diff --git a/2006/CVE-2006-3392.md b/2006/CVE-2006-3392.md
index aea10e0ef4..3ebd29d24b 100644
--- a/2006/CVE-2006-3392.md
+++ b/2006/CVE-2006-3392.md
@@ -28,6 +28,7 @@ No PoCs from references.
 - https://github.com/YgorAlberto/ygoralberto.github.io
 - https://github.com/capturePointer/libxploit
 - https://github.com/dcppkieffjlpodter/libxploit
+- https://github.com/elstr-512/PentestPwnOs
 - https://github.com/g1vi/CVE-2006-3392
 - https://github.com/gb21oc/ExploitWebmin
 - https://github.com/htrgouvea/spellbook
diff --git a/2010/CVE-2010-4301.md b/2010/CVE-2010-4301.md
new file mode 100644
index 0000000000..6c855fe7a3
--- /dev/null
+++ b/2010/CVE-2010-4301.md
@@ -0,0 +1,17 @@
+### [CVE-2010-4301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4301)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
+
+### POC
+
+#### Reference
+- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14713
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2014/CVE-2014-4271.md b/2014/CVE-2014-4271.md
index eafbe280cf..07f8a13608 100644
--- a/2014/CVE-2014-4271.md
+++ b/2014/CVE-2014-4271.md
@@ -13,6 +13,7 @@ Unspecified vulnerability in the Hyperion Essbase component in Oracle Hyperion 1
 - http://seclists.org/fulldisclosure/2014/Dec/23
 - http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
 - http://www.vmware.com/security/advisories/VMSA-2014-0012.html
+- https://exchange.xforce.ibmcloud.com/vulnerabilities/94562
 
 #### Github
 No PoCs found on GitHub currently.
diff --git a/2016/CVE-2016-0099.md b/2016/CVE-2016-0099.md
index 78b1a91d1d..c99a773470 100644
--- a/2016/CVE-2016-0099.md
+++ b/2016/CVE-2016-0099.md
@@ -19,9 +19,12 @@ The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Al1ex/WindowsElevation
 - https://github.com/Ascotbe/Kernelhub
+- https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/CVEDB/top
 - https://github.com/NetW0rK1le3r/awesome-hacking-lists
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/fei9747/WindowsElevation
+- https://github.com/hktalent/TOP
 - https://github.com/jenriquezv/OSCP-Cheat-Sheets-Windows
 - https://github.com/lyshark/Windows-exploits
 - https://github.com/readloud/Awesome-Stars
diff --git a/2016/CVE-2016-5696.md b/2016/CVE-2016-5696.md
index 78185b4691..870b42072e 100644
--- a/2016/CVE-2016-5696.md
+++ b/2016/CVE-2016-5696.md
@@ -16,10 +16,13 @@ net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/CVEDB/top
 - https://github.com/Gnoxter/mountain_goat
 - https://github.com/ambynotcoder/C-libraries
 - https://github.com/bplinux/chackd
 - https://github.com/eagleusb/awesome-repositories
+- https://github.com/hktalent/TOP
 - https://github.com/jduck/challack
 - https://github.com/unkaktus/grill
 - https://github.com/violentshell/rover
diff --git a/2017/CVE-2017-20152.md b/2017/CVE-2017-20152.md
index 58ac2dfe5a..f6789d1735 100644
--- a/2017/CVE-2017-20152.md
+++ b/2017/CVE-2017-20152.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056.
+A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056.
 
 ### POC
 
diff --git a/2017/CVE-2017-20153.md b/2017/CVE-2017-20153.md
index 760224a17c..3fee96db78 100644
--- a/2017/CVE-2017-20153.md
+++ b/2017/CVE-2017-20153.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.
+A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2017/CVE-2017-20155.md b/2017/CVE-2017-20155.md
index fa033a0567..4b34c6b369 100644
--- a/2017/CVE-2017-20155.md
+++ b/2017/CVE-2017-20155.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal Search. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 855d9560d3782c105568eedf9b22a769fbf29cc0. It is recommended to upgrade the affected component. The identifier VDB-217069 was assigned to this vulnerability.
+A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal Search. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.6 is able to address this issue. The identifier of the patch is 855d9560d3782c105568eedf9b22a769fbf29cc0. It is recommended to upgrade the affected component. The identifier VDB-217069 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2017/CVE-2017-20156.md b/2017/CVE-2017-20156.md
index 6e7cc8d71f..5cd9be372f 100644
--- a/2017/CVE-2017-20156.md
+++ b/2017/CVE-2017-20156.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The name of the patch is 5f8c715d6e2cc000f621a6833f0a86a673462136. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217139.
+A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The patch is named 5f8c715d6e2cc000f621a6833f0a86a673462136. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217139.
 
 ### POC
 
diff --git a/2017/CVE-2017-20158.md b/2017/CVE-2017-20158.md
index 4d5ee1fdda..2b611550a0 100644
--- a/2017/CVE-2017-20158.md
+++ b/2017/CVE-2017-20158.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The name of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
+** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The identifier of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
 
 ### POC
 
diff --git a/2017/CVE-2017-20159.md b/2017/CVE-2017-20159.md
index b9cfdaa26a..39509f69ea 100644
--- a/2017/CVE-2017-20159.md
+++ b/2017/CVE-2017-20159.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in rf Keynote up to 0.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability.
+A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability.
 
 ### POC
 
diff --git a/2017/CVE-2017-20162.md b/2017/CVE-2017-20162.md
index ddf4b8e882..d64da04b0f 100644
--- a/2017/CVE-2017-20162.md
+++ b/2017/CVE-2017-20162.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.
+A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.
 
 ### POC
 
diff --git a/2018/CVE-2018-17182.md b/2018/CVE-2018-17182.md
index 9b7f26fb13..c09cc0063b 100644
--- a/2018/CVE-2018-17182.md
+++ b/2018/CVE-2018-17182.md
@@ -20,6 +20,8 @@ An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_a
 - https://github.com/Al1ex/LinuxEelvation
 - https://github.com/Al1ex/Red-Team
 - https://github.com/Apri1y/Red-Team-links
+- https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/CVEDB/top
 - https://github.com/Echocipher/Resource-list
 - https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation
 - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
diff --git a/2019/CVE-2019-0192.md b/2019/CVE-2019-0192.md
index 0e38dea002..88a2b04fd8 100644
--- a/2019/CVE-2019-0192.md
+++ b/2019/CVE-2019-0192.md
@@ -17,6 +17,8 @@ In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows
 - https://github.com/20142995/pocsuite3
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Awrrays/FrameVul
+- https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/CVEDB/top
 - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
 - https://github.com/Imanfeng/Apache-Solr-RCE
 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs
diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md
index d51822c03e..acc2fffef3 100644
--- a/2019/CVE-2019-11358.md
+++ b/2019/CVE-2019-11358.md
@@ -3270,6 +3270,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/the-winsor-school/Wildbots-2020-2021
 - https://github.com/the-winsor-school/Wildbots-2021-2022
 - https://github.com/the-winsor-school/wildbots_13620_2024
+- https://github.com/the-winsor-school/wirecats_20409_2024
 - https://github.com/theSentinelsFTC/sentinels-teamcode
 - https://github.com/theawesomew/RefactoredFtcRobotController
 - https://github.com/thecatinthehatcomesback/CenterStage2023
diff --git a/2019/CVE-2019-11783.md b/2019/CVE-2019-11783.md
new file mode 100644
index 0000000000..cb6bb1e69f
--- /dev/null
+++ b/2019/CVE-2019-11783.md
@@ -0,0 +1,18 @@
+### [CVE-2019-11783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11783)
+![](https://img.shields.io/static/v1?label=Product&message=Odoo%20Community&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Odoo%20Enterprise&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%2014.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)
+
+### Description
+
+Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/RNPG/CVEs
+
diff --git a/2019/CVE-2019-25070.md b/2019/CVE-2019-25070.md
index c09b4afd8c..3ce1495963 100644
--- a/2019/CVE-2019-25070.md
+++ b/2019/CVE-2019-25070.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-135125 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
+** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-135125 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
 
