diff --git a/mapping.csv b/mapping.csv index f4688078e99..e13e81a9290 100644 --- a/mapping.csv +++ b/mapping.csv @@ -252539,3 +252539,71 @@ vulnerability,CVE-2024-9897,vulnerability--0b52753a-910f-412c-b8f5-52928bd98c79 vulnerability,CVE-2024-21536,vulnerability--ede08127-fdda-48be-a1c9-ce8fb6e9e556 vulnerability,CVE-2019-25218,vulnerability--d457265c-e166-47f6-b3f4-399204c5fcab vulnerability,CVE-2023-6243,vulnerability--d1942d12-06ca-4c14-9db4-23f1edd98e81 +vulnerability,CVE-2024-48049,vulnerability--8c2bbafa-eaba-4df2-995c-88e74fa1937d +vulnerability,CVE-2024-10166,vulnerability--28ed4ed6-b50a-4831-ad21-c8e02df5b8b5 +vulnerability,CVE-2024-10191,vulnerability--1adc1feb-28a9-4fba-bde9-fc9f25ac8cce +vulnerability,CVE-2024-10167,vulnerability--e6acdfd3-8809-4296-aa41-76c3bc0dba38 +vulnerability,CVE-2024-10192,vulnerability--21d0e2b6-1770-49db-8845-a2cf31050a30 +vulnerability,CVE-2024-10194,vulnerability--020f347a-ba13-467a-bc97-726f5bf6affc +vulnerability,CVE-2024-10173,vulnerability--083c7ef8-6056-4a63-a869-1f604f7cded9 +vulnerability,CVE-2024-10169,vulnerability--bed399b0-af70-4495-9856-8e17911a26d6 +vulnerability,CVE-2024-10195,vulnerability--f2e2f8a7-d346-4a95-a052-b77e3dfede70 +vulnerability,CVE-2024-10171,vulnerability--973eef17-a4fe-476f-8cd1-5e7fc3b3e0cf +vulnerability,CVE-2024-10170,vulnerability--5c142fb8-629f-44b0-a367-661d2a7038bb +vulnerability,CVE-2024-10161,vulnerability--119afeb9-03ca-4a16-9c03-3c3169ae9159 +vulnerability,CVE-2024-10160,vulnerability--023e8771-f307-4ada-a061-103ffdb5c03e +vulnerability,CVE-2024-10163,vulnerability--a8fc786e-0897-415b-bed5-390471f70fc5 +vulnerability,CVE-2024-10162,vulnerability--6ca78fe9-8cfd-4322-a2bd-652309248dad +vulnerability,CVE-2024-10193,vulnerability--03b52b4f-4b7e-47c7-954e-b37bd660adcc +vulnerability,CVE-2024-10165,vulnerability--e9ac2392-8d84-476d-91fb-f47957bb6a4d +vulnerability,CVE-2024-47325,vulnerability--18df1059-89fe-4b48-a118-abda9be0ed99 +vulnerability,CVE-2024-47634,vulnerability--a3ab1e6b-9612-47b5-8397-dd6dd3bc239c +vulnerability,CVE-2024-44061,vulnerability--35388701-bf63-4a58-90fb-56d3173c2037 +vulnerability,CVE-2024-44000,vulnerability--fa2912bd-d05a-445b-911c-7ed4fd6c9452 +vulnerability,CVE-2024-49274,vulnerability--97ae60c3-5df4-400a-8418-1bc6251fbb97 +vulnerability,CVE-2024-49323,vulnerability--e8ac9fb5-82df-48b1-b332-b0804e12119e +vulnerability,CVE-2024-49617,vulnerability--83397c04-b3ee-4478-bda8-ef6af1cae3de +vulnerability,CVE-2024-49250,vulnerability--c8acddfc-80ec-43ff-a0e7-33af14ffafe1 +vulnerability,CVE-2024-49624,vulnerability--cb46ca21-305b-4252-a44b-e986159d3c3d +vulnerability,CVE-2024-49623,vulnerability--2c938905-9946-45a9-99d9-f3cc7d208d63 +vulnerability,CVE-2024-49608,vulnerability--2a631f4d-239f-415b-86ed-3ba57736e7eb +vulnerability,CVE-2024-49627,vulnerability--27b1ca2f-dc93-4d47-ad75-428f0c5373f1 +vulnerability,CVE-2024-49328,vulnerability--81aa6cab-418c-45f1-9a97-803f7cf64701 +vulnerability,CVE-2024-49606,vulnerability--fbd0ac82-1c3e-4e6d-a3bc-74575cecd890 +vulnerability,CVE-2024-49615,vulnerability--62e03ad0-cee6-4630-b9b0-c231777e9502 +vulnerability,CVE-2024-49327,vulnerability--2769c26f-54c1-42fc-b333-7cebc14d3aee +vulnerability,CVE-2024-49625,vulnerability--042a89b6-3ef1-4268-a204-cb5d3388e72c +vulnerability,CVE-2024-49609,vulnerability--72e5dda0-7f76-4e68-8e51-8de64379145b +vulnerability,CVE-2024-49612,vulnerability--6d0e8692-7745-43f4-a6e9-35607588e054 +vulnerability,CVE-2024-49628,vulnerability--798c5255-bd3e-4df8-a24d-d5dfbac413cb +vulnerability,CVE-2024-49335,vulnerability--04aa34d0-18bf-4ff7-af4d-7ae5392643f3 +vulnerability,CVE-2024-49290,vulnerability--2b85a6d6-1a54-4d55-90bd-9526e639072e +vulnerability,CVE-2024-49610,vulnerability--30b10581-0b5c-41c5-9251-70ab770e74bb +vulnerability,CVE-2024-49620,vulnerability--bf1f77c9-78d7-443e-9eb6-ca4b0f65ad35 +vulnerability,CVE-2024-49332,vulnerability--cb0ccea7-7f46-4a38-9eab-543479ae524a +vulnerability,CVE-2024-49325,vulnerability--f491cc08-0c1c-4cd2-91c4-ad1666dff6b0 +vulnerability,CVE-2024-49275,vulnerability--0f72516e-0670-4cdb-9406-603a7428b0bc +vulnerability,CVE-2024-49621,vulnerability--e544758c-1c40-476d-82c4-be1da106fb09 +vulnerability,CVE-2024-49611,vulnerability--02731c34-97c1-4cae-88aa-737a1b79130c +vulnerability,CVE-2024-49286,vulnerability--235f5622-11ec-45f8-97a8-6368d99fa2a0 +vulnerability,CVE-2024-49329,vulnerability--2d7edf07-9233-4227-9f90-ba568bc667f6 +vulnerability,CVE-2024-49618,vulnerability--d6552329-dee0-4c4a-ab0b-b105b3e79478 +vulnerability,CVE-2024-49605,vulnerability--39f13a9e-4a67-4e27-9480-7401deb9ec09 +vulnerability,CVE-2024-49330,vulnerability--b161df04-8d40-4a7c-8f16-3d219cdade32 +vulnerability,CVE-2024-49630,vulnerability--a9599ae0-8a65-4f68-abbe-da98cec1f080 +vulnerability,CVE-2024-49626,vulnerability--c439da7f-2e2d-43d9-9645-3e01a341840d +vulnerability,CVE-2024-49324,vulnerability--7c0405f0-23b3-4bb8-8944-0e3602262ca1 +vulnerability,CVE-2024-49614,vulnerability--86f3869c-70e8-4710-92f4-f1c332f22e0f +vulnerability,CVE-2024-49604,vulnerability--60c0a60f-3f4c-43ae-9317-4263b86bd3f0 +vulnerability,CVE-2024-49631,vulnerability--b68447dc-0cae-4128-9c03-bb8fe85bff70 +vulnerability,CVE-2024-49334,vulnerability--d262a96e-ccc0-47ea-8623-a26d2c160356 +vulnerability,CVE-2024-49619,vulnerability--0435f45f-5818-4d53-a814-eaaf824ec4cd +vulnerability,CVE-2024-49272,vulnerability--e7c991cb-6102-4320-81b9-cf506aabc7be +vulnerability,CVE-2024-49607,vulnerability--876a4dfb-2ea7-4383-801b-0ef6a7513bc2 +vulnerability,CVE-2024-49306,vulnerability--97771110-b4e3-4471-b067-00a363652b65 +vulnerability,CVE-2024-49331,vulnerability--0ac3230e-0bf7-4b4a-87fd-85cd5e178a31 +vulnerability,CVE-2024-49326,vulnerability--ac64f250-e5cc-4da1-af2d-d3f6c8ed535f +vulnerability,CVE-2024-49629,vulnerability--f14a1d75-b90e-4e47-915b-43eb7f2587ef +vulnerability,CVE-2024-49616,vulnerability--0d45da94-8555-4740-98e4-6536e3c238e5 +vulnerability,CVE-2024-49613,vulnerability--2096f920-df6d-4c02-b5ae-025c393ca53f +vulnerability,CVE-2024-49622,vulnerability--9b116cf8-e5f3-4c60-b724-b32a98a57001 diff --git a/objects/vulnerability/vulnerability--020f347a-ba13-467a-bc97-726f5bf6affc.json b/objects/vulnerability/vulnerability--020f347a-ba13-467a-bc97-726f5bf6affc.json new file mode 100644 index 00000000000..82dfb16ec22 --- /dev/null +++ b/objects/vulnerability/vulnerability--020f347a-ba13-467a-bc97-726f5bf6affc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7edc0b08-a457-4198-b53f-e83b7e0266d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--020f347a-ba13-467a-bc97-726f5bf6affc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.643725Z", + "modified": "2024-10-21T00:21:32.643725Z", + "name": "CVE-2024-10194", + "description": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10194" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--023e8771-f307-4ada-a061-103ffdb5c03e.json