https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 07 May 2026 07:58:15 +0000 https://vulnerability.circl.lu/sighting/21cccc20-3034-496a-9353-2a59b04788ef/export {"uuid": "21cccc20-3034-496a-9353-2a59b04788ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39926", "type": "seen", "source": "https://t.me/cvedetector/5644", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39926 - \"Vaultwarden HTML Injection/Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-39926 \nPublished : Sept. 13, 2024, 6:15 p.m. | 39\u00a0minutes ago \nDescription : An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T21:19:00.000000Z"} {"uuid": "21cccc20-3034-496a-9353-2a59b04788ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39926", "type": "seen", "source": "https://t.me/cvedetector/5644", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39926 - \"Vaultwarden HTML Injection/Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-39926 \nPublished : Sept. 13, 2024, 6:15 p.m. | 39\u00a0minutes ago \nDescription : An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T21:19:00.000000Z"} https://vulnerability.circl.lu/sighting/21cccc20-3034-496a-9353-2a59b04788ef/export Fri, 13 Sep 2024 21:19:00 +0000 https://vulnerability.circl.lu/sighting/ad0f8b7c-174c-4b5f-ae00-4f2f7a5160e5/export {"uuid": "ad0f8b7c-174c-4b5f-ae00-4f2f7a5160e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39926", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1014", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39926\n\ud83d\udd39 Description: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact.\n\ud83d\udccf Published: 2024-09-13T00:00:00\n\ud83d\udccf Modified: 2025-01-09T17:34:10.932Z\n\ud83d\udd17 References:\n1. https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201\n2. https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0\n3. https://www.mgm-sp.com/cve/html-injection-in-vaultwarden", "creation_timestamp": "2025-01-09T18:21:02.000000Z"} {"uuid": "ad0f8b7c-174c-4b5f-ae00-4f2f7a5160e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39926", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1014", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39926\n\ud83d\udd39 Description: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact.\n\ud83d\udccf Published: 2024-09-13T00:00:00\n\ud83d\udccf Modified: 2025-01-09T17:34:10.932Z\n\ud83d\udd17 References:\n1. https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201\n2. https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0\n3. https://www.mgm-sp.com/cve/html-injection-in-vaultwarden", "creation_timestamp": "2025-01-09T18:21:02.000000Z"} https://vulnerability.circl.lu/sighting/ad0f8b7c-174c-4b5f-ae00-4f2f7a5160e5/export Thu, 09 Jan 2025 18:21:02 +0000