 ### POC
 
diff --git a/2020/CVE-2020-15368.md b/2020/CVE-2020-15368.md
index 15c5bd38e9..0c51e01a93 100644
--- a/2020/CVE-2020-15368.md
+++ b/2020/CVE-2020-15368.md
@@ -14,11 +14,14 @@ AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from us
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/CVEDB/top
 - https://github.com/ExpLife0011/awesome-windows-kernel-security-development
 - https://github.com/anquanscan/sec-tools
 - https://github.com/hfiref0x/KDU
 - https://github.com/hiyorijl/all-my-fave-repo-stars
 - https://github.com/hiyorijl/all-my-repo-stars
+- https://github.com/hktalent/TOP
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/sl4v3k/KDU
 - https://github.com/soosmile/POC
diff --git a/2020/CVE-2020-36637.md b/2020/CVE-2020-36637.md
index 746ff5ebc3..b93985c9a6 100644
--- a/2020/CVE-2020-36637.md
+++ b/2020/CVE-2020-36637.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
+** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
 
 ### POC
 
diff --git a/2020/CVE-2020-36638.md b/2020/CVE-2020-36638.md
index f8d3f97cd9..dad9ccb083 100644
--- a/2020/CVE-2020-36638.md
+++ b/2020/CVE-2020-36638.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
+** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The patch is named 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
 
 ### POC
 
diff --git a/2020/CVE-2020-36639.md b/2020/CVE-2020-36639.md
index 48b0be47be..26c4f90cc0 100644
--- a/2020/CVE-2020-36639.md
+++ b/2020/CVE-2020-36639.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability has been found in AlliedModders AMX Mod X and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The name of the patch is a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability.
+A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability.
 
 ### POC
 
diff --git a/2020/CVE-2020-36640.md b/2020/CVE-2020-36640.md
index 343d4c956b..2ac2b25369 100644
--- a/2020/CVE-2020-36640.md
+++ b/2020/CVE-2020-36640.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443.
+A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The patch is named a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443.
 
 ### POC
 
diff --git a/2020/CVE-2020-36641.md b/2020/CVE-2020-36641.md
index d24c79757f..f77c062959 100644
--- a/2020/CVE-2020-36641.md
+++ b/2020/CVE-2020-36641.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.12.1 is able to address this issue. The name of the patch is ad6615b3ec41353e614f6ea5fdd5b046442a832b. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability.
+A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.12.1 is able to address this issue. The patch is identified as ad6615b3ec41353e614f6ea5fdd5b046442a832b. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability.
 
 ### POC
 
diff --git a/2020/CVE-2020-36642.md b/2020/CVE-2020-36642.md
index 9ee30ce090..3cab88b59e 100644
--- a/2020/CVE-2020-36642.md
+++ b/2020/CVE-2020-36642.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.
+A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The identifier of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2020/CVE-2020-36644.md b/2020/CVE-2020-36644.md
index cdcb29eb08..6c7b0a4ce1 100644
--- a/2020/CVE-2020-36644.md
+++ b/2020/CVE-2020-36644.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.7.2 is able to address this issue. The name of the patch is f5363b351508486021f99e083c92068cf2943621. It is recommended to upgrade the affected component. The identifier VDB-217597 was assigned to this vulnerability.
+A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.7.2 is able to address this issue. The identifier of the patch is f5363b351508486021f99e083c92068cf2943621. It is recommended to upgrade the affected component. The identifier VDB-217597 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2020/CVE-2020-36645.md b/2020/CVE-2020-36645.md
index bbcb6e4e40..adab831add 100644
--- a/2020/CVE-2020-36645.md
+++ b/2020/CVE-2020-36645.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The name of the patch is f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623.
+A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The patch is named f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623.
 
 ### POC
 
diff --git a/2020/CVE-2020-36646.md b/2020/CVE-2020-36646.md
index d414faec5b..fece31babd 100644
--- a/2020/CVE-2020-36646.md
+++ b/2020/CVE-2020-36646.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.
+A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The identifier of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2020/CVE-2020-36647.md b/2020/CVE-2020-36647.md
index 2f29b3a690..eda3f5f5a9 100644
--- a/2020/CVE-2020-36647.md
+++ b/2020/CVE-2020-36647.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The name of the patch is f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability.
+A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The patch is identified as f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability.
 
 ### POC
 
diff --git a/2020/CVE-2020-36648.md b/2020/CVE-2020-36648.md
index ab22a8caa9..c8bd3b3c62 100644
--- a/2020/CVE-2020-36648.md
+++ b/2020/CVE-2020-36648.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The name of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability.
+A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The identifier of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2020/CVE-2020-36650.md b/2020/CVE-2020-36650.md
index edaea09afa..118dbfe4d5 100644
--- a/2020/CVE-2020-36650.md
+++ b/2020/CVE-2020-36650.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch is 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.
+A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The patch is named 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.
 
 ### POC
 
diff --git a/2020/CVE-2020-36651.md b/2020/CVE-2020-36651.md
index 4386bafca3..effafbe235 100644
--- a/2020/CVE-2020-36651.md
+++ b/2020/CVE-2020-36651.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The name of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability.
+A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The identifier of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2020/CVE-2020-36653.md b/2020/CVE-2020-36653.md
index da08bf2760..39af352ceb 100644
--- a/2020/CVE-2020-36653.md
+++ b/2020/CVE-2020-36653.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The name of the patch is c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability.
+A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The patch is identified as c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability.
 
 ### POC
 
diff --git a/2020/CVE-2020-36654.md b/2020/CVE-2020-36654.md
index 4fdb1297bb..430d602a72 100644
--- a/2020/CVE-2020-36654.md
+++ b/2020/CVE-2020-36654.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475.
+A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475.
 
 ### POC
 
diff --git a/2020/CVE-2020-36660.md b/2020/CVE-2020-36660.md
index ee6225d8df..08875e31b9 100644
--- a/2020/CVE-2020-36660.md
+++ b/2020/CVE-2020-36660.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.
+A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The patch is named 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.
 
 ### POC
 
diff --git a/2021/CVE-2021-4307.md b/2021/CVE-2021-4307.md
index 5bb4e9212b..9113b48b1f 100644
--- a/2021/CVE-2021-4307.md
+++ b/2021/CVE-2021-4307.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.
+A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.
 
 ### POC
 
diff --git a/2022/CVE-2022-0750.md b/2022/CVE-2022-0750.md
index 7350057dd2..4f41236d00 100644
--- a/2022/CVE-2022-0750.md
+++ b/2022/CVE-2022-0750.md
@@ -1,11 +1,11 @@
 ### [CVE-2022-0750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0750)
 ![](https://img.shields.io/static/v1?label=Product&message=Photoswipe%20Masonry%20Gallery&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=1.2.14%3C%3D%201.2.14%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.2.14%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 
 ### Description
 
-The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14.
+The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters  found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14.
 
 ### POC
 
diff --git a/2022/CVE-2022-0840.md b/2022/CVE-2022-0840.md
new file mode 100644
index 0000000000..15880bdda2
--- /dev/null
+++ b/2022/CVE-2022-0840.md
@@ -0,0 +1,17 @@
+### [CVE-2022-0840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0840)
+![](https://img.shields.io/static/v1?label=Product&message=Easy%20Social%20Icons&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=3.2.1%3C%203.2.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/9da884a9-b4dd-4de0-9afa-722f772cf2df
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-1442.md b/2022/CVE-2022-1442.md
index 14430143e4..871fbf057a 100644
--- a/2022/CVE-2022-1442.md
+++ b/2022/CVE-2022-1442.md
@@ -1,6 +1,6 @@
 ### [CVE-2022-1442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1442)
-![](https://img.shields.io/static/v1?label=Product&message=Metform%20Elementor%20Contact%20Form%20Builder%20&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=2.1.3%3C%3D%202.1.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Product&message=Metform%20Elementor%20Contact%20Form%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.1.3%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
 
 ### Description
diff --git a/2022/CVE-2022-1565.md b/2022/CVE-2022-1565.md
index 24d92cdd56..68952a8e8e 100644
--- a/2022/CVE-2022-1565.md
+++ b/2022/CVE-2022-1565.md
@@ -1,6 +1,6 @@
 ### [CVE-2022-1565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1565)
 ![](https://img.shields.io/static/v1?label=Product&message=Import%20any%20XML%20or%20CSV%20File%20to%20WordPress&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=3.6.7%3C%3D%203.6.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6.7%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)
 
