 00000000000..1bd4c5cc00f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--caa527fb-1854-4b58-b955-c36beffa64ef.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7ffaa14c-27f6-4b56-afa3-aa4e84d2d2be",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--caa527fb-1854-4b58-b955-c36beffa64ef",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.429746Z",
+ "modified": "2024-10-11T00:20:18.429746Z",
+ "name": "CVE-2024-9067",
+ "description": "The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9067"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--cd0834c7-294f-47d5-adbe-787b923d59a4.json b/objects/vulnerability/vulnerability--cd0834c7-294f-47d5-adbe-787b923d59a4.json
new file mode 100644
index 00000000000..228410209ce
--- /dev/null
+++ b/objects/vulnerability/vulnerability--cd0834c7-294f-47d5-adbe-787b923d59a4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fece1e96-fe28-4d0c-9942-f708c5b6dc6c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--cd0834c7-294f-47d5-adbe-787b923d59a4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.471974Z",
+ "modified": "2024-10-11T00:20:18.471974Z",
+ "name": "CVE-2024-9783",
+ "description": "A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9783"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d271415c-2d12-4024-b44f-e554abd1b363.json b/objects/vulnerability/vulnerability--d271415c-2d12-4024-b44f-e554abd1b363.json
new file mode 100644
index 00000000000..798828aadbd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d271415c-2d12-4024-b44f-e554abd1b363.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--378bb05a-67a1-4090-9a08-1f407ee84bda",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d271415c-2d12-4024-b44f-e554abd1b363",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.383097Z",
+ "modified": "2024-10-11T00:20:18.383097Z",
+ "name": "CVE-2024-45128",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45128"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d46cc30a-3099-46d1-9113-172a4743c76b.json b/objects/vulnerability/vulnerability--d46cc30a-3099-46d1-9113-172a4743c76b.json
new file mode 100644
index 00000000000..f6a425a1809
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d46cc30a-3099-46d1-9113-172a4743c76b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--19366396-c526-4e26-b908-8708522ec29f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d46cc30a-3099-46d1-9113-172a4743c76b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.483496Z",
+ "modified": "2024-10-11T00:20:18.483496Z",
+ "name": "CVE-2024-9789",
+ "description": "A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9789"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d8460459-569a-411d-a004-b4aa029c5684.json b/objects/vulnerability/vulnerability--d8460459-569a-411d-a004-b4aa029c5684.json
new file mode 100644
index 00000000000..0bf2686710b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d8460459-569a-411d-a004-b4aa029c5684.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9b828428-08f7-443e-99bc-7a9e52c91aaa",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d8460459-569a-411d-a004-b4aa029c5684",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.49271Z",
+ "modified": "2024-10-11T00:20:18.49271Z",
+ "name": "CVE-2024-9797",
+ "description": "A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file register.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9797"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dc1f9c5b-a4d9-4e50-8d21-06ffa3a629a7.json b/objects/vulnerability/vulnerability--dc1f9c5b-a4d9-4e50-8d21-06ffa3a629a7.json
new file mode 100644
index 00000000000..bea1e36506b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dc1f9c5b-a4d9-4e50-8d21-06ffa3a629a7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5a9aa6d0-6ae9-4a9e-9c97-9508b933db2b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dc1f9c5b-a4d9-4e50-8d21-06ffa3a629a7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.454636Z",
+ "modified": "2024-10-11T00:20:18.454636Z",
+ "name": "CVE-2024-9812",
+ "description": "A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9812"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dc91940b-ba38-4beb-ab8c-a08e7b9af362.json b/objects/vulnerability/vulnerability--dc91940b-ba38-4beb-ab8c-a08e7b9af362.json
new file mode 100644
index 00000000000..76623b58d1d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dc91940b-ba38-4beb-ab8c-a08e7b9af362.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5512f2c1-9ace-4f15-b6c0-6d78758ba8f8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dc91940b-ba38-4beb-ab8c-a08e7b9af362",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.389574Z",
+ "modified": "2024-10-11T00:20:18.389574Z",
+ "name": "CVE-2024-45131",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45131"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dcb1e498-66ce-4946-89d5-8e849c96215a.json b/objects/vulnerability/vulnerability--dcb1e498-66ce-4946-89d5-8e849c96215a.json
new file mode 100644
index 00000000000..d0ad2e5a1fd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dcb1e498-66ce-4946-89d5-8e849c96215a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--618f3961-5b57-449c-8cd4-a6a80cd0dc85",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dcb1e498-66ce-4946-89d5-8e849c96215a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:20.148752Z",
+ "modified": "2024-10-11T00:20:20.148752Z",
+ "name": "CVE-2024-4658",
