https://vulnerability.circl.lu/sightings/feed 2026-06-03T22:19:37.699103+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/6a500519-1bdc-4115-bc41-49f5f880b566/export 2026-06-03T22:19:37.934301+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "6a500519-1bdc-4115-bc41-49f5f880b566", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12587", "type": "seen", "source": "https://t.me/cvedetector/15036", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12587 - Contact Form Master WordPress XSS\", \n \"Content\": \"CVE ID : CVE-2024-12587 \nPublished : Jan. 11, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T08:13:56.000000Z"} 2025-01-11T08:13:56+00:00 https://vulnerability.circl.lu/sighting/ebf44f20-83ac-4dac-bb36-4696e1a30c1f/export 2026-06-03T22:19:37.934223+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ebf44f20-83ac-4dac-bb36-4696e1a30c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113995088985958672", "content": "", "creation_timestamp": "2025-02-13T06:10:17.358569Z"} 2025-02-13T06:10:17.358569+00:00 https://vulnerability.circl.lu/sighting/a883719d-0b47-44a1-83f8-d7a58672236c/export 2026-06-03T22:19:37.934152+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a883719d-0b47-44a1-83f8-d7a58672236c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzzyjusar2z", "content": "", "creation_timestamp": "2025-02-13T06:15:45.338587Z"} 2025-02-13T06:15:45.338587+00:00 https://vulnerability.circl.lu/sighting/9db3d7c0-5efd-4388-ba10-ae00d61654a0/export 2026-06-03T22:19:37.934060+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "9db3d7c0-5efd-4388-ba10-ae00d61654a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4213", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12586\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-13T06:31:43Z\n\ud83d\udccf Modified: 2025-02-13T06:31:43Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12586\n2. https://wpscan.com/vulnerability/2ce05a44-762b-4aaf-b88a-92c830fd8ec4", "creation_timestamp": "2025-02-13T07:10:29.000000Z"} 2025-02-13T07:10:29+00:00 https://vulnerability.circl.lu/sighting/6d11ddee-8f6d-43fd-912f-518cfc4fb48d/export 2026-06-03T22:19:37.933967+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "6d11ddee-8f6d-43fd-912f-518cfc4fb48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://t.me/cvedetector/17969", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12586 - Chalet-Montagne.com Tools WordPress Reflected Cross-Site Scripting\", \n \"Content\": \"CVE ID : CVE-2024-12586 \nPublished : Feb. 13, 2025, 6:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T08:47:53.000000Z"} 2025-02-13T08:47:53+00:00 https://vulnerability.circl.lu/sighting/d1fa95c6-0ec8-4904-b664-f63e1c2635b8/export 2026-06-03T22:19:37.933891+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d1fa95c6-0ec8-4904-b664-f63e1c2635b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "Telegram/Kzcu-nWqygACCMOWBfIjlz_eAnGqhMjZ8fsj3WAwZDq0RWMl", "content": "", "creation_timestamp": "2025-02-14T10:08:08.000000Z"} 2025-02-14T10:08:08+00:00 https://vulnerability.circl.lu/sighting/38dfa59b-10f1-469b-a2e4-aa5956e8e5fa/export 2026-06-03T22:19:37.933808+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "38dfa59b-10f1-469b-a2e4-aa5956e8e5fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12589", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7290", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12589\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-12T07:00:22.816Z\n\ud83d\udccf Modified: 2025-03-12T07:00:22.816Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ae0a001b-0792-4a32-8f49-5d4b1550f4be?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3247611/finale-woocommerce-sales-countdown-timer-discount", "creation_timestamp": "2025-03-12T07:43:57.000000Z"} 2025-03-12T07:43:57+00:00 https://vulnerability.circl.lu/sighting/8c9e18c4-cdc9-4c6d-9620-dd066d5eb83f/export 2026-06-03T22:19:37.933682+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8c9e18c4-cdc9-4c6d-9620-dd066d5eb83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12582", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16037", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12582\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.\n\ud83d\udccf Published: 2024-12-24T03:31:24.896Z\n\ud83d\udccf Modified: 2025-05-12T20:08:42.332Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:1413\n2. https://access.redhat.com/security/cve/CVE-2024-12582\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2333540", "creation_timestamp": "2025-05-12T20:29:37.000000Z"} 2025-05-12T20:29:37+00:00 https://vulnerability.circl.lu/sighting/04c0fc95-4fcc-4fab-bbdb-ce9b87102a77/export 2026-06-03T22:19:37.933277+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "04c0fc95-4fcc-4fab-bbdb-ce9b87102a77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"} 2025-08-26T13:26:34+00:00 https://vulnerability.circl.lu/sighting/51195d1e-e5c1-4549-8531-39fe56af3f76/export 2026-06-03T22:19:37.930292+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "51195d1e-e5c1-4549-8531-39fe56af3f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12585", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovccxtun2k", "content": "", "creation_timestamp": "2026-02-12T21:03:15.071148Z"} 2026-02-12T21:03:15.071148+00:00