https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 01 Jun 2026 05:41:54 +0000 https://vulnerability.circl.lu/sighting/ce8c5976-89a8-420a-ba8e-1ae9e47adac7/export {"uuid": "ce8c5976-89a8-420a-ba8e-1ae9e47adac7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4389", "type": "seen", "source": "https://t.me/cvedetector/3104", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-4389 - WordPress Depicter Slider Carousel Unauthorized File Upload Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-4389 \nPublished : Aug. 14, 2024, 9:15 a.m. | 45\u00a0minutes ago \nDescription : The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"14 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T12:21:36.000000Z"} {"uuid": "ce8c5976-89a8-420a-ba8e-1ae9e47adac7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4389", "type": "seen", "source": "https://t.me/cvedetector/3104", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-4389 - WordPress Depicter Slider Carousel Unauthorized File Upload Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-4389 \nPublished : Aug. 14, 2024, 9:15 a.m. | 45\u00a0minutes ago \nDescription : The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"14 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T12:21:36.000000Z"} https://vulnerability.circl.lu/sighting/ce8c5976-89a8-420a-ba8e-1ae9e47adac7/export Wed, 14 Aug 2024 12:21:36 +0000 https://vulnerability.circl.lu/sighting/108806e9-a7f8-4919-accf-30c67652314b/export {"uuid": "108806e9-a7f8-4919-accf-30c67652314b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43898", "type": "seen", "source": "https://t.me/cvedetector/4128", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43898 - Linux Kernel Cisco Memory Corruption Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43898 \nPublished : Aug. 26, 2024, 11:15 a.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \next4: sanity check for NULL pointer after ext4_force_shutdown \n \nTest case: 2 threads write short inline data to a file. \nIn ext4_page_mkwrite the resulting inline data is converted. \nHandling ext4_grp_locked_error with description \"block bitmap \nand bg descriptor inconsistent: X vs Y free clusters\" calls \next4_force_shutdown. The conversion clears \nEXT4_STATE_MAY_INLINE_DATA but fails for \next4_destroy_inline_data_nolock and ext4_mark_iloc_dirty due \nto ext4_forced_shutdown. The restoration of inline data fails \nfor the same reason not setting EXT4_STATE_MAY_INLINE_DATA. \nWithout the flag set a regular process path in ext4_da_write_end \nfollows trying to dereference page folio private pointer that has \nnot been set. The fix calls early return with -EIO error shall the \npointer to private be NULL. \n \nSample crash report: \n \nUnable to handle kernel paging request at virtual address dfff800000000004 \nKASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] \nMem abort info: \n ESR = 0x0000000096000005 \n EC = 0x25: DABT (current EL), IL = 32 bits \n SET = 0, FnV = 0 \n EA = 0, S1PTW = 0 \n FSC = 0x05: level 1 translation fault \nData abort info: \n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 \n CM = 0, WnR = 0, TnD = 0, TagAccess = 0 \n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 \n[dfff800000000004] address between user and kernel address ranges \nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP \nModules linked in: \nCPU: 1 PID: 20274 Comm: syz-executor185 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 \npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) \npc : __block_commit_write+0x64/0x2b0 fs/buffer.c:2167 \nlr : __block_commit_write+0x3c/0x2b0 fs/buffer.c:2160 \nsp : ffff8000a1957600 \nx29: ffff8000a1957610 x28: dfff800000000000 x27: ffff0000e30e34b0 \nx26: 0000000000000000 x25: dfff800000000000 x24: dfff800000000000 \nx23: fffffdffc397c9e0 x22: 0000000000000020 x21: 0000000000000020 \nx20: 0000000000000040 x19: fffffdffc397c9c0 x18: 1fffe000367bd196 \nx17: ffff80008eead000 x16: ffff80008ae89e3c x15: 00000000200000c0 \nx14: 1fffe0001cbe4e04 x13: 0000000000000000 x12: 0000000000000000 \nx11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000 \nx8 : 0000000000000004 x7 : 0000000000000000 x6 : 0000000000000000 \nx5 : fffffdffc397c9c0 x4 : 0000000000000020 x3 : 0000000000000020 \nx2 : 0000000000000040 x1 : 