+ "description": "SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-4658"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dced5125-da45-49a4-a687-da211219ffe9.json b/objects/vulnerability/vulnerability--dced5125-da45-49a4-a687-da211219ffe9.json
new file mode 100644
index 00000000000..6ea44fe92f9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dced5125-da45-49a4-a687-da211219ffe9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ed3af0c4-4d0d-4e61-bfa1-ae2dd9b996d5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dced5125-da45-49a4-a687-da211219ffe9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.572197Z",
+ "modified": "2024-10-11T00:20:18.572197Z",
+ "name": "CVE-2024-47870",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to `gradio>=5` to address this issue. There are no known workarounds for this issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47870"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dd7e7c15-fa37-4a7c-abc1-aa72e072b76d.json b/objects/vulnerability/vulnerability--dd7e7c15-fa37-4a7c-abc1-aa72e072b76d.json
new file mode 100644
index 00000000000..99882b64da2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dd7e7c15-fa37-4a7c-abc1-aa72e072b76d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--adbefd4f-cd1a-4a01-911d-4329bfdbb310",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dd7e7c15-fa37-4a7c-abc1-aa72e072b76d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.41765Z",
+ "modified": "2024-10-11T00:20:18.41765Z",
+ "name": "CVE-2024-9816",
+ "description": "A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9816"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dd9ef3c6-4784-453a-88de-78ee9a6de6a0.json b/objects/vulnerability/vulnerability--dd9ef3c6-4784-453a-88de-78ee9a6de6a0.json
new file mode 100644
index 00000000000..2d6f21aec30
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dd9ef3c6-4784-453a-88de-78ee9a6de6a0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7ed8c42b-098c-439b-9b5f-15dd95e6165e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dd9ef3c6-4784-453a-88de-78ee9a6de6a0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.393495Z",
+ "modified": "2024-10-11T00:20:18.393495Z",
+ "name": "CVE-2024-45120",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45120"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ddea1bf1-3ccc-4af5-a38e-ec0106ac6086.json b/objects/vulnerability/vulnerability--ddea1bf1-3ccc-4af5-a38e-ec0106ac6086.json
new file mode 100644
index 00000000000..a33f9e627c9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ddea1bf1-3ccc-4af5-a38e-ec0106ac6086.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e0856072-7017-469d-9627-d6a079ba819e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ddea1bf1-3ccc-4af5-a38e-ec0106ac6086",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.583265Z",
+ "modified": "2024-10-11T00:20:18.583265Z",
+ "name": "CVE-2024-47869",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys. Users are advised to upgrade to `gradio>4.44` to mitigate this issue. To mitigate the risk before applying the patch, developers can manually patch the `analytics_dashboard` dashboard to use a **constant-time comparison** function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47869"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--de911bab-f693-4d1b-a9ff-dfb54b58ce3c.json b/objects/vulnerability/vulnerability--de911bab-f693-4d1b-a9ff-dfb54b58ce3c.json
new file mode 100644
index 00000000000..add57d24c0b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--de911bab-f693-4d1b-a9ff-dfb54b58ce3c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6141bca0-97c0-4e7b-922a-ebb97147a252",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--de911bab-f693-4d1b-a9ff-dfb54b58ce3c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.425694Z",
+ "modified": "2024-10-11T00:20:18.425694Z",
+ "name": "CVE-2024-9156",
+ "description": "The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9156"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--de9925cf-d237-49e7-9b5f-c990cd4babc9.json b/objects/vulnerability/vulnerability--de9925cf-d237-49e7-9b5f-c990cd4babc9.json
new file mode 100644
index 00000000000..08bdf4010bb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--de9925cf-d237-49e7-9b5f-c990cd4babc9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9e7cce4d-e112-47d6-b88e-45dc6e42fecb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--de9925cf-d237-49e7-9b5f-c990cd4babc9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.421393Z",
+ "modified": "2024-10-11T00:20:18.421393Z",
+ "name": "CVE-2024-9180",
+ "description": "A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9180"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dfa21733-7119-4cd8-9298-1b1116850546.json b/objects/vulnerability/vulnerability--dfa21733-7119-4cd8-9298-1b1116850546.json
new file mode 100644
index 00000000000..44e6b0b7a5b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dfa21733-7119-4cd8-9298-1b1116850546.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f10fb313-3cf2-4ed9-bb42-5014bea5d926",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dfa21733-7119-4cd8-9298-1b1116850546",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.594983Z",
+ "modified": "2024-10-11T00:20:18.594983Z",
