diff --git a/mapping.csv b/mapping.csv
index 94a566f08e5..32e62c24066 100644
--- a/mapping.csv
+++ b/mapping.csv
@@ -256061,3 +256061,150 @@ vulnerability,CVE-2022-45157,vulnerability--50c97660-fd44-42f9-a998-6b52a653120a
vulnerability,CVE-2023-38920,vulnerability--ee973544-1fb8-46bb-a4d2-11a9c0dabc53
vulnerability,CVE-2023-35686,vulnerability--0c1e28f5-f31b-4ede-84b2-073bf3d3d1ad
vulnerability,CVE-2023-35659,vulnerability--f3c99933-8d30-4eaa-9329-846266712ef5
+vulnerability,CVE-2017-13227,vulnerability--92067f9b-7288-43cf-b0c7-063a7ad23d11
+vulnerability,CVE-2024-51688,vulnerability--49c2ce4f-c8a1-42cc-bfed-ec505d4965a0
+vulnerability,CVE-2024-51684,vulnerability--63c99e97-2f7e-45a8-a6dd-3ba2240bac41
+vulnerability,CVE-2024-51659,vulnerability--5749fce0-d673-49dd-af6f-d4c93c7730e9
+vulnerability,CVE-2024-51679,vulnerability--9ff20deb-f22a-4c66-aeb9-c67326efbd80
+vulnerability,CVE-2024-51156,vulnerability--e10e34d4-f95f-449e-937d-0ca1e2641b76
+vulnerability,CVE-2024-51687,vulnerability--463a984a-e24b-41ea-b8da-66b22683b0ab
+vulnerability,CVE-2024-51658,vulnerability--c4fe0a3c-5692-443c-a486-13a9c8e4c429
+vulnerability,CVE-2024-48973,vulnerability--748ff4bf-9097-45f5-a71f-39e9232066c6
+vulnerability,CVE-2024-48970,vulnerability--aebe29b9-f989-4814-a5c4-42a2c43efe5e
+vulnerability,CVE-2024-48966,vulnerability--1c7463d9-7331-4858-8ce0-6c621d55f129
+vulnerability,CVE-2024-48967,vulnerability--f0d16e98-bc7a-450f-9007-d18ba3bf3c64
+vulnerability,CVE-2024-48284,vulnerability--1438fc61-5953-4da1-b9d8-d7690da93459
+vulnerability,CVE-2024-48974,vulnerability--8ce9aac8-4d26-4ec5-8707-a0849c53afe6
+vulnerability,CVE-2024-48971,vulnerability--6d7b305e-b91f-4250-b7e7-44ebd55f9717
+vulnerability,CVE-2024-52371,vulnerability--d3352d79-489a-4be5-bd79-6c3bd6ab1c35
+vulnerability,CVE-2024-52376,vulnerability--04ff89d8-75d1-4632-8206-25848b3fe28a
+vulnerability,CVE-2024-52379,vulnerability--db1e1197-98c7-4847-acb8-62d1b5bece60
+vulnerability,CVE-2024-52524,vulnerability--1151824c-1357-4094-bff4-37551d3d3cf3
+vulnerability,CVE-2024-52302,vulnerability--bdb834ba-d571-4788-b268-2e85b9cbde50
+vulnerability,CVE-2024-52308,vulnerability--2913a27b-730f-4040-8a67-302ee0fda622
+vulnerability,CVE-2024-52505,vulnerability--ef9c8aa2-230b-4274-af58-1d7f1059036a
+vulnerability,CVE-2024-52374,vulnerability--7053d376-7073-40be-a4a9-02bb939a4df1
+vulnerability,CVE-2024-52375,vulnerability--a55b6de7-1d00-4308-9f6d-0ce63a71e33f
+vulnerability,CVE-2024-52370,vulnerability--a7fb3c40-3c88-4739-8d70-861fed75fc6a
+vulnerability,CVE-2024-52396,vulnerability--0289cefb-298c-4051-96d4-62ab7099d424
+vulnerability,CVE-2024-52613,vulnerability--b6679853-2095-4c8b-9c3f-d3007c8d0899
+vulnerability,CVE-2024-52378,vulnerability--7c4bd41a-3572-4b3a-b0bb-1ac211102d80
+vulnerability,CVE-2024-52381,vulnerability--0a67a8a6-b671-4b09-8cd0-2ba75850efa4
+vulnerability,CVE-2024-52380,vulnerability--812e07a9-2848-4b2e-9942-3388c88a8ae2
+vulnerability,CVE-2024-52369,vulnerability--d4ab1f2f-3351-4881-b060-46b68988a290
+vulnerability,CVE-2024-52372,vulnerability--b1af9f43-e0f8-4a1e-bd59-8fa191c80f94
+vulnerability,CVE-2024-52393,vulnerability--9eb97035-081b-4de3-8352-c65d69a57c59
+vulnerability,CVE-2024-52384,vulnerability--7eeab6f5-a872-4549-b02e-dad4b2bbed5d
+vulnerability,CVE-2024-52382,vulnerability--e46b18ef-abf6-4315-a97b-239009f34cf4
+vulnerability,CVE-2024-52383,vulnerability--bb01c5d4-aff6-4a5a-9de8-87eb0d951795
+vulnerability,CVE-2024-52373,vulnerability--6851bb67-a8ac-49b2-80b4-35bb2149c579
+vulnerability,CVE-2024-52377,vulnerability--d6b91f4b-c70c-444e-8a48-6744e6b09bac
+vulnerability,CVE-2024-45642,vulnerability--4128606b-82ee-4ae7-bf96-3eaee7e40748
+vulnerability,CVE-2024-45670,vulnerability--03e62483-cc30-4577-9353-cf01489e0a5c
+vulnerability,CVE-2024-45253,vulnerability--bb731048-0741-4d30-8449-ed50497fe8bd
+vulnerability,CVE-2024-45254,vulnerability--ca689694-0456-401a-a8aa-46146811d30c
+vulnerability,CVE-2024-45099,vulnerability--239e7efd-d02a-4463-811b-425a3d6e5024
+vulnerability,CVE-2024-10394,vulnerability--a4f841b5-be74-495f-9299-a9d0e6e6ef10
+vulnerability,CVE-2024-10396,vulnerability--9a7c9b6f-6af2-4825-bacb-7aca5e780763
+vulnerability,CVE-2024-10976,vulnerability--db4356bd-c54f-4c8d-b810-b48950403fa3
+vulnerability,CVE-2024-10921,vulnerability--466d28fc-cfc7-4243-9fa0-6f003e02f6cb
+vulnerability,CVE-2024-10146,vulnerability--9eb1b7ab-55f9-47aa-9e4a-fdbf58e00fef
+vulnerability,CVE-2024-10977,vulnerability--3e465c1d-2373-4a16-9f10-f0a5606e9332
+vulnerability,CVE-2024-10978,vulnerability--e191f933-dd78-46ec-862b-7499990d034b
+vulnerability,CVE-2024-10397,vulnerability--268ce7a0-fe96-4edd-92f9-39d32261c965
+vulnerability,CVE-2024-10571,vulnerability--5e791325-5d5b-4d33-9001-0782a952f444
+vulnerability,CVE-2024-10979,vulnerability--0a1ee655-761c-4062-98d3-4b3ed1d343ae
+vulnerability,CVE-2024-10962,vulnerability--b19e83fc-9882-46cb-9774-bae49baff955
+vulnerability,CVE-2024-9472,vulnerability--04637fe6-c46c-4f3b-9eb9-1af8088c8650
+vulnerability,CVE-2024-9693,vulnerability--6c3ce34d-eedb-4634-aa30-dbcc903c5116
+vulnerability,CVE-2024-9633,vulnerability--826a5b2f-e1b5-4c30-bc77-e99d9a77076b
+vulnerability,CVE-2024-9186,vulnerability--c7412866-d641-42b4-b085-999f29306683
+vulnerability,CVE-2024-9832,vulnerability--b385c912-1432-4f27-973c-d0b5f71bbebe
+vulnerability,CVE-2024-9834,vulnerability--0fcec6bd-5ed6-4525-b2f8-730f7b5b6013
+vulnerability,CVE-2024-39707,vulnerability--1ca8de37-7227-4ac7-8a64-c9fab7698dfe
+vulnerability,CVE-2024-47914,vulnerability--12e1148f-57fc-48ac-8c71-15c335675fd9
+vulnerability,CVE-2024-47916,vulnerability--58a46aee-dc7e-4a36-9168-1f483b78c6d6
+vulnerability,CVE-2024-47915,vulnerability--2a15fa4b-1ebe-41ab-9246-c89faa15b920
+vulnerability,CVE-2024-50830,vulnerability--08305511-5a9f-40f7-9593-14a9aa63e355
+vulnerability,CVE-2024-50305,vulnerability--20c0b236-d2f9-408b-b7b6-d5d3447a481e
+vulnerability,CVE-2024-50842,vulnerability--32663d86-7684-4ce1-89f9-fba0f2ab1f75
+vulnerability,CVE-2024-50839,vulnerability--2ce59bb2-a8ea-4616-bf9e-76ab18578200
+vulnerability,CVE-2024-50836,vulnerability--53725a38-6767-4450-85fb-f0aff020ed3d
+vulnerability,CVE-2024-50826,vulnerability--5c3e5ea7-0e49-4ada-9d77-d4a6d4992416
+vulnerability,CVE-2024-50832,vulnerability--ceb22baa-2085-4e30-b52e-9ab81ab69e44
+vulnerability,CVE-2024-50834,vulnerability--ea45e64b-8e6c-4fc5-a43b-1ac2f41009df
+vulnerability,CVE-2024-50824,vulnerability--1a14f3a7-888e-4c74-8c8f-469770be7255
+vulnerability,CVE-2024-50833,vulnerability--5cf0a1f1-1397-46eb-aa2e-91ee6a44bbc3
+vulnerability,CVE-2024-50841,vulnerability--f750c514-7443-4b42-b462-03802520ec95
+vulnerability,CVE-2024-50838,vulnerability--24943e28-c6cc-4bfe-a094-8b221090b932
+vulnerability,CVE-2024-50827,vulnerability--6682d7fa-5bd5-4aec-8804-4d32c5b2e6e8
+vulnerability,CVE-2024-50843,vulnerability--9d47b388-dc15-4f17-88aa-79fab33b83db
+vulnerability,CVE-2024-50825,vulnerability--75cf0f8b-ec3c-483a-8567-a2fd9c03f170
+vulnerability,CVE-2024-50835,vulnerability--07dd254f-de87-42fc-ab59-619fa6273905
+vulnerability,CVE-2024-50968,vulnerability--3213dc60-79d8-4b94-92e6-8f6fd44a3e60
+vulnerability,CVE-2024-50840,vulnerability--851771fe-932a-4ac4-9cbd-75bce61fa4f6
+vulnerability,CVE-2024-50837,vulnerability--06d06a9f-781c-4b7f-bf97-341e37be431e
+vulnerability,CVE-2024-50823,vulnerability--6ec2f16d-0691-4a04-98cd-f164365a8b43
+vulnerability,CVE-2024-50829,vulnerability--d2058969-54d4-4849-9b71-3f23efb6d79a
+vulnerability,CVE-2024-50306,vulnerability--42e388b5-e273-4e13-9fff-07361e3bd558
+vulnerability,CVE-2024-50831,vulnerability--922e7942-8847-4995-a6b0-bbfee070c809
+vulnerability,CVE-2024-50828,vulnerability--0c838cb8-e7c8-4434-b9e5-4f32acac501f
+vulnerability,CVE-2024-7730,vulnerability--c45975f2-7b3c-4966-90bf-f1862db59bbf
+vulnerability,CVE-2024-7124,vulnerability--d5612c74-e639-43b6-94f5-8b9552ad8df8
+vulnerability,CVE-2024-7404,vulnerability--aa2cdbc7-d695-4063-9301-d88338f386ae
+vulnerability,CVE-2024-7787,vulnerability--0425bb76-5e24-4ce7-9eda-6b9e19c4885b
+vulnerability,CVE-2024-11136,vulnerability--7701992b-6eb3-4227-8cb7-d5eb43d78b1c
+vulnerability,CVE-2024-11214,vulnerability--16a43e7a-a046-4a8c-9ec0-d103591040f5
+vulnerability,CVE-2024-11213,vulnerability--f9cc7ec3-6d0c-4750-b85f-050a675b4da3
+vulnerability,CVE-2024-11210,vulnerability--f520ce49-228e-4312-b8dc-cc614374ac3c
+vulnerability,CVE-2024-11208,vulnerability--619ac90c-a0e4-41e0-83b2-5cd6270ddb08
+vulnerability,CVE-2024-11212,vulnerability--5efa77c7-8a0c-4eaa-a522-f807aea46039
+vulnerability,CVE-2024-11211,vulnerability--6aa7d5e7-87c2-4880-84d8-634a81028966
+vulnerability,CVE-2024-11206,vulnerability--00d0e296-dd03-49a1-b0a2-372e7d642acf
+vulnerability,CVE-2024-11209,vulnerability--638435ff-1221-470a-819a-091e04977b47
+vulnerability,CVE-2024-11207,vulnerability--7aac80c8-2707-4d62-842b-d1f27bd2c3ec
+vulnerability,CVE-2024-11215,vulnerability--072b17e0-0cf8-41eb-b3be-31a70373a40b
+vulnerability,CVE-2024-3502,vulnerability--38297286-af44-4bca-a30a-4c12d85ffa10
+vulnerability,CVE-2024-3447,vulnerability--3552b49c-e216-416a-8054-77c0855eba44
+vulnerability,CVE-2024-3379,vulnerability--d9a3b02f-a872-4762-a400-b97862a96733
+vulnerability,CVE-2024-3760,vulnerability--8cfb6c48-5ea3-4d02-a02b-0422080d189b
+vulnerability,CVE-2024-3501,vulnerability--1156a1f1-689b-4dd7-b417-bbb1dc5c8686
+vulnerability,CVE-2024-8648,vulnerability--ae769ad2-575b-4af0-ae67-1cf1dc3b328d
+vulnerability,CVE-2024-8180,vulnerability--8a333000-30c5-460c-8f05-94339dc016c6
+vulnerability,CVE-2024-38479,vulnerability--1f697f9b-8710-49b0-9ef6-2ff804b25228
+vulnerability,CVE-2024-40579,vulnerability--baac16fc-b0fb-4d44-b46d-71f6a05b6938
+vulnerability,CVE-2024-31695,vulnerability--a01a2c5d-302c-4ddc-a6d4-692f04c975e2
+vulnerability,CVE-2024-41209,vulnerability--1674ea49-f344-49fb-ab49-e7e792056f4c
+vulnerability,CVE-2024-41206,vulnerability--d1580d06-952a-4b69-b87d-35ff21f27e0b
+vulnerability,CVE-2024-41217,vulnerability--71ef0500-6d0e-4d4c-94ec-5a77b149f86b
+vulnerability,CVE-2024-37285,vulnerability--8421e74e-e3fb-4dce-9151-19956245d8ca
+vulnerability,CVE-2024-49362,vulnerability--71896b35-44ae-4dfe-a651-0242b51ccf04
+vulnerability,CVE-2024-49025,vulnerability--6c78fc18-afab-41ef-a9fe-8a765cae5e9b
+vulnerability,CVE-2024-49777,vulnerability--5ddaf00b-1605-4a10-8960-0293d1bcce25
+vulnerability,CVE-2024-49776,vulnerability--699e5309-83ae-40a1-a0af-acce6ec532c7
+vulnerability,CVE-2024-49778,vulnerability--d559507d-2af8-4f57-a095-f659205683cc
+vulnerability,CVE-2024-2552,vulnerability--dd0d4468-1155-4982-92ed-a563a45cdd9b
+vulnerability,CVE-2024-2551,vulnerability--cf6b6785-b68e-46bb-a0e4-b0c069162cf3
+vulnerability,CVE-2024-2550,vulnerability--eff327d6-1bea-476f-859a-1024503bf329
+vulnerability,CVE-2024-42188,vulnerability--9f3e4d25-6c05-47c1-a126-833540505fb2
+vulnerability,CVE-2024-1682,vulnerability--7d0d5b81-df8e-4e97-9704-d5cedbca5eec
+vulnerability,CVE-2024-4343,vulnerability--56db748d-a296-4e96-b5f0-5283fa493ccf
+vulnerability,CVE-2024-4311,vulnerability--211a0550-2e80-4563-a3ff-29a92ecd56f4
+vulnerability,CVE-2024-5917,vulnerability--58488ae1-4a31-45e4-935b-2f3730cb3352
+vulnerability,CVE-2024-5919,vulnerability--98b52c74-7e28-4e17-a70e-415520742e82
+vulnerability,CVE-2024-5125,vulnerability--6a01b442-004c-4940-9a19-3c3ce1e2d8c9
+vulnerability,CVE-2024-5918,vulnerability--c6b36d2f-1a2f-4104-be57-4fa7eb036c3f
+vulnerability,CVE-2024-5920,vulnerability--4d12b0ca-3b34-4a4e-9834-e8dada233c67
+vulnerability,CVE-2024-5082,vulnerability--9162f380-7ddc-4163-801c-c7c398f33bf8
+vulnerability,CVE-2024-5083,vulnerability--43f1fc83-4da1-4eb2-8957-f516ef4ca8ca
+vulnerability,CVE-2024-6068,vulnerability--8215c431-1409-4673-bffa-b9e6dd6a0e52
+vulnerability,CVE-2022-31666,vulnerability--7a4ac646-48fe-4235-b3c5-a7b900302450
+vulnerability,CVE-2022-31669,vulnerability--c0f04206-c454-4192-9835-25075122233f
+vulnerability,CVE-2022-31667,vulnerability--9b347c2f-6c16-4ab9-96fb-c8017e079e1d
+vulnerability,CVE-2022-31670,vulnerability--7bf44a55-5c71-403f-b557-7a78df6e7a82
+vulnerability,CVE-2022-31668,vulnerability--1b6c0929-d046-4c50-9881-f30212f8ffbf
+vulnerability,CVE-2022-31671,vulnerability--35acace8-1d47-42dc-b85b-e884d8b806ea
+vulnerability,CVE-2022-2232,vulnerability--b8a6c6e8-cfc0-41e4-a0fd-e8f929e053b4
+vulnerability,CVE-2023-34049,vulnerability--b6e67f2d-6053-41e0-a0c1-8344cda4a09a
+vulnerability,CVE-2023-4458,vulnerability--6663e851-3dc2-45a0-8842-2ca203262c2f
+vulnerability,CVE-2023-4134,vulnerability--4ee77bd1-4764-46e4-a74c-a43db2839d6e
diff --git a/objects/vulnerability/vulnerability--00d0e296-dd03-49a1-b0a2-372e7d642acf.json b/objects/vulnerability/vulnerability--00d0e296-dd03-49a1-b0a2-372e7d642acf.json
new file mode 100644
index 00000000000..70f7a4880c5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--00d0e296-dd03-49a1-b0a2-372e7d642acf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1801065c-b304-42b1-9862-76a536edada3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--00d0e296-dd03-49a1-b0a2-372e7d642acf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.695469Z",
+ "modified": "2024-11-15T00:38:53.695469Z",
+ "name": "CVE-2024-11206",
+ "description": "Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11206"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0289cefb-298c-4051-96d4-62ab7099d424.json b/objects/vulnerability/vulnerability--0289cefb-298c-4051-96d4-62ab7099d424.json
new file mode 100644
index 00000000000..0ecc2edb27c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0289cefb-298c-4051-96d4-62ab7099d424.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b4db1651-6856-47e8-bf7f-48dace7e1e07",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0289cefb-298c-4051-96d4-62ab7099d424",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.087219Z",
+ "modified": "2024-11-15T00:38:53.087219Z",
+ "name": "CVE-2024-52396",
+ "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal.This issue affects WOLF: from n/a through 1.0.8.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52396"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--03e62483-cc30-4577-9353-cf01489e0a5c.json b/objects/vulnerability/vulnerability--03e62483-cc30-4577-9353-cf01489e0a5c.json
new file mode 100644
index 00000000000..d25eb305d07
--- /dev/null
+++ b/objects/vulnerability/vulnerability--03e62483-cc30-4577-9353-cf01489e0a5c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7de8e7cb-db1e-4441-bccb-75b3193df2ed",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--03e62483-cc30-4577-9353-cf01489e0a5c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.143162Z",
+ "modified": "2024-11-15T00:38:53.143162Z",
+ "name": "CVE-2024-45670",
+ "description": "IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45670"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0425bb76-5e24-4ce7-9eda-6b9e19c4885b.json b/objects/vulnerability/vulnerability--0425bb76-5e24-4ce7-9eda-6b9e19c4885b.json
new file mode 100644
index 00000000000..f53388b5aa5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0425bb76-5e24-4ce7-9eda-6b9e19c4885b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5083e4ae-46b4-4c7d-b66b-bf0684db3df5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0425bb76-5e24-4ce7-9eda-6b9e19c4885b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.60971Z",
+ "modified": "2024-11-15T00:38:53.60971Z",
+ "name": "CVE-2024-7787",
+ "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ITG Computer Technology vSRM Supplier Relationship Management System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects vSRM Supplier Relationship Management System: before 28.08.2024.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7787"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--04637fe6-c46c-4f3b-9eb9-1af8088c8650.json b/objects/vulnerability/vulnerability--04637fe6-c46c-4f3b-9eb9-1af8088c8650.json