0000000000000020 x0 : fffffdffc397c9c0 \nCall trace: \n __block_commit_write+0x64/0x2b0 fs/buffer.c:2167 \n block_write_end+0xb4/0x104 fs/buffer.c:2253 \n ext4_da_do_write_end fs/ext4/inode.c:2955 [inline] \n ext4_da_write_end+0x2c4/0xa40 fs/ext4/inode.c:3028 \n generic_perform_write+0x394/0x588 mm/filemap.c:3985 \n ext4_buffered_write_iter+0x2c0/0x4ec fs/ext4/file.c:299 \n ext4_file_write_iter+0x188/0x1780 \n call_write_iter include/linux/fs.h:2110 [inline] \n new_sync_write fs/read_write.c:497 [inline] \n vfs_write+0x968/0xc3c fs/read_write.c:590 \n ksys_write+0x15c/0x26c fs/read_write.c:643 \n __do_sys_write fs/read_write.c:655 [inline] \n __se_sys_write fs/read_write.c:652 [inline] \n __arm64_sys_write+0x7c/0x90 fs/read_write.c:652 \n __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] \n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 \n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 \n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 \n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 \n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 \n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 \nCode: 97f85911 f94002da 91008356 d343fec8 (38796908) \n---[ end trace [...]", "creation_timestamp": "2024-08-26T13:42:59.000000Z"} {"uuid": "108806e9-a7f8-4919-accf-30c67652314b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43898", "type": "seen", "source": "https://t.me/cvedetector/4128", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43898 - Linux Kernel Cisco Memory Corruption Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43898 \nPublished : Aug. 26, 2024, 11:15 a.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \next4: sanity check for NULL pointer after ext4_force_shutdown \n \nTest case: 2 threads write short inline data to a file. \nIn ext4_page_mkwrite the resulting inline data is converted. \nHandling ext4_grp_locked_error with description \"block bitmap \nand bg descriptor inconsistent: X vs Y free clusters\" calls \next4_force_shutdown. The conversion clears \nEXT4_STATE_MAY_INLINE_DATA but fails for \next4_destroy_inline_data_nolock and ext4_mark_iloc_dirty due \nto ext4_forced_shutdown. The restoration of inline data fails \nfor the same reason not setting EXT4_STATE_MAY_INLINE_DATA. \nWithout the flag set a regular process path in ext4_da_write_end \nfollows trying to dereference page folio private pointer that has \nnot been set. The fix calls early return with -EIO error shall the \npointer to private be NULL. \n \nSample crash report: \n \nUnable to handle kernel paging request at virtual address dfff800000000004 \nKASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] \nMem abort info: \n ESR = 0x0000000096000005 \n EC = 0x25: DABT (current EL), IL = 32 bits \n SET = 0, FnV = 0 \n EA = 0, S1PTW = 0 \n FSC = 0x05: level 1 translation fault \nData abort info: \n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 \n CM = 0, WnR = 0, TnD = 0, TagAccess = 0 \n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 \n[dfff800000000004] address between user and kernel address ranges \nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP \nModules linked in: \nCPU: 1 PID: 20274 Comm: syz-executor185 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 \npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) \npc : __block_commit_write+0x64/0x2b0 fs/buffer.c:2167 \nlr : __block_commit_write+0x3c/0x2b0 fs/buffer.c:2160 \nsp : ffff8000a1957600 \nx29: ffff8000a1957610 x28: dfff800000000000 x27: ffff0000e30e34b0 \nx26: 0000000000000000 x25: dfff800000000000 x24: dfff800000000000 \nx23: fffffdffc397c9e0 x22: 0000000000000020 x21: 0000000000000020 \nx20: 0000000000000040 x19: fffffdffc397c9c0 x18: 1fffe000367bd196 \nx17: ffff80008eead000 x16: ffff80008ae89e3c x15: 00000000200000c0 \nx14: 1fffe0001cbe4e04 x13: 0000000000000000 x12: 0000000000000000 \nx11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000 \nx8 : 0000000000000004 x7 : 0000000000000000 x6 : 0000000000000000 \nx5 : fffffdffc397c9c0 x4 : 0000000000000020 x3 : 0000000000000020 \nx2 : 0000000000000040 x1 : 0000000000000020 x0 : fffffdffc397c9c0 \nCall trace: \n __block_commit_write+0x64/0x2b0 fs/buffer.c:2167 \n block_write_end+0xb4/0x104 fs/buffer.c:2253 \n ext4_da_do_write_end fs/ext4/inode.c:2955 [inline] \n