Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-05T16:14:54.793737+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/8226beaa-7b46-4efb-a754-ba0b7b9f6ad5/export 8226beaa-7b46-4efb-a754-ba0b7b9f6ad5 2026-05-05T16:14:55.233916+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8226beaa-7b46-4efb-a754-ba0b7b9f6ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51257", "type": "seen", "source": "https://t.me/cvedetector/9419", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-51257 - DrayTek Vigor3900 CGI Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-51257 \nPublished : Oct. 30, 2024, 2:15 p.m. | 27\u00a0minutes ago \nDescription : DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-30T15:51:49.000000Z"} 2024-10-30T15:51:49+00:00 https://vulnerability.circl.lu/sighting/97139dca-16d9-41e3-8ec1-4c404eed8a76/export 97139dca-16d9-41e3-8ec1-4c404eed8a76 2026-05-05T16:14:55.233829+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "97139dca-16d9-41e3-8ec1-4c404eed8a76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51258", "type": "seen", "source": "https://t.me/cvedetector/9440", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-51258 - DrayTek Vigor3900 Remote Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-51258 \nPublished : Oct. 30, 2024, 5:15 p.m. | 39\u00a0minutes ago \nDescription : DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-30T19:12:41.000000Z"} 2024-10-30T19:12:41+00:00 https://vulnerability.circl.lu/sighting/b283d03c-b3f5-4209-8606-b97335459a8a/export b283d03c-b3f5-4209-8606-b97335459a8a 2026-05-05T16:14:55.233741+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "b283d03c-b3f5-4209-8606-b97335459a8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51259", "type": "seen", "source": "https://t.me/cvedetector/9504", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-51259 - DrayTek Vigor3900 Code Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-51259 \nPublished : Oct. 31, 2024, 2:15 p.m. | 44\u00a0minutes ago \nDescription : DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T16:06:25.000000Z"} 2024-10-31T16:06:25+00:00 https://vulnerability.circl.lu/sighting/573c7361-1ff9-4441-b59b-dd5db11e886b/export 573c7361-1ff9-4441-b59b-dd5db11e886b 2026-05-05T16:14:55.233640+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "573c7361-1ff9-4441-b59b-dd5db11e886b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51254", "type": "seen", "source": "https://t.me/cvedetector/9505", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-51254 - DrayTek Vigor3900 Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-51254 \nPublished : Oct. 31, 2024, 2:15 p.m. | 44\u00a0minutes ago \nDescription : DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T16:06:26.000000Z"} 2024-10-31T16:06:26+00:00 https://vulnerability.circl.lu/sighting/7fcda8be-23e6-4cd3-a8db-7b3180522135/export 7fcda8be-23e6-4cd3-a8db-7b3180522135 2026-05-05T16:14:55.233525+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "7fcda8be-23e6-4cd3-a8db-7b3180522135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51255", "type": "seen", "source": "https://t.me/cvedetector/9509", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-51255 - DrayTek Vigor3900 CGI Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-51255 \nPublished : Oct. 31, 2024, 4:15 p.m. | 24\u00a0minutes ago \nDescription : DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T17:46:44.000000Z"} 2024-10-31T17:46:44+00:00 https://vulnerability.circl.lu/sighting/947403ae-65ab-4139-8077-5a41a4ec0736/export 947403ae-65ab-4139-8077-5a41a4ec0736 2026-05-05T16:14:55.233407+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "947403ae-65ab-4139-8077-5a41a4ec0736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51252", "type": "seen", "source": "https://t.me/cvedetector/9630", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-51252 - Draytek Vigor3900 Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-51252 \nPublished : Nov. 1, 2024, 6:15 p.m. | 16\u00a0minutes ago \nDescription : In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T19:32:17.000000Z"} 2024-11-01T19:32:17+00:00 https://vulnerability.circl.lu/sighting/03a8b481-2f87-4d87-a9e7-28fddeacbe45/export 03a8b481-2f87-4d87-a9e7-28fddeacbe45 2026-05-05T16:14:55.233291+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "03a8b481-2f87-4d87-a9e7-28fddeacbe45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51251", "type": "seen", "source": "https://t.me/cvedetector/9737", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-51251 - Draytek Vigor3900 File Upload Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-51251 \nPublished : Nov. 4, 2024, 2:15 p.m. | 36\u00a0minutes ago \nDescription : In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T16:06:42.000000Z"} 2024-11-04T16:06:42+00:00 https://vulnerability.circl.lu/sighting/046bc66e-fc7f-4a19-81c1-1bd9c99ccad8/export 046bc66e-fc7f-4a19-81c1-1bd9c99ccad8 2026-05-05T16:14:55.233156+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "046bc66e-fc7f-4a19-81c1-1bd9c99ccad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51253", "type": "seen", "source": "https://t.me/cvedetector/9738", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-51253 - Draytek Vigor3900 Authentication Bypass Command Injection\", \n \"Content\": \"CVE ID : CVE-2024-51253 \nPublished : Nov. 4, 2024, 2:15 p.m. | 36\u00a0minutes ago \nDescription : In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T16:06:43.000000Z"} 2024-11-04T16:06:43+00:00 https://vulnerability.circl.lu/sighting/1c6bff8f-5383-4da3-9392-c2aa74f40107/export 1c6bff8f-5383-4da3-9392-c2aa74f40107 2026-05-05T16:14:55.231170+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "1c6bff8f-5383-4da3-9392-c2aa74f40107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5125", "type": "seen", "source": "https://t.me/cvedetector/10983", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-5125 - Parisneo Lollms WebUI Cross-Site Scripting and Open Redirect Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-5125 \nPublished : Nov. 14, 2024, 6:15 p.m. | 39\u00a0minutes ago \nDescription : parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upon rendering, leading to potential credential theft and unauthorized data access. The Open Redirect vulnerability arises from insufficient URL validation within SVG files, enabling attackers to redirect users to malicious websites, thereby exposing them to phishing attacks, malware distribution, and reputation damage. These vulnerabilities are present in the application's functionality to send files to the AI module. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"14 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T20:00:32.000000Z"} 2024-11-14T20:00:32+00:00