new file mode 100644
index 00000000000..128470b0360
--- /dev/null
+++ b/objects/vulnerability/vulnerability--04637fe6-c46c-4f3b-9eb9-1af8088c8650.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0ff72d4b-90ae-4fc9-830e-dbbbe213066f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--04637fe6-c46c-4f3b-9eb9-1af8088c8650",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.243773Z",
+ "modified": "2024-11-15T00:38:53.243773Z",
+ "name": "CVE-2024-9472",
+ "description": "A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.\n\n\nPalo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.\n\n\nThis issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:\n\n * 10.2.7-h12\n * 10.2.8-h10\n * 10.2.9-h9\n * 10.2.9-h11\n * 10.2.10-h2\n * 10.2.10-h3\n * 10.2.11\n * 10.2.11-h1\n * 10.2.11-h2\n * 10.2.11-h3\n * 11.1.2-h9\n * 11.1.2-h12\n * 11.1.3-h2\n * 11.1.3-h4\n * 11.1.3-h6\n * 11.2.2\n * 11.2.2-h1",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9472"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--04ff89d8-75d1-4632-8206-25848b3fe28a.json b/objects/vulnerability/vulnerability--04ff89d8-75d1-4632-8206-25848b3fe28a.json
new file mode 100644
index 00000000000..a6041a4859d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--04ff89d8-75d1-4632-8206-25848b3fe28a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--529c2e9a-f65c-44a1-974e-337258cea293",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--04ff89d8-75d1-4632-8206-25848b3fe28a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.071017Z",
+ "modified": "2024-11-15T00:38:53.071017Z",
+ "name": "CVE-2024-52376",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52376"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--06d06a9f-781c-4b7f-bf97-341e37be431e.json b/objects/vulnerability/vulnerability--06d06a9f-781c-4b7f-bf97-341e37be431e.json
new file mode 100644
index 00000000000..a1c1f963504
--- /dev/null
+++ b/objects/vulnerability/vulnerability--06d06a9f-781c-4b7f-bf97-341e37be431e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cc014613-09c5-4333-b264-e09c97002342",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--06d06a9f-781c-4b7f-bf97-341e37be431e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.477007Z",
+ "modified": "2024-11-15T00:38:53.477007Z",
+ "name": "CVE-2024-50837",
+ "description": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50837"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--072b17e0-0cf8-41eb-b3be-31a70373a40b.json b/objects/vulnerability/vulnerability--072b17e0-0cf8-41eb-b3be-31a70373a40b.json
new file mode 100644
index 00000000000..88b80a9ffa2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--072b17e0-0cf8-41eb-b3be-31a70373a40b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--992bdc33-8505-4c6a-8e30-5d5b0303c621",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--072b17e0-0cf8-41eb-b3be-31a70373a40b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.699817Z",
+ "modified": "2024-11-15T00:38:53.699817Z",
+ "name": "CVE-2024-11215",
+ "description": "Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only consecutive strings ‘/...%5c’.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11215"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--07dd254f-de87-42fc-ab59-619fa6273905.json b/objects/vulnerability/vulnerability--07dd254f-de87-42fc-ab59-619fa6273905.json
new file mode 100644
index 00000000000..a4464b59425
--- /dev/null
+++ b/objects/vulnerability/vulnerability--07dd254f-de87-42fc-ab59-619fa6273905.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--65eab640-7acb-44eb-a5e6-9c3c54688ac1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--07dd254f-de87-42fc-ab59-619fa6273905",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.47264Z",
+ "modified": "2024-11-15T00:38:53.47264Z",
+ "name": "CVE-2024-50835",
+ "description": "A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50835"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--08305511-5a9f-40f7-9593-14a9aa63e355.json b/objects/vulnerability/vulnerability--08305511-5a9f-40f7-9593-14a9aa63e355.json
new file mode 100644
index 00000000000..204afb6221e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--08305511-5a9f-40f7-9593-14a9aa63e355.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--534317a1-044f-41ee-b17d-8e3d074cc7a6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--08305511-5a9f-40f7-9593-14a9aa63e355",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.423222Z",
+ "modified": "2024-11-15T00:38:53.423222Z",
+ "name": "CVE-2024-50830",
+ "description": "A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50830"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0a1ee655-761c-4062-98d3-4b3ed1d343ae.json b/objects/vulnerability/vulnerability--0a1ee655-761c-4062-98d3-4b3ed1d343ae.json
new file mode 100644
index 00000000000..3a7521dc3f9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0a1ee655-761c-4062-98d3-4b3ed1d343ae.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8f490427-75b6-4c4d-acc7-a03f4f2030af",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0a1ee655-761c-4062-98d3-4b3ed1d343ae",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.230946Z",
+ "modified": "2024-11-15T00:38:53.230946Z",
+ "name": "CVE-2024-10979",
+ "description": "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10979"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0a67a8a6-b671-4b09-8cd0-2ba75850efa4.json b/objects/vulnerability/vulnerability--0a67a8a6-b671-4b09-8cd0-2ba75850efa4.json
new file mode 100644
index 00000000000..10bfff7a773
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0a67a8a6-b671-4b09-8cd0-2ba75850efa4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c16fb250-5f2e-4627-b374-08914288f24e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0a67a8a6-b671-4b09-8cd0-2ba75850efa4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.093488Z",
+ "modified": "2024-11-15T00:38:53.093488Z",
+ "name": "CVE-2024-52381",
+ "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through 1.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52381"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0c838cb8-e7c8-4434-b9e5-4f32acac501f.json b/objects/vulnerability/vulnerability--0c838cb8-e7c8-4434-b9e5-4f32acac501f.json
new file mode 100644
index 00000000000..1cdd1276b66
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0c838cb8-e7c8-4434-b9e5-4f32acac501f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--42845f1e-77d1-43c5-a595-b1026a77e4c6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0c838cb8-e7c8-4434-b9e5-4f32acac501f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.497475Z",
+ "modified": "2024-11-15T00:38:53.497475Z",
+ "name": "CVE-2024-50828",
+ "description": "A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50828"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0fcec6bd-5ed6-4525-b2f8-730f7b5b6013.json b/objects/vulnerability/vulnerability--0fcec6bd-5ed6-4525-b2f8-730f7b5b6013.json
new file mode 100644
index 00000000000..cc16be3edc9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0fcec6bd-5ed6-4525-b2f8-730f7b5b6013.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a189986f-8539-4796-8865-92801fb8872f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0fcec6bd-5ed6-4525-b2f8-730f7b5b6013",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.297897Z",
+ "modified": "2024-11-15T00:38:53.297897Z",
+ "name": "CVE-2024-9834",
+ "description": "Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9834"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1151824c-1357-4094-bff4-37551d3d3cf3.json b/objects/vulnerability/vulnerability--1151824c-1357-4094-bff4-37551d3d3cf3.json
new file mode 100644
index 00000000000..b433a844c87
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1151824c-1357-4094-bff4-37551d3d3cf3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--05cccf60-e2ee-43c6-8322-0474ea42253f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1151824c-1357-4094-bff4-37551d3d3cf3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.075506Z",
+ "modified": "2024-11-15T00:38:53.075506Z",
+ "name": "CVE-2024-52524",
+ "description": "Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52524"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1156a1f1-689b-4dd7-b417-bbb1dc5c8686.json b/objects/vulnerability/vulnerability--1156a1f1-689b-4dd7-b417-bbb1dc5c8686.json
new file mode 100644
index 00000000000..2b7e7b58349
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1156a1f1-689b-4dd7-b417-bbb1dc5c8686.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a9cfe087-333f-40d6-938a-bc3341b38a41",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1156a1f1-689b-4dd7-b417-bbb1dc5c8686",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.863456Z",
+ "modified": "2024-11-15T00:38:53.863456Z",
+ "name": "CVE-2024-3501",
+ "description": "In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password resets or account verification, are exposed to unauthorized actors, potentially allowing them to perform actions on behalf of the user. This issue was addressed in version 1.2.6, where the exposure of single-use tokens in user-facing queries was mitigated.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-3501"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--12e1148f-57fc-48ac-8c71-15c335675fd9.json b/objects/vulnerability/vulnerability--12e1148f-57fc-48ac-8c71-15c335675fd9.json
new file mode 100644
index 00000000000..405156d2d84
--- /dev/null
+++ b/objects/vulnerability/vulnerability--12e1148f-57fc-48ac-8c71-15c335675fd9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--86f0523a-4b97-4d13-b194-8b77d1fe46ba",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--12e1148f-57fc-48ac-8c71-15c335675fd9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.363253Z",
+ "modified": "2024-11-15T00:38:53.363253Z",
+ "name": "CVE-2024-47914",
+ "description": "VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47914"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1438fc61-5953-4da1-b9d8-d7690da93459.json b/objects/vulnerability/vulnerability--1438fc61-5953-4da1-b9d8-d7690da93459.json
new file mode 100644
index 00000000000..534a677b63e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1438fc61-5953-4da1-b9d8-d7690da93459.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--faed3b27-c446-4d52-ac03-8c6e152c6ec1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1438fc61-5953-4da1-b9d8-d7690da93459",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.967001Z",
+ "modified": "2024-11-15T00:38:52.967001Z",
+ "name": "CVE-2024-48284",
+ "description": "A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST HTTP request.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48284"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1674ea49-f344-49fb-ab49-e7e792056f4c.json b/objects/vulnerability/vulnerability--1674ea49-f344-49fb-ab49-e7e792056f4c.json
new file mode 100644
index 00000000000..966ba1adcc4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1674ea49-f344-49fb-ab49-e7e792056f4c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2daa54ad-2976-4aac-aac3-71e2ec6cfcb8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1674ea49-f344-49fb-ab49-e7e792056f4c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.22228Z",
+ "modified": "2024-11-15T00:38:54.22228Z",
+ "name": "CVE-2024-41209",
+ "description": "A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-41209"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--16a43e7a-a046-4a8c-9ec0-d103591040f5.json b/objects/vulnerability/vulnerability--16a43e7a-a046-4a8c-9ec0-d103591040f5.json
new file mode 100644
index 00000000000..b984ce57fb0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--16a43e7a-a046-4a8c-9ec0-d103591040f5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8a154d9e-e0ea-4325-9e4f-17cdf5b1dbfc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--16a43e7a-a046-4a8c-9ec0-d103591040f5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.683785Z",
+ "modified": "2024-11-15T00:38:53.683785Z",
+ "name": "CVE-2024-11214",
+ "description": "A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11214"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1a14f3a7-888e-4c74-8c8f-469770be7255.json b/objects/vulnerability/vulnerability--1a14f3a7-888e-4c74-8c8f-469770be7255.json
new file mode 100644
index 00000000000..36aeeddd6e8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1a14f3a7-888e-4c74-8c8f-469770be7255.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--60e30aa8-fc89-4212-8652-b8426d22bf93",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1a14f3a7-888e-4c74-8c8f-469770be7255",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.44757Z",
+ "modified": "2024-11-15T00:38:53.44757Z",
+ "name": "CVE-2024-50824",
+ "description": "A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50824"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1b6c0929-d046-4c50-9881-f30212f8ffbf.json b/objects/vulnerability/vulnerability--1b6c0929-d046-4c50-9881-f30212f8ffbf.json
new file mode 100644
index 00000000000..88e583142be
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1b6c0929-d046-4c50-9881-f30212f8ffbf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e9b7a1c7-535a-430d-994d-ef6cad892d0e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1b6c0929-d046-4c50-9881-f30212f8ffbf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:59.741589Z",
+ "modified": "2024-11-15T00:38:59.741589Z",
+ "name": "CVE-2022-31668",
+ "description": "Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-31668"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1c7463d9-7331-4858-8ce0-6c621d55f129.json b/objects/vulnerability/vulnerability--1c7463d9-7331-4858-8ce0-6c621d55f129.json
new file mode 100644
index 00000000000..6e396aab814
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1c7463d9-7331-4858-8ce0-6c621d55f129.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0c704640-09cf-4712-8008-fe4735fa7bc5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1c7463d9-7331-4858-8ce0-6c621d55f129",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.936424Z",
+ "modified": "2024-11-15T00:38:52.936424Z",
+ "name": "CVE-2024-48966",
+ "description": "The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48966"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1ca8de37-7227-4ac7-8a64-c9fab7698dfe.json b/objects/vulnerability/vulnerability--1ca8de37-7227-4ac7-8a64-c9fab7698dfe.json
new file mode 100644
index 00000000000..abe285ea689
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1ca8de37-7227-4ac7-8a64-c9fab7698dfe.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b1d0a634-c27d-4259-a8d8-83e3baf09b1a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1ca8de37-7227-4ac7-8a64-c9fab7698dfe",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.353402Z",
+ "modified": "2024-11-15T00:38:53.353402Z",
+ "name": "CVE-2024-39707",
+ "description": "Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version 05.46.19; kernel 5.5, version 05.54.19; kernel 5.6, version 05.61.19.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-39707"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1f697f9b-8710-49b0-9ef6-2ff804b25228.json b/objects/vulnerability/vulnerability--1f697f9b-8710-49b0-9ef6-2ff804b25228.json
new file mode 100644
index 00000000000..31328db7a55
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1f697f9b-8710-49b0-9ef6-2ff804b25228.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d99977d1-3c10-4ac7-8d43-adf6c8d74dd4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1f697f9b-8710-49b0-9ef6-2ff804b25228",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.021611Z",
