https://vulnerability.circl.lu/sightings/feed 2026-06-02T22:22:05.423331+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/837be61c-0e51-4cc2-86fd-8da780b05fe3/export 2026-06-02T22:22:05.727907+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "837be61c-0e51-4cc2-86fd-8da780b05fe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25141", "type": "seen", "source": "https://t.me/arpsyndicate/3784", "content": "#ExploitObserverAlert\n\nCVE-2024-25141\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25141. When ssl\u00a0was enabled for Mongo Hook, default settings included \"allow_insecure\" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.", "creation_timestamp": "2024-02-21T13:53:31.000000Z"} 2024-02-21T13:53:31+00:00 https://vulnerability.circl.lu/sighting/73d024f8-f0e8-49f2-bd29-35a40b6a8a6e/export 2026-06-02T22:22:05.727821+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "73d024f8-f0e8-49f2-bd29-35a40b6a8a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25147", "type": "seen", "source": "https://t.me/arpsyndicate/3916", "content": "#ExploitObserverAlert\n\nCVE-2024-25147\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25147. Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-22T04:08:03.000000Z"} 2024-02-22T04:08:03+00:00 https://vulnerability.circl.lu/sighting/cdcd9858-4539-49e0-9e9f-e9ef46e8f3b6/export 2026-06-02T22:22:05.727733+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "cdcd9858-4539-49e0-9e9f-e9ef46e8f3b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25140", "type": "seen", "source": "https://t.me/ctinow/197405", "content": "https://ift.tt/CgueVZi\nCVE-2024-25140 | RustDesk 1.2.3/1.3.6.1.5.5/7.3.3 on Windows certificate validation", "creation_timestamp": "2024-03-01T09:11:18.000000Z"} 2024-03-01T09:11:18+00:00 https://vulnerability.circl.lu/sighting/3e59304d-889e-40b0-b7be-33bd2162a727/export 2026-06-02T22:22:05.727646+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "3e59304d-889e-40b0-b7be-33bd2162a727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25145", "type": "seen", "source": "https://t.me/ctinow/197977", "content": "https://ift.tt/7AnSc4V\nCVE-2024-25145 | Liferay Portal/DXP Search Result App cross site scripting", "creation_timestamp": "2024-03-01T20:46:44.000000Z"} 2024-03-01T20:46:44+00:00 https://vulnerability.circl.lu/sighting/86d3d5e4-b335-4641-b727-d7fd9592035c/export 2026-06-02T22:22:05.727562+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "86d3d5e4-b335-4641-b727-d7fd9592035c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25148", "type": "seen", "source": "https://t.me/ctinow/198253", "content": "https://ift.tt/94LDuCO\nCVE-2024-25148 | Liferay Portal/DXP WYSIWYG Editor doAsUserId information disclosure", "creation_timestamp": "2024-03-02T07:36:44.000000Z"} 2024-03-02T07:36:44+00:00 https://vulnerability.circl.lu/sighting/a531d942-023d-4302-9436-b3e249e971e9/export 2026-06-02T22:22:05.727467+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a531d942-023d-4302-9436-b3e249e971e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25144", "type": "seen", "source": "https://t.me/ctinow/198259", "content": "https://ift.tt/zjl0hI7\nCVE-2024-25144 | Liferay Portal/DXP IFrame Widget iteration", "creation_timestamp": "2024-03-02T08:07:09.000000Z"} 2024-03-02T08:07:09+00:00 https://vulnerability.circl.lu/sighting/ccb9113a-3779-4aa9-965b-324c2cbe3220/export 2026-06-02T22:22:05.727384+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ccb9113a-3779-4aa9-965b-324c2cbe3220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2514", "type": "seen", "source": "https://t.me/ctinow/209118", "content": "https://ift.tt/7P5u3Ih\nCVE-2024-2514 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /login.php email sql injection", "creation_timestamp": "2024-03-15T21:01:14.000000Z"} 2024-03-15T21:01:14+00:00 https://vulnerability.circl.lu/sighting/01ded89e-b0a2-467f-955e-a51fbd20effe/export 2026-06-02T22:22:05.727288+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "01ded89e-b0a2-467f-955e-a51fbd20effe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2514", "type": "seen", "source": "https://t.me/ctinow/209249", "content": "https://ift.tt/4CYF32i\nCVE-2024-2514", "creation_timestamp": "2024-03-16T00:21:56.000000Z"} 2024-03-16T00:21:56+00:00 https://vulnerability.circl.lu/sighting/4f5521cb-84f3-4edb-8071-369abfc9744d/export 2026-06-02T22:22:05.727171+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "4f5521cb-84f3-4edb-8071-369abfc9744d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2514", "type": "seen", "source": "https://t.me/ctinow/209253", "content": "https://ift.tt/4CYF32i\nCVE-2024-2514", "creation_timestamp": "2024-03-16T00:26:53.000000Z"} 2024-03-16T00:26:53+00:00 https://vulnerability.circl.lu/sighting/707c672d-53cd-4b39-89c9-e3e4169a22cb/export 2026-06-02T22:22:05.725644+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "707c672d-53cd-4b39-89c9-e3e4169a22cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25147", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12899", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-25147\n\ud83d\udd25 CVSS Score: 9.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.\n\ud83d\udccf Published: 2024-02-21T01:16:21.256Z\n\ud83d\udccf Modified: 2025-04-22T16:25:59.509Z\n\ud83d\udd17 References:\n1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147", "creation_timestamp": "2025-04-22T17:03:17.000000Z"} 2025-04-22T17:03:17+00:00