https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-03T11:37:04.442123+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/594ffe4a-5339-4349-83f4-2e27f05d4900/export594ffe4a-5339-4349-83f4-2e27f05d49002026-06-03T11:37:04.708651+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "594ffe4a-5339-4349-83f4-2e27f05d4900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13728", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5083", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13728\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-23T05:22:33.304Z\n\ud83d\udccf Modified: 2025-02-23T05:22:33.304Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/3891a807-aace-460a-ad49-6a282af16084?source=cve\n2. https://plugins.trac.wordpress.org/browser/easy-paypal-donation/tags/1.4.4/core/Base/Stripe.php#L227", "creation_timestamp": "2025-02-23T06:22:42.000000Z"}2025-02-23T06:22:42+00:00https://vulnerability.circl.lu/sighting/f0e3c43d-8cdd-4efc-b474-f42e09429f9c/exportf0e3c43d-8cdd-4efc-b474-f42e09429f9c2026-06-03T11:37:04.708572+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "f0e3c43d-8cdd-4efc-b474-f42e09429f9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13728", "type": "seen", "source": "https://t.me/cvedetector/18739", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13728 - WordPress Accept Donations with PayPal & Stripe Reflected Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13728 \nPublished : Feb. 23, 2025, 6:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-23T09:22:05.000000Z"}2025-02-23T09:22:05+00:00https://vulnerability.circl.lu/sighting/0e706d53-4db8-4a3d-8dcd-c335fa4d350f/export0e706d53-4db8-4a3d-8dcd-c335fa4d350f2026-06-03T11:37:04.708495+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "0e706d53-4db8-4a3d-8dcd-c335fa4d350f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13728", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3litm557mrh2r", "content": "", "creation_timestamp": "2025-02-23T10:17:00.822641Z"}2025-02-23T10:17:00.822641+00:00https://vulnerability.circl.lu/sighting/310637c3-2685-46d4-b8b0-11810f2fac27/export310637c3-2685-46d4-b8b0-11810f2fac272026-06-03T11:37:04.708420+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "310637c3-2685-46d4-b8b0-11810f2fac27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13728", "type": "seen", "source": "Telegram/KNbjqZHHZ5qH6bG8X7Tp7RHysYt-M8VATVrrpTtkmiYVdvdA", "content": "", "creation_timestamp": "2025-02-23T17:38:05.000000Z"}2025-02-23T17:38:05+00:00https://vulnerability.circl.lu/sighting/f25459c9-283d-4e5b-b73c-2eac5fe30350/exportf25459c9-283d-4e5b-b73c-2eac5fe303502026-06-03T11:37:04.708341+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "f25459c9-283d-4e5b-b73c-2eac5fe30350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13724", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6360", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13724\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Wallet System for WooCommerce \u2013 Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.\n\ud83d\udccf Published: 2025-03-04T08:23:42.467Z\n\ud83d\udccf Modified: 2025-03-04T08:23:42.467Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/bda326b0-9049-496a-a600-fa65151ce98f?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce%2Ftrunk&old=3231275%40wallet-system-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=", "creation_timestamp": "2025-03-04T09:31:56.000000Z"}2025-03-04T09:31:56+00:00https://vulnerability.circl.lu/sighting/231fc8ef-085c-4eb3-88db-3227b6470ba1/export231fc8ef-085c-4eb3-88db-3227b6470ba12026-06-03T11:37:04.708269+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "231fc8ef-085c-4eb3-88db-3227b6470ba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13724", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljkcp34vim27", "content": "", "creation_timestamp": "2025-03-04T10:59:21.425574Z"}2025-03-04T10:59:21.425574+00:00https://vulnerability.circl.lu/sighting/c60e9b73-ee45-4e4d-a68a-aec1e8c1985f/exportc60e9b73-ee45-4e4d-a68a-aec1e8c1985f2026-06-03T11:37:04.708184+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "c60e9b73-ee45-4e4d-a68a-aec1e8c1985f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13724", "type": "seen", "source": "https://t.me/cvedetector/19487", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13724 - WooCommerce Wallet Unauthenticated Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13724 \nPublished : March 4, 2025, 9:15 a.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : The Wallet System for WooCommerce \u2013 Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T12:30:03.000000Z"}2025-03-04T12:30:03+00:00https://vulnerability.circl.lu/sighting/197270db-1b0f-44e2-bc40-6bd557eff629/export197270db-1b0f-44e2-bc40-6bd557eff6292026-06-03T11:37:04.708089+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "197270db-1b0f-44e2-bc40-6bd557eff629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1372", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15807", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1372\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n\n\ud83d\udccf Published: 2024-02-13T18:54:03.413Z\n\ud83d\udccf Modified: 2025-05-09T18:18:10.070Z\n\ud83d\udd17 References:\n1. https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15\n2. https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10\n3. https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7\n4. https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5", "creation_timestamp": "2025-05-09T18:26:18.000000Z"}2025-05-09T18:26:18+00:00https://vulnerability.circl.lu/sighting/5fa53738-dce0-4139-a0a9-546b4ec2ab43/export5fa53738-dce0-4139-a0a9-546b4ec2ab432026-06-03T11:37:04.707987+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "5fa53738-dce0-4139-a0a9-546b4ec2ab43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13727", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-13727.yaml", "content": "", "creation_timestamp": "2026-02-11T16:17:23.000000Z"}2026-02-11T16:17:23+00:00https://vulnerability.circl.lu/sighting/ea7f714b-2e5d-4eb7-9647-ac72fc87237f/exportea7f714b-2e5d-4eb7-9647-ac72fc87237f2026-06-03T11:37:04.706446+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "ea7f714b-2e5d-4eb7-9647-ac72fc87237f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13727", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovceca5b2c", "content": "", "creation_timestamp": "2026-02-12T21:03:25.528967Z"}2026-02-12T21:03:25.528967+00:00