+ "modified": "2024-11-15T00:38:54.021611Z",
+ "name": "CVE-2024-38479",
+ "description": "Improper Input Validation vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5.\n\nUsers are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-38479"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--20c0b236-d2f9-408b-b7b6-d5d3447a481e.json b/objects/vulnerability/vulnerability--20c0b236-d2f9-408b-b7b6-d5d3447a481e.json
new file mode 100644
index 00000000000..9ce184cfc7a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--20c0b236-d2f9-408b-b7b6-d5d3447a481e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fd77864a-d534-4783-8cbe-624b4652a432",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--20c0b236-d2f9-408b-b7b6-d5d3447a481e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.426761Z",
+ "modified": "2024-11-15T00:38:53.426761Z",
+ "name": "CVE-2024-50305",
+ "description": "Valid Host header field can cause Apache Traffic Server to crash on some platforms.\n\nThis issue affects Apache Traffic Server: from 9.2.0 through 9.2.5.\n\nUsers are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50305"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--211a0550-2e80-4563-a3ff-29a92ecd56f4.json b/objects/vulnerability/vulnerability--211a0550-2e80-4563-a3ff-29a92ecd56f4.json
new file mode 100644
index 00000000000..6d64e838ce8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--211a0550-2e80-4563-a3ff-29a92ecd56f4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--78ade499-d9a6-4b51-bd37-b1b1a34e805f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--211a0550-2e80-4563-a3ff-29a92ecd56f4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.208769Z",
+ "modified": "2024-11-15T00:38:55.208769Z",
+ "name": "CVE-2024-4311",
+ "description": "zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-4311"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--239e7efd-d02a-4463-811b-425a3d6e5024.json b/objects/vulnerability/vulnerability--239e7efd-d02a-4463-811b-425a3d6e5024.json
new file mode 100644
index 00000000000..2a1076410ac
--- /dev/null
+++ b/objects/vulnerability/vulnerability--239e7efd-d02a-4463-811b-425a3d6e5024.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f81f1724-5704-4ba6-856e-4bfa99624f65",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--239e7efd-d02a-4463-811b-425a3d6e5024",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.166299Z",
+ "modified": "2024-11-15T00:38:53.166299Z",
+ "name": "CVE-2024-45099",
+ "description": "IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45099"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--24943e28-c6cc-4bfe-a094-8b221090b932.json b/objects/vulnerability/vulnerability--24943e28-c6cc-4bfe-a094-8b221090b932.json
new file mode 100644
index 00000000000..336276fc100
--- /dev/null
+++ b/objects/vulnerability/vulnerability--24943e28-c6cc-4bfe-a094-8b221090b932.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3ec9069e-0b22-47c9-babd-45abdae734a7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--24943e28-c6cc-4bfe-a094-8b221090b932",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.456088Z",
+ "modified": "2024-11-15T00:38:53.456088Z",
+ "name": "CVE-2024-50838",
+ "description": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50838"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--268ce7a0-fe96-4edd-92f9-39d32261c965.json b/objects/vulnerability/vulnerability--268ce7a0-fe96-4edd-92f9-39d32261c965.json
new file mode 100644
index 00000000000..1ac20bfea8c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--268ce7a0-fe96-4edd-92f9-39d32261c965.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--87149f4c-5038-490b-85bb-8e6662d0231a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--268ce7a0-fe96-4edd-92f9-39d32261c965",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.228472Z",
+ "modified": "2024-11-15T00:38:53.228472Z",
+ "name": "CVE-2024-10397",
+ "description": "A malicious server can crash the OpenAFS cache manager and other client\nutilities, and possibly execute arbitrary code.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10397"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2913a27b-730f-4040-8a67-302ee0fda622.json b/objects/vulnerability/vulnerability--2913a27b-730f-4040-8a67-302ee0fda622.json
new file mode 100644
index 00000000000..02fe78a3998
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2913a27b-730f-4040-8a67-302ee0fda622.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9669533a-ec11-4342-a8f2-df9172ff4ccf",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2913a27b-730f-4040-8a67-302ee0fda622",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.077731Z",
+ "modified": "2024-11-15T00:38:53.077731Z",
+ "name": "CVE-2024-52308",
+ "description": "The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0.\n\nDevelopers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image](https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#using-the-default-dev-container-configuration). GitHub CLI [retrieves SSH connection details](https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/invoker.go#L230-L244), such as remote username, which is used in [executing `ssh` commands](https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L263) for `gh codespace ssh` or `gh codespace logs` commands.\n\nThis exploit occurs when a malicious third-party devcontainer contains a modified SSH server that injects `ssh` arguments within the SSH connection details. `gh codespace ssh` and `gh codespace logs` commands could execute arbitrary code on the user's workstation if the remote username contains something like `-oProxyCommand=\"echo hacked\" #`. The `-oProxyCommand` flag causes `ssh` to execute the provided command while `#` shell comment causes any other `ssh` arguments to be ignored.\n\nIn `2.62.0`, the remote username information is being validated before being used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52308"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2a15fa4b-1ebe-41ab-9246-c89faa15b920.json b/objects/vulnerability/vulnerability--2a15fa4b-1ebe-41ab-9246-c89faa15b920.json
new file mode 100644
index 00000000000..c35c413a5cf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2a15fa4b-1ebe-41ab-9246-c89faa15b920.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ac9dcfb4-9f52-4bbd-b53c-7701214043fc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2a15fa4b-1ebe-41ab-9246-c89faa15b920",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.380341Z",
+ "modified": "2024-11-15T00:38:53.380341Z",
+ "name": "CVE-2024-47915",
+ "description": "VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47915"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2ce59bb2-a8ea-4616-bf9e-76ab18578200.json b/objects/vulnerability/vulnerability--2ce59bb2-a8ea-4616-bf9e-76ab18578200.json
new file mode 100644
index 00000000000..9b21a909d5d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2ce59bb2-a8ea-4616-bf9e-76ab18578200.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f10e0730-c7c2-4f2c-b482-4c961a2270d7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2ce59bb2-a8ea-4616-bf9e-76ab18578200",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.430041Z",
+ "modified": "2024-11-15T00:38:53.430041Z",
+ "name": "CVE-2024-50839",
+ "description": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50839"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3213dc60-79d8-4b94-92e6-8f6fd44a3e60.json b/objects/vulnerability/vulnerability--3213dc60-79d8-4b94-92e6-8f6fd44a3e60.json
new file mode 100644
index 00000000000..4fa621607c5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3213dc60-79d8-4b94-92e6-8f6fd44a3e60.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fd1a7f9a-6d47-448d-a8cb-f8a3c4aadc79",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3213dc60-79d8-4b94-92e6-8f6fd44a3e60",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.474348Z",
+ "modified": "2024-11-15T00:38:53.474348Z",
+ "name": "CVE-2024-50968",
+ "description": "A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the application's total price calculation logic. This vulnerability causes the total price to be reduced to zero, allowing the attacker to add items to the cart and proceed to checkout.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50968"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--32663d86-7684-4ce1-89f9-fba0f2ab1f75.json b/objects/vulnerability/vulnerability--32663d86-7684-4ce1-89f9-fba0f2ab1f75.json
new file mode 100644
index 00000000000..72a9c7266b8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--32663d86-7684-4ce1-89f9-fba0f2ab1f75.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--57b812c5-6447-4b09-94ea-b982b629c9db",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--32663d86-7684-4ce1-89f9-fba0f2ab1f75",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.428076Z",
+ "modified": "2024-11-15T00:38:53.428076Z",
+ "name": "CVE-2024-50842",
+ "description": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50842"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3552b49c-e216-416a-8054-77c0855eba44.json b/objects/vulnerability/vulnerability--3552b49c-e216-416a-8054-77c0855eba44.json
new file mode 100644
index 00000000000..ecdfa80acb5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3552b49c-e216-416a-8054-77c0855eba44.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1dcaa724-311c-4032-b258-5493ace7f70a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3552b49c-e216-416a-8054-77c0855eba44",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.838562Z",
+ "modified": "2024-11-15T00:38:53.838562Z",
+ "name": "CVE-2024-3447",
+ "description": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-3447"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--35acace8-1d47-42dc-b85b-e884d8b806ea.json b/objects/vulnerability/vulnerability--35acace8-1d47-42dc-b85b-e884d8b806ea.json
new file mode 100644
index 00000000000..f5093bda7d5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--35acace8-1d47-42dc-b85b-e884d8b806ea.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--82f229b0-63bd-4650-8d52-59289d747a56",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--35acace8-1d47-42dc-b85b-e884d8b806ea",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:59.770272Z",
+ "modified": "2024-11-15T00:38:59.770272Z",
+ "name": "CVE-2022-31671",
+ "description": "Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-31671"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--38297286-af44-4bca-a30a-4c12d85ffa10.json b/objects/vulnerability/vulnerability--38297286-af44-4bca-a30a-4c12d85ffa10.json
new file mode 100644
index 00000000000..7300b9596d3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--38297286-af44-4bca-a30a-4c12d85ffa10.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c55a99a4-17ef-434d-9287-98904d70384b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--38297286-af44-4bca-a30a-4c12d85ffa10",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.833502Z",
+ "modified": "2024-11-15T00:38:53.833502Z",
+ "name": "CVE-2024-3502",
+ "description": "In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This issue occurs when authenticated users inspect responses from `GET /v1/users/me` and `GET /v1/users/me/org` endpoints. The exposed account recovery hashes, while not directly related to user passwords, represent sensitive information that should not be accessible to unauthorized parties. Exposing these hashes could potentially facilitate account recovery attacks or other malicious activities. The vulnerability was addressed in version 1.2.6.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-3502"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3e465c1d-2373-4a16-9f10-f0a5606e9332.json b/objects/vulnerability/vulnerability--3e465c1d-2373-4a16-9f10-f0a5606e9332.json
new file mode 100644
index 00000000000..8fcf0dc3b0d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3e465c1d-2373-4a16-9f10-f0a5606e9332.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e11bd15e-1ac2-4ab8-b60e-dc4537c58504",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3e465c1d-2373-4a16-9f10-f0a5606e9332",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.213234Z",
+ "modified": "2024-11-15T00:38:53.213234Z",
+ "name": "CVE-2024-10977",
+ "description": "Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10977"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4128606b-82ee-4ae7-bf96-3eaee7e40748.json b/objects/vulnerability/vulnerability--4128606b-82ee-4ae7-bf96-3eaee7e40748.json
new file mode 100644
index 00000000000..2a20fc42aef
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4128606b-82ee-4ae7-bf96-3eaee7e40748.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f02fcf4e-713d-43e8-8a74-877fcd1f7280",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4128606b-82ee-4ae7-bf96-3eaee7e40748",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.136272Z",
+ "modified": "2024-11-15T00:38:53.136272Z",
+ "name": "CVE-2024-45642",
+ "description": "IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45642"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--42e388b5-e273-4e13-9fff-07361e3bd558.json b/objects/vulnerability/vulnerability--42e388b5-e273-4e13-9fff-07361e3bd558.json
new file mode 100644
index 00000000000..4031ef8856e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--42e388b5-e273-4e13-9fff-07361e3bd558.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5eb4d65b-4793-491f-adc2-71b3f96f5889",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--42e388b5-e273-4e13-9fff-07361e3bd558",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.492928Z",
+ "modified": "2024-11-15T00:38:53.492928Z",
+ "name": "CVE-2024-50306",
+ "description": "Unchecked return value can allow Apache Traffic Server to retain privileges on startup.\n\nThis issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1.\n\nUsers are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50306"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--43f1fc83-4da1-4eb2-8957-f516ef4ca8ca.json b/objects/vulnerability/vulnerability--43f1fc83-4da1-4eb2-8957-f516ef4ca8ca.json
new file mode 100644
index 00000000000..caa6767542d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--43f1fc83-4da1-4eb2-8957-f516ef4ca8ca.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3c81849e-d7b6-42c9-bf66-5aceeec76ef4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--43f1fc83-4da1-4eb2-8957-f516ef4ca8ca",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.300936Z",
+ "modified": "2024-11-15T00:38:55.300936Z",
+ "name": "CVE-2024-5083",
+ "description": "A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2\n\nThis issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5083"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--463a984a-e24b-41ea-b8da-66b22683b0ab.json b/objects/vulnerability/vulnerability--463a984a-e24b-41ea-b8da-66b22683b0ab.json
new file mode 100644
index 00000000000..8615bc40714
--- /dev/null
+++ b/objects/vulnerability/vulnerability--463a984a-e24b-41ea-b8da-66b22683b0ab.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--12b2e786-5791-42b5-8800-ad640fc83c68",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--463a984a-e24b-41ea-b8da-66b22683b0ab",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.902843Z",
+ "modified": "2024-11-15T00:38:52.902843Z",
+ "name": "CVE-2024-51687",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Platform.Ly Platform.Ly Official allows Stored XSS.This issue affects Platform.Ly Official: from n/a through 1.1.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-51687"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--466d28fc-cfc7-4243-9fa0-6f003e02f6cb.json b/objects/vulnerability/vulnerability--466d28fc-cfc7-4243-9fa0-6f003e02f6cb.json