b/objects/vulnerability/vulnerability--023e8771-f307-4ada-a061-103ffdb5c03e.json new file mode 100644 index 00000000000..0b2a4b7d1d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--023e8771-f307-4ada-a061-103ffdb5c03e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bdca0ff5-0400-4de2-8498-64f39dbde3d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--023e8771-f307-4ada-a061-103ffdb5c03e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.65356Z", + "modified": "2024-10-21T00:21:32.65356Z", + "name": "CVE-2024-10160", + "description": "A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"fdate\" to be affected. But it must be assumed \"tdate\" is affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10160" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--02731c34-97c1-4cae-88aa-737a1b79130c.json b/objects/vulnerability/vulnerability--02731c34-97c1-4cae-88aa-737a1b79130c.json new file mode 100644 index 00000000000..f5937718ba7 --- /dev/null +++ b/objects/vulnerability/vulnerability--02731c34-97c1-4cae-88aa-737a1b79130c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af7bf7cf-761d-4cb3-8e50-f00289aa1a63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--02731c34-97c1-4cae-88aa-737a1b79130c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.816059Z", + "modified": "2024-10-21T00:21:33.816059Z", + "name": "CVE-2024-49611", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49611" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03b52b4f-4b7e-47c7-954e-b37bd660adcc.json b/objects/vulnerability/vulnerability--03b52b4f-4b7e-47c7-954e-b37bd660adcc.json new file mode 100644 index 00000000000..63fcab19f0b --- /dev/null +++ b/objects/vulnerability/vulnerability--03b52b4f-4b7e-47c7-954e-b37bd660adcc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a6be8707-dbea-4f90-a2d4-060d1eb579c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03b52b4f-4b7e-47c7-954e-b37bd660adcc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.657552Z", + "modified": "2024-10-21T00:21:32.657552Z", + "name": "CVE-2024-10193", + "description": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10193" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--042a89b6-3ef1-4268-a204-cb5d3388e72c.json b/objects/vulnerability/vulnerability--042a89b6-3ef1-4268-a204-cb5d3388e72c.json new file mode 100644 index 00000000000..965b2b20c04 --- /dev/null +++ b/objects/vulnerability/vulnerability--042a89b6-3ef1-4268-a204-cb5d3388e72c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46ac18af-bf52-4f3d-957b-4977032a2584", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--042a89b6-3ef1-4268-a204-cb5d3388e72c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.798996Z", + "modified": "2024-10-21T00:21:33.798996Z", + "name": "CVE-2024-49625", + "description": "Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49625" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0435f45f-5818-4d53-a814-eaaf824ec4cd.json b/objects/vulnerability/vulnerability--0435f45f-5818-4d53-a814-eaaf824ec4cd.json new file mode 100644 index 00000000000..ed1fa685535 --- /dev/null +++ b/objects/vulnerability/vulnerability--0435f45f-5818-4d53-a814-eaaf824ec4cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58483d49-82a7-4deb-a954-46a6176c27f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0435f45f-5818-4d53-a814-eaaf824ec4cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.845575Z", + "modified": "2024-10-21T00:21:33.845575Z", + "name": "CVE-2024-49619", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04aa34d0-18bf-4ff7-af4d-7ae5392643f3.json b/objects/vulnerability/vulnerability--04aa34d0-18bf-4ff7-af4d-7ae5392643f3.json new file mode 100644 index 00000000000..09a3ca96998 --- /dev/null +++ b/objects/vulnerability/vulnerability--04aa34d0-18bf-4ff7-af4d-7ae5392643f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3683fe6c-7336-4da9-9b85-88c1be78e4e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04aa34d0-18bf-4ff7-af4d-7ae5392643f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.804644Z", + "modified": "2024-10-21T00:21:33.804644Z", + "name": "CVE-2024-49335", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49335" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--083c7ef8-6056-4a63-a869-1f604f7cded9.json b/objects/vulnerability/vulnerability--083c7ef8-6056-4a63-a869-1f604f7cded9.json new file mode 100644 index 00000000000..2f380c9c5c0 --- /dev/null +++ b/objects/vulnerability/vulnerability--083c7ef8-6056-4a63-a869-1f604f7cded9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--64a269eb-4e3d-4862-b134-7ec577ec2f13", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--083c7ef8-6056-4a63-a869-1f604f7cded9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.644848Z", + "modified": "2024-10-21T00:21:32.644848Z", + "name": "CVE-2024-10173", + "description": "A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10173" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0ac3230e-0bf7-4b4a-87fd-85cd5e178a31.json b/objects/vulnerability/vulnerability--0ac3230e-0bf7-4b4a-87fd-85cd5e178a31.json new file mode 100644 index 00000000000..550462ac651 --- /dev/null +++ b/objects/vulnerability/vulnerability--0ac3230e-0bf7-4b4a-87fd-85cd5e178a31.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6137c76-dab7-4e14-853c-c4c4ef892250", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0ac3230e-0bf7-4b4a-87fd-85cd5e178a31", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.852953Z", + "modified": "2024-10-21T00:21:33.852953Z", + "name": "CVE-2024-49331", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49331" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d45da94-8555-4740-98e4-6536e3c238e5.json b/objects/vulnerability/vulnerability--0d45da94-8555-4740-98e4-6536e3c238e5.json new file mode 100644 index 00000000000..8e84f19e254 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d45da94-8555-4740-98e4-6536e3c238e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a7db5cd-3517-4f70-bbf5-dd3b9ec63382", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d45da94-8555-4740-98e4-6536e3c238e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.856104Z", + "modified": "2024-10-21T00:21:33.856104Z", + "name": "CVE-2024-49616", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nyasro Rate Own Post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49616" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f72516e-0670-4cdb-9406-603a7428b0bc.json b/objects/vulnerability/vulnerability--0f72516e-0670-4cdb-9406-603a7428b0bc.json new file mode 100644 index 00000000000..e009a920333 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f72516e-0670-4cdb-9406-603a7428b0bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b62d3310-1a08-464a-9f22-61a855366bc6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f72516e-0670-4cdb-9406-603a7428b0bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.813132Z", + "modified": "2024-10-21T00:21:33.813132Z", + "name": "CVE-2024-49275", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49275" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--119afeb9-03ca-4a16-9c03-3c3169ae9159.json b/objects/vulnerability/vulnerability--119afeb9-03ca-4a16-9c03-3c3169ae9159.json new file mode 100644 index 00000000000..5fe4620d311 --- /dev/null +++ b/objects/vulnerability/vulnerability--119afeb9-03ca-4a16-9c03-3c3169ae9159.