https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-09T05:02:59.287408+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/bb2f9cef-79a2-4601-9be4-fd799ba227e5/exportbb2f9cef-79a2-4601-9be4-fd799ba227e52026-05-09T05:02:59.554835+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "bb2f9cef-79a2-4601-9be4-fd799ba227e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4341", "type": "seen", "source": "https://t.me/cvedetector/180", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-4341 - Improper Privilege Management vulnerability in Eks\", \n \"Content\": \"CVE ID : CVE-2024-4341 \nPublished : July 8, 2024, 2:15 p.m. | 18\u00a0minutes ago \nDescription : Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-08T16:35:03.000000Z"}2024-07-08T16:35:03+00:00https://vulnerability.circl.lu/sighting/ca25c4df-ae8a-4ce7-b824-c09d5997811f/exportca25c4df-ae8a-4ce7-b824-c09d5997811f2026-05-09T05:02:59.554749+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "ca25c4df-ae8a-4ce7-b824-c09d5997811f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43410", "type": "seen", "source": "https://t.me/cvedetector/3791", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43410 - Russh OOM Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43410 \nPublished : Aug. 21, 2024, 4:15 p.m. | 39\u00a0minutes ago \nDescription : Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. \nAfter parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T19:05:21.000000Z"}2024-08-21T19:05:21+00:00https://vulnerability.circl.lu/sighting/13f0c218-cdc6-4601-8aaf-77bf2e30bdf2/export13f0c218-cdc6-4601-8aaf-77bf2e30bdf22026-05-09T05:02:59.554660+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "13f0c218-cdc6-4601-8aaf-77bf2e30bdf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43411", "type": "seen", "source": "https://t.me/cvedetector/3792", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43411 - CKEditor4 Cross-Site Request Forgery (CSRF)\", \n \"Content\": \"CVE ID : CVE-2024-43411 \nPublished : Aug. 21, 2024, 4:15 p.m. | 39\u00a0minutes ago \nDescription : CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the domain, they could potentially execute an attack on CKEditor 4 instances. The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please contact us. The fix is available in version 4.25.0-lts. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T19:05:22.000000Z"}2024-08-21T19:05:22+00:00https://vulnerability.circl.lu/sighting/db5f13ed-7b11-4ba7-83f1-db85b7f7f1af/exportdb5f13ed-7b11-4ba7-83f1-db85b7f7f1af2026-05-09T05:02:59.554573+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "db5f13ed-7b11-4ba7-83f1-db85b7f7f1af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43414", "type": "seen", "source": "https://t.me/cvedetector/4261", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43414 - Apollo Federation Denial-of-Service and Memory Consumption Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43414 \nPublished : Aug. 27, 2024, 6:15 p.m. | 22\u00a0minutes ago \nDescription : Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner >=2.0.0 and =2.0.0 and Severity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-27T20:44:18.000000Z"}2024-08-27T20:44:18+00:00https://vulnerability.circl.lu/sighting/7f69ac07-c590-4373-92ef-50986e7748a8/export7f69ac07-c590-4373-92ef-50986e7748a82026-05-09T05:02:59.554465+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "7f69ac07-c590-4373-92ef-50986e7748a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43412", "type": "seen", "source": "https://t.me/cvedetector/4701", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43412 - Xibo Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2024-43412 \nPublished : Sept. 3, 2024, 5:15 p.m. | 39\u00a0minutes ago \nDescription : Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xibo Library via the Generic File module to be referenced on Displays and in Layouts. This is intended functionality. When previewing these resources from the Library and Layout editor they are executed in the users browser. This will be disabled in future releases, and users are encouraged to use the new developer tools in 4.1 to design their widgets which require this type of functionality. This behavior has been changed in 4.1.0 to preview previewing of generic files. There are no workarounds for this issue. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-03T19:59:00.000000Z"}2024-09-03T19:59:00+00:00https://vulnerability.circl.lu/sighting/0a1d2a39-e9f7-46af-9102-4b580ca0e2f0/export0a1d2a39-e9f7-46af-9102-4b580ca0e2f02026-05-09T05:02:59.554369+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "0a1d2a39-e9f7-46af-9102-4b580ca0e2f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43413", "type": "seen", "source": "https://t.me/cvedetector/4712", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43413 - Xibo Cross-Site Scripting (XSS) Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43413 \nPublished : Sept. 3, 2024, 7:15 p.m. | 23\u00a0minutes ago \nDescription : Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which contains JavaScript, which is intended functionality. The JavaScript gets executed on the Data Entry page and in any Layouts which reference it. This behavior has been changed in 4.1.0 to show HTML/CSS/JS as code on the Data Entry page. There are no workarounds for this issue. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-03T21:39:27.000000Z"}2024-09-03T21:39:27+00:00https://vulnerability.circl.lu/sighting/b2c4de7c-0cb3-4c1a-95a2-6c149ee0d4b3/exportb2c4de7c-0cb3-4c1a-95a2-6c149ee0d4b32026-05-09T05:02:59.554240+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "b2c4de7c-0cb3-4c1a-95a2-6c149ee0d4b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43417", "type": "seen", "source": "https://t.me/cvedetector/11160", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43417 - GLPI Reflected Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43417 \nPublished : Nov. 15, 2024, 7:15 p.m. | 33\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T20:48:51.000000Z"}2024-11-15T20:48:51+00:00https://vulnerability.circl.lu/sighting/b4210cd7-f5fa-4d5c-a2a7-c0aa294cdea8/exportb4210cd7-f5fa-4d5c-a2a7-c0aa294cdea82026-05-09T05:02:59.554136+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "b4210cd7-f5fa-4d5c-a2a7-c0aa294cdea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43418", "type": "seen", "source": "https://t.me/cvedetector/11161", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43418 - \"GLPI Reflected XSS Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-43418 \nPublished : Nov. 15, 2024, 7:15 p.m. | 33\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T20:48:52.000000Z"}2024-11-15T20:48:52+00:00https://vulnerability.circl.lu/sighting/ccc3a39d-7bec-4528-9de7-dc4576bd1662/exportccc3a39d-7bec-4528-9de7-dc4576bd16622026-05-09T05:02:59.554019+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "ccc3a39d-7bec-4528-9de7-dc4576bd1662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43416", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113504938736096055", "content": "", "creation_timestamp": "2024-11-18T16:38:38.242329Z"}2024-11-18T16:38:38.242329+00:00https://vulnerability.circl.lu/sighting/586420b9-73ac-47a6-8452-14fbf1f1debc/export586420b9-73ac-47a6-8452-14fbf1f1debc2026-05-09T05:02:59.552528+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "586420b9-73ac-47a6-8452-14fbf1f1debc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43416", "type": "seen", "source": "https://t.me/cvedetector/11363", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43416 - GLPI Email Address Validation Vulnerability (Information Disclosure)\", \n \"Content\": \"CVE ID : CVE-2024-43416 \nPublished : Nov. 18, 2024, 5:15 p.m. | 42\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T19:03:46.000000Z"}2024-11-18T19:03:46+00:00