new file mode 100644
index 00000000000..304b202f6ad
--- /dev/null
+++ b/objects/vulnerability/vulnerability--466d28fc-cfc7-4243-9fa0-6f003e02f6cb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dae15612-5806-45cf-8ec9-546bdf81ee36",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--466d28fc-cfc7-4243-9fa0-6f003e02f6cb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.205686Z",
+ "modified": "2024-11-15T00:38:53.205686Z",
+ "name": "CVE-2024-10921",
+ "description": "An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10921"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--49c2ce4f-c8a1-42cc-bfed-ec505d4965a0.json b/objects/vulnerability/vulnerability--49c2ce4f-c8a1-42cc-bfed-ec505d4965a0.json
new file mode 100644
index 00000000000..9d3c66e35a2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--49c2ce4f-c8a1-42cc-bfed-ec505d4965a0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--03ff529f-17c8-4f1c-a198-247bb649b8cc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--49c2ce4f-c8a1-42cc-bfed-ec505d4965a0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.851795Z",
+ "modified": "2024-11-15T00:38:52.851795Z",
+ "name": "CVE-2024-51688",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-51688"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4d12b0ca-3b34-4a4e-9834-e8dada233c67.json b/objects/vulnerability/vulnerability--4d12b0ca-3b34-4a4e-9834-e8dada233c67.json
new file mode 100644
index 00000000000..2bf04e672cc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4d12b0ca-3b34-4a4e-9834-e8dada233c67.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8b148e42-2b4c-4e2b-b58c-d5c377b9ae85",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4d12b0ca-3b34-4a4e-9834-e8dada233c67",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.284662Z",
+ "modified": "2024-11-15T00:38:55.284662Z",
+ "name": "CVE-2024-5920",
+ "description": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5920"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4ee77bd1-4764-46e4-a74c-a43db2839d6e.json b/objects/vulnerability/vulnerability--4ee77bd1-4764-46e4-a74c-a43db2839d6e.json
new file mode 100644
index 00000000000..a277c845b70
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4ee77bd1-4764-46e4-a74c-a43db2839d6e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e4e49ecf-df56-4349-936d-f33693303050",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4ee77bd1-4764-46e4-a74c-a43db2839d6e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:39:04.911298Z",
+ "modified": "2024-11-15T00:39:04.911298Z",
+ "name": "CVE-2023-4134",
+ "description": "A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-4134"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--53725a38-6767-4450-85fb-f0aff020ed3d.json b/objects/vulnerability/vulnerability--53725a38-6767-4450-85fb-f0aff020ed3d.json
new file mode 100644
index 00000000000..245962ee009
--- /dev/null
+++ b/objects/vulnerability/vulnerability--53725a38-6767-4450-85fb-f0aff020ed3d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--12406336-7e6a-4ce7-ba0b-f4bf68665572",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--53725a38-6767-4450-85fb-f0aff020ed3d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.434592Z",
+ "modified": "2024-11-15T00:38:53.434592Z",
+ "name": "CVE-2024-50836",
+ "description": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50836"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--56db748d-a296-4e96-b5f0-5283fa493ccf.json b/objects/vulnerability/vulnerability--56db748d-a296-4e96-b5f0-5283fa493ccf.json
new file mode 100644
index 00000000000..d8be44fb0ee
--- /dev/null
+++ b/objects/vulnerability/vulnerability--56db748d-a296-4e96-b5f0-5283fa493ccf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--52bf0d41-5f65-4ad4-99d5-f9ddc84d0a66",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--56db748d-a296-4e96-b5f0-5283fa493ccf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.182964Z",
+ "modified": "2024-11-15T00:38:55.182964Z",
+ "name": "CVE-2024-4343",
+ "description": "A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the `eval()` function to parse a string received from a remote AWS SageMaker LLM endpoint into a dictionary. This method of parsing is unsafe as it can execute arbitrary Python code contained within the response. An attacker can exploit this vulnerability by manipulating the response from the AWS SageMaker LLM endpoint to include malicious Python code, leading to potential execution of arbitrary commands on the system hosting the application. The issue is fixed in version 0.6.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-4343"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5749fce0-d673-49dd-af6f-d4c93c7730e9.json b/objects/vulnerability/vulnerability--5749fce0-d673-49dd-af6f-d4c93c7730e9.json
new file mode 100644
index 00000000000..989b7914f42
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5749fce0-d673-49dd-af6f-d4c93c7730e9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0addc412-9f9e-44b1-baf2-c870220f8742",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5749fce0-d673-49dd-af6f-d4c93c7730e9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.881146Z",
+ "modified": "2024-11-15T00:38:52.881146Z",
+ "name": "CVE-2024-51659",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through 2.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-51659"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--58488ae1-4a31-45e4-935b-2f3730cb3352.json b/objects/vulnerability/vulnerability--58488ae1-4a31-45e4-935b-2f3730cb3352.json
new file mode 100644
index 00000000000..d50500a46df
--- /dev/null
+++ b/objects/vulnerability/vulnerability--58488ae1-4a31-45e4-935b-2f3730cb3352.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--562ec638-dfcc-4d66-aea5-feb3eb999411",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--58488ae1-4a31-45e4-935b-2f3730cb3352",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.249739Z",
+ "modified": "2024-11-15T00:38:55.249739Z",
+ "name": "CVE-2024-5917",
+ "description": "A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5917"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--58a46aee-dc7e-4a36-9168-1f483b78c6d6.json b/objects/vulnerability/vulnerability--58a46aee-dc7e-4a36-9168-1f483b78c6d6.json
new file mode 100644
index 00000000000..b41a83f8178
--- /dev/null
+++ b/objects/vulnerability/vulnerability--58a46aee-dc7e-4a36-9168-1f483b78c6d6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d40bc399-087a-4c8e-974e-12bd8c63da9f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--58a46aee-dc7e-4a36-9168-1f483b78c6d6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.369472Z",
+ "modified": "2024-11-15T00:38:53.369472Z",
+ "name": "CVE-2024-47916",
+ "description": "Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-47916"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5c3e5ea7-0e49-4ada-9d77-d4a6d4992416.json b/objects/vulnerability/vulnerability--5c3e5ea7-0e49-4ada-9d77-d4a6d4992416.json
new file mode 100644
index 00000000000..a6c218662b8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5c3e5ea7-0e49-4ada-9d77-d4a6d4992416.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f040feff-e906-4e00-8f14-a42768bf2d9e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5c3e5ea7-0e49-4ada-9d77-d4a6d4992416",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.439477Z",
+ "modified": "2024-11-15T00:38:53.439477Z",
+ "name": "CVE-2024-50826",
+ "description": "A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50826"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5cf0a1f1-1397-46eb-aa2e-91ee6a44bbc3.json b/objects/vulnerability/vulnerability--5cf0a1f1-1397-46eb-aa2e-91ee6a44bbc3.json
new file mode 100644
index 00000000000..f6ef290af63
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5cf0a1f1-1397-46eb-aa2e-91ee6a44bbc3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--378326a2-f04f-41de-bcc4-75c9cf556252",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5cf0a1f1-1397-46eb-aa2e-91ee6a44bbc3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.449387Z",
+ "modified": "2024-11-15T00:38:53.449387Z",
+ "name": "CVE-2024-50833",
+ "description": "A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50833"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5ddaf00b-1605-4a10-8960-0293d1bcce25.json b/objects/vulnerability/vulnerability--5ddaf00b-1605-4a10-8960-0293d1bcce25.json
new file mode 100644
index 00000000000..90e2280bb4f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5ddaf00b-1605-4a10-8960-0293d1bcce25.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0ff70fe2-6bdf-44b8-bd87-ff3fcf0fd2f2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5ddaf00b-1605-4a10-8960-0293d1bcce25",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.539355Z",
+ "modified": "2024-11-15T00:38:54.539355Z",
+ "name": "CVE-2024-49777",
+ "description": "A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-49777"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5e791325-5d5b-4d33-9001-0782a952f444.json b/objects/vulnerability/vulnerability--5e791325-5d5b-4d33-9001-0782a952f444.json
new file mode 100644
index 00000000000..fce03cda9b3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5e791325-5d5b-4d33-9001-0782a952f444.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5db5d772-0372-420b-a0e4-a66f225791dd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5e791325-5d5b-4d33-9001-0782a952f444",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.229842Z",
+ "modified": "2024-11-15T00:38:53.229842Z",
+ "name": "CVE-2024-10571",
+ "description": "The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10571"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5efa77c7-8a0c-4eaa-a522-f807aea46039.json b/objects/vulnerability/vulnerability--5efa77c7-8a0c-4eaa-a522-f807aea46039.json
new file mode 100644
index 00000000000..397f2e85538
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5efa77c7-8a0c-4eaa-a522-f807aea46039.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--aae5d3df-00b7-40ed-88fb-1e2e61272597",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5efa77c7-8a0c-4eaa-a522-f807aea46039",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.692072Z",
+ "modified": "2024-11-15T00:38:53.692072Z",
+ "name": "CVE-2024-11212",
+ "description": "A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument barcode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11212"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--619ac90c-a0e4-41e0-83b2-5cd6270ddb08.json b/objects/vulnerability/vulnerability--619ac90c-a0e4-41e0-83b2-5cd6270ddb08.json
new file mode 100644
index 00000000000..34dac15b8b3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--619ac90c-a0e4-41e0-83b2-5cd6270ddb08.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5f7a8752-c9a3-4854-858b-ca1830d10365",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--619ac90c-a0e4-41e0-83b2-5cd6270ddb08",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.689708Z",
+ "modified": "2024-11-15T00:38:53.689708Z",
+ "name": "CVE-2024-11208",
+ "description": "A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11208"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--638435ff-1221-470a-819a-091e04977b47.json b/objects/vulnerability/vulnerability--638435ff-1221-470a-819a-091e04977b47.json
new file mode 100644
index 00000000000..e9a1e6b33ed
--- /dev/null
+++ b/objects/vulnerability/vulnerability--638435ff-1221-470a-819a-091e04977b47.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--18c2b9d7-8665-4958-9270-be4dbbf907a8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--638435ff-1221-470a-819a-091e04977b47",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.696593Z",
+ "modified": "2024-11-15T00:38:53.696593Z",
+ "name": "CVE-2024-11209",
+ "description": "A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11209"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--63c99e97-2f7e-45a8-a6dd-3ba2240bac41.json b/objects/vulnerability/vulnerability--63c99e97-2f7e-45a8-a6dd-3ba2240bac41.json
new file mode 100644
index 00000000000..266b5bed739
--- /dev/null
+++ b/objects/vulnerability/vulnerability--63c99e97-2f7e-45a8-a6dd-3ba2240bac41.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6ff9368c-2c4a-4f07-978f-49ec10fc47c4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--63c99e97-2f7e-45a8-a6dd-3ba2240bac41",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.855017Z",
+ "modified": "2024-11-15T00:38:52.855017Z",
+ "name": "CVE-2024-51684",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO allows Stored XSS.This issue affects W3P SEO: from n/a before 1.8.6.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-51684"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6663e851-3dc2-45a0-8842-2ca203262c2f.json b/objects/vulnerability/vulnerability--6663e851-3dc2-45a0-8842-2ca203262c2f.json
new file mode 100644
index 00000000000..4ae938abd09
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6663e851-3dc2-45a0-8842-2ca203262c2f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--42874148-91ea-46ac-8a6c-78bef919a365",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6663e851-3dc2-45a0-8842-2ca203262c2f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:39:04.855055Z",
+ "modified": "2024-11-15T00:39:04.855055Z",
+ "name": "CVE-2023-4458",
+ "description": "A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-4458"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6682d7fa-5bd5-4aec-8804-4d32c5b2e6e8.json b/objects/vulnerability/vulnerability--6682d7fa-5bd5-4aec-8804-4d32c5b2e6e8.json
new file mode 100644
index 00000000000..05d56d81ce3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6682d7fa-5bd5-4aec-8804-4d32c5b2e6e8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1db173a2-99f1-4d0f-b544-93062ec99309",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6682d7fa-5bd5-4aec-8804-4d32c5b2e6e8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.460275Z",
+ "modified": "2024-11-15T00:38:53.460275Z",
+ "name": "CVE-2024-50827",
+ "description": "A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50827"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6851bb67-a8ac-49b2-80b4-35bb2149c579.json b/objects/vulnerability/vulnerability--6851bb67-a8ac-49b2-80b4-35bb2149c579.json
new file mode 100644
index 00000000000..bacedce99df
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6851bb67-a8ac-49b2-80b4-35bb2149c579.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--63a25b27-3dab-49f4-8467-fc8c93a5330a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6851bb67-a8ac-49b2-80b4-35bb2149c579",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.111871Z",
+ "modified": "2024-11-15T00:38:53.111871Z",
+ "name": "CVE-2024-52373",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through 2.0.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52373"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--699e5309-83ae-40a1-a0af-acce6ec532c7.json b/objects/vulnerability/vulnerability--699e5309-83ae-40a1-a0af-acce6ec532c7.json
new file mode 100644
index 00000000000..69259b75dcd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--699e5309-83ae-40a1-a0af-acce6ec532c7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--54028bf9-dfa7-46f3-b708-e58053fbe39d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--699e5309-83ae-40a1-a0af-acce6ec532c7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.544649Z",
+ "modified": "2024-11-15T00:38:54.544649Z",
+ "name": "CVE-2024-49776",