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c374952-5682-448e-9b50-f4e194a3ee02", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--119afeb9-03ca-4a16-9c03-3c3169ae9159", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.651298Z", + "modified": "2024-10-21T00:21:32.651298Z", + "name": "CVE-2024-10161", + "description": "A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10161" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18df1059-89fe-4b48-a118-abda9be0ed99.json b/objects/vulnerability/vulnerability--18df1059-89fe-4b48-a118-abda9be0ed99.json new file mode 100644 index 00000000000..0d43000132c --- /dev/null +++ b/objects/vulnerability/vulnerability--18df1059-89fe-4b48-a118-abda9be0ed99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3092f26-7f9c-4b75-8879-ec1a772ba9f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18df1059-89fe-4b48-a118-abda9be0ed99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.793806Z", + "modified": "2024-10-21T00:21:32.793806Z", + "name": "CVE-2024-47325", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47325" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1adc1feb-28a9-4fba-bde9-fc9f25ac8cce.json b/objects/vulnerability/vulnerability--1adc1feb-28a9-4fba-bde9-fc9f25ac8cce.json new file mode 100644 index 00000000000..63f8798d29b --- /dev/null +++ b/objects/vulnerability/vulnerability--1adc1feb-28a9-4fba-bde9-fc9f25ac8cce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38220077-d93e-4800-8031-99974928dede", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1adc1feb-28a9-4fba-bde9-fc9f25ac8cce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.616813Z", + "modified": "2024-10-21T00:21:32.616813Z", + "name": "CVE-2024-10191", + "description": "A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10191" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2096f920-df6d-4c02-b5ae-025c393ca53f.json b/objects/vulnerability/vulnerability--2096f920-df6d-4c02-b5ae-025c393ca53f.json new file mode 100644 index 00000000000..990bcfa92fb --- /dev/null +++ b/objects/vulnerability/vulnerability--2096f920-df6d-4c02-b5ae-025c393ca53f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--512a8401-390b-4b2c-ad05-6ab85fd2d6fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2096f920-df6d-4c02-b5ae-025c393ca53f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.857428Z", + "modified": "2024-10-21T00:21:33.857428Z", + "name": "CVE-2024-49613", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49613" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21d0e2b6-1770-49db-8845-a2cf31050a30.json b/objects/vulnerability/vulnerability--21d0e2b6-1770-49db-8845-a2cf31050a30.json new file mode 100644 index 00000000000..5372593a81b --- /dev/null +++ b/objects/vulnerability/vulnerability--21d0e2b6-1770-49db-8845-a2cf31050a30.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--970234b5-903f-4231-8a97-444ef7e8b19a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21d0e2b6-1770-49db-8845-a2cf31050a30", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.620513Z", + "modified": "2024-10-21T00:21:32.620513Z", + "name": "CVE-2024-10192", + "description": "A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10192" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--235f5622-11ec-45f8-97a8-6368d99fa2a0.json b/objects/vulnerability/vulnerability--235f5622-11ec-45f8-97a8-6368d99fa2a0.json new file mode 100644 index 00000000000..4e91a9067cf --- /dev/null +++ b/objects/vulnerability/vulnerability--235f5622-11ec-45f8-97a8-6368d99fa2a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--64ae5732-5c8b-4926-9e9d-3425d5c246dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--235f5622-11ec-45f8-97a8-6368d99fa2a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.817231Z", + "modified": "2024-10-21T00:21:33.817231Z", + "name": "CVE-2024-49286", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV Events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through 3.2.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49286" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2769c26f-54c1-42fc-b333-7cebc14d3aee.json b/objects/vulnerability/vulnerability--2769c26f-54c1-42fc-b333-7cebc14d3aee.json new file mode 100644 index 00000000000..6d363750ec1 --- /dev/null +++ b/objects/vulnerability/vulnerability--2769c26f-54c1-42fc-b333-7cebc14d3aee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87bf823f-7ad8-48ab-8d57-b0beb06117b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2769c26f-54c1-42fc-b333-7cebc14d3aee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.796758Z", + "modified": "2024-10-21T00:21:33.796758Z", + "name": "CVE-2024-49327", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49327" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27b1ca2f-dc93-4d47-ad75-428f0c5373f1.json b/objects/vulnerability/vulnerability--27b1ca2f-dc93-4d47-ad75-428f0c5373f1.json new file mode 100644 index 00000000000..9e7947c7d4b --- /dev/null +++ b/objects/vulnerability/vulnerability--27b1ca2f-dc93-4d47-ad75-428f0c5373f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cac80acd-01ad-466a-ab33-817f8dd9aef7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27b1ca2f-dc93-4d47-ad75-428f0c5373f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.790532Z", + "modified": "2024-10-21T00:21:33.790532Z", + "name": "CVE-2024-49627", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49627" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28ed4ed6-b50a-4831-ad21-c8e02df5b8b5.json b/objects/vulnerability/vulnerability--28ed4ed6-b50a-4831-ad21-c8e02df5b8b5.json new file mode 100644 index 00000000000..6d927d58885 --- /dev/null +++ b/objects/vulnerability/vulnerability--28ed4ed6-b50a-4831-ad21-c8e02df5b8b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f49890bf-afa2-4177-9f56-50631c59e629", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28ed4ed6-b50a-4831-ad21-c8e02df5b8b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.613906Z", + "modified": "2024-10-21T00:21:32.613906Z", + "name": "CVE-2024-10166", + "description": "A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10166" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a631f4d-239f-415b-86ed-3ba57736e7eb.json b/objects/vulnerability/vulnerability--2a631f4d-239f-415b-86ed-3ba57736e7eb.json new file mode 100644 index 