https://vulnerability.circl.lu/sightings/feed 2026-06-01T02:55:06.025262+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/32461be0-7581-4ff0-9074-78c94de36a33/export 2026-06-01T02:55:06.273568+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "32461be0-7581-4ff0-9074-78c94de36a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54030", "type": "seen", "source": "https://t.me/cvedetector/14499", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-54030 - Huawei OpenHarmony Use-After-Free DoS Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-54030 \nPublished : Jan. 7, 2025, 8:15 a.m. | 20\u00a0minutes ago \nDescription : in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS\u00a0through use after free. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T09:41:20.000000Z"} 2025-01-07T09:41:20+00:00 https://vulnerability.circl.lu/sighting/086c66cd-0ebe-4528-9669-16c28696f57e/export 2026-06-01T02:55:06.273453+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "086c66cd-0ebe-4528-9669-16c28696f57e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54038", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/506", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-54038\n\ud83d\udd39 Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.\n\ud83d\udccf Published: 2024-12-10T20:42:07.558Z\n\ud83d\udccf Modified: 2025-01-07T18:30:05.883Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/connect/apsb24-99.html", "creation_timestamp": "2025-01-07T18:37:53.000000Z"} 2025-01-07T18:37:53+00:00 https://vulnerability.circl.lu/sighting/18ee2975-012a-44f1-b551-ed2c5945c6a5/export 2026-06-01T02:55:06.273359+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "18ee2975-012a-44f1-b551-ed2c5945c6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54036", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1630", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-54036\n\ud83d\udd39 Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.\n\ud83d\udccf Published: 2024-12-10T20:42:14.941Z\n\ud83d\udccf Modified: 2025-01-14T21:55:54.286Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/connect/apsb24-99.html", "creation_timestamp": "2025-01-14T22:09:05.000000Z"} 2025-01-14T22:09:05+00:00 https://vulnerability.circl.lu/sighting/11409754-c39d-4397-93f7-b5cffdfaca34/export 2026-06-01T02:55:06.273276+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "11409754-c39d-4397-93f7-b5cffdfaca34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54034", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1631", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-54034\n\ud83d\udd39 Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. This attack is dependent on the victim opening the malicious URL with a specific browser, increasing the attack complexity.\n\ud83d\udccf Published: 2024-12-10T20:42:11.085Z\n\ud83d\udccf Modified: 2025-01-14T21:53:09.149Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/connect/apsb24-99.html", "creation_timestamp": "2025-01-14T22:09:07.000000Z"} 2025-01-14T22:09:07+00:00 https://vulnerability.circl.lu/sighting/a1149c1f-93e0-462c-813e-661fd3f25007/export 2026-06-01T02:55:06.273186+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a1149c1f-93e0-462c-813e-661fd3f25007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54037", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1641", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-54037\n\ud83d\udd39 Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the high-privileged attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. This attack is dependent on the victim allowing all popups, increasing the attack complexity.\n\ud83d\udccf Published: 2024-12-10T20:42:18.680Z\n\ud83d\udccf Modified: 2025-01-14T22:01:32.503Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/connect/apsb24-99.html", "creation_timestamp": "2025-01-14T23:09:50.000000Z"} 2025-01-14T23:09:50+00:00 https://vulnerability.circl.lu/sighting/5b5c5fb1-581e-4124-9661-d05a9960208b/export 2026-06-01T02:55:06.273105+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "5b5c5fb1-581e-4124-9661-d05a9960208b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54031", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrtxkpx242p", "content": "", "creation_timestamp": "2025-01-15T13:16:09.222930Z"} 2025-01-15T13:16:09.222930+00:00 https://vulnerability.circl.lu/sighting/393725b1-3ad2-4021-a037-df64643ad77c/export 2026-06-01T02:55:06.272991+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "393725b1-3ad2-4021-a037-df64643ad77c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-54031", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1747", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-54031\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext\n\nAccess