diff --git a/cves.json b/cves.json
index c514cf60838..cd6a2543a87 100644
--- a/cves.json
+++ b/cves.json
@@ -2934,6 +2934,7 @@
 {"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28255.yaml"}
 {"ID":"CVE-2024-28397","Info":{"Name":"pyload-ng js2py - Remote Code Execution","Severity":"medium","Description":"An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-28397.yaml"}
 {"ID":"CVE-2024-28623","Info":{"Name":"RiteCMS 3.0.0 - Cross-site Scripting","Severity":"medium","Description":"RiteCMS v3.0.0 contains a reflected XSS caused by unsanitized input in the main_menu/edit_section component, letting attackers execute arbitrary scripts in the context of the victim's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-28623.yaml"}
+{"ID":"CVE-2024-2863","Info":{"Name":"LG LED Assistant - Thumbnail Path Traversal File Upload","Severity":"high","Description":"A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-2863.yaml"}
 {"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"}
 {"ID":"CVE-2024-2876","Info":{"Name":"Wordpress Email Subscribers by Icegram Express - SQL Injection","Severity":"critical","Description":"The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress \u0026 WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-2876.yaml"}
 {"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"high","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"}
diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
index 57f5e326193..0df069df610 100644
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@@ -1 +1 @@
-0c610501e38aab67fff92aed6fccf31d
+e843f4d1be03d8e103b979bb87b72b1a