+ "description": "A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-49776"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6a01b442-004c-4940-9a19-3c3ce1e2d8c9.json b/objects/vulnerability/vulnerability--6a01b442-004c-4940-9a19-3c3ce1e2d8c9.json
new file mode 100644
index 00000000000..52c4f91104d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6a01b442-004c-4940-9a19-3c3ce1e2d8c9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ba1c6ddd-57a5-4f62-bba8-c67a6ad96f52",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6a01b442-004c-4940-9a19-3c3ce1e2d8c9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.261094Z",
+ "modified": "2024-11-15T00:38:55.261094Z",
+ "name": "CVE-2024-5125",
+ "description": "parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upon rendering, leading to potential credential theft and unauthorized data access. The Open Redirect vulnerability arises from insufficient URL validation within SVG files, enabling attackers to redirect users to malicious websites, thereby exposing them to phishing attacks, malware distribution, and reputation damage. These vulnerabilities are present in the application's functionality to send files to the AI module.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5125"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6aa7d5e7-87c2-4880-84d8-634a81028966.json b/objects/vulnerability/vulnerability--6aa7d5e7-87c2-4880-84d8-634a81028966.json
new file mode 100644
index 00000000000..770e40d8486
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6aa7d5e7-87c2-4880-84d8-634a81028966.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a4398369-2384-4cd1-97db-45efd0b613c6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6aa7d5e7-87c2-4880-84d8-634a81028966",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.694444Z",
+ "modified": "2024-11-15T00:38:53.694444Z",
+ "name": "CVE-2024-11211",
+ "description": "A vulnerability classified as critical has been found in EyouCMS 1.5.6. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11211"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6c3ce34d-eedb-4634-aa30-dbcc903c5116.json b/objects/vulnerability/vulnerability--6c3ce34d-eedb-4634-aa30-dbcc903c5116.json
new file mode 100644
index 00000000000..4b9436a3997
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6c3ce34d-eedb-4634-aa30-dbcc903c5116.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dabfffb8-764c-4a1d-b057-31f823769c82",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6c3ce34d-eedb-4634-aa30-dbcc903c5116",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.246807Z",
+ "modified": "2024-11-15T00:38:53.246807Z",
+ "name": "CVE-2024-9693",
+ "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9693"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6c78fc18-afab-41ef-a9fe-8a765cae5e9b.json b/objects/vulnerability/vulnerability--6c78fc18-afab-41ef-a9fe-8a765cae5e9b.json
new file mode 100644
index 00000000000..3cd07d796ad
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6c78fc18-afab-41ef-a9fe-8a765cae5e9b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--864d9b1b-b686-428d-a28c-9d275e6e2d3a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6c78fc18-afab-41ef-a9fe-8a765cae5e9b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.535247Z",
+ "modified": "2024-11-15T00:38:54.535247Z",
+ "name": "CVE-2024-49025",
+ "description": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-49025"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6d7b305e-b91f-4250-b7e7-44ebd55f9717.json b/objects/vulnerability/vulnerability--6d7b305e-b91f-4250-b7e7-44ebd55f9717.json
new file mode 100644
index 00000000000..7b11a6ab07f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6d7b305e-b91f-4250-b7e7-44ebd55f9717.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8a58be36-d456-43c7-ad5c-e0425d62ec20",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6d7b305e-b91f-4250-b7e7-44ebd55f9717",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.972109Z",
+ "modified": "2024-11-15T00:38:52.972109Z",
+ "name": "CVE-2024-48971",
+ "description": "The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48971"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6ec2f16d-0691-4a04-98cd-f164365a8b43.json b/objects/vulnerability/vulnerability--6ec2f16d-0691-4a04-98cd-f164365a8b43.json
new file mode 100644
index 00000000000..782338bdb9d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6ec2f16d-0691-4a04-98cd-f164365a8b43.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6925002f-e01c-4b16-a798-60e94df863a7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6ec2f16d-0691-4a04-98cd-f164365a8b43",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.478883Z",
+ "modified": "2024-11-15T00:38:53.478883Z",
+ "name": "CVE-2024-50823",
+ "description": "A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50823"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7053d376-7073-40be-a4a9-02bb939a4df1.json b/objects/vulnerability/vulnerability--7053d376-7073-40be-a4a9-02bb939a4df1.json
new file mode 100644
index 00000000000..ac3af2165a2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7053d376-7073-40be-a4a9-02bb939a4df1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--51075854-c292-499f-8eec-85eb999ffb03",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7053d376-7073-40be-a4a9-02bb939a4df1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.080999Z",
+ "modified": "2024-11-15T00:38:53.080999Z",
+ "name": "CVE-2024-52374",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52374"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--71896b35-44ae-4dfe-a651-0242b51ccf04.json b/objects/vulnerability/vulnerability--71896b35-44ae-4dfe-a651-0242b51ccf04.json
new file mode 100644
index 00000000000..97f06aedbd4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--71896b35-44ae-4dfe-a651-0242b51ccf04.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f929416f-43a8-41d7-b9f3-0d837eb56cb8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--71896b35-44ae-4dfe-a651-0242b51ccf04",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.523412Z",
+ "modified": "2024-11-15T00:38:54.523412Z",
+ "name": "CVE-2024-49362",
+ "description": "Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-49362"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--71ef0500-6d0e-4d4c-94ec-5a77b149f86b.json b/objects/vulnerability/vulnerability--71ef0500-6d0e-4d4c-94ec-5a77b149f86b.json
new file mode 100644
index 00000000000..06d2458f0e7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--71ef0500-6d0e-4d4c-94ec-5a77b149f86b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6cea451a-f194-49bd-b085-d1bfb1e25e3a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--71ef0500-6d0e-4d4c-94ec-5a77b149f86b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.237262Z",
+ "modified": "2024-11-15T00:38:54.237262Z",
+ "name": "CVE-2024-41217",
+ "description": "A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-41217"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--748ff4bf-9097-45f5-a71f-39e9232066c6.json b/objects/vulnerability/vulnerability--748ff4bf-9097-45f5-a71f-39e9232066c6.json
new file mode 100644
index 00000000000..4f687691740
--- /dev/null
+++ b/objects/vulnerability/vulnerability--748ff4bf-9097-45f5-a71f-39e9232066c6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f8ed0442-c274-4e3e-8459-545f719997c7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--748ff4bf-9097-45f5-a71f-39e9232066c6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.923892Z",
+ "modified": "2024-11-15T00:38:52.923892Z",
+ "name": "CVE-2024-48973",
+ "description": "The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48973"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--75cf0f8b-ec3c-483a-8567-a2fd9c03f170.json b/objects/vulnerability/vulnerability--75cf0f8b-ec3c-483a-8567-a2fd9c03f170.json
new file mode 100644
index 00000000000..f9100b6d354
--- /dev/null
+++ b/objects/vulnerability/vulnerability--75cf0f8b-ec3c-483a-8567-a2fd9c03f170.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3912f33d-121d-4bbf-bd9c-a04ac6340408",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--75cf0f8b-ec3c-483a-8567-a2fd9c03f170",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.470978Z",
+ "modified": "2024-11-15T00:38:53.470978Z",
+ "name": "CVE-2024-50825",
+ "description": "A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50825"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7701992b-6eb3-4227-8cb7-d5eb43d78b1c.json b/objects/vulnerability/vulnerability--7701992b-6eb3-4227-8cb7-d5eb43d78b1c.json
new file mode 100644
index 00000000000..3fb745d29bf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7701992b-6eb3-4227-8cb7-d5eb43d78b1c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2ec746d5-4c56-44bd-b809-ffc89dbe8a01",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7701992b-6eb3-4227-8cb7-d5eb43d78b1c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.681108Z",
+ "modified": "2024-11-15T00:38:53.681108Z",
+ "name": "CVE-2024-11136",
+ "description": "The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11136"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7a4ac646-48fe-4235-b3c5-a7b900302450.json b/objects/vulnerability/vulnerability--7a4ac646-48fe-4235-b3c5-a7b900302450.json
new file mode 100644
index 00000000000..5e333c9623d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7a4ac646-48fe-4235-b3c5-a7b900302450.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--206105fc-8f8c-477a-aa4d-6fecd5fb9728",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7a4ac646-48fe-4235-b3c5-a7b900302450",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:59.710668Z",
+ "modified": "2024-11-15T00:38:59.710668Z",
+ "name": "CVE-2022-31666",
+ "description": "Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-31666"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7aac80c8-2707-4d62-842b-d1f27bd2c3ec.json b/objects/vulnerability/vulnerability--7aac80c8-2707-4d62-842b-d1f27bd2c3ec.json
new file mode 100644
index 00000000000..9d77552b9a1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7aac80c8-2707-4d62-842b-d1f27bd2c3ec.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--60b7d35f-149e-420d-8009-2eea74e75ead",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7aac80c8-2707-4d62-842b-d1f27bd2c3ec",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.698618Z",
+ "modified": "2024-11-15T00:38:53.698618Z",
+ "name": "CVE-2024-11207",
+ "description": "A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11207"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7bf44a55-5c71-403f-b557-7a78df6e7a82.json b/objects/vulnerability/vulnerability--7bf44a55-5c71-403f-b557-7a78df6e7a82.json
new file mode 100644
index 00000000000..c2453a3d96e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7bf44a55-5c71-403f-b557-7a78df6e7a82.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--849b27ff-2025-4525-bba7-1d18c7f22c82",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7bf44a55-5c71-403f-b557-7a78df6e7a82",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:59.738478Z",
+ "modified": "2024-11-15T00:38:59.738478Z",
+ "name": "CVE-2022-31670",
+ "description": "Harbor fails to validate the user permissions when updating tag retention policies. \n\nBy sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify\ntag retention policies configured in other projects.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-31670"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7c4bd41a-3572-4b3a-b0bb-1ac211102d80.json b/objects/vulnerability/vulnerability--7c4bd41a-3572-4b3a-b0bb-1ac211102d80.json
new file mode 100644
index 00000000000..6dade577fd8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7c4bd41a-3572-4b3a-b0bb-1ac211102d80.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9ac76596-d683-4449-b2cd-9e7c990aa646",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7c4bd41a-3572-4b3a-b0bb-1ac211102d80",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.091317Z",
+ "modified": "2024-11-15T00:38:53.091317Z",
+ "name": "CVE-2024-52378",
+ "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Labs64 DigiPass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through 0.3.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52378"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7d0d5b81-df8e-4e97-9704-d5cedbca5eec.json b/objects/vulnerability/vulnerability--7d0d5b81-df8e-4e97-9704-d5cedbca5eec.json
new file mode 100644
index 00000000000..d392447fc82
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7d0d5b81-df8e-4e97-9704-d5cedbca5eec.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3af2d45a-64e5-48e5-8123-3f9454c99880",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7d0d5b81-df8e-4e97-9704-d5cedbca5eec",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.114096Z",
+ "modified": "2024-11-15T00:38:55.114096Z",
+ "name": "CVE-2024-1682",
+ "description": "An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-1682"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7eeab6f5-a872-4549-b02e-dad4b2bbed5d.json b/objects/vulnerability/vulnerability--7eeab6f5-a872-4549-b02e-dad4b2bbed5d.json
new file mode 100644
index 00000000000..c48a11a8b77
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7eeab6f5-a872-4549-b02e-dad4b2bbed5d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--990de001-82bc-4ac5-b64a-df24b41f45ef",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7eeab6f5-a872-4549-b02e-dad4b2bbed5d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.104668Z",
+ "modified": "2024-11-15T00:38:53.104668Z",
+ "name": "CVE-2024-52384",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through 2.4.9.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52384"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--812e07a9-2848-4b2e-9942-3388c88a8ae2.json b/objects/vulnerability/vulnerability--812e07a9-2848-4b2e-9942-3388c88a8ae2.json
new file mode 100644
index 00000000000..3ce2b65956f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--812e07a9-2848-4b2e-9942-3388c88a8ae2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--441b2a83-767b-44dc-8a25-11b1e2b21442",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--812e07a9-2848-4b2e-9942-3388c88a8ae2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.094732Z",
+ "modified": "2024-11-15T00:38:53.094732Z",
+ "name": "CVE-2024-52380",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52380"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8215c431-1409-4673-bffa-b9e6dd6a0e52.json b/objects/vulnerability/vulnerability--8215c431-1409-4673-bffa-b9e6dd6a0e52.json
new file mode 100644
index 00000000000..5c33c184961
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8215c431-1409-4673-bffa-b9e6dd6a0e52.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f5395d63-216d-448e-a5d0-7fa63e52f726",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8215c431-1409-4673-bffa-b9e6dd6a0e52",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.517317Z",
+ "modified": "2024-11-15T00:38:55.517317Z",
+ "name": "CVE-2024-6068",
+ "description": "A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-6068"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--826a5b2f-e1b5-4c30-bc77-e99d9a77076b.json b/objects/vulnerability/vulnerability--826a5b2f-e1b5-4c30-bc77-e99d9a77076b.json
new file mode 100644
index 00000000000..ceae312f8f0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--826a5b2f-e1b5-4c30-bc77-e99d9a77076b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9586e1b0-85f5-41d9-b8d6-a783e7e9ca31",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--826a5b2f-e1b5-4c30-bc77-e99d9a77076b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.254568Z",
+ "modified": "2024-11-15T00:38:53.254568Z",
+ "name": "CVE-2024-9633",