00000000000..ab1baa95e5e --- /dev/null +++ b/objects/vulnerability/vulnerability--2a631f4d-239f-415b-86ed-3ba57736e7eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47476cf6-7e76-42ab-ae4f-88b6eba34a4e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a631f4d-239f-415b-86ed-3ba57736e7eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.788714Z", + "modified": "2024-10-21T00:21:33.788714Z", + "name": "CVE-2024-49608", + "description": ": Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49608" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b85a6d6-1a54-4d55-90bd-9526e639072e.json b/objects/vulnerability/vulnerability--2b85a6d6-1a54-4d55-90bd-9526e639072e.json new file mode 100644 index 00000000000..785b9ca74a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--2b85a6d6-1a54-4d55-90bd-9526e639072e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d4509db7-710c-4af7-a58c-535247cd3bc3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b85a6d6-1a54-4d55-90bd-9526e639072e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.806556Z", + "modified": "2024-10-21T00:21:33.806556Z", + "name": "CVE-2024-49290", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c938905-9946-45a9-99d9-f3cc7d208d63.json b/objects/vulnerability/vulnerability--2c938905-9946-45a9-99d9-f3cc7d208d63.json new file mode 100644 index 00000000000..48a911dd451 --- /dev/null +++ b/objects/vulnerability/vulnerability--2c938905-9946-45a9-99d9-f3cc7d208d63.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13c4fc08-ab3c-4ccd-9e99-1fd45b3fb4c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c938905-9946-45a9-99d9-f3cc7d208d63", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.787641Z", + "modified": "2024-10-21T00:21:33.787641Z", + "name": "CVE-2024-49623", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hasan Movahed Duplicate Title Validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49623" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d7edf07-9233-4227-9f90-ba568bc667f6.json b/objects/vulnerability/vulnerability--2d7edf07-9233-4227-9f90-ba568bc667f6.json new file mode 100644 index 00000000000..b5e6f22d58b --- /dev/null +++ b/objects/vulnerability/vulnerability--2d7edf07-9233-4227-9f90-ba568bc667f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f87072a4-0415-4b35-b79a-f9d2fd454977", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d7edf07-9233-4227-9f90-ba568bc667f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.818906Z", + "modified": "2024-10-21T00:21:33.818906Z", + "name": "CVE-2024-49329", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49329" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30b10581-0b5c-41c5-9251-70ab770e74bb.json b/objects/vulnerability/vulnerability--30b10581-0b5c-41c5-9251-70ab770e74bb.json new file mode 100644 index 00000000000..e4785bbaa27 --- /dev/null +++ b/objects/vulnerability/vulnerability--30b10581-0b5c-41c5-9251-70ab770e74bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9ba98f6-20d9-401c-873a-4fa2facae882", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30b10581-0b5c-41c5-9251-70ab770e74bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.807845Z", + "modified": "2024-10-21T00:21:33.807845Z", + "name": "CVE-2024-49610", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49610" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35388701-bf63-4a58-90fb-56d3173c2037.json b/objects/vulnerability/vulnerability--35388701-bf63-4a58-90fb-56d3173c2037.json new file mode 100644 index 00000000000..b261912daf6 --- /dev/null +++ b/objects/vulnerability/vulnerability--35388701-bf63-4a58-90fb-56d3173c2037.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cec29d7b-46bf-4c96-88b5-8ee04e65f145", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35388701-bf63-4a58-90fb-56d3173c2037", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.054235Z", + "modified": "2024-10-21T00:21:33.054235Z", + "name": "CVE-2024-44061", + "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44061" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39f13a9e-4a67-4e27-9480-7401deb9ec09.json b/objects/vulnerability/vulnerability--39f13a9e-4a67-4e27-9480-7401deb9ec09.json new file mode 100644 index 00000000000..021ead804f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--39f13a9e-4a67-4e27-9480-7401deb9ec09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c77b92b-1520-4bf9-ac7a-74a487c547fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39f13a9e-4a67-4e27-9480-7401deb9ec09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.825415Z", + "modified": "2024-10-21T00:21:33.825415Z", + "name": "CVE-2024-49605", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49605" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c142fb8-629f-44b0-a367-661d2a7038bb.json b/objects/vulnerability/vulnerability--5c142fb8-629f-44b0-a367-661d2a7038bb.json new file mode 100644 index 00000000000..38a6d2e893d --- /dev/null +++ b/objects/vulnerability/vulnerability--5c142fb8-629f-44b0-a367-661d2a7038bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e31c304a-c37b-4f8f-ac10-f8629b6012cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c142fb8-629f-44b0-a367-661d2a7038bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.649277Z", + "modified": "2024-10-21T00:21:32.649277Z", + "name": "CVE-2024-10170", + "description": "A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10170" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--60c0a60f-3f4c-43ae-9317-4263b86bd3f0.json b/objects/vulnerability/vulnerability--60c0a60f-3f4c-43ae-9317-4263b86bd3f0.json new file mode 100644 index 00000000000..5eeb62d9f62 --- /dev/null +++ b/objects/vulnerability/vulnerability--60c0a60f-3f4c-43ae-9317-4263b86bd3f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a9f69db-52a7-492f-a5f5-108cb18bf8d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--60c0a60f-3f4c-43ae-9317-4263b86bd3f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.839056Z", + "modified": "2024-10-21T00:21:33.839056Z", + "name": "CVE-2024-49604", + "description": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49604" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62e03ad0-cee6-4630-b9b0-c231777e9502.json b/objects/vulnerability/vulnerability--62e03ad0-cee6-4630-b9b0-c231777e9502.json new file mode 100644 index 00000000000..65348bfe35b --- /dev/null +++ b/objects/vulnerability/vulnerability--62e03ad0-cee6-4630-b9b0-c231777e9502.