 ### Description
diff --git a/2022/CVE-2022-1961.md b/2022/CVE-2022-1961.md
index df160e5762..50d789d96e 100644
--- a/2022/CVE-2022-1961.md
+++ b/2022/CVE-2022-1961.md
@@ -1,7 +1,7 @@
 ### [CVE-2022-1961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1961)
-![](https://img.shields.io/static/v1?label=Product&message=Google%20Tag%20Manager%20for%20WordPress%20(GTM4WP)%20&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=1.15.1%3C%3D%201.15.1%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Product&message=GTM4WP&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.15.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 
 ### Description
 
diff --git a/2022/CVE-2022-20699.md b/2022/CVE-2022-20699.md
index d41b399af2..61d11d4304 100644
--- a/2022/CVE-2022-20699.md
+++ b/2022/CVE-2022-20699.md
@@ -16,6 +16,8 @@ Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Audiobahn/CVE-2022-20699
+- https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/CVEDB/top
 - https://github.com/JERRY123S/all-poc
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/WhooAmii/POC_to_review
diff --git a/2022/CVE-2022-2461.md b/2022/CVE-2022-2461.md
index ee11361219..2d90ced3e5 100644
--- a/2022/CVE-2022-2461.md
+++ b/2022/CVE-2022-2461.md
@@ -1,7 +1,7 @@
 ### [CVE-2022-2461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2461)
 ![](https://img.shields.io/static/v1?label=Product&message=Transposh%20WordPress%20Translation&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=1.0.8.1%3C%3D%201.0.8.1%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0.8.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen)
 
 ### Description
 
diff --git a/2022/CVE-2022-2473.md b/2022/CVE-2022-2473.md
index f1e0d8c41f..0aa1af9e00 100644
--- a/2022/CVE-2022-2473.md
+++ b/2022/CVE-2022-2473.md
@@ -1,7 +1,7 @@
 ### [CVE-2022-2473](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2473)
 ![](https://img.shields.io/static/v1?label=Product&message=WP-UserOnline&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=2.87.6%3C%3D%202.87.6%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.87.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 
 ### Description
 
@@ -11,6 +11,8 @@ The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Script
 
 #### Reference
 - https://packetstormsecurity.com/files/167864/wpuseronline2876-xss.txt
+- https://www.exploit-db.com/exploits/50988
+- https://youtu.be/Q3zInrUnAV0
 
 #### Github
 No PoCs found on GitHub currently.
diff --git a/2022/CVE-2022-2515.md b/2022/CVE-2022-2515.md
index c91a8652a7..7338a0462b 100644
--- a/2022/CVE-2022-2515.md
+++ b/2022/CVE-2022-2515.md
@@ -1,7 +1,7 @@
 ### [CVE-2022-2515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2515)
-![](https://img.shields.io/static/v1?label=Product&message=Simple%20Banner&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=2.11.0%3C%3D%202.11.0%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Product&message=Simple%20Banner%20%E2%80%93%20An%20easy%20to%20use%20Banner%2FBar%2FNotification%2FAnnouncement%20for%20the%20top%20or%20bottom%20of%20your%20website&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.11.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 
 ### Description
 
diff --git a/2022/CVE-2022-2941.md b/2022/CVE-2022-2941.md
index a789902a20..5c1e5bd23f 100644
--- a/2022/CVE-2022-2941.md
+++ b/2022/CVE-2022-2941.md
@@ -1,7 +1,7 @@
 ### [CVE-2022-2941](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2941)
 ![](https://img.shields.io/static/v1?label=Product&message=WP-UserOnline&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=2.88.0%3C%3D%202.88.0%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.88.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
 
 ### Description
 
@@ -11,6 +11,7 @@ The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting
 
 #### Reference
 - http://packetstormsecurity.com/files/168479/WordPress-WP-UserOnline-2.88.0-Cross-Site-Scripting.html
+- https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
diff --git a/2022/CVE-2022-2943.md b/2022/CVE-2022-2943.md
index 32ddd3e243..085ffff723 100644
--- a/2022/CVE-2022-2943.md
+++ b/2022/CVE-2022-2943.md
@@ -1,7 +1,7 @@
 ### [CVE-2022-2943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2943)
-![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Infinite%20Scroll%20%E2%80%93%20Ajax%20Load%20More%20&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=5.5.3%3C%3D%205.5.3%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%20External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Infinite%20Scroll%20%E2%80%93%20Ajax%20Load%20More&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.5.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen)
 
 ### Description
 
diff --git a/2022/CVE-2022-30075.md b/2022/CVE-2022-30075.md
index 217811279f..5b599192a5 100644
--- a/2022/CVE-2022-30075.md
+++ b/2022/CVE-2022-30075.md
@@ -17,6 +17,8 @@ In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup f
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/CVEDB/top
 - https://github.com/H4lo/awesome-IoT-security-article
 - https://github.com/JERRY123S/all-poc
 - https://github.com/M4fiaB0y/CVE-2022-30075
diff --git a/2022/CVE-2022-40982.md b/2022/CVE-2022-40982.md
index d50cc25857..41c06dee71 100644
--- a/2022/CVE-2022-40982.md
+++ b/2022/CVE-2022-40982.md
@@ -14,6 +14,7 @@ Information exposure through microarchitectural state after transient execution
 - https://downfall.page
 
 #### Github
+- https://github.com/EGI-Federation/SVG-advisories
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/speed47/spectre-meltdown-checker
 
diff --git a/2023/CVE-2023-0549.md b/2023/CVE-2023-0549.md
index 8a9c8091d3..4069bead72 100644
--- a/2023/CVE-2023-0549.md
+++ b/2023/CVE-2023-0549.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The name of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.
+A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2023/CVE-2023-0641.md b/2023/CVE-2023-0641.md
index 11348623c6..12703a7037 100644
--- a/2023/CVE-2023-0641.md
+++ b/2023/CVE-2023-0641.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.
+A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2023/CVE-2023-0650.md b/2023/CVE-2023-0650.md
index fd0df17279..a9259fc175 100644
--- a/2023/CVE-2023-0650.md
+++ b/2023/CVE-2023-0650.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability.
+A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The identifier of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2023/CVE-2023-0673.md b/2023/CVE-2023-0673.md
index 8b0d5e4030..bc0053f9c1 100644
--- a/2023/CVE-2023-0673.md
+++ b/2023/CVE-2023-0673.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195.
+A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The associated identifier of this vulnerability is VDB-220195.
 
 ### POC
 
diff --git a/2023/CVE-2023-0679.md b/2023/CVE-2023-0679.md
index 65c94aad84..3ae70e94d6 100644
--- a/2023/CVE-2023-0679.md
+++ b/2023/CVE-2023-0679.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220.
+A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220.
 
 ### POC
 
diff --git a/2023/CVE-2023-0903.md b/2023/CVE-2023-0903.md
index 28a162a532..57938819b0 100644
--- a/2023/CVE-2023-0903.md
+++ b/2023/CVE-2023-0903.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.
+A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.
 
 ### POC
 
diff --git a/2023/CVE-2023-0964.md b/2023/CVE-2023-0964.md
index abac09e611..9f9aae30c8 100644
--- a/2023/CVE-2023-0964.md
+++ b/2023/CVE-2023-0964.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability.
+A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. VDB-221634 is the identifier assigned to this vulnerability.
 
 ### POC
 
diff --git a/2023/CVE-2023-1003.md b/2023/CVE-2023-1003.md
index 597109d18d..f002289de1 100644
--- a/2023/CVE-2023-1003.md
+++ b/2023/CVE-2023-1003.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736.
+A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736.
 
 ### POC
 
diff --git a/2023/CVE-2023-1004.md b/2023/CVE-2023-1004.md
index 5ec77d9127..8f100d1b17 100644
--- a/2023/CVE-2023-1004.md
+++ b/2023/CVE-2023-1004.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.
+A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.
 
 ### POC
 
diff --git a/2023/CVE-2023-1112.md b/2023/CVE-2023-1112.md
index 05ef331a35..06b43160a1 100644
--- a/2023/CVE-2023-1112.md
+++ b/2023/CVE-2023-1112.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222072.
+A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222072.
 