+ "description": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9633"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8421e74e-e3fb-4dce-9151-19956245d8ca.json b/objects/vulnerability/vulnerability--8421e74e-e3fb-4dce-9151-19956245d8ca.json
new file mode 100644
index 00000000000..d2c6a2bb664
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8421e74e-e3fb-4dce-9151-19956245d8ca.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ef52139e-2f6a-4522-bdbd-5e773e741762",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8421e74e-e3fb-4dce-9151-19956245d8ca",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.457102Z",
+ "modified": "2024-11-15T00:38:54.457102Z",
+ "name": "CVE-2024-37285",
+ "description": "A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html assigned to them.\n\n\n\nThe following Elasticsearch indices permissions are required\n\n * write privilege on the system indices .kibana_ingest*\n * The allow_restricted_indices flag is set to true\n\n\nAny of the following Kibana privileges are additionally required\n\n * Under Fleet the All privilege is granted\n * Under Integration the Read or All privilege is granted\n * Access to the fleet-setup privilege is gained through the Fleet Server’s service account token",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-37285"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--851771fe-932a-4ac4-9cbd-75bce61fa4f6.json b/objects/vulnerability/vulnerability--851771fe-932a-4ac4-9cbd-75bce61fa4f6.json
new file mode 100644
index 00000000000..c6b0f05425b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--851771fe-932a-4ac4-9cbd-75bce61fa4f6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--607ca0d1-8c12-4333-9719-1883b319f4f8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--851771fe-932a-4ac4-9cbd-75bce61fa4f6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.475645Z",
+ "modified": "2024-11-15T00:38:53.475645Z",
+ "name": "CVE-2024-50840",
+ "description": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50840"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8a333000-30c5-460c-8f05-94339dc016c6.json b/objects/vulnerability/vulnerability--8a333000-30c5-460c-8f05-94339dc016c6.json
new file mode 100644
index 00000000000..4d585c81846
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8a333000-30c5-460c-8f05-94339dc016c6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--da40127e-7129-4d33-bf37-bebe9c87935f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8a333000-30c5-460c-8f05-94339dc016c6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.968569Z",
+ "modified": "2024-11-15T00:38:53.968569Z",
+ "name": "CVE-2024-8180",
+ "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8180"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8ce9aac8-4d26-4ec5-8707-a0849c53afe6.json b/objects/vulnerability/vulnerability--8ce9aac8-4d26-4ec5-8707-a0849c53afe6.json
new file mode 100644
index 00000000000..729c6a6fc55
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8ce9aac8-4d26-4ec5-8707-a0849c53afe6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--39264d50-875b-4130-ae6b-2c4c77ea9f2b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8ce9aac8-4d26-4ec5-8707-a0849c53afe6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.970145Z",
+ "modified": "2024-11-15T00:38:52.970145Z",
+ "name": "CVE-2024-48974",
+ "description": "The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48974"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8cfb6c48-5ea3-4d02-a02b-0422080d189b.json b/objects/vulnerability/vulnerability--8cfb6c48-5ea3-4d02-a02b-0422080d189b.json
new file mode 100644
index 00000000000..9b79fd49afe
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8cfb6c48-5ea3-4d02-a02b-0422080d189b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--81abc120-8354-44ef-94e5-1a9951bb0957",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8cfb6c48-5ea3-4d02-a02b-0422080d189b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.859811Z",
+ "modified": "2024-11-15T00:38:53.859811Z",
+ "name": "CVE-2024-3760",
+ "description": "In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password requests to flood targeted user accounts with a high volume of password reset emails. This not only overwhelms the victim's mailbox, making it difficult to manage and locate legitimate emails, but also significantly impacts mail servers by consuming their resources. The increased load can cause performance degradation and, in severe cases, make the mail servers unresponsive or unavailable, disrupting email services for the entire organization.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-3760"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9162f380-7ddc-4163-801c-c7c398f33bf8.json b/objects/vulnerability/vulnerability--9162f380-7ddc-4163-801c-c7c398f33bf8.json
new file mode 100644
index 00000000000..a7b0c4e37f0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9162f380-7ddc-4163-801c-c7c398f33bf8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1bb153b7-de5a-4c86-806f-8238a98b8315",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9162f380-7ddc-4163-801c-c7c398f33bf8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.289702Z",
+ "modified": "2024-11-15T00:38:55.289702Z",
+ "name": "CVE-2024-5082",
+ "description": "A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. \n\nThis issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5082"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--92067f9b-7288-43cf-b0c7-063a7ad23d11.json b/objects/vulnerability/vulnerability--92067f9b-7288-43cf-b0c7-063a7ad23d11.json
new file mode 100644
index 00000000000..1dd48236620
--- /dev/null
+++ b/objects/vulnerability/vulnerability--92067f9b-7288-43cf-b0c7-063a7ad23d11.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--afe676ce-c8a6-4abb-a882-75f640536264",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--92067f9b-7288-43cf-b0c7-063a7ad23d11",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.385448Z",
+ "modified": "2024-11-15T00:38:52.385448Z",
+ "name": "CVE-2017-13227",
+ "description": "In the autofill service, the package name that is provided by the app process is trusted inappropriately. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2017-13227"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--922e7942-8847-4995-a6b0-bbfee070c809.json b/objects/vulnerability/vulnerability--922e7942-8847-4995-a6b0-bbfee070c809.json
new file mode 100644
index 00000000000..9c6397ec1c9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--922e7942-8847-4995-a6b0-bbfee070c809.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b628493e-f015-4a93-b49e-6d283b8d3e5e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--922e7942-8847-4995-a6b0-bbfee070c809",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.494074Z",
+ "modified": "2024-11-15T00:38:53.494074Z",
+ "name": "CVE-2024-50831",
+ "description": "A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50831"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--98b52c74-7e28-4e17-a70e-415520742e82.json b/objects/vulnerability/vulnerability--98b52c74-7e28-4e17-a70e-415520742e82.json
new file mode 100644
index 00000000000..ad88fa8f913
--- /dev/null
+++ b/objects/vulnerability/vulnerability--98b52c74-7e28-4e17-a70e-415520742e82.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c83bec81-d849-49fc-905a-6b2c5d131355",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--98b52c74-7e28-4e17-a70e-415520742e82",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.254586Z",
+ "modified": "2024-11-15T00:38:55.254586Z",
+ "name": "CVE-2024-5919",
+ "description": "A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5919"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9a7c9b6f-6af2-4825-bacb-7aca5e780763.json b/objects/vulnerability/vulnerability--9a7c9b6f-6af2-4825-bacb-7aca5e780763.json
new file mode 100644
index 00000000000..7ed146be5fc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9a7c9b6f-6af2-4825-bacb-7aca5e780763.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e5cfc91c-242d-43de-bf18-025b761d18cc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9a7c9b6f-6af2-4825-bacb-7aca5e780763",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.188929Z",
+ "modified": "2024-11-15T00:38:53.188929Z",
+ "name": "CVE-2024-10396",
+ "description": "An authenticated user can provide a malformed ACL to the fileserver's StoreACL\nRPC, causing the fileserver to crash, possibly expose uninitialized memory, and\npossibly store garbage data in the audit log.\nMalformed ACLs provided in responses to client FetchACL RPCs can cause client\nprocesses to crash and possibly expose uninitialized memory into other ACLs\nstored on the server.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10396"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9b347c2f-6c16-4ab9-96fb-c8017e079e1d.json b/objects/vulnerability/vulnerability--9b347c2f-6c16-4ab9-96fb-c8017e079e1d.json
new file mode 100644
index 00000000000..5c6e0a859c5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9b347c2f-6c16-4ab9-96fb-c8017e079e1d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--418cf9a8-d92e-45e0-b4fe-3a4bbfb4bbbf",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9b347c2f-6c16-4ab9-96fb-c8017e079e1d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:59.728278Z",
+ "modified": "2024-11-15T00:38:59.728278Z",
+ "name": "CVE-2022-31667",
+ "description": "Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. \n\nBy sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-31667"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9d47b388-dc15-4f17-88aa-79fab33b83db.json b/objects/vulnerability/vulnerability--9d47b388-dc15-4f17-88aa-79fab33b83db.json
new file mode 100644
index 00000000000..b00dfd20fea
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9d47b388-dc15-4f17-88aa-79fab33b83db.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4aaa97cc-f5d7-41ab-8cff-f4ffe8515319",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9d47b388-dc15-4f17-88aa-79fab33b83db",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.463033Z",
+ "modified": "2024-11-15T00:38:53.463033Z",
+ "name": "CVE-2024-50843",
+ "description": "A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50843"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9eb1b7ab-55f9-47aa-9e4a-fdbf58e00fef.json b/objects/vulnerability/vulnerability--9eb1b7ab-55f9-47aa-9e4a-fdbf58e00fef.json
new file mode 100644
index 00000000000..9456e9e0e5c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9eb1b7ab-55f9-47aa-9e4a-fdbf58e00fef.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--90fb9be8-ec8a-4c74-ae1e-347ffc5db3ec",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9eb1b7ab-55f9-47aa-9e4a-fdbf58e00fef",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.211648Z",
+ "modified": "2024-11-15T00:38:53.211648Z",
+ "name": "CVE-2024-10146",
+ "description": "The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10146"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9eb97035-081b-4de3-8352-c65d69a57c59.json b/objects/vulnerability/vulnerability--9eb97035-081b-4de3-8352-c65d69a57c59.json
new file mode 100644
index 00000000000..10a383a26d5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9eb97035-081b-4de3-8352-c65d69a57c59.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e6667eb5-fd48-44dd-91c3-abcf948e01de",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9eb97035-081b-4de3-8352-c65d69a57c59",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.102367Z",
+ "modified": "2024-11-15T00:38:53.102367Z",
+ "name": "CVE-2024-52393",
+ "description": "Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52393"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9f3e4d25-6c05-47c1-a126-833540505fb2.json b/objects/vulnerability/vulnerability--9f3e4d25-6c05-47c1-a126-833540505fb2.json
new file mode 100644
index 00000000000..43fbded73e7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9f3e4d25-6c05-47c1-a126-833540505fb2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cc017191-5662-4c4e-8810-f699931c5218",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9f3e4d25-6c05-47c1-a126-833540505fb2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.917733Z",
+ "modified": "2024-11-15T00:38:54.917733Z",
+ "name": "CVE-2024-42188",
+ "description": "HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-42188"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9ff20deb-f22a-4c66-aeb9-c67326efbd80.json b/objects/vulnerability/vulnerability--9ff20deb-f22a-4c66-aeb9-c67326efbd80.json
new file mode 100644
index 00000000000..1fe43b66da2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9ff20deb-f22a-4c66-aeb9-c67326efbd80.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--489ae44c-f841-430e-95a9-8c79bfba870a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9ff20deb-f22a-4c66-aeb9-c67326efbd80",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.884892Z",
+ "modified": "2024-11-15T00:38:52.884892Z",
+ "name": "CVE-2024-51679",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-51679"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a01a2c5d-302c-4ddc-a6d4-692f04c975e2.json b/objects/vulnerability/vulnerability--a01a2c5d-302c-4ddc-a6d4-692f04c975e2.json
new file mode 100644
index 00000000000..b4611204be1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a01a2c5d-302c-4ddc-a6d4-692f04c975e2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dd02d139-577d-4950-9e21-951fae490f50",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a01a2c5d-302c-4ddc-a6d4-692f04c975e2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.17925Z",
+ "modified": "2024-11-15T00:38:54.17925Z",
+ "name": "CVE-2024-31695",
+ "description": "A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-31695"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a4f841b5-be74-495f-9299-a9d0e6e6ef10.json b/objects/vulnerability/vulnerability--a4f841b5-be74-495f-9299-a9d0e6e6ef10.json
new file mode 100644
index 00000000000..f728636fa64
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a4f841b5-be74-495f-9299-a9d0e6e6ef10.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--986bcb6b-c53a-42bf-acc1-0902a7dff259",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a4f841b5-be74-495f-9299-a9d0e6e6ef10",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.180693Z",
+ "modified": "2024-11-15T00:38:53.180693Z",
+ "name": "CVE-2024-10394",
+ "description": "A local user can bypass the OpenAFS PAG (Process Authentication Group)\nthrottling mechanism in Unix clients, allowing the user to create a PAG using\nan existing id number, effectively joining the PAG and letting the user steal\nthe credentials in that PAG.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10394"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a55b6de7-1d00-4308-9f6d-0ce63a71e33f.json b/objects/vulnerability/vulnerability--a55b6de7-1d00-4308-9f6d-0ce63a71e33f.json
new file mode 100644
index 00000000000..d1e925ea7d4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a55b6de7-1d00-4308-9f6d-0ce63a71e33f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--55dfe48e-d312-4eb5-83e7-58bde29f2dd1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a55b6de7-1d00-4308-9f6d-0ce63a71e33f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.08329Z",
+ "modified": "2024-11-15T00:38:53.08329Z",
+ "name": "CVE-2024-52375",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52375"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a7fb3c40-3c88-4739-8d70-861fed75fc6a.json b/objects/vulnerability/vulnerability--a7fb3c40-3c88-4739-8d70-861fed75fc6a.json
new file mode 100644
index 00000000000..4c6a30df6df