to genmask field in struct nft_set_ext results in unaligned\natomic read:\n\n[ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c\n[ 72.131036] Mem abort info:\n[ 72.131213] ESR = 0x0000000096000021\n[ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 72.132209] SET = 0, FnV = 0\n[ 72.133216] EA = 0, S1PTW = 0\n[ 72.134080] FSC = 0x21: alignment fault\n[ 72.135593] Data abort info:\n[ 72.137194] ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n[ 72.142351] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 72.145989] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 72.150115] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000237d27000\n[ 72.154893] [ffff0000c2bb708c] pgd=0000000000000000, p4d=180000023ffff403, pud=180000023f84b403, pmd=180000023f835403,\n+pte=0068000102bb7707\n[ 72.163021] Internal error: Oops: 0000000096000021 [#1] SMP\n[...]\n[ 72.170041] CPU: 7 UID: 0 PID: 54 Comm: kworker/7:0 Tainted: G E 6.13.0-rc3+ #2\n[ 72.170509] Tainted: [E]=UNSIGNED_MODULE\n[ 72.170720] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-stable202302-for-qemu 03/01/2023\n[ 72.171192] Workqueue: events_power_efficient nft_rhash_gc [nf_tables]\n[ 72.171552] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 72.171915] pc : nft_rhash_gc+0x200/0x2d8 [nf_tables]\n[ 72.172166] lr : nft_rhash_gc+0x128/0x2d8 [nf_tables]\n[ 72.172546] sp : ffff800081f2bce0\n[ 72.172724] x29: ffff800081f2bd40 x28: ffff0000c2bb708c x27: 0000000000000038\n[ 72.173078] x26: ffff0000c6780ef0 x25: ffff0000c643df00 x24: ffff0000c6778f78\n[ 72.173431] x23: 000000000000001a x22: ffff0000c4b1f000 x21: ffff0000c6780f78\n[ 72.173782] x20: ffff0000c2bb70dc x19: ffff0000c2bb7080 x18: 0000000000000000\n[ 72.174135] x17: ffff0000c0a4e1c0 x16: 0000000000003000 x15: 0000ac26d173b978\n[ 72.174485] x14: ffffffffffffffff x13: 0000000000000030 x12: ffff0000c6780ef0\n[ 72.174841] x11: 0000000000000000 x10: ffff800081f2bcf8 x9 : ffff0000c3000000\n[ 72.175193] x8 : 00000000000004be x7 : 0000000000000000 x6 : 0000000000000000\n[ 72.175544] x5 : 0000000000000040 x4 : ffff0000c3000010 x3 : 0000000000000000\n[ 72.175871] x2 : 0000000000003a98 x1 : ffff0000c2bb708c x0 : 0000000000000004\n[ 72.176207] Call trace:\n[ 72.176316] nft_rhash_gc+0x200/0x2d8 [nf_tables] (P)\n[ 72.176653] process_one_work+0x178/0x3d0\n[ 72.176831] worker_thread+0x200/0x3f0\n[ 72.176995] kthread+0xe8/0xf8\n[ 72.177130] ret_from_fork+0x10/0x20\n[ 72.177289] Code: 54fff984 d503201f d2800080 91003261 (f820303f)\n[ 72.177557] ---[ end trace 0000000000000000 ]---\n\nAlign struct nft_set_ext to word size to address this and\ndocumentation it.\n\npahole reports that this increases the size of elements for rhash and\npipapo in 8 bytes on x86_64.\n\ud83d\udccf Published: 2025-01-15T13:10:23.140Z\n\ud83d\udccf Modified: 2025-01-15T13:10:23.140Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/352f8eaaabd008f09d1e176194edc261a7304084\n2. https://git.kernel.org/stable/c/6a14b46052eeb83175a95baf399283860b9d94c4\n3. https://git.kernel.org/stable/c/277f00b0c2dca8794cf4837722960bdc4174911f\n4. https://git.kernel.org/stable/c/607774a13764676d4b8be9c8b9c66b8cf3469043\n5. https://git.kernel.org/stable/c/4f49349c1963e507aa37c1ec05178faeb0103959\n6. https://git.kernel.org/stable/c/d24cbc43cc7b41a0824b0bc6ec4d8436d8d7a9c0\n7. https://git.kernel.org/stable/c/542ed8145e6f9392e3d0a86a0e9027d2ffd183e4", "creation_timestamp": "2025-01-15T14:16:23.000000Z"} 2025-01-15T14:16:23+00:00 https://vulnerability.circl.lu/sighting/8002ee5c-e1f8-40c1-be00-59b8f7b17988/export 2026-06-01T02:55:06.272880+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8002ee5c-e1f8-40c1-be00-59b8f7b17988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-540385", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lkn73e2qys2y", "content": "", "creation_timestamp": "2025-03-18T07:57:48.699348Z"} 2025-03-18T07:57:48.699348+00:00 https://vulnerability.circl.lu/sighting/45ec75a5-a6ff-4cdb-be9b-6812f94fe6b4/export 2026-06-01T02:55:06.271934+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "45ec75a5-a6ff-4cdb-be9b-6812f94fe6b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-540385", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lkpagarcoc2e", "content": "", "creation_timestamp": "2025-03-19T03:27:06.673614Z"} 2025-03-19T03:27:06.673614+00:00 https://vulnerability.circl.lu/sighting/48b90f17-5c62-47ef-abce-9cd91c3de9ce/export 2026-06-01T02:55:06.270210+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "48b90f17-5c62-47ef-abce-9cd91c3de9ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-54031", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0398/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"} 2026-04-02T17:00:00+00:00