 ### POC
 
diff --git a/2023/CVE-2023-1164.md b/2023/CVE-2023-1164.md
index af875ac01a..f43493264f 100644
--- a/2023/CVE-2023-1164.md
+++ b/2023/CVE-2023-1164.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability was found in KylinSoft kylin-activation and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260.
+A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260.
 
 ### POC
 
diff --git a/2023/CVE-2023-1277.md b/2023/CVE-2023-1277.md
index 8c8c7b8cc7..987c151852 100644
--- a/2023/CVE-2023-1277.md
+++ b/2023/CVE-2023-1277.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600.
+A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600.
 
 ### POC
 
diff --git a/2023/CVE-2023-1455.md b/2023/CVE-2023-1455.md
index 3f8a90b4ff..371f44d423 100644
--- a/2023/CVE-2023-1455.md
+++ b/2023/CVE-2023-1455.md
@@ -5,7 +5,7 @@
 
 ### Description
 
-A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223300.
+A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223300.
 
 ### POC
 
diff --git a/2023/CVE-2023-22515.md b/2023/CVE-2023-22515.md
index ba25ee1735..b87311fa47 100644
--- a/2023/CVE-2023-22515.md
+++ b/2023/CVE-2023-22515.md
@@ -6,7 +6,7 @@
 
 ### Description
 
-Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE.
+Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. 

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. 
 
 ### POC
 
diff --git a/2023/CVE-2023-25741.md b/2023/CVE-2023-25741.md
index 3d2138e95e..81be56569c 100644
--- a/2023/CVE-2023-25741.md
+++ b/2023/CVE-2023-25741.md
@@ -10,7 +10,7 @@ When dragging and dropping an image cross-origin, the image's size could potenti
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1813376
 
 #### Github
 - https://github.com/dlehgus1023/dlehgus1023
diff --git a/2023/CVE-2023-25749.md b/2023/CVE-2023-25749.md
new file mode 100644
index 0000000000..46edfcf9b2
--- /dev/null
+++ b/2023/CVE-2023-25749.md
@@ -0,0 +1,17 @@
+### [CVE-2023-25749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25749)
+![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%20111%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Firefox%20for%20Android%20may%20have%20opened%20third-party%20apps%20without%20a%20prompt&color=brighgreen)
+
+### Description
+
+Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. <br>*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111.
+
+### POC
+
+#### Reference
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1810705
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-32205.md b/2023/CVE-2023-32205.md
index 63b6abb0cd..1b9a55f8fe 100644
--- a/2023/CVE-2023-32205.md
+++ b/2023/CVE-2023-32205.md
@@ -13,6 +13,7 @@ In multiple cases browser prompts could have been obscured by popups controlled
 ### POC
 
 #### Reference
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1753339
 - https://bugzilla.mozilla.org/show_bug.cgi?id=1753341
 
 #### Github
diff --git a/2023/CVE-2023-33466.md b/2023/CVE-2023-33466.md
new file mode 100644
index 0000000000..5daef510fc
--- /dev/null
+++ b/2023/CVE-2023-33466.md
@@ -0,0 +1,17 @@
+### [CVE-2023-33466](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33466)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ShielderSec/poc
+
diff --git a/2023/CVE-2023-34050.md b/2023/CVE-2023-34050.md
new file mode 100644
index 0000000000..35d241f045
--- /dev/null
+++ b/2023/CVE-2023-34050.md
@@ -0,0 +1,17 @@
+### [CVE-2023-34050](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34050)
+![](https://img.shields.io/static/v1?label=Product&message=Spring%20AMQP&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%202.4.17%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In spring AMQP versions 1.0.0 to2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable classnames were added to Spring AMQP, allowing users to lock down deserialization ofdata in messages from untrusted sources; however by default, when no allowedlist was provided, all classes could be deserialized.Specifically, an application isvulnerable if   *  the     SimpleMessageConverter or SerializerMessageConverter is used   *  the user     does not configure allowed list patterns   *  untrusted     message originators gain permissions to write messages to the RabbitMQ     broker to send malicious content
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+
diff --git a/2023/CVE-2023-36414.md b/2023/CVE-2023-36414.md
new file mode 100644
index 0000000000..bbc8bec62e
--- /dev/null
+++ b/2023/CVE-2023-36414.md
@@ -0,0 +1,17 @@
+### [CVE-2023-36414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36414)
+![](https://img.shields.io/static/v1?label=Product&message=Azure%20Identity%20SDK%20for%20.NET&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%201.10.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen)
+
+### Description
+
+Azure Identity SDK Remote Code Execution Vulnerability
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/sergeig888/csharp-wscapacitymover-PBI
+
diff --git a/2023/CVE-2023-38128.md b/2023/CVE-2023-38128.md
index 08f036b1ad..2affc2acf3 100644
--- a/2023/CVE-2023-38128.md
+++ b/2023/CVE-2023-38128.md
@@ -11,6 +11,7 @@ An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parse
 
 #### Reference
 - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809
+- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809
 
 #### Github
 No PoCs found on GitHub currently.
diff --git a/2023/CVE-2023-38191.md b/2023/CVE-2023-38191.md
new file mode 100644
index 0000000000..8c9d106f0c
--- /dev/null
+++ b/2023/CVE-2023-38191.md
@@ -0,0 +1,17 @@
+### [CVE-2023-38191](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38191)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename.
+
+### POC
+
+#### Reference
+- https://herolab.usd.de/security-advisories/usd-2023-0012/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-38192.md b/2023/CVE-2023-38192.md
new file mode 100644
index 0000000000..7fbe22e7f6
--- /dev/null
+++ b/2023/CVE-2023-38192.md
@@ -0,0 +1,17 @@
+### [CVE-2023-38192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38192)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.
+
+### POC
+
+#### Reference
+- https://herolab.usd.de/security-advisories/usd-2023-0011/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-38193.md b/2023/CVE-2023-38193.md
new file mode 100644
index 0000000000..8e295a3e29
--- /dev/null
+++ b/2023/CVE-2023-38193.md
@@ -0,0 +1,17 @@
+### [CVE-2023-38193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38193)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.
+
+### POC
+
+#### Reference
+- https://herolab.usd.de/en/security-advisories/usd-2023-0015/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-38194.md b/2023/CVE-2023-38194.md
new file mode 100644
index 0000000000..4cee1bcc0d
--- /dev/null
+++ b/2023/CVE-2023-38194.md
@@ -0,0 +1,17 @@
+### [CVE-2023-38194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38194)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.
+
+### POC
+
+#### Reference
+- https://herolab.usd.de/security-advisories/usd-2023-0013/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-38996.md b/2023/CVE-2023-38996.md
index 7633f7f19c..948b94a51f 100644
--- a/2023/CVE-2023-38996.md
+++ b/2023/CVE-2023-38996.md
@@ -13,5 +13,5 @@ An issue in all versions of Douran DSGate allows a local authenticated privilege
 - https://gist.github.com/RNPG/53b579da330ba896aa8dc2d901e5e400
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/RNPG/CVEs
 
diff --git a/2023/CVE-2023-39848.md b/2023/CVE-2023-39848.md
index 3d646df487..3b764b2adc 100644
--- a/2023/CVE-2023-39848.md
+++ b/2023/CVE-2023-39848.md
@@ -38,6 +38,7 @@ No PoCs from references.
 - https://github.com/gauravsec/dvwa
 - https://github.com/gonzalomamanig/DVWA
 - https://github.com/hanvu9998/dvwa1
+- https://github.com/imayou123/DVWA
 - https://github.com/ppmojipp/owasp-web-dvwa
 - https://github.com/pramodkadam777/DVWA
 - https://github.com/rohitis001/web_security
diff --git a/2023/CVE-2023-41445.md b/2023/CVE-2023-41445.md
index 3c5f0500c0..80764603d8 100644
--- a/2023/CVE-2023-41445.md
+++ b/2023/CVE-2023-41445.md
@@ -13,5 +13,6 @@ Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a rem
 No PoCs from references.
 