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a7fb3c40-3c88-4739-8d70-861fed75fc6a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--83e7115b-03d7-4410-81bc-15e712b7d1f7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a7fb3c40-3c88-4739-8d70-861fed75fc6a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.084816Z",
+ "modified": "2024-11-15T00:38:53.084816Z",
+ "name": "CVE-2024-52370",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52370"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--aa2cdbc7-d695-4063-9301-d88338f386ae.json b/objects/vulnerability/vulnerability--aa2cdbc7-d695-4063-9301-d88338f386ae.json
new file mode 100644
index 00000000000..c9ebb09c2ac
--- /dev/null
+++ b/objects/vulnerability/vulnerability--aa2cdbc7-d695-4063-9301-d88338f386ae.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--61e26ea7-96fd-4090-b4bf-384d6b0af262",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--aa2cdbc7-d695-4063-9301-d88338f386ae",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.591024Z",
+ "modified": "2024-11-15T00:38:53.591024Z",
+ "name": "CVE-2024-7404",
+ "description": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7404"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ae769ad2-575b-4af0-ae67-1cf1dc3b328d.json b/objects/vulnerability/vulnerability--ae769ad2-575b-4af0-ae67-1cf1dc3b328d.json
new file mode 100644
index 00000000000..de83a124565
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ae769ad2-575b-4af0-ae67-1cf1dc3b328d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6525228a-3d0e-4105-b349-7c4dde89ff24",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ae769ad2-575b-4af0-ae67-1cf1dc3b328d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.934345Z",
+ "modified": "2024-11-15T00:38:53.934345Z",
+ "name": "CVE-2024-8648",
+ "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-8648"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--aebe29b9-f989-4814-a5c4-42a2c43efe5e.json b/objects/vulnerability/vulnerability--aebe29b9-f989-4814-a5c4-42a2c43efe5e.json
new file mode 100644
index 00000000000..1a2e733c61d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--aebe29b9-f989-4814-a5c4-42a2c43efe5e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bf7ecab3-a658-4d08-a9bb-829db308b487",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--aebe29b9-f989-4814-a5c4-42a2c43efe5e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.929981Z",
+ "modified": "2024-11-15T00:38:52.929981Z",
+ "name": "CVE-2024-48970",
+ "description": "The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48970"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b19e83fc-9882-46cb-9774-bae49baff955.json b/objects/vulnerability/vulnerability--b19e83fc-9882-46cb-9774-bae49baff955.json
new file mode 100644
index 00000000000..27f5b9531da
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b19e83fc-9882-46cb-9774-bae49baff955.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--322f86cf-938a-4cc3-b2c1-e64dd96ee16d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b19e83fc-9882-46cb-9774-bae49baff955",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.234122Z",
+ "modified": "2024-11-15T00:38:53.234122Z",
+ "name": "CVE-2024-10962",
+ "description": "The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site to trigger the exploit.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10962"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b1af9f43-e0f8-4a1e-bd59-8fa191c80f94.json b/objects/vulnerability/vulnerability--b1af9f43-e0f8-4a1e-bd59-8fa191c80f94.json
new file mode 100644
index 00000000000..5e4a0e52451
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b1af9f43-e0f8-4a1e-bd59-8fa191c80f94.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5cbb51fc-e124-40d8-aaa6-79d226a44578",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b1af9f43-e0f8-4a1e-bd59-8fa191c80f94",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.09945Z",
+ "modified": "2024-11-15T00:38:53.09945Z",
+ "name": "CVE-2024-52372",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through 7.0.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52372"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b385c912-1432-4f27-973c-d0b5f71bbebe.json b/objects/vulnerability/vulnerability--b385c912-1432-4f27-973c-d0b5f71bbebe.json
new file mode 100644
index 00000000000..659b2f90c9d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b385c912-1432-4f27-973c-d0b5f71bbebe.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e9707921-e779-4dbb-b16b-fee038ecfffc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b385c912-1432-4f27-973c-d0b5f71bbebe",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.292929Z",
+ "modified": "2024-11-15T00:38:53.292929Z",
+ "name": "CVE-2024-9832",
+ "description": "There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9832"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b6679853-2095-4c8b-9c3f-d3007c8d0899.json b/objects/vulnerability/vulnerability--b6679853-2095-4c8b-9c3f-d3007c8d0899.json
new file mode 100644
index 00000000000..d76dd246c0c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b6679853-2095-4c8b-9c3f-d3007c8d0899.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f736a154-050a-4695-9b28-fa30e5f876e9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b6679853-2095-4c8b-9c3f-d3007c8d0899",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.089082Z",
+ "modified": "2024-11-15T00:38:53.089082Z",
+ "name": "CVE-2024-52613",
+ "description": "A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52613"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b6e67f2d-6053-41e0-a0c1-8344cda4a09a.json b/objects/vulnerability/vulnerability--b6e67f2d-6053-41e0-a0c1-8344cda4a09a.json
new file mode 100644
index 00000000000..2d4ad44d0db
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b6e67f2d-6053-41e0-a0c1-8344cda4a09a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2e282320-f24a-4aab-b3b5-0da5c57c1d75",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b6e67f2d-6053-41e0-a0c1-8344cda4a09a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:39:03.34271Z",
+ "modified": "2024-11-15T00:39:03.34271Z",
+ "name": "CVE-2023-34049",
+ "description": "The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2023-34049"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b8a6c6e8-cfc0-41e4-a0fd-e8f929e053b4.json b/objects/vulnerability/vulnerability--b8a6c6e8-cfc0-41e4-a0fd-e8f929e053b4.json
new file mode 100644
index 00000000000..0f5a54fe391
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b8a6c6e8-cfc0-41e4-a0fd-e8f929e053b4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d8e6e363-892e-45b5-98cc-e0978fae4e7f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b8a6c6e8-cfc0-41e4-a0fd-e8f929e053b4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:39:00.295874Z",
+ "modified": "2024-11-15T00:39:00.295874Z",
+ "name": "CVE-2022-2232",
+ "description": "A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-2232"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--baac16fc-b0fb-4d44-b46d-71f6a05b6938.json b/objects/vulnerability/vulnerability--baac16fc-b0fb-4d44-b46d-71f6a05b6938.json
new file mode 100644
index 00000000000..ae7060f37d3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--baac16fc-b0fb-4d44-b46d-71f6a05b6938.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6545105d-2795-43c2-b92f-8a549b5070ab",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--baac16fc-b0fb-4d44-b46d-71f6a05b6938",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.12554Z",
+ "modified": "2024-11-15T00:38:54.12554Z",
+ "name": "CVE-2024-40579",
+ "description": "Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-40579"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bb01c5d4-aff6-4a5a-9de8-87eb0d951795.json b/objects/vulnerability/vulnerability--bb01c5d4-aff6-4a5a-9de8-87eb0d951795.json
new file mode 100644
index 00000000000..60631e4a03d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bb01c5d4-aff6-4a5a-9de8-87eb0d951795.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dc2a050c-7455-40bd-9420-34ce41870cde",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bb01c5d4-aff6-4a5a-9de8-87eb0d951795",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.108524Z",
+ "modified": "2024-11-15T00:38:53.108524Z",
+ "name": "CVE-2024-52383",
+ "description": "Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52383"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bb731048-0741-4d30-8449-ed50497fe8bd.json b/objects/vulnerability/vulnerability--bb731048-0741-4d30-8449-ed50497fe8bd.json
new file mode 100644
index 00000000000..edc751bba70
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bb731048-0741-4d30-8449-ed50497fe8bd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5f80de6a-9e60-4055-ae51-72d30aa4e131",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bb731048-0741-4d30-8449-ed50497fe8bd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.155718Z",
+ "modified": "2024-11-15T00:38:53.155718Z",
+ "name": "CVE-2024-45253",
+ "description": "Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45253"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bdb834ba-d571-4788-b268-2e85b9cbde50.json b/objects/vulnerability/vulnerability--bdb834ba-d571-4788-b268-2e85b9cbde50.json
new file mode 100644
index 00000000000..3461a7b95d4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bdb834ba-d571-4788-b268-2e85b9cbde50.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--057e0799-29a4-4640-8eff-14439fe09ca5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bdb834ba-d571-4788-b268-2e85b9cbde50",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.076695Z",
+ "modified": "2024-11-15T00:38:53.076695Z",
+ "name": "CVE-2024-52302",
+ "description": "common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52302"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c0f04206-c454-4192-9835-25075122233f.json b/objects/vulnerability/vulnerability--c0f04206-c454-4192-9835-25075122233f.json
new file mode 100644
index 00000000000..e6f77dfaea4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c0f04206-c454-4192-9835-25075122233f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8214aea7-7d82-4071-8d3d-82cb75190796",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c0f04206-c454-4192-9835-25075122233f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:59.716287Z",
+ "modified": "2024-11-15T00:38:59.716287Z",
+ "name": "CVE-2022-31669",
+ "description": "Harbor fails to validate the user permissions when updating tag immutability policies. \n\nBy sending a request to update a tag immutability policy with an id that belongs to a\nproject that the currently authenticated user doesn’t have access to, the attacker could\nmodify tag immutability policies configured in other projects.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-31669"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c45975f2-7b3c-4966-90bf-f1862db59bbf.json b/objects/vulnerability/vulnerability--c45975f2-7b3c-4966-90bf-f1862db59bbf.json
new file mode 100644
index 00000000000..a16381da4da
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c45975f2-7b3c-4966-90bf-f1862db59bbf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--09ecaba9-ef9b-47c5-a312-f21b6938ece4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c45975f2-7b3c-4966-90bf-f1862db59bbf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.583001Z",
+ "modified": "2024-11-15T00:38:53.583001Z",
+ "name": "CVE-2024-7730",
+ "description": "A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7730"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c4fe0a3c-5692-443c-a486-13a9c8e4c429.json b/objects/vulnerability/vulnerability--c4fe0a3c-5692-443c-a486-13a9c8e4c429.json
new file mode 100644
index 00000000000..f850fc83419
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c4fe0a3c-5692-443c-a486-13a9c8e4c429.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ccbe94f9-47f9-414a-b4c2-f402feb7ab30",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c4fe0a3c-5692-443c-a486-13a9c8e4c429",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.915762Z",
+ "modified": "2024-11-15T00:38:52.915762Z",
+ "name": "CVE-2024-51658",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager allows Stored XSS.This issue affects WP Course Manager: from n/a through 1.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-51658"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c6b36d2f-1a2f-4104-be57-4fa7eb036c3f.json b/objects/vulnerability/vulnerability--c6b36d2f-1a2f-4104-be57-4fa7eb036c3f.json
new file mode 100644
index 00000000000..1654cd1f688
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c6b36d2f-1a2f-4104-be57-4fa7eb036c3f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--054bcba6-a3f6-4aa2-9cd7-bee3f1bdbec6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c6b36d2f-1a2f-4104-be57-4fa7eb036c3f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:55.266943Z",
+ "modified": "2024-11-15T00:38:55.266943Z",
+ "name": "CVE-2024-5918",
+ "description": "An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you \"Allow Authentication with User Credentials OR Client Certificate.\"",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-5918"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c7412866-d641-42b4-b085-999f29306683.json b/objects/vulnerability/vulnerability--c7412866-d641-42b4-b085-999f29306683.json
new file mode 100644
index 00000000000..de68db6d901
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c7412866-d641-42b4-b085-999f29306683.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4b6325a2-a3a5-4967-8daf-b14d42953a61",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c7412866-d641-42b4-b085-999f29306683",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.259551Z",
+ "modified": "2024-11-15T00:38:53.259551Z",
+ "name": "CVE-2024-9186",
+ "description": "The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9186"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ca689694-0456-401a-a8aa-46146811d30c.json b/objects/vulnerability/vulnerability--ca689694-0456-401a-a8aa-46146811d30c.json
new file mode 100644
index 00000000000..0839756aa07
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ca689694-0456-401a-a8aa-46146811d30c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--630a35be-efdd-4830-82e2-b2bdeba1e689",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ca689694-0456-401a-a8aa-46146811d30c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.15734Z",
+ "modified": "2024-11-15T00:38:53.15734Z",
+ "name": "CVE-2024-45254",
+ "description": "VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-45254"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ceb22baa-2085-4e30-b52e-9ab81ab69e44.json b/objects/vulnerability/vulnerability--ceb22baa-2085-4e30-b52e-9ab81ab69e44.json
new file mode 100644
index 00000000000..ecdf9385326
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ceb22baa-2085-4e30-b52e-9ab81ab69e44.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--61dd346d-6417-4adb-afe8-18ee765600e7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ceb22baa-2085-4e30-b52e-9ab81ab69e44",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.442678Z",
+ "modified": "2024-11-15T00:38:53.442678Z",
+ "name": "CVE-2024-50832",
+ "description": "A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50832"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--cf6b6785-b68e-46bb-a0e4-b0c069162cf3.json b/objects/vulnerability/vulnerability--cf6b6785-b68e-46bb-a0e4-b0c069162cf3.json
new file mode 100644
index 00000000000..4a377e34634
--- /dev/null