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f68753f-ad25-4737-9697-bc3aa8390c3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62e03ad0-cee6-4630-b9b0-c231777e9502", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.794714Z", + "modified": "2024-10-21T00:21:33.794714Z", + "name": "CVE-2024-49615", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ca78fe9-8cfd-4322-a2bd-652309248dad.json b/objects/vulnerability/vulnerability--6ca78fe9-8cfd-4322-a2bd-652309248dad.json new file mode 100644 index 00000000000..06220cc0a6c --- /dev/null +++ b/objects/vulnerability/vulnerability--6ca78fe9-8cfd-4322-a2bd-652309248dad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4460c8b-1480-4d22-8c62-8e03697d48e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ca78fe9-8cfd-4322-a2bd-652309248dad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.655701Z", + "modified": "2024-10-21T00:21:32.655701Z", + "name": "CVE-2024-10162", + "description": "A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"mobilenumber\" to be affected. But it must be assumed that other parameters are affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10162" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d0e8692-7745-43f4-a6e9-35607588e054.json b/objects/vulnerability/vulnerability--6d0e8692-7745-43f4-a6e9-35607588e054.json new file mode 100644 index 00000000000..94e6c49c023 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d0e8692-7745-43f4-a6e9-35607588e054.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--770b974e-d737-40d0-9d0d-fa7340b62f95", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d0e8692-7745-43f4-a6e9-35607588e054", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.801157Z", + "modified": "2024-10-21T00:21:33.801157Z", + "name": "CVE-2024-49612", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49612" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72e5dda0-7f76-4e68-8e51-8de64379145b.json b/objects/vulnerability/vulnerability--72e5dda0-7f76-4e68-8e51-8de64379145b.json new file mode 100644 index 00000000000..930946caf24 --- /dev/null +++ b/objects/vulnerability/vulnerability--72e5dda0-7f76-4e68-8e51-8de64379145b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6fe8797d-48a4-4cd6-b251-593984228104", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72e5dda0-7f76-4e68-8e51-8de64379145b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.800231Z", + "modified": "2024-10-21T00:21:33.800231Z", + "name": "CVE-2024-49609", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49609" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--798c5255-bd3e-4df8-a24d-d5dfbac413cb.json b/objects/vulnerability/vulnerability--798c5255-bd3e-4df8-a24d-d5dfbac413cb.json new file mode 100644 index 00000000000..7aa0a549db7 --- /dev/null +++ b/objects/vulnerability/vulnerability--798c5255-bd3e-4df8-a24d-d5dfbac413cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22080d1e-91f6-4d5b-8267-c3a9f289931e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--798c5255-bd3e-4df8-a24d-d5dfbac413cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.802509Z", + "modified": "2024-10-21T00:21:33.802509Z", + "name": "CVE-2024-49628", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49628" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c0405f0-23b3-4bb8-8944-0e3602262ca1.json b/objects/vulnerability/vulnerability--7c0405f0-23b3-4bb8-8944-0e3602262ca1.json new file mode 100644 index 00000000000..8cbeff35363 --- /dev/null +++ b/objects/vulnerability/vulnerability--7c0405f0-23b3-4bb8-8944-0e3602262ca1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--299c3651-b8e2-41df-938e-3e76397568f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c0405f0-23b3-4bb8-8944-0e3602262ca1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.833015Z", + "modified": "2024-10-21T00:21:33.833015Z", + "name": "CVE-2024-49324", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49324" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81aa6cab-418c-45f1-9a97-803f7cf64701.json b/objects/vulnerability/vulnerability--81aa6cab-418c-45f1-9a97-803f7cf64701.json new file mode 100644 index 00000000000..5f540fda185 --- /dev/null +++ b/objects/vulnerability/vulnerability--81aa6cab-418c-45f1-9a97-803f7cf64701.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5fe4a2c1-dc9d-44ef-8b90-73c33bef12a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81aa6cab-418c-45f1-9a97-803f7cf64701", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.7917Z", + "modified": "2024-10-21T00:21:33.7917Z", + "name": "CVE-2024-49328", + "description": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49328" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83397c04-b3ee-4478-bda8-ef6af1cae3de.json b/objects/vulnerability/vulnerability--83397c04-b3ee-4478-bda8-ef6af1cae3de.json new file mode 100644 index 00000000000..4f435f13adf --- /dev/null +++ b/objects/vulnerability/vulnerability--83397c04-b3ee-4478-bda8-ef6af1cae3de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--290eac94-8f0a-44b6-9873-1f98226a0547", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83397c04-b3ee-4478-bda8-ef6af1cae3de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.782469Z", + "modified": "2024-10-21T00:21:33.782469Z", + "name": "CVE-2024-49617", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86f3869c-70e8-4710-92f4-f1c332f22e0f.json b/objects/vulnerability/vulnerability--86f3869c-70e8-4710-92f4-f1c332f22e0f.json new file mode 100644 index 00000000000..962eaa38c22 --- /dev/null +++ b/objects/vulnerability/vulnerability--86f3869c-70e8-4710-92f4-f1c332f22e0f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a851b20c-2660-48a5-bb18-15246f9bc1e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86f3869c-70e8-4710-92f4-f1c332f22e0f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.83416Z", + "modified": "2024-10-21T00:21:33.83416Z", + "name": "CVE-2024-49614", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49614" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--876a4dfb-2ea7-4383-801b-0ef6a7513bc2.json b/objects/vulnerability/vulnerability--876a4dfb-2ea7-4383-801b-0ef6a7513bc2.json new file mode 100644 index 00000000000..615d03555a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--876a4dfb-2ea7-4383-801b-0ef6a7513bc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--735a94f3-2257-47aa-90f6-7fa6b891b204", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--876a4dfb-2ea7-4383-801b-0ef6a7513bc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.849764Z", + "modified": "2024-10-21T00:21:33.849764Z", + "name": "CVE-2024-49607", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c2bbafa-eaba-4df2-995c-88e74fa1937d.json b/objects/vulnerability/vulnerability--8c2bbafa-eaba-4df2-995c-88e74fa1937d.json new file mode 100644 index 00000000000..8fa5ef2ba8d --- /dev/null +++ b/objects/vulnerability/vulnerability--8c2bbafa-eaba-4df2-995c-88e74fa1937d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a36b7bab-aefc-4e2b-8c57-b855759d57ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c2bbafa-eaba-4df2-995c-88e74fa1937d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.456856Z", + "modified": "2024-10-21T00:21:32.456856Z", + "name": "CVE-2024-48049", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mighty Plugins Mighty Builder allows Stored XSS.This issue affects Mighty Builder: from n/a through 1.