 #### Github
+- https://github.com/RNPG/CVEs
 - https://github.com/fkie-cad/nvd-json-data-feeds
 
diff --git a/2023/CVE-2023-41446.md b/2023/CVE-2023-41446.md
new file mode 100644
index 0000000000..4afd72ab98
--- /dev/null
+++ b/2023/CVE-2023-41446.md
@@ -0,0 +1,17 @@
+### [CVE-2023-41446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41446)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/RNPG/CVEs
+
diff --git a/2023/CVE-2023-41447.md b/2023/CVE-2023-41447.md
new file mode 100644
index 0000000000..bab05824c0
--- /dev/null
+++ b/2023/CVE-2023-41447.md
@@ -0,0 +1,17 @@
+### [CVE-2023-41447](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41447)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/RNPG/CVEs
+
diff --git a/2023/CVE-2023-41448.md b/2023/CVE-2023-41448.md
index 997ca7a708..c1bff5d40b 100644
--- a/2023/CVE-2023-41448.md
+++ b/2023/CVE-2023-41448.md
@@ -13,5 +13,6 @@ Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a rem
 No PoCs from references.
 
 #### Github
+- https://github.com/RNPG/CVEs
 - https://github.com/fkie-cad/nvd-json-data-feeds
 
diff --git a/2023/CVE-2023-41449.md b/2023/CVE-2023-41449.md
index e4cf8cf835..94a0206f2f 100644
--- a/2023/CVE-2023-41449.md
+++ b/2023/CVE-2023-41449.md
@@ -13,5 +13,6 @@ An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute a
 No PoCs from references.
 
 #### Github
+- https://github.com/RNPG/CVEs
 - https://github.com/fkie-cad/nvd-json-data-feeds
 
diff --git a/2023/CVE-2023-41450.md b/2023/CVE-2023-41450.md
new file mode 100644
index 0000000000..5b202648ca
--- /dev/null
+++ b/2023/CVE-2023-41450.md
@@ -0,0 +1,17 @@
+### [CVE-2023-41450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41450)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/RNPG/CVEs
+
diff --git a/2023/CVE-2023-41451.md b/2023/CVE-2023-41451.md
index 7be0146100..4e844b91ad 100644
--- a/2023/CVE-2023-41451.md
+++ b/2023/CVE-2023-41451.md
@@ -13,5 +13,6 @@ Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a rem
 No PoCs from references.
 
 #### Github
+- https://github.com/RNPG/CVEs
 - https://github.com/fkie-cad/nvd-json-data-feeds
 
diff --git a/2023/CVE-2023-41452.md b/2023/CVE-2023-41452.md
index 32bd733885..f7887c4dd2 100644
--- a/2023/CVE-2023-41452.md
+++ b/2023/CVE-2023-41452.md
@@ -13,5 +13,6 @@ Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows
 No PoCs from references.
 
 #### Github
+- https://github.com/RNPG/CVEs
 - https://github.com/fkie-cad/nvd-json-data-feeds
 
diff --git a/2023/CVE-2023-41453.md b/2023/CVE-2023-41453.md
index 7cc6f6a094..5b115296d3 100644
--- a/2023/CVE-2023-41453.md
+++ b/2023/CVE-2023-41453.md
@@ -13,5 +13,6 @@ Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a rem
 No PoCs from references.
 
