https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 03 Jun 2026 23:03:16 +0000 https://vulnerability.circl.lu/sighting/6a500519-1bdc-4115-bc41-49f5f880b566/export {"uuid": "6a500519-1bdc-4115-bc41-49f5f880b566", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12587", "type": "seen", "source": "https://t.me/cvedetector/15036", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12587 - Contact Form Master WordPress XSS\", \n \"Content\": \"CVE ID : CVE-2024-12587 \nPublished : Jan. 11, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T08:13:56.000000Z"} {"uuid": "6a500519-1bdc-4115-bc41-49f5f880b566", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12587", "type": "seen", "source": "https://t.me/cvedetector/15036", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12587 - Contact Form Master WordPress XSS\", \n \"Content\": \"CVE ID : CVE-2024-12587 \nPublished : Jan. 11, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T08:13:56.000000Z"} https://vulnerability.circl.lu/sighting/6a500519-1bdc-4115-bc41-49f5f880b566/export Sat, 11 Jan 2025 08:13:56 +0000 https://vulnerability.circl.lu/sighting/ebf44f20-83ac-4dac-bb36-4696e1a30c1f/export {"uuid": "ebf44f20-83ac-4dac-bb36-4696e1a30c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113995088985958672", "content": "", "creation_timestamp": "2025-02-13T06:10:17.358569Z"} {"uuid": "ebf44f20-83ac-4dac-bb36-4696e1a30c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113995088985958672", "content": "", "creation_timestamp": "2025-02-13T06:10:17.358569Z"} https://vulnerability.circl.lu/sighting/ebf44f20-83ac-4dac-bb36-4696e1a30c1f/export Thu, 13 Feb 2025 06:10:17 +0000 https://vulnerability.circl.lu/sighting/a883719d-0b47-44a1-83f8-d7a58672236c/export {"uuid": "a883719d-0b47-44a1-83f8-d7a58672236c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzzyjusar2z", "content": "", "creation_timestamp": "2025-02-13T06:15:45.338587Z"} {"uuid": "a883719d-0b47-44a1-83f8-d7a58672236c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzzyjusar2z", "content": "", "creation_timestamp": "2025-02-13T06:15:45.338587Z"} https://vulnerability.circl.lu/sighting/a883719d-0b47-44a1-83f8-d7a58672236c/export Thu, 13 Feb 2025 06:15:45 +0000 https://vulnerability.circl.lu/sighting/9db3d7c0-5efd-4388-ba10-ae00d61654a0/export {"uuid": "9db3d7c0-5efd-4388-ba10-ae00d61654a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4213", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12586\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-13T06:31:43Z\n\ud83d\udccf Modified: 2025-02-13T06:31:43Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12586\n2. https://wpscan.com/vulnerability/2ce05a44-762b-4aaf-b88a-92c830fd8ec4", "creation_timestamp": "2025-02-13T07:10:29.000000Z"} {"uuid": "9db3d7c0-5efd-4388-ba10-ae00d61654a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4213", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12586\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-13T06:31:43Z\n\ud83d\udccf Modified: 2025-02-13T06:31:43Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12586\n2. https://wpscan.com/vulnerability/2ce05a44-762b-4aaf-b88a-92c830fd8ec4", "creation_timestamp": "2025-02-13T07:10:29.000000Z"} https://vulnerability.circl.lu/sighting/9db3d7c0-5efd-4388-ba10-ae00d61654a0/export Thu, 13 Feb 2025 07:10:29 +0000 https://vulnerability.circl.lu/sighting/6d11ddee-8f6d-43fd-912f-518cfc4fb48d/export {"uuid": "6d11ddee-8f6d-43fd-912f-518cfc4fb48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://t.me/cvedetector/17969", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12586 - Chalet-Montagne.com Tools WordPress Reflected Cross-Site Scripting\", \n \"Content\": \"CVE ID : CVE-2024-12586 \nPublished : Feb. 13, 2025, 6:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T08:47:53.000000Z"} {"uuid": "6d11ddee-8f6d-43fd-912f-518cfc4fb48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://t.me/cvedetector/17969", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12586 - Chalet-Montagne.com Tools WordPress Reflected Cross-Site Scripting\", \n \"Content\": \"CVE ID : CVE-2024-12586 \nPublished : Feb. 13, 2025, 6:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T08:47:53.000000Z"} https://vulnerability.circl.lu/sighting/6d11ddee-8f6d-43fd-912f-518cfc4fb48d/export Thu, 13 Feb 2025 08:47:53 +0000 https://vulnerability.circl.lu/sighting/d1fa95c6-0ec8-4904-b664-f63e1c2635b8/export {"uuid": "d1fa95c6-0ec8-4904-b664-f63e1c2635b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "Telegram/Kzcu-nWqygACCMOWBfIjlz_eAnGqhMjZ8fsj3WAwZDq0RWMl", "content": "", "creation_timestamp": "2025-02-14T10:08:08.000000Z"} {"uuid": "d1fa95c6-0ec8-4904-b664-f63e1c2635b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "Telegram/Kzcu-nWqygACCMOWBfIjlz_eAnGqhMjZ8fsj3WAwZDq0RWMl", "content": "", "creation_timestamp": "2025-02-14T10:08:08.000000Z"} https://vulnerability.circl.lu/sighting/d1fa95c6-0ec8-4904-b664-f63e1c2635b8/export Fri, 14 Feb 2025 10:08:08 +0000 https://vulnerability.circl.lu/sighting/38dfa59b-10f1-469b-a2e4-aa5956e8e5fa/export {"uuid": "38dfa59b-10f1-469b-a2e4-aa5956e8e5fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12589", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7290", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12589\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-12T07:00:22.816Z\n\ud83d\udccf Modified: 2025-03-12T07:00:22.816Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ae0a001b-0792-4a32-8f49-5d4b1550f4be?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3247611/finale-woocommerce-sales-countdown-timer-discount", "creation_timestamp": "2025-03-12T07:43:57.000000Z"} {"uuid": "38dfa59b-10f1-469b-a2e4-aa5956e8e5fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12589", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7290", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12589\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-12T07:00:22.816Z\n\ud83d\udccf Modified: 2025-03-12T07:00:22.816Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ae0a001b-0792-4a32-8f49-5d4b1550f4be?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3247611/finale-woocommerce-sales-countdown-timer-discount", "creation_timestamp": "2025-03-12T07:43:57.000000Z"} https://vulnerability.circl.lu/sighting/38dfa59b-10f1-469b-a2e4-aa5956e8e5fa/export Wed, 12 Mar 2025 07:43:57 +0000 https://vulnerability.circl.lu/sighting/8c9e18c4-cdc9-4c6d-9620-dd066d5eb83f/export {"uuid": "8c9e18c4-cdc9-4c6d-9620-dd066d5eb83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12582", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16037", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12582\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.\n\ud83d\udccf Published: 2024-12-24T03:31:24.896Z\n\ud83d\udccf Modified: 2025-05-12T20:08:42.332Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:1413\n2. https://access.redhat.com/security/cve/CVE-2024-12582\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2333540", "creation_timestamp": "2025-05-12T20:29:37.000000Z"} {"uuid": "8c9e18c4-cdc9-4c6d-9620-dd066d5eb83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12582", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16037", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12582\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.\n\ud83d\udccf Published: 2024-12-24T03:31:24.896Z\n\ud83d\udccf Modified: 2025-05-12T20:08:42.332Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:1413\n2. https://access.redhat.com/security/cve/CVE-2024-12582\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2333540", "creation_timestamp": "2025-05-12T20:29:37.000000Z"} https://vulnerability.circl.lu/sighting/8c9e18c4-cdc9-4c6d-9620-dd066d5eb83f/export Mon, 12 May 2025 20:29:37 +0000 https://vulnerability.circl.lu/sighting/04c0fc95-4fcc-4fab-bbdb-ce9b87102a77/export {"uuid": "04c0fc95-4fcc-4fab-bbdb-ce9b87102a77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"} {"uuid": "04c0fc95-4fcc-4fab-bbdb-ce9b87102a77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"} https://vulnerability.circl.lu/sighting/04c0fc95-4fcc-4fab-bbdb-ce9b87102a77/export Tue, 26 Aug 2025 13:26:34 +0000 https://vulnerability.circl.lu/sighting/51195d1e-e5c1-4549-8531-39fe56af3f76/export {"uuid": "51195d1e-e5c1-4549-8531-39fe56af3f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12585", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovccxtun2k", "content": "", "creation_timestamp": "2026-02-12T21:03:15.071148Z"} {"uuid": "51195d1e-e5c1-4549-8531-39fe56af3f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12585", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovccxtun2k", "content": "", "creation_timestamp": "2026-02-12T21:03:15.071148Z"} https://vulnerability.circl.lu/sighting/51195d1e-e5c1-4549-8531-39fe56af3f76/export Thu, 12 Feb 2026 21:03:15 +0000