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48049" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--973eef17-a4fe-476f-8cd1-5e7fc3b3e0cf.json b/objects/vulnerability/vulnerability--973eef17-a4fe-476f-8cd1-5e7fc3b3e0cf.json new file mode 100644 index 00000000000..f642c440025 --- /dev/null +++ b/objects/vulnerability/vulnerability--973eef17-a4fe-476f-8cd1-5e7fc3b3e0cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4c8211f-5b6c-4a4f-85ec-4eb7d94f5588", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--973eef17-a4fe-476f-8cd1-5e7fc3b3e0cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.648335Z", + "modified": "2024-10-21T00:21:32.648335Z", + "name": "CVE-2024-10171", + "description": "A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10171" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97771110-b4e3-4471-b067-00a363652b65.json b/objects/vulnerability/vulnerability--97771110-b4e3-4471-b067-00a363652b65.json new file mode 100644 index 00000000000..2358a79460e --- /dev/null +++ b/objects/vulnerability/vulnerability--97771110-b4e3-4471-b067-00a363652b65.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--228874d3-1641-4228-a3c6-0b917f380ff4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97771110-b4e3-4471-b067-00a363652b65", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.851437Z", + "modified": "2024-10-21T00:21:33.851437Z", + "name": "CVE-2024-49306", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49306" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97ae60c3-5df4-400a-8418-1bc6251fbb97.json b/objects/vulnerability/vulnerability--97ae60c3-5df4-400a-8418-1bc6251fbb97.json new file mode 100644 index 00000000000..ed2d0dd5e38 --- /dev/null +++ b/objects/vulnerability/vulnerability--97ae60c3-5df4-400a-8418-1bc6251fbb97.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2315fce5-585d-4daa-bc78-f01f447ae204", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97ae60c3-5df4-400a-8418-1bc6251fbb97", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.779851Z", + "modified": "2024-10-21T00:21:33.779851Z", + "name": "CVE-2024-49274", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49274" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b116cf8-e5f3-4c60-b724-b32a98a57001.json b/objects/vulnerability/vulnerability--9b116cf8-e5f3-4c60-b724-b32a98a57001.json new file mode 100644 index 00000000000..89438f5dd0b --- /dev/null +++ b/objects/vulnerability/vulnerability--9b116cf8-e5f3-4c60-b724-b32a98a57001.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7d0c474-fbbc-4a6f-bfb1-c837888dae5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b116cf8-e5f3-4c60-b724-b32a98a57001", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.859273Z", + "modified": "2024-10-21T00:21:33.859273Z", + "name": "CVE-2024-49622", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Apa Apa Banner Slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3ab1e6b-9612-47b5-8397-dd6dd3bc239c.json b/objects/vulnerability/vulnerability--a3ab1e6b-9612-47b5-8397-dd6dd3bc239c.json new file mode 100644 index 00000000000..3a04ee1aa89 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3ab1e6b-9612-47b5-8397-dd6dd3bc239c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b1e5a3a-6e38-4f2d-9656-e082e796dd19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3ab1e6b-9612-47b5-8397-dd6dd3bc239c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.811038Z", + "modified": "2024-10-21T00:21:32.811038Z", + "name": "CVE-2024-47634", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47634" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8fc786e-0897-415b-bed5-390471f70fc5.json b/objects/vulnerability/vulnerability--a8fc786e-0897-415b-bed5-390471f70fc5.json new file mode 100644 index 00000000000..a643f5c9db1 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8fc786e-0897-415b-bed5-390471f70fc5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8de3ed3d-6fd0-48c3-b076-4a1456a30e72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8fc786e-0897-415b-bed5-390471f70fc5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.654802Z", + "modified": "2024-10-21T00:21:32.654802Z", + "name": "CVE-2024-10163", + "description": "A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10163" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9599ae0-8a65-4f68-abbe-da98cec1f080.json b/objects/vulnerability/vulnerability--a9599ae0-8a65-4f68-abbe-da98cec1f080.json new file mode 100644 index 00000000000..7106e51e09c --- /dev/null +++ b/objects/vulnerability/vulnerability--a9599ae0-8a65-4f68-abbe-da98cec1f080.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--908856b8-5ad1-456d-8eff-a1979e12553b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9599ae0-8a65-4f68-abbe-da98cec1f080", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.829532Z", + "modified": "2024-10-21T00:21:33.829532Z", + "name": "CVE-2024-49630", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49630" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac64f250-e5cc-4da1-af2d-d3f6c8ed535f.json b/objects/vulnerability/vulnerability--ac64f250-e5cc-4da1-af2d-d3f6c8ed535f.json new file mode 100644 index 00000000000..42957b07c32 --- /dev/null +++ b/objects/vulnerability/vulnerability--ac64f250-e5cc-4da1-af2d-d3f6c8ed535f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f6a2c05-f4d1-4bf9-9df4-d761b16ece91", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac64f250-e5cc-4da1-af2d-d3f6c8ed535f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.854137Z", + "modified": "2024-10-21T00:21:33.854137Z", + "name": "CVE-2024-49326", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49326" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b161df04-8d40-4a7c-8f16-3d219cdade32.json b/objects/vulnerability/vulnerability--b161df04-8d40-4a7c-8f16-3d219cdade32.json new file mode 100644 index 00000000000..971925e2daa --- /dev/null +++ b/objects/vulnerability/vulnerability--b161df04-8d40-4a7c-8f16-3d219cdade32.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--701e88e4-7816-415e-8525-c7439a9b4570", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b161df04-8d40-4a7c-8f16-3d219cdade32", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.828026Z", + "modified": "2024-10-21T00:21:33.828026Z", + "name": "CVE-2024-49330", + "description": "Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49330" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b68447dc-0cae-4128-9c03-bb8fe85bff70.json b/objects/vulnerability/vulnerability--b68447dc-0cae-4128-9c03-bb8fe85bff70.json new file mode 100644 index 00000000000..268a634f5b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--b68447dc-0cae-4128-9c03-bb8fe85bff70.