 #### Github
+- https://github.com/RNPG/CVEs
 - https://github.com/fkie-cad/nvd-json-data-feeds
 
diff --git a/2023/CVE-2023-41993.md b/2023/CVE-2023-41993.md
index 05a95ce45a..d7b2faab3a 100644
--- a/2023/CVE-2023-41993.md
+++ b/2023/CVE-2023-41993.md
@@ -21,6 +21,7 @@ No PoCs from references.
 - https://github.com/ZonghaoLi777/githubTrending
 - https://github.com/aneasystone/github-trending
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/hrtowii/cve-2023-41993-test
 - https://github.com/johe123qwe/github-trending
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/po6ix/POC-for-CVE-2023-41993
diff --git a/2023/CVE-2023-43346.md b/2023/CVE-2023-43346.md
new file mode 100644
index 0000000000..c66ff35deb
--- /dev/null
+++ b/2023/CVE-2023-43346.md
@@ -0,0 +1,18 @@
+### [CVE-2023-43346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43346)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/sromanhu/CVE-2023-43346-Quick-CMS-Stored-XSS---Languages-Backend
+
diff --git a/2023/CVE-2023-43353.md b/2023/CVE-2023-43353.md
new file mode 100644
index 0000000000..6fe8873cf9
--- /dev/null
+++ b/2023/CVE-2023-43353.md
@@ -0,0 +1,18 @@
+### [CVE-2023-43353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43353)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/sromanhu/CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra
+
diff --git a/2023/CVE-2023-43354.md b/2023/CVE-2023-43354.md
new file mode 100644
index 0000000000..b224b6dc4f
--- /dev/null
+++ b/2023/CVE-2023-43354.md
@@ -0,0 +1,18 @@
+### [CVE-2023-43354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43354)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension
+
diff --git a/2023/CVE-2023-43355.md b/2023/CVE-2023-43355.md
new file mode 100644
index 0000000000..722ec4fe81
--- /dev/null
+++ b/2023/CVE-2023-43355.md
@@ -0,0 +1,18 @@
+### [CVE-2023-43355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43355)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user
+
diff --git a/2023/CVE-2023-43356.md b/2023/CVE-2023-43356.md
new file mode 100644
index 0000000000..fb99c55463
--- /dev/null
+++ b/2023/CVE-2023-43356.md
@@ -0,0 +1,18 @@
+### [CVE-2023-43356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43356)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings
+
diff --git a/2023/CVE-2023-43357.md b/2023/CVE-2023-43357.md
new file mode 100644
index 0000000000..6a23757d23
--- /dev/null
+++ b/2023/CVE-2023-43357.md
@@ -0,0 +1,18 @@
+### [CVE-2023-43357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43357)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut
+
diff --git a/2023/CVE-2023-44487.md b/2023/CVE-2023-44487.md
index 5d3fac5f25..fa97ff7ed0 100644
--- a/2023/CVE-2023-44487.md
+++ b/2023/CVE-2023-44487.md
@@ -28,6 +28,7 @@ The HTTP/2 protocol allows a denial of service (server resource consumption) bec
 - https://github.com/irgoncalves/awesome-security-articles
 - https://github.com/jafshare/GithubTrending
 - https://github.com/johe123qwe/github-trending
+- https://github.com/juev/links
 - https://github.com/micrictor/http2-rst-stream
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/oscerd/nice-cve-poc
diff --git a/2023/CVE-2023-45805.md b/2023/CVE-2023-45805.md
new file mode 100644
index 0000000000..012cca0dee
--- /dev/null
+++ b/2023/CVE-2023-45805.md
@@ -0,0 +1,17 @@
+### [CVE-2023-45805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45805)
+![](https://img.shields.io/static/v1?label=Product&message=pdm&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.0.0%2C%3C%202.9.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen)
+
+### Description
+
+pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://peps.python.org/pep-0440/#post-release-spelling
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-45992.md b/2023/CVE-2023-45992.md
new file mode 100644
index 0000000000..610310d229
--- /dev/null
+++ b/2023/CVE-2023-45992.md
@@ -0,0 +1,17 @@
+### [CVE-2023-45992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45992)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414 allows a remote attacker to escalate privileges via a crafted script to the macaddress parameter in the onboarding portal.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+
diff --git a/2023/CVE-2023-46003.md b/2023/CVE-2023-46003.md
new file mode 100644
index 0000000000..ae13eaf125
--- /dev/null
+++ b/2023/CVE-2023-46003.md
@@ -0,0 +1,17 @@
+### [CVE-2023-46003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46003)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+
diff --git a/2023/CVE-2023-5618.md b/2023/CVE-2023-5618.md
new file mode 100644
index 0000000000..f5f1d108ee
--- /dev/null
+++ b/2023/CVE-2023-5618.md
@@ -0,0 +1,17 @@
+### [CVE-2023-5618](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5618)
+![](https://img.shields.io/static/v1?label=Product&message=Modern%20Footnotes&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.4.16%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+- https://www.wordfence.com/threat-intel/vulnerabilities/id/c20c674f-54b5-470f-b470-07a63501eb4d?source=cve
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-5686.md b/2023/CVE-2023-5686.md
new file mode 100644
index 0000000000..5c2ac47eb3
--- /dev/null
+++ b/2023/CVE-2023-5686.md
@@ -0,0 +1,17 @@
+### [CVE-2023-5686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5686)
+![](https://img.shields.io/static/v1?label=Product&message=radareorg%2Fradare2&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%205.9.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
+
+### POC
+
+#### Reference
+- https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-5687.md b/2023/CVE-2023-5687.md
new file mode 100644
index 0000000000..28b3a255bf
--- /dev/null
+++ b/2023/CVE-2023-5687.md
@@ -0,0 +1,17 @@
+### [CVE-2023-5687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5687)
+![](https://img.shields.io/static/v1?label=Product&message=mosparo%2Fmosparo&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%201.0.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.
+
+### POC
+
+#### Reference
+- https://huntr.com/bounties/33f95510-cdee-460e-8e61-107874962f2d
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-5688.md b/2023/CVE-2023-5688.md
new file mode 100644
index 0000000000..095af98b64
--- /dev/null
+++ b/2023/CVE-2023-5688.md
@@ -0,0 +1,17 @@
+### [CVE-2023-5688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5688)
+![](https://img.shields.io/static/v1?label=Product&message=modoboa%2Fmodoboa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.2.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
+
+### POC
+
+#### Reference
+- https://huntr.com/bounties/0ceb10e4-952b-4ca4-baf8-5b6f12e3a8a7
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-5689.md b/2023/CVE-2023-5689.md
new file mode 100644
index 0000000000..bf5280adc3
--- /dev/null
+++ b/2023/CVE-2023-5689.md
@@ -0,0 +1,17 @@
+### [CVE-2023-5689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5689)
+![](https://img.shields.io/static/v1?label=Product&message=modoboa%2Fmodoboa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.2.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
+
+### POC
+
+#### Reference
+- https://huntr.com/bounties/24835833-3421-412b-bafb-1b7ea3cf60e6
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-5690.md b/2023/CVE-2023-5690.md
new file mode 100644
index 0000000000..b8856b04d1
--- /dev/null
+++ b/2023/CVE-2023-5690.md
@@ -0,0 +1,17 @@
+### [CVE-2023-5690](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5690)
+![](https://img.shields.io/static/v1?label=Product&message=modoboa%2Fmodoboa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.2.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.
+
+### POC
+
+#### Reference
+- https://huntr.com/bounties/980c75a5-d978-4b0e-9bcc-2b2682c97e01
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/github.txt b/github.txt
index 97d9ffff29..11fda72061 100644
--- a/github.txt
+++ b/github.txt
@@ -1604,6 +1604,7 @@ CVE-2006-3392 - https://github.com/YgorAlberto/Ethical-Hacker
 CVE-2006-3392 - https://github.com/YgorAlberto/ygoralberto.github.io
 CVE-2006-3392 - https://github.com/capturePointer/libxploit
 CVE-2006-3392 - https://github.com/dcppkieffjlpodter/libxploit
+CVE-2006-3392 - https://github.com/elstr-512/PentestPwnOs
 CVE-2006-3392 - https://github.com/g1vi/CVE-2006-3392
 CVE-2006-3392 - https://github.com/gb21oc/ExploitWebmin
 CVE-2006-3392 - https://github.com/htrgouvea/spellbook
@@ -17938,9 +17939,12 @@ CVE-2016-0096 - https://github.com/ycdxsb/WindowsPrivilegeEscalation
 CVE-2016-0099 - https://github.com/ARPSyndicate/cvemon
 CVE-2016-0099 - https://github.com/Al1ex/WindowsElevation
 CVE-2016-0099 - https://github.com/Ascotbe/Kernelhub
+CVE-2016-0099 - https://github.com/CVEDB/awesome-cve-repo
+CVE-2016-0099 - https://github.com/CVEDB/top
 CVE-2016-0099 - https://github.com/NetW0rK1le3r/awesome-hacking-lists
 CVE-2016-0099 - https://github.com/SexyBeast233/SecBooks
 CVE-2016-0099 - https://github.com/fei9747/WindowsElevation
+CVE-2016-0099 - https://github.com/hktalent/TOP
 CVE-2016-0099 - https://github.com/jenriquezv/OSCP-Cheat-Sheets-Windows
 CVE-2016-0099 - https://github.com/lyshark/Windows-exploits
 CVE-2016-0099 - https://github.com/readloud/Awesome-Stars
@@ -23967,10 +23971,13 @@ CVE-2016-5684 - https://github.com/andir/nixos-issue-db-example
 CVE-2016-5685 - https://github.com/ARPSyndicate/cvemon
 CVE-2016-5685 - https://github.com/chnzzh/iDRAC-CVE-lib
 CVE-2016-5696 - https://github.com/ARPSyndicate/cvemon