+ "name": "CVE-2024-47868",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data. Vulnerable Components: 1. **String to FileData:** DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton. 2. **Complex data to FileData:** Chatbot, MultimodalTextbox. 3. **Direct file read in preprocess:** Code. 4. **Dictionary converted to FileData:** ParamViewer, Dataset. Exploit Scenarios: 1. A developer creates a Dropdown list that passes values to a DownloadButton. An attacker bypasses the allowed inputs, sends an arbitrary file path (like `/etc/passwd`), and downloads sensitive files. 2. An attacker crafts a malicious payload in a ParamViewer component, leaking sensitive files from a server through the arbitrary file leak. This issue has been resolved in `gradio>5.0`. Upgrading to the latest version will mitigate this vulnerability. There are no known workarounds for this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47868"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e0db58be-b746-4920-9e71-0d6a5dd2b4b7.json b/objects/vulnerability/vulnerability--e0db58be-b746-4920-9e71-0d6a5dd2b4b7.json
new file mode 100644
index 00000000000..6e89260a2d7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e0db58be-b746-4920-9e71-0d6a5dd2b4b7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--53aa4b14-a0f7-4f96-8c40-d9ce239bfd25",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e0db58be-b746-4920-9e71-0d6a5dd2b4b7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.506652Z",
+ "modified": "2024-10-11T00:20:18.506652Z",
+ "name": "CVE-2024-9818",
+ "description": "A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9818"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e3779ca0-ef98-4d58-897f-46abb6bcf32f.json b/objects/vulnerability/vulnerability--e3779ca0-ef98-4d58-897f-46abb6bcf32f.json
new file mode 100644
index 00000000000..cb48f4f3f1b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e3779ca0-ef98-4d58-897f-46abb6bcf32f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--71e23b98-196c-413f-adff-729b936b8697",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e3779ca0-ef98-4d58-897f-46abb6bcf32f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.43155Z",
+ "modified": "2024-10-11T00:20:18.43155Z",
+ "name": "CVE-2024-9793",
+ "description": "A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9793"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e571e40e-f472-4bc6-84b2-42bc205ee021.json b/objects/vulnerability/vulnerability--e571e40e-f472-4bc6-84b2-42bc205ee021.json
new file mode 100644
index 00000000000..f2f3d73c7c6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e571e40e-f472-4bc6-84b2-42bc205ee021.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--18c8f058-feb5-43c9-b812-9f769bd9a82c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e571e40e-f472-4bc6-84b2-42bc205ee021",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.397655Z",
+ "modified": "2024-10-11T00:20:18.397655Z",
+ "name": "CVE-2024-45123",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45123"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e8442283-a572-463f-aab8-f75c2475e952.json b/objects/vulnerability/vulnerability--e8442283-a572-463f-aab8-f75c2475e952.json
new file mode 100644
index 00000000000..7c34b086706
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e8442283-a572-463f-aab8-f75c2475e952.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7c561b65-7547-4972-906d-d2c7054bcde8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e8442283-a572-463f-aab8-f75c2475e952",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.233471Z",
+ "modified": "2024-10-11T00:20:18.233471Z",
+ "name": "CVE-2024-48958",
+ "description": "execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48958"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e9b9a676-0931-4cbb-b404-8c02db38ac1b.json b/objects/vulnerability/vulnerability--e9b9a676-0931-4cbb-b404-8c02db38ac1b.json
new file mode 100644
index 00000000000..8f576e90fab
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e9b9a676-0931-4cbb-b404-8c02db38ac1b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c837b7f7-5e1c-4764-b06a-3ef17ff2bcc9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e9b9a676-0931-4cbb-b404-8c02db38ac1b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.486547Z",
+ "modified": "2024-10-11T00:20:18.486547Z",
+ "name": "CVE-2024-9782",
+ "description": "A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9782"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ea11ec69-737e-4756-870f-1d28d0556c08.json b/objects/vulnerability/vulnerability--ea11ec69-737e-4756-870f-1d28d0556c08.json
new file mode 100644
index 00000000000..c4d69da817a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ea11ec69-737e-4756-870f-1d28d0556c08.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5499216c-7fd6-4f4f-9d37-39e53cb53d71",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ea11ec69-737e-4756-870f-1d28d0556c08",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:19.688533Z",
+ "modified": "2024-10-11T00:20:19.688533Z",
+ "name": "CVE-2024-36917",
+ "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix overflow in blk_ioctl_discard()\n\nThere is no check for overflow of 'start + len' in blk_ioctl_discard().\nHung task occurs if submit an discard ioctl with the following param:\n start = 0x80000000000ff000, len = 0x8000000000fff000;\nAdd the overflow validation now.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-36917"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ea422f2b-9f31-410c-8808-9a6d8400896e.json b/objects/vulnerability/vulnerability--ea422f2b-9f31-410c-8808-9a6d8400896e.json
new file mode 100644