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b3c7d00-162a-4fc9-b2cb-69ed32cd6648", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b68447dc-0cae-4128-9c03-bb8fe85bff70", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.840214Z", + "modified": "2024-10-21T00:21:33.840214Z", + "name": "CVE-2024-49631", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49631" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bed399b0-af70-4495-9856-8e17911a26d6.json b/objects/vulnerability/vulnerability--bed399b0-af70-4495-9856-8e17911a26d6.json new file mode 100644 index 00000000000..42121e95d14 --- /dev/null +++ b/objects/vulnerability/vulnerability--bed399b0-af70-4495-9856-8e17911a26d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c31d997-a49f-4873-b457-b33c24ed21be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bed399b0-af70-4495-9856-8e17911a26d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.645932Z", + "modified": "2024-10-21T00:21:32.645932Z", + "name": "CVE-2024-10169", + "description": "A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10169" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bf1f77c9-78d7-443e-9eb6-ca4b0f65ad35.json b/objects/vulnerability/vulnerability--bf1f77c9-78d7-443e-9eb6-ca4b0f65ad35.json new file mode 100644 index 00000000000..e9d7f96073d --- /dev/null +++ b/objects/vulnerability/vulnerability--bf1f77c9-78d7-443e-9eb6-ca4b0f65ad35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--732ccb63-6792-4188-85ea-0fc1e644eafa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bf1f77c9-78d7-443e-9eb6-ca4b0f65ad35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.808799Z", + "modified": "2024-10-21T00:21:33.808799Z", + "name": "CVE-2024-49620", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Naudin Vladimir FERMA.Ru.Net allows Blind SQL Injection.This issue affects FERMA.Ru.Net: from n/a through 1.3.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c439da7f-2e2d-43d9-9645-3e01a341840d.json b/objects/vulnerability/vulnerability--c439da7f-2e2d-43d9-9645-3e01a341840d.json new file mode 100644 index 00000000000..cca72814d72 --- /dev/null +++ b/objects/vulnerability/vulnerability--c439da7f-2e2d-43d9-9645-3e01a341840d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b851ef1e-841c-4ddb-9479-4492658ec30f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c439da7f-2e2d-43d9-9645-3e01a341840d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.831195Z", + "modified": "2024-10-21T00:21:33.831195Z", + "name": "CVE-2024-49626", + "description": "Deserialization of Untrusted Data vulnerability in Piyushmca Shipyaari Shipping Management allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through 1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49626" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8acddfc-80ec-43ff-a0e7-33af14ffafe1.json b/objects/vulnerability/vulnerability--c8acddfc-80ec-43ff-a0e7-33af14ffafe1.json new file mode 100644 index 00000000000..82acdca6e26 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8acddfc-80ec-43ff-a0e7-33af14ffafe1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7e8f6d6-c4c2-4a4c-ba60-df4eefcb38b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8acddfc-80ec-43ff-a0e7-33af14ffafe1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.78385Z", + "modified": "2024-10-21T00:21:33.78385Z", + "name": "CVE-2024-49250", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49250" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb0ccea7-7f46-4a38-9eab-543479ae524a.json b/objects/vulnerability/vulnerability--cb0ccea7-7f46-4a38-9eab-543479ae524a.json new file mode 100644 index 00000000000..2211140f104 --- /dev/null +++ b/objects/vulnerability/vulnerability--cb0ccea7-7f46-4a38-9eab-543479ae524a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--651607ba-d847-4525-bc07-33ab6c5c28e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb0ccea7-7f46-4a38-9eab-543479ae524a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.810355Z", + "modified": "2024-10-21T00:21:33.810355Z", + "name": "CVE-2024-49332", + "description": "Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49332" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cb46ca21-305b-4252-a44b-e986159d3c3d.json b/objects/vulnerability/vulnerability--cb46ca21-305b-4252-a44b-e986159d3c3d.json new file mode 100644 index 00000000000..59a315a579d --- /dev/null +++ b/objects/vulnerability/vulnerability--cb46ca21-305b-4252-a44b-e986159d3c3d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b1ce39b-c873-4d1c-814b-1f83aca48843", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cb46ca21-305b-4252-a44b-e986159d3c3d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.785683Z", + "modified": "2024-10-21T00:21:33.785683Z", + "name": "CVE-2024-49624", + "description": "Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49624" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d262a96e-ccc0-47ea-8623-a26d2c160356.json b/objects/vulnerability/vulnerability--d262a96e-ccc0-47ea-8623-a26d2c160356.json new file mode 100644 index 00000000000..7d6a36c74de --- /dev/null +++ b/objects/vulnerability/vulnerability--d262a96e-ccc0-47ea-8623-a26d2c160356.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d9410e5-c4ec-4b38-9bfb-f90fe27830c3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d262a96e-ccc0-47ea-8623-a26d2c160356", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.844198Z", + "modified": "2024-10-21T00:21:33.844198Z", + "name": "CVE-2024-49334", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unizoe Web Solutions jLayer Parallax Slider allows Reflected XSS.This issue affects jLayer Parallax Slider: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49334" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d6552329-dee0-4c4a-ab0b-b105b3e79478.json b/objects/vulnerability/vulnerability--d6552329-dee0-4c4a-ab0b-b105b3e79478.json new file mode 100644 index 00000000000..a0dea5606ff --- /dev/null +++ b/objects/vulnerability/vulnerability--d6552329-dee0-4c4a-ab0b-b105b3e79478.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--44c92086-4d5a-4241-804c-b5ac9495b65f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d6552329-dee0-4c4a-ab0b-b105b3e79478", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.822052Z", + "modified": "2024-10-21T00:21:33.822052Z", + "name": "CVE-2024-49618", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through 1.1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49618" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e544758c-1c40-476d-82c4-be1da106fb09.json b/objects/vulnerability/vulnerability--e544758c-1c40-476d-82c4-be1da106fb09.json new file mode 100644 index 00000000000..2b188d308b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--e544758c-1c40-476d-82c4-be1da106fb09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09d2dbe6-7a1c-4a5e-a107-8b2b17174d5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e544758c-1c40-476d-82c4-be1da106fb09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.814594Z", + "modified": "2024-10-21T00:21:33.814594Z", + "name": "CVE-2024-49621", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49621" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6acdfd3-8809-4296-aa41-76c3bc0dba38.json b/objects/vulnerability/vulnerability--e6acdfd3-8809-4296-aa41-76c3bc0dba38.json new file mode 100644 index 00000000000..bc99e79ec4e --- /dev/null +++ b/objects/vulnerability/vulnerability--e6acdfd3-8809-4296-aa41-76c3bc0dba38.