https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 21:35:37 +0000 https://vulnerability.circl.lu/sighting/e5576cf4-56e3-43ef-90ef-affc3f0dce3a/export {"uuid": "e5576cf4-56e3-43ef-90ef-affc3f0dce3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41664", "type": "seen", "source": "https://t.me/cvedetector/1520", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-41664 - Canarytokens SSRF Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-41664 \nPublished : July 23, 2024, 5:15 p.m. | 27\u00a0minutes ago \nDescription : Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytoken is first created, the site will make a test request to the supplied URL to ensure it accepts alert notification HTTP requests. No safety checks were performed on the URL, leading to a Server-Side Request Forgery vulnerability. The SSRF is Blind because the content of the response is not displayed to the creating user; they are simply told whether an error occurred in making the test request. Using the Blind SSRF, it was possible to map out open ports for IPs inside the Canarytokens.org infrastructure. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-23T19:44:46.000000Z"} {"uuid": "e5576cf4-56e3-43ef-90ef-affc3f0dce3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41664", "type": "seen", "source": "https://t.me/cvedetector/1520", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-41664 - Canarytokens SSRF Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-41664 \nPublished : July 23, 2024, 5:15 p.m. | 27\u00a0minutes ago \nDescription : Canarytokens help track activity and actions on a network. Prior to `sha-8ea5315`, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytoken is first created, the site will make a test request to the supplied URL to ensure it accepts alert notification HTTP requests. No safety checks were performed on the URL, leading to a Server-Side Request Forgery vulnerability. The SSRF is Blind because the content of the response is not displayed to the creating user; they are simply told whether an error occurred in making the test request. Using the Blind SSRF, it was possible to map out open ports for IPs inside the Canarytokens.org infrastructure. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-23T19:44:46.000000Z"} https://vulnerability.circl.lu/sighting/e5576cf4-56e3-43ef-90ef-affc3f0dce3a/export Tue, 23 Jul 2024 19:44:46 +0000