+CVE-2016-5696 - https://github.com/CVEDB/awesome-cve-repo
+CVE-2016-5696 - https://github.com/CVEDB/top
 CVE-2016-5696 - https://github.com/Gnoxter/mountain_goat
 CVE-2016-5696 - https://github.com/ambynotcoder/C-libraries
 CVE-2016-5696 - https://github.com/bplinux/chackd
 CVE-2016-5696 - https://github.com/eagleusb/awesome-repositories
+CVE-2016-5696 - https://github.com/hktalent/TOP
 CVE-2016-5696 - https://github.com/jduck/challack
 CVE-2016-5696 - https://github.com/unkaktus/grill
 CVE-2016-5696 - https://github.com/violentshell/rover
@@ -43567,6 +43574,8 @@ CVE-2018-17182 - https://github.com/Al1ex/APT-GUID
 CVE-2018-17182 - https://github.com/Al1ex/LinuxEelvation
 CVE-2018-17182 - https://github.com/Al1ex/Red-Team
 CVE-2018-17182 - https://github.com/Apri1y/Red-Team-links
+CVE-2018-17182 - https://github.com/CVEDB/awesome-cve-repo
+CVE-2018-17182 - https://github.com/CVEDB/top
 CVE-2018-17182 - https://github.com/Echocipher/Resource-list
 CVE-2018-17182 - https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation
 CVE-2018-17182 - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
@@ -50697,6 +50706,8 @@ CVE-2019-0192 - https://github.com/0xT11/CVE-POC
 CVE-2019-0192 - https://github.com/20142995/pocsuite3
 CVE-2019-0192 - https://github.com/ARPSyndicate/cvemon
 CVE-2019-0192 - https://github.com/Awrrays/FrameVul
+CVE-2019-0192 - https://github.com/CVEDB/awesome-cve-repo
+CVE-2019-0192 - https://github.com/CVEDB/top
 CVE-2019-0192 - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
 CVE-2019-0192 - https://github.com/Imanfeng/Apache-Solr-RCE
 CVE-2019-0192 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs
@@ -56434,6 +56445,7 @@ CVE-2019-11358 - https://github.com/the-winsor-school/20409_2023
 CVE-2019-11358 - https://github.com/the-winsor-school/Wildbots-2020-2021
 CVE-2019-11358 - https://github.com/the-winsor-school/Wildbots-2021-2022
 CVE-2019-11358 - https://github.com/the-winsor-school/wildbots_13620_2024
+CVE-2019-11358 - https://github.com/the-winsor-school/wirecats_20409_2024
 CVE-2019-11358 - https://github.com/theSentinelsFTC/sentinels-teamcode
 CVE-2019-11358 - https://github.com/theawesomew/RefactoredFtcRobotController
 CVE-2019-11358 - https://github.com/thecatinthehatcomesback/CenterStage2023
@@ -56951,6 +56963,7 @@ CVE-2019-11759 - https://github.com/MrE-Fog/cryptofuzz
 CVE-2019-11759 - https://github.com/guidovranken/cryptofuzz
 CVE-2019-11761 - https://github.com/ARPSyndicate/cvemon
 CVE-2019-11768 - https://github.com/ARPSyndicate/cvemon
+CVE-2019-11783 - https://github.com/RNPG/CVEs
 CVE-2019-1181 - https://github.com/0xT11/CVE-POC
 CVE-2019-1181 - https://github.com/ARPSyndicate/cvemon
 CVE-2019-1181 - https://github.com/Creamy-Chicken-Soup/writeups-about-analysis-CVEs-and-Exploits-on-the-Windows
@@ -73865,11 +73878,14 @@ CVE-2020-15367 - https://github.com/inflixim4be/CVE-2020-15367
 CVE-2020-15367 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2020-15367 - https://github.com/soosmile/POC
 CVE-2020-15368 - https://github.com/ARPSyndicate/cvemon
+CVE-2020-15368 - https://github.com/CVEDB/awesome-cve-repo
+CVE-2020-15368 - https://github.com/CVEDB/top
 CVE-2020-15368 - https://github.com/ExpLife0011/awesome-windows-kernel-security-development
 CVE-2020-15368 - https://github.com/anquanscan/sec-tools
 CVE-2020-15368 - https://github.com/hfiref0x/KDU
 CVE-2020-15368 - https://github.com/hiyorijl/all-my-fave-repo-stars
 CVE-2020-15368 - https://github.com/hiyorijl/all-my-repo-stars
+CVE-2020-15368 - https://github.com/hktalent/TOP
 CVE-2020-15368 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2020-15368 - https://github.com/sl4v3k/KDU
 CVE-2020-15368 - https://github.com/soosmile/POC
@@ -105876,6 +105892,8 @@ CVE-2022-20698 - https://github.com/ARPSyndicate/cvemon
 CVE-2022-20698 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2022-20699 - https://github.com/ARPSyndicate/cvemon
 CVE-2022-20699 - https://github.com/Audiobahn/CVE-2022-20699
+CVE-2022-20699 - https://github.com/CVEDB/awesome-cve-repo
+CVE-2022-20699 - https://github.com/CVEDB/top
 CVE-2022-20699 - https://github.com/JERRY123S/all-poc
 CVE-2022-20699 - https://github.com/SYRTI/POC_to_review
 CVE-2022-20699 - https://github.com/WhooAmii/POC_to_review
@@ -113248,6 +113266,8 @@ CVE-2022-30065 - https://github.com/stkcat/awe-base-images
 CVE-2022-30067 - https://github.com/ARPSyndicate/cvemon
 CVE-2022-30073 - https://github.com/ARPSyndicate/kenzer-templates
 CVE-2022-30075 - https://github.com/ARPSyndicate/cvemon
+CVE-2022-30075 - https://github.com/CVEDB/awesome-cve-repo
+CVE-2022-30075 - https://github.com/CVEDB/top
 CVE-2022-30075 - https://github.com/H4lo/awesome-IoT-security-article
 CVE-2022-30075 - https://github.com/JERRY123S/all-poc
 CVE-2022-30075 - https://github.com/M4fiaB0y/CVE-2022-30075
@@ -117703,6 +117723,7 @@ CVE-2022-4096 - https://github.com/aminetitrofine/CVE-2022-4096
 CVE-2022-4096 - https://github.com/dn0m1n8tor/learn365
 CVE-2022-4096 - https://github.com/fardeen-ahmed/Bug-bounty-Writeups
 CVE-2022-4096 - https://github.com/nomi-sec/PoC-in-GitHub
+CVE-2022-40982 - https://github.com/EGI-Federation/SVG-advisories
 CVE-2022-40982 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2022-40982 - https://github.com/speed47/spectre-meltdown-checker
 CVE-2022-41028 - https://github.com/laoqin1234/https-github.com-HackingCost-AD_Pentest
@@ -123801,6 +123822,7 @@ CVE-2023-33410 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-3344 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-33440 - https://github.com/1337kid/Exploits
 CVE-2023-33440 - https://github.com/Alexander-Gan/Exploits
+CVE-2023-33466 - https://github.com/ShielderSec/poc
 CVE-2023-33468 - https://github.com/Sharpe-nl/CVEs
 CVE-2023-33469 - https://github.com/Sharpe-nl/CVEs
 CVE-2023-33476 - https://github.com/H4lo/awesome-IoT-security-article
@@ -123971,6 +123993,7 @@ CVE-2023-34040 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-34040 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-34040 - https://github.com/pyn3rd/CVE-2023-34040
 CVE-2023-3405 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-34050 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-3406 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-34094 - https://github.com/aboutbo/aboutbo
 CVE-2023-34096 - https://github.com/galoget/Thruk-CVE-2023-34096
@@ -124430,6 +124453,7 @@ CVE-2023-36371 - https://github.com/Sedar2024/Sedar
 CVE-2023-3640 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-3640 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-3640 - https://github.com/pray77/CVE-2023-3640
+CVE-2023-36414 - https://github.com/sergeig888/csharp-wscapacitymover-PBI
 CVE-2023-36434 - https://github.com/netlas-io/netlas-dorks
 CVE-2023-36456 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-36459 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -125125,6 +125149,7 @@ CVE-2023-38899 - https://github.com/berkaygediz/O_Blog
 CVE-2023-38899 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-3896 - https://github.com/fullwaywang/QlRules
 CVE-2023-3899 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-38996 - https://github.com/RNPG/CVEs
 CVE-2023-39026 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-39026 - https://github.com/getdrive/PoC
 CVE-2023-3906 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -125249,6 +125274,7 @@ CVE-2023-39848 - https://github.com/djstevanovic98/DVWA-test
 CVE-2023-39848 - https://github.com/gauravsec/dvwa
 CVE-2023-39848 - https://github.com/gonzalomamanig/DVWA
 CVE-2023-39848 - https://github.com/hanvu9998/dvwa1
+CVE-2023-39848 - https://github.com/imayou123/DVWA
 CVE-2023-39848 - https://github.com/ppmojipp/owasp-web-dvwa
 CVE-2023-39848 - https://github.com/pramodkadam777/DVWA
 CVE-2023-39848 - https://github.com/rohitis001/web_security
@@ -125489,11 +125515,20 @@ CVE-2023-4141 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-4142 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-41436 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-41436 - https://github.com/sromanhu/CVE-2023-41436-CSZ-CMS-Stored-XSS---Pages-Content
+CVE-2023-41445 - https://github.com/RNPG/CVEs
 CVE-2023-41445 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-41446 - https://github.com/RNPG/CVEs
+CVE-2023-41447 - https://github.com/RNPG/CVEs
+CVE-2023-41448 - https://github.com/RNPG/CVEs
 CVE-2023-41448 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-41449 - https://github.com/RNPG/CVEs
 CVE-2023-41449 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-41450 - https://github.com/RNPG/CVEs
+CVE-2023-41451 - https://github.com/RNPG/CVEs
 CVE-2023-41451 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-41452 - https://github.com/RNPG/CVEs
 CVE-2023-41452 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-41453 - https://github.com/RNPG/CVEs
 CVE-2023-41453 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-41482 - https://github.com/tuando243/tuando243
 CVE-2023-4150 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -125618,6 +125653,7 @@ CVE-2023-41993 - https://github.com/Ibinou/Ty
 CVE-2023-41993 - https://github.com/ZonghaoLi777/githubTrending
 CVE-2023-41993 - https://github.com/aneasystone/github-trending
 CVE-2023-41993 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-41993 - https://github.com/hrtowii/cve-2023-41993-test
 CVE-2023-41993 - https://github.com/johe123qwe/github-trending
 CVE-2023-41993 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-41993 - https://github.com/po6ix/POC-for-CVE-2023-41993
@@ -126020,6 +126056,7 @@ CVE-2023-44487 - https://github.com/imabee101/CVE-2023-44487