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--990ba710-be6d-44ce-b71d-c1720b4f6277", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6acdfd3-8809-4296-aa41-76c3bc0dba38", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.618432Z", + "modified": "2024-10-21T00:21:32.618432Z", + "name": "CVE-2024-10167", + "description": "A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10167" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7c991cb-6102-4320-81b9-cf506aabc7be.json b/objects/vulnerability/vulnerability--e7c991cb-6102-4320-81b9-cf506aabc7be.json new file mode 100644 index 00000000000..48685092ec7 --- /dev/null +++ b/objects/vulnerability/vulnerability--e7c991cb-6102-4320-81b9-cf506aabc7be.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a1327f0-ef8e-4ace-bd9d-397f848c6334", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7c991cb-6102-4320-81b9-cf506aabc7be", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.848694Z", + "modified": "2024-10-21T00:21:33.848694Z", + "name": "CVE-2024-49272", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49272" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8ac9fb5-82df-48b1-b332-b0804e12119e.json b/objects/vulnerability/vulnerability--e8ac9fb5-82df-48b1-b332-b0804e12119e.json new file mode 100644 index 00000000000..95eae986ba8 --- /dev/null +++ b/objects/vulnerability/vulnerability--e8ac9fb5-82df-48b1-b332-b0804e12119e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fedc742d-6633-45ee-baca-bb13b29b17a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8ac9fb5-82df-48b1-b332-b0804e12119e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.781156Z", + "modified": "2024-10-21T00:21:33.781156Z", + "name": "CVE-2024-49323", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sourav All in One Slider allows Reflected XSS.This issue affects All in One Slider: from n/a through 1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49323" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9ac2392-8d84-476d-91fb-f47957bb6a4d.json b/objects/vulnerability/vulnerability--e9ac2392-8d84-476d-91fb-f47957bb6a4d.json new file mode 100644 index 00000000000..07670463109 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9ac2392-8d84-476d-91fb-f47957bb6a4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e9a30cc8-5799-4f20-b984-befe4474cdfe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9ac2392-8d84-476d-91fb-f47957bb6a4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.658626Z", + "modified": "2024-10-21T00:21:32.658626Z", + "name": "CVE-2024-10165", + "description": "A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10165" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f14a1d75-b90e-4e47-915b-43eb7f2587ef.json b/objects/vulnerability/vulnerability--f14a1d75-b90e-4e47-915b-43eb7f2587ef.json new file mode 100644 index 00000000000..162b18fd3cd --- /dev/null +++ b/objects/vulnerability/vulnerability--f14a1d75-b90e-4e47-915b-43eb7f2587ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f2c50d1-c46c-45bc-a66a-bf785c29c30a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f14a1d75-b90e-4e47-915b-43eb7f2587ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.855026Z", + "modified": "2024-10-21T00:21:33.855026Z", + "name": "CVE-2024-49629", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49629" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2e2f8a7-d346-4a95-a052-b77e3dfede70.json b/objects/vulnerability/vulnerability--f2e2f8a7-d346-4a95-a052-b77e3dfede70.json new file mode 100644 index 00000000000..38fcb9046dd --- /dev/null +++ b/objects/vulnerability/vulnerability--f2e2f8a7-d346-4a95-a052-b77e3dfede70.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27dd798d-c093-4c25-9d1a-5d263dd03868", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2e2f8a7-d346-4a95-a052-b77e3dfede70", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:32.647335Z", + "modified": "2024-10-21T00:21:32.647335Z", + "name": "CVE-2024-10195", + "description": "A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10195" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f491cc08-0c1c-4cd2-91c4-ad1666dff6b0.json b/objects/vulnerability/vulnerability--f491cc08-0c1c-4cd2-91c4-ad1666dff6b0.json new file mode 100644 index 00000000000..22218e4505f --- /dev/null +++ b/objects/vulnerability/vulnerability--f491cc08-0c1c-4cd2-91c4-ad1666dff6b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8580c9e6-5ac6-4502-b113-edcb596a0a4b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f491cc08-0c1c-4cd2-91c4-ad1666dff6b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.811788Z", + "modified": "2024-10-21T00:21:33.811788Z", + "name": "CVE-2024-49325", + "description": "Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49325" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa2912bd-d05a-445b-911c-7ed4fd6c9452.json b/objects/vulnerability/vulnerability--fa2912bd-d05a-445b-911c-7ed4fd6c9452.json new file mode 100644 index 00000000000..fab270c2d05 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa2912bd-d05a-445b-911c-7ed4fd6c9452.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--449c2744-dbb4-4dd4-8dd0-f0f751f475f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa2912bd-d05a-445b-911c-7ed4fd6c9452", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.083713Z", + "modified": "2024-10-21T00:21:33.083713Z", + "name": "CVE-2024-44000", + "description": "Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44000" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fbd0ac82-1c3e-4e6d-a3bc-74575cecd890.json b/objects/vulnerability/vulnerability--fbd0ac82-1c3e-4e6d-a3bc-74575cecd890.json new file mode 100644 index 00000000000..b8c0f1df97c --- /dev/null +++ b/objects/vulnerability/vulnerability--fbd0ac82-1c3e-4e6d-a3bc-74575cecd890.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--44c51071-2c68-4010-a839-4c0a8dbbecac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fbd0ac82-1c3e-4e6d-a3bc-74575cecd890", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-10-21T00:21:33.793067Z", + "modified": "2024-10-21T00:21:33.793067Z", + "name": "CVE-2024-49606", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49606" + } + ] + } + ] +} \ No newline at end of file