https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-28T18:25:45.961736+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/df95d2c6-0db4-4355-8a0e-4caa2f36b3de/exportdf95d2c6-0db4-4355-8a0e-4caa2f36b3de2026-05-28T18:25:46.211311+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "df95d2c6-0db4-4355-8a0e-4caa2f36b3de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49750", "type": "seen", "source": "https://t.me/cvedetector/8870", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-49750 - Snowflake Connector for Python: Information Disclosure\", \n \"Content\": \"CVE ID : CVE-2024-49750 \nPublished : Oct. 24, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes (when specified via the `passcode` parameter) and Azure SAS tokens. Additionally, the SecretDetector logging formatter, if enabled, contained bugs which caused it to not fully redact JWT tokens and certain private key formats. Snowflake released version 3.12.3 of the Snowflake Connector for Python, which fixes the issue. In addition to upgrading, users should review their logs for any potentially sensitive information that may have been captured. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T01:11:56.000000Z"}2024-10-25T01:11:56+00:00https://vulnerability.circl.lu/sighting/1199d5c7-a912-4ff8-8668-328c1a733dfb/export1199d5c7-a912-4ff8-8668-328c1a733dfb2026-05-28T18:25:46.211191+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "1199d5c7-a912-4ff8-8668-328c1a733dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49753", "type": "seen", "source": "https://t.me/cvedetector/8947", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-49753 - Zitadel DNS Bypass Localhost Escalation\", \n \"Content\": \"CVE ID : CVE-2024-49753 \nPublished : Oct. 25, 2024, 2:15 p.m. | 39\u00a0minutes ago \nDescription : Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost (127.0.0.1). The isHostBlocked check, designed to prevent such requests, can be circumvented by creating a DNS record that resolves to 127.0.0.1. This enables actions to send requests to localhost despite the intended security measures. This vulnerability potentially allows unauthorized access to unsecured internal endpoints, which may contain sensitive information or functionalities. Versions 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 contain a patch. No known workarounds are available. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T17:05:04.000000Z"}2024-10-25T17:05:04+00:00https://vulnerability.circl.lu/sighting/07a95221-039b-42fd-b8d7-89d945a8d058/export07a95221-039b-42fd-b8d7-89d945a8d0582026-05-28T18:25:46.211073+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "07a95221-039b-42fd-b8d7-89d945a8d058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49757", "type": "seen", "source": "https://t.me/cvedetector/8949", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-49757 - Zitadel Unauthenticated User Registration\", \n \"Content\": \"CVE ID : CVE-2024-49757 \nPublished : Oct. 25, 2024, 3:15 p.m. | 29\u00a0minutes ago \nDescription : The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the \"User Registration allowed\" option only hid the registration button on the login page. Users could bypass this restriction by directly accessing the registration URL (/ui/login/loginname) and register a user that way. Versions 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 contain a patch. No known workarounds are available. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T17:55:12.000000Z"}2024-10-25T17:55:12+00:00https://vulnerability.circl.lu/sighting/8ff367cc-7441-4ef2-8e65-d9321b0720b3/export8ff367cc-7441-4ef2-8e65-d9321b0720b32026-05-28T18:25:46.210951+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "8ff367cc-7441-4ef2-8e65-d9321b0720b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49755", "type": "seen", "source": "https://t.me/cvedetector/9175", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-49755 - Duende IdentityServer DPoP Claim Validation Bypass\", \n \"Content\": \"CVE ID : CVE-2024-49755 \nPublished : Oct. 28, 2024, 8:15 p.m. | 42\u00a0minutes ago \nDescription : Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even without possessing the private key for signing proof tokens. Note that this only impacts custom endpoints within an IdentityServer implementation that have explicitly used the LocalApiAuthenticationHandler for authentication. This vulnerability is patched in IdentityServer 7.0.8. Version 6.3 and below are unaffected, as they do not support DPoP in Local APIs. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T22:01:30.000000Z"}2024-10-28T22:01:30+00:00https://vulnerability.circl.lu/sighting/ead92d2d-176c-4cb0-9bf8-fe27036e6516/exportead92d2d-176c-4cb0-9bf8-fe27036e65162026-05-28T18:25:46.210845+00:00Joseph Leehttps://vulnerability.circl.lu/user/syspect{"uuid": "ead92d2d-176c-4cb0-9bf8-fe27036e6516", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49754", "type": "published-proof-of-concept", "source": "https://github.com/librenms/librenms/security/advisories/GHSA-gfwr-xqmj-j27v", "content": "", "creation_timestamp": "2024-11-15T00:01:21.000000Z"}2024-11-15T00:01:21+00:00https://vulnerability.circl.lu/sighting/3aa07fc8-e66a-473b-96da-c7385f6012ce/export3aa07fc8-e66a-473b-96da-c7385f6012ce2026-05-28T18:25:46.210722+00:00Joseph Leehttps://vulnerability.circl.lu/user/syspect{"uuid": "3aa07fc8-e66a-473b-96da-c7385f6012ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49759", "type": "published-proof-of-concept", "source": "https://github.com/librenms/librenms/security/advisories/GHSA-888j-pjqh-fx58", "content": "", "creation_timestamp": "2024-11-15T00:01:43.000000Z"}2024-11-15T00:01:43+00:00https://vulnerability.circl.lu/sighting/7deccedc-4b65-4a19-8594-a1efa2190580/export7deccedc-4b65-4a19-8594-a1efa21905802026-05-28T18:25:46.209343+00:00Joseph Leehttps://vulnerability.circl.lu/user/syspect{"uuid": "7deccedc-4b65-4a19-8594-a1efa2190580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49758", "type": "published-proof-of-concept", "source": "https://github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85", "content": "", "creation_timestamp": "2024-11-15T00:01:52.000000Z"}2024-11-15T00:01:52+00:00https://vulnerability.circl.lu/sighting/cee05914-1296-4697-8736-f9cefeae0847/exportcee05914-1296-4697-8736-f9cefeae08472026-05-28T18:25:46.209227+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "cee05914-1296-4697-8736-f9cefeae0847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49754", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113487688865692955", "content": "", "creation_timestamp": "2024-11-15T15:31:46.100782Z"}2024-11-15T15:31:46.100782+00:00https://vulnerability.circl.lu/sighting/00931788-7991-473d-a545-1838f1e2ec89/export00931788-7991-473d-a545-1838f1e2ec892026-05-28T18:25:46.209036+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "00931788-7991-473d-a545-1838f1e2ec89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49759", "type": "seen", "source": "https://t.me/cvedetector/11107", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-49759 - LibreNMS Stored Cross-Site Scripting (XSS) Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-49759 \nPublished : Nov. 15, 2024, 4:15 p.m. | 44\u00a0minutes ago \nDescription : LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Manage User Access\" page allows authenticated users to inject arbitrary JavaScript through the \"bill_name\" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the \"Bill Access\" dropdown in the user's \"Manage Access\" page, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T18:17:26.000000Z"}2024-11-15T18:17:26+00:00https://vulnerability.circl.lu/sighting/33ba1681-c5e8-4dbc-ba19-b47984e08657/export33ba1681-c5e8-4dbc-ba19-b47984e086572026-05-28T18:25:46.205532+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "33ba1681-c5e8-4dbc-ba19-b47984e08657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4975", "type": "seen", "source": "Telegram/dlrHbeAw02Iy9vSmxCOKyzMWhuUjmkFqpL-TNe4GuvlQ18WV", "content": "", "creation_timestamp": "2025-02-18T21:11:32.000000Z"}2025-02-18T21:11:32+00:00