index 00000000000..1e918cedfbc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ea422f2b-9f31-410c-8808-9a6d8400896e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4663af3f-bad0-45bd-8652-9f7138d89296",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ea422f2b-9f31-410c-8808-9a6d8400896e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.411469Z",
+ "modified": "2024-10-11T00:20:18.411469Z",
+ "name": "CVE-2024-9794",
+ "description": "A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9794"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ebe735f9-79bc-47f8-8130-8def92239ac0.json b/objects/vulnerability/vulnerability--ebe735f9-79bc-47f8-8130-8def92239ac0.json
new file mode 100644
index 00000000000..02db7a4fe04
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ebe735f9-79bc-47f8-8130-8def92239ac0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d28bec6f-38d9-45c9-8f96-11ab51142fea",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ebe735f9-79bc-47f8-8130-8def92239ac0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.49833Z",
+ "modified": "2024-10-11T00:20:18.49833Z",
+ "name": "CVE-2024-9811",
+ "description": "A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9811"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ecb54fc5-4f9e-4d73-ace6-bc4d899b5bb6.json b/objects/vulnerability/vulnerability--ecb54fc5-4f9e-4d73-ace6-bc4d899b5bb6.json
new file mode 100644
index 00000000000..a56a5446f0b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ecb54fc5-4f9e-4d73-ace6-bc4d899b5bb6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--84d9ef34-2aba-4116-8e10-048545fe9382",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ecb54fc5-4f9e-4d73-ace6-bc4d899b5bb6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.391061Z",
+ "modified": "2024-10-11T00:20:18.391061Z",
+ "name": "CVE-2024-45118",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45118"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f0bd0bb7-8b72-404e-8df2-eae1687c6d91.json b/objects/vulnerability/vulnerability--f0bd0bb7-8b72-404e-8df2-eae1687c6d91.json
new file mode 100644
index 00000000000..baeda1ff278
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f0bd0bb7-8b72-404e-8df2-eae1687c6d91.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--69cfb691-8e9a-4815-865d-c0848cc1d580",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f0bd0bb7-8b72-404e-8df2-eae1687c6d91",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.620867Z",
+ "modified": "2024-10-11T00:20:18.620867Z",
+ "name": "CVE-2024-47871",
+ "description": "Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47871"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f712a5bc-c410-4362-abaa-2de3190679e9.json b/objects/vulnerability/vulnerability--f712a5bc-c410-4362-abaa-2de3190679e9.json
new file mode 100644
index 00000000000..cf83165f6bf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f712a5bc-c410-4362-abaa-2de3190679e9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3cc2865a-52ab-4e6d-a442-15b60ee8d671",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f712a5bc-c410-4362-abaa-2de3190679e9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.308166Z",
+ "modified": "2024-10-11T00:20:18.308166Z",
+ "name": "CVE-2024-45130",
+ "description": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45130"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f8717102-7f90-4a00-8040-869a89e64ff1.json b/objects/vulnerability/vulnerability--f8717102-7f90-4a00-8040-869a89e64ff1.json
new file mode 100644
index 00000000000..10d4001865f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f8717102-7f90-4a00-8040-869a89e64ff1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--845f5432-c0fe-4bbb-9b86-2e4684b842da",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f8717102-7f90-4a00-8040-869a89e64ff1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.475783Z",
+ "modified": "2024-10-11T00:20:18.475783Z",
+ "name": "CVE-2024-9802",
+ "description": "The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9802"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f922732d-3340-4f16-b9b8-04062084f3a8.json b/objects/vulnerability/vulnerability--f922732d-3340-4f16-b9b8-04062084f3a8.json
new file mode 100644
index 00000000000..f685f89ac05
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f922732d-3340-4f16-b9b8-04062084f3a8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8b748e08-d825-4642-afa4-f5b1031a636a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f922732d-3340-4f16-b9b8-04062084f3a8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.476887Z",
+ "modified": "2024-10-11T00:20:18.476887Z",
+ "name": "CVE-2024-9792",
+ "description": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9792"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ffea44d4-8456-4ab0-80c3-5ad1246e2af9.json b/objects/vulnerability/vulnerability--ffea44d4-8456-4ab0-80c3-5ad1246e2af9.json
new file mode 100644
index 00000000000..60d14592cb5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ffea44d4-8456-4ab0-80c3-5ad1246e2af9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8ed1a179-3197-4924-8e07-3f5907820590",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ffea44d4-8456-4ab0-80c3-5ad1246e2af9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-10-11T00:20:18.49043Z",
+ "modified": "2024-10-11T00:20:18.49043Z",
+ "name": "CVE-2024-9064",
+ "description": "The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9064"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file