 CVE-2023-44487 - https://github.com/irgoncalves/awesome-security-articles
 CVE-2023-44487 - https://github.com/jafshare/GithubTrending
 CVE-2023-44487 - https://github.com/johe123qwe/github-trending
+CVE-2023-44487 - https://github.com/juev/links
 CVE-2023-44487 - https://github.com/micrictor/http2-rst-stream
 CVE-2023-44487 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-44487 - https://github.com/oscerd/nice-cve-poc
@@ -126188,6 +126225,7 @@ CVE-2023-45653 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45654 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45655 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45656 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-45657 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-45748 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45749 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-45752 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -126217,6 +126255,7 @@ CVE-2023-4596 - https://github.com/securi3ytalent/bugbounty-CVE-Report
 CVE-2023-45966 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-4597 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-4599 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-45992 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-4600 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-46003 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-46066 - https://github.com/fkie-cad/nvd-json-data-feeds
diff --git a/references.txt b/references.txt
index 72927ff76a..f1be9e00eb 100644
--- a/references.txt
+++ b/references.txt
@@ -17276,6 +17276,7 @@ CVE-2010-4283 - http://seclists.org/fulldisclosure/2010/Nov/326
 CVE-2010-4283 - http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download
 CVE-2010-4283 - http://www.exploit-db.com/exploits/15643
 CVE-2010-4300 - http://www.exploit-db.com/exploits/15676
+CVE-2010-4301 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14713
 CVE-2010-4313 - http://www.exploit-db.com/exploits/15636
 CVE-2010-4328 - http://securityreason.com/securityalert/8096
 CVE-2010-4330 - http://www.exploit-db.com/exploits/15691
@@ -24581,6 +24582,7 @@ CVE-2014-4270 - http://www.vmware.com/security/advisories/VMSA-2014-0012.html
 CVE-2014-4271 - http://seclists.org/fulldisclosure/2014/Dec/23
 CVE-2014-4271 - http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
 CVE-2014-4271 - http://www.vmware.com/security/advisories/VMSA-2014-0012.html
+CVE-2014-4271 - https://exchange.xforce.ibmcloud.com/vulnerabilities/94562
 CVE-2014-4274 - http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
 CVE-2014-4274 - http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
 CVE-2014-4275 - http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
@@ -72314,6 +72316,7 @@ CVE-2022-0829 - https://notes.netbytesec.com/2022/03/webmin-broken-access-contro
 CVE-2022-0838 - https://huntr.dev/bounties/bd2fb1f1-cc8b-4ef7-8e2b-4ca686d8d614
 CVE-2022-0839 - https://huntr.dev/bounties/f1ae5779-b406-4594-a8a3-d089c68d6e70
 CVE-2022-0839 - https://www.oracle.com/security-alerts/cpujul2022.html
+CVE-2022-0840 - https://wpscan.com/vulnerability/9da884a9-b4dd-4de0-9afa-722f772cf2df
 CVE-2022-0841 - https://huntr.dev/bounties/4f806dc9-2ecd-4e79-997e-5292f1bea9f1
 CVE-2022-0845 - https://huntr.dev/bounties/a795bf93-c91e-4c79-aae8-f7d8bda92e2a
 CVE-2022-0847 - http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html
@@ -73932,6 +73935,8 @@ CVE-2022-24724 - http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-o
 CVE-2022-24728 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2022-24729 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2022-2473 - https://packetstormsecurity.com/files/167864/wpuseronline2876-xss.txt
+CVE-2022-2473 - https://www.exploit-db.com/exploits/50988
+CVE-2022-2473 - https://youtu.be/Q3zInrUnAV0
 CVE-2022-24734 - http://packetstormsecurity.com/files/167082/MyBB-1.8.29-Remote-Code-Execution.html
 CVE-2022-24734 - http://packetstormsecurity.com/files/167333/MyBB-Admin-Control-Remote-Code-Execution.html
 CVE-2022-24735 - https://www.oracle.com/security-alerts/cpujul2022.html
@@ -75187,6 +75192,7 @@ CVE-2022-29397 - https://github.com/d1tto/IoT-vuln/tree/main/Totolink/4.setMacFi
 CVE-2022-29398 - https://github.com/d1tto/IoT-vuln/tree/main/Totolink/7.UploadCustomModule
 CVE-2022-29399 - https://github.com/d1tto/IoT-vuln/tree/main/Totolink/9.setUrlFilterRules
 CVE-2022-2941 - http://packetstormsecurity.com/files/168479/WordPress-WP-UserOnline-2.88.0-Cross-Site-Scripting.html
+CVE-2022-2941 - https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt
 CVE-2022-2943 - https://gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9
 CVE-2022-2945 - https://gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9
 CVE-2022-29455 - https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
@@ -80450,8 +80456,10 @@ CVE-2023-2573 - https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech
 CVE-2023-2574 - http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html
 CVE-2023-2574 - http://seclists.org/fulldisclosure/2023/May/4
 CVE-2023-2574 - https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series/
+CVE-2023-25741 - https://bugzilla.mozilla.org/show_bug.cgi?id=1813376
 CVE-2023-25743 - https://bugzilla.mozilla.org/show_bug.cgi?id=1800203
 CVE-2023-25748 - https://bugzilla.mozilla.org/show_bug.cgi?id=1798798
+CVE-2023-25749 - https://bugzilla.mozilla.org/show_bug.cgi?id=1810705
 CVE-2023-2575 - http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html
 CVE-2023-2575 - http://seclists.org/fulldisclosure/2023/May/4
 CVE-2023-2575 - https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series/
@@ -81572,6 +81580,7 @@ CVE-2023-3218 - https://huntr.dev/bounties/94d50b11-20ca-46e3-9086-dd6836421675
 CVE-2023-32183 - https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183
 CVE-2023-32184 - https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32184
 CVE-2023-3219 - http://packetstormsecurity.com/files/173992/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.html
+CVE-2023-32205 - https://bugzilla.mozilla.org/show_bug.cgi?id=1753339
 CVE-2023-32205 - https://bugzilla.mozilla.org/show_bug.cgi?id=1753341
 CVE-2023-32233 - http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html
 CVE-2023-32233 - https://news.ycombinator.com/item?id=35879660
@@ -82181,12 +82190,17 @@ CVE-2023-3811 - https://vuldb.com/?id.235079
 CVE-2023-38127 - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808
 CVE-2023-38127 - https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1808
 CVE-2023-38128 - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809
+CVE-2023-38128 - https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809
 CVE-2023-38139 - http://packetstormsecurity.com/files/174849/Microsoft-Windows-Kernel-Refcount-Overflow-Use-After-Free.html
 CVE-2023-38140 - http://packetstormsecurity.com/files/175108/Microsoft-Windows-Kernel-Paged-Pool-Memory-Disclosure.html
 CVE-2023-38141 - http://packetstormsecurity.com/files/175096/Microsoft-Windows-Kernel-Race-Condition-Memory-Corruption.html
 CVE-2023-38154 - http://packetstormsecurity.com/files/174568/Microsoft-Windows-Kernel-Recovery-Memory-Corruption.html
 CVE-2023-3817 - http://seclists.org/fulldisclosure/2023/Jul/43
 CVE-2023-3819 - https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c
+CVE-2023-38191 - https://herolab.usd.de/security-advisories/usd-2023-0012/
+CVE-2023-38192 - https://herolab.usd.de/security-advisories/usd-2023-0011/
+CVE-2023-38193 - https://herolab.usd.de/en/security-advisories/usd-2023-0015/
+CVE-2023-38194 - https://herolab.usd.de/security-advisories/usd-2023-0013/
 CVE-2023-3820 - https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db
 CVE-2023-38203 - https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html
 CVE-2023-3821 - https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa
@@ -82573,6 +82587,7 @@ CVE-2023-45687 - https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabil
 CVE-2023-45688 - https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
 CVE-2023-45689 - https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
 CVE-2023-45690 - https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
+CVE-2023-45805 - https://peps.python.org/pep-0440/#post-release-spelling
 CVE-2023-45862 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.5
 CVE-2023-45863 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3
 CVE-2023-45898 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.4
@@ -82705,5 +82720,11 @@ CVE-2023-5586 - https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740
 CVE-2023-5590 - https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99
 CVE-2023-5591 - https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090
 CVE-2023-5595 - https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e
+CVE-2023-5618 - https://www.wordfence.com/threat-intel/vulnerabilities/id/c20c674f-54b5-470f-b470-07a63501eb4d?source=cve
 CVE-2023-5626 - https://huntr.dev/bounties/c99279c1-709a-4e7b-a042-010c2bb44d6b
 CVE-2023-5642 - https://tenable.com/security/research/tra-2023-33
+CVE-2023-5686 - https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0
+CVE-2023-5687 - https://huntr.com/bounties/33f95510-cdee-460e-8e61-107874962f2d
+CVE-2023-5688 - https://huntr.com/bounties/0ceb10e4-952b-4ca4-baf8-5b6f12e3a8a7
+CVE-2023-5689 - https://huntr.com/bounties/24835833-3421-412b-bafb-1b7ea3cf60e6
+CVE-2023-5690 - https://huntr.com/bounties/980c75a5-d978-4b0e-9bcc-2b2682c97e01