+++ b/objects/vulnerability/vulnerability--cf6b6785-b68e-46bb-a0e4-b0c069162cf3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--158f2442-cd08-4d8b-b40e-a2ee5a5449c9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--cf6b6785-b68e-46bb-a0e4-b0c069162cf3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.65692Z",
+ "modified": "2024-11-15T00:38:54.65692Z",
+ "name": "CVE-2024-2551",
+ "description": "A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-2551"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d1580d06-952a-4b69-b87d-35ff21f27e0b.json b/objects/vulnerability/vulnerability--d1580d06-952a-4b69-b87d-35ff21f27e0b.json
new file mode 100644
index 00000000000..741378dd204
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d1580d06-952a-4b69-b87d-35ff21f27e0b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b2ade5d7-3bd5-4fef-87cd-ca4560111dfe",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d1580d06-952a-4b69-b87d-35ff21f27e0b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.22556Z",
+ "modified": "2024-11-15T00:38:54.22556Z",
+ "name": "CVE-2024-41206",
+ "description": "A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-41206"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d2058969-54d4-4849-9b71-3f23efb6d79a.json b/objects/vulnerability/vulnerability--d2058969-54d4-4849-9b71-3f23efb6d79a.json
new file mode 100644
index 00000000000..c7045ca6d3f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d2058969-54d4-4849-9b71-3f23efb6d79a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a541d111-388c-4403-935f-9835d9e11b77",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d2058969-54d4-4849-9b71-3f23efb6d79a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.485827Z",
+ "modified": "2024-11-15T00:38:53.485827Z",
+ "name": "CVE-2024-50829",
+ "description": "A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50829"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d3352d79-489a-4be5-bd79-6c3bd6ab1c35.json b/objects/vulnerability/vulnerability--d3352d79-489a-4be5-bd79-6c3bd6ab1c35.json
new file mode 100644
index 00000000000..3743e44db4d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d3352d79-489a-4be5-bd79-6c3bd6ab1c35.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7e45c7fb-5f0d-4877-9ccf-77c1b670f428",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d3352d79-489a-4be5-bd79-6c3bd6ab1c35",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.038014Z",
+ "modified": "2024-11-15T00:38:53.038014Z",
+ "name": "CVE-2024-52371",
+ "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway.This issue affects Global Gateway e4 | Payeezy Gateway: from n/a through 2.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52371"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d4ab1f2f-3351-4881-b060-46b68988a290.json b/objects/vulnerability/vulnerability--d4ab1f2f-3351-4881-b060-46b68988a290.json
new file mode 100644
index 00000000000..ae1e83ad138
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d4ab1f2f-3351-4881-b060-46b68988a290.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dfb89840-2ff1-497c-82b5-06df21a59441",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d4ab1f2f-3351-4881-b060-46b68988a290",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.097007Z",
+ "modified": "2024-11-15T00:38:53.097007Z",
+ "name": "CVE-2024-52369",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access Inc. KBucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through 4.1.6.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52369"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d559507d-2af8-4f57-a095-f659205683cc.json b/objects/vulnerability/vulnerability--d559507d-2af8-4f57-a095-f659205683cc.json
new file mode 100644
index 00000000000..210ea063edc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d559507d-2af8-4f57-a095-f659205683cc.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--edb911dc-6cd6-47de-9b1b-1be295307429",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d559507d-2af8-4f57-a095-f659205683cc",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.552918Z",
+ "modified": "2024-11-15T00:38:54.552918Z",
+ "name": "CVE-2024-49778",
+ "description": "A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-49778"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d5612c74-e639-43b6-94f5-8b9552ad8df8.json b/objects/vulnerability/vulnerability--d5612c74-e639-43b6-94f5-8b9552ad8df8.json
new file mode 100644
index 00000000000..8071cd4468b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d5612c74-e639-43b6-94f5-8b9552ad8df8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fbf3a982-bd31-4f2c-94aa-6985bc05dad7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d5612c74-e639-43b6-94f5-8b9552ad8df8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.588175Z",
+ "modified": "2024-11-15T00:38:53.588175Z",
+ "name": "CVE-2024-7124",
+ "description": "Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7124"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d6b91f4b-c70c-444e-8a48-6744e6b09bac.json b/objects/vulnerability/vulnerability--d6b91f4b-c70c-444e-8a48-6744e6b09bac.json
new file mode 100644
index 00000000000..f3bdd1ae8b9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d6b91f4b-c70c-444e-8a48-6744e6b09bac.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dc16556d-f4b2-427e-9abc-a6bb53a8fef8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d6b91f4b-c70c-444e-8a48-6744e6b09bac",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.115Z",
+ "modified": "2024-11-15T00:38:53.115Z",
+ "name": "CVE-2024-52377",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through 1.5.4.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52377"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d9a3b02f-a872-4762-a400-b97862a96733.json b/objects/vulnerability/vulnerability--d9a3b02f-a872-4762-a400-b97862a96733.json
new file mode 100644
index 00000000000..6b0b0b2e707
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d9a3b02f-a872-4762-a400-b97862a96733.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--09404eed-6b0b-4aff-bb81-efb998890c09",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d9a3b02f-a872-4762-a400-b97862a96733",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.847544Z",
+ "modified": "2024-11-15T00:38:53.847544Z",
+ "name": "CVE-2024-3379",
+ "description": "In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-3379"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--db1e1197-98c7-4847-acb8-62d1b5bece60.json b/objects/vulnerability/vulnerability--db1e1197-98c7-4847-acb8-62d1b5bece60.json
new file mode 100644
index 00000000000..a26fddd3221
--- /dev/null
+++ b/objects/vulnerability/vulnerability--db1e1197-98c7-4847-acb8-62d1b5bece60.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b9afc44f-c631-4535-8215-834fc48dc35a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--db1e1197-98c7-4847-acb8-62d1b5bece60",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.072296Z",
+ "modified": "2024-11-15T00:38:53.072296Z",
+ "name": "CVE-2024-52379",
+ "description": "Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through 2.0.8.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52379"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--db4356bd-c54f-4c8d-b810-b48950403fa3.json b/objects/vulnerability/vulnerability--db4356bd-c54f-4c8d-b810-b48950403fa3.json
new file mode 100644
index 00000000000..639c04321f0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--db4356bd-c54f-4c8d-b810-b48950403fa3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f4ec939a-b79f-4775-82fd-849158028875",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--db4356bd-c54f-4c8d-b810-b48950403fa3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.203352Z",
+ "modified": "2024-11-15T00:38:53.203352Z",
+ "name": "CVE-2024-10976",
+ "description": "Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10976"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--dd0d4468-1155-4982-92ed-a563a45cdd9b.json b/objects/vulnerability/vulnerability--dd0d4468-1155-4982-92ed-a563a45cdd9b.json
new file mode 100644
index 00000000000..05ee87f02da
--- /dev/null
+++ b/objects/vulnerability/vulnerability--dd0d4468-1155-4982-92ed-a563a45cdd9b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8b99c665-5a00-469d-b1af-6a4394b1d455",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--dd0d4468-1155-4982-92ed-a563a45cdd9b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.650067Z",
+ "modified": "2024-11-15T00:38:54.650067Z",
+ "name": "CVE-2024-2552",
+ "description": "A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-2552"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e10e34d4-f95f-449e-937d-0ca1e2641b76.json b/objects/vulnerability/vulnerability--e10e34d4-f95f-449e-937d-0ca1e2641b76.json
new file mode 100644
index 00000000000..718e5f99525
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e10e34d4-f95f-449e-937d-0ca1e2641b76.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4b46b078-8277-4f7a-a5f3-7fd81a78f1a9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e10e34d4-f95f-449e-937d-0ca1e2641b76",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.899359Z",
+ "modified": "2024-11-15T00:38:52.899359Z",
+ "name": "CVE-2024-51156",
+ "description": "07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-51156"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e191f933-dd78-46ec-862b-7499990d034b.json b/objects/vulnerability/vulnerability--e191f933-dd78-46ec-862b-7499990d034b.json
new file mode 100644
index 00000000000..4fab101ca14
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e191f933-dd78-46ec-862b-7499990d034b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--220afb53-6354-46b6-ac6d-599c152d554b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e191f933-dd78-46ec-862b-7499990d034b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.22683Z",
+ "modified": "2024-11-15T00:38:53.22683Z",
+ "name": "CVE-2024-10978",
+ "description": "Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10978"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e46b18ef-abf6-4315-a97b-239009f34cf4.json b/objects/vulnerability/vulnerability--e46b18ef-abf6-4315-a97b-239009f34cf4.json
new file mode 100644
index 00000000000..25d8fdc9051
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e46b18ef-abf6-4315-a97b-239009f34cf4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0615d24d-5c48-48cc-91e5-57fea9c9d885",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e46b18ef-abf6-4315-a97b-239009f34cf4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.107424Z",
+ "modified": "2024-11-15T00:38:53.107424Z",
+ "name": "CVE-2024-52382",
+ "description": "Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52382"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ea45e64b-8e6c-4fc5-a43b-1ac2f41009df.json b/objects/vulnerability/vulnerability--ea45e64b-8e6c-4fc5-a43b-1ac2f41009df.json
new file mode 100644
index 00000000000..2ac71337831
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ea45e64b-8e6c-4fc5-a43b-1ac2f41009df.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--75d7d8e2-15e2-42d0-bb5a-dfcbe7e038f9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ea45e64b-8e6c-4fc5-a43b-1ac2f41009df",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.445414Z",
+ "modified": "2024-11-15T00:38:53.445414Z",
+ "name": "CVE-2024-50834",
+ "description": "A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50834"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ef9c8aa2-230b-4274-af58-1d7f1059036a.json b/objects/vulnerability/vulnerability--ef9c8aa2-230b-4274-af58-1d7f1059036a.json
new file mode 100644
index 00000000000..efd0675aa31
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ef9c8aa2-230b-4274-af58-1d7f1059036a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9a630c29-dd89-45c9-b7dd-96a0a7264c36",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ef9c8aa2-230b-4274-af58-1d7f1059036a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.079452Z",
+ "modified": "2024-11-15T00:38:53.079452Z",
+ "name": "CVE-2024-52505",
+ "description": "matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52505"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--eff327d6-1bea-476f-859a-1024503bf329.json b/objects/vulnerability/vulnerability--eff327d6-1bea-476f-859a-1024503bf329.json
new file mode 100644
index 00000000000..46e7307af1c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--eff327d6-1bea-476f-859a-1024503bf329.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7d4118bc-fbb6-4c63-9f98-5a5744e33785",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--eff327d6-1bea-476f-859a-1024503bf329",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:54.673121Z",
+ "modified": "2024-11-15T00:38:54.673121Z",
+ "name": "CVE-2024-2550",
+ "description": "A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-2550"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f0d16e98-bc7a-450f-9007-d18ba3bf3c64.json b/objects/vulnerability/vulnerability--f0d16e98-bc7a-450f-9007-d18ba3bf3c64.json
new file mode 100644
index 00000000000..3a70b158cbd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f0d16e98-bc7a-450f-9007-d18ba3bf3c64.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--21e1cc3b-602b-4261-80cf-9efafa091790",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f0d16e98-bc7a-450f-9007-d18ba3bf3c64",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:52.943335Z",
+ "modified": "2024-11-15T00:38:52.943335Z",
+ "name": "CVE-2024-48967",
+ "description": "The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48967"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f520ce49-228e-4312-b8dc-cc614374ac3c.json b/objects/vulnerability/vulnerability--f520ce49-228e-4312-b8dc-cc614374ac3c.json
new file mode 100644
index 00000000000..62c48b98ce2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f520ce49-228e-4312-b8dc-cc614374ac3c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--fcf9fd81-d271-4746-93fb-c7787243f0c6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f520ce49-228e-4312-b8dc-cc614374ac3c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.686591Z",
+ "modified": "2024-11-15T00:38:53.686591Z",
+ "name": "CVE-2024-11210",
+ "description": "A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11210"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f750c514-7443-4b42-b462-03802520ec95.json b/objects/vulnerability/vulnerability--f750c514-7443-4b42-b462-03802520ec95.json
new file mode 100644
index 00000000000..11a7ae3bd51
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f750c514-7443-4b42-b462-03802520ec95.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--aa9cfc89-bc61-4cc2-9897-a29a269c0602",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f750c514-7443-4b42-b462-03802520ec95",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.454046Z",
+ "modified": "2024-11-15T00:38:53.454046Z",
+ "name": "CVE-2024-50841",
+ "description": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-50841"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f9cc7ec3-6d0c-4750-b85f-050a675b4da3.json b/objects/vulnerability/vulnerability--f9cc7ec3-6d0c-4750-b85f-050a675b4da3.json
new file mode 100644
index 00000000000..282c0436c7c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f9cc7ec3-6d0c-4750-b85f-050a675b4da3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--004052db-dd5c-4dcd-8b1b-6a55fc5f773c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f9cc7ec3-6d0c-4750-b85f-050a675b4da3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2024-11-15T00:38:53.685156Z",
+ "modified": "2024-11-15T00:38:53.685156Z",
+ "name": "CVE-2024-11213",
+ "description": "A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-11213"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file