ext4_da_write_end+0x2c4/0xa40 fs/ext4/inode.c:3028 \n generic_perform_write+0x394/0x588 mm/filemap.c:3985 \n ext4_buffered_write_iter+0x2c0/0x4ec fs/ext4/file.c:299 \n ext4_file_write_iter+0x188/0x1780 \n call_write_iter include/linux/fs.h:2110 [inline] \n new_sync_write fs/read_write.c:497 [inline] \n vfs_write+0x968/0xc3c fs/read_write.c:590 \n ksys_write+0x15c/0x26c fs/read_write.c:643 \n __do_sys_write fs/read_write.c:655 [inline] \n __se_sys_write fs/read_write.c:652 [inline] \n __arm64_sys_write+0x7c/0x90 fs/read_write.c:652 \n __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] \n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 \n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 \n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 \n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 \n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 \n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 \nCode: 97f85911 f94002da 91008356 d343fec8 (38796908) \n---[ end trace [...]", "creation_timestamp": "2024-08-26T13:42:59.000000Z"} https://vulnerability.circl.lu/sighting/108806e9-a7f8-4919-accf-30c67652314b/export Mon, 26 Aug 2024 13:42:59 +0000 https://vulnerability.circl.lu/sighting/c1cad851-5a3e-4643-b3b4-a02f08f6d078/export {"uuid": "c1cad851-5a3e-4643-b3b4-a02f08f6d078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43890", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} {"uuid": "c1cad851-5a3e-4643-b3b4-a02f08f6d078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43890", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} https://vulnerability.circl.lu/sighting/c1cad851-5a3e-4643-b3b4-a02f08f6d078/export Thu, 14 Aug 2025 10:00:00 +0000 https://vulnerability.circl.lu/sighting/88d8e038-efd4-4cc6-a012-825c2d35d37b/export {"uuid": "88d8e038-efd4-4cc6-a012-825c2d35d37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43894", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} {"uuid": "88d8e038-efd4-4cc6-a012-825c2d35d37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43894", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} https://vulnerability.circl.lu/sighting/88d8e038-efd4-4cc6-a012-825c2d35d37b/export Thu, 14 Aug 2025 10:00:00 +0000 https://vulnerability.circl.lu/sighting/23f27361-52d3-411f-84f7-174f6584b01a/export {"uuid": "23f27361-52d3-411f-84f7-174f6584b01a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43893", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} {"uuid": "23f27361-52d3-411f-84f7-174f6584b01a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43893", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} https://vulnerability.circl.lu/sighting/23f27361-52d3-411f-84f7-174f6584b01a/export Thu, 14 Aug 2025 10:00:00 +0000 https://vulnerability.circl.lu/sighting/7f57260f-f52f-4d7e-baf9-66986db0859b/export {"uuid": "7f57260f-f52f-4d7e-baf9-66986db0859b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-43892", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} {"uuid": "7f57260f-f52f-4d7e-baf9-66986db0859b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-43892", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} https://vulnerability.circl.lu/sighting/7f57260f-f52f-4d7e-baf9-66986db0859b/export Wed, 03 Dec 2025 14:14:49 +0000 https://vulnerability.circl.lu/sighting/410619f5-9650-4932-8bd7-93b9a351aa3d/export {"uuid": "410619f5-9650-4932-8bd7-93b9a351aa3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-43899", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} {"uuid": "410619f5-9650-4932-8bd7-93b9a351aa3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-43899", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} https://vulnerability.circl.lu/sighting/410619f5-9650-4932-8bd7-93b9a351aa3d/export Wed, 03 Dec 2025 14:14:49 +0000 https://vulnerability.circl.lu/sighting/95c137cf-7248-44aa-a90b-d19c01d6ed04/export {"uuid": "95c137cf-7248-44aa-a90b-d19c01d6ed04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-43899", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} {"uuid": "95c137cf-7248-44aa-a90b-d19c01d6ed04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-43899", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} https://vulnerability.circl.lu/sighting/95c137cf-7248-44aa-a90b-d19c01d6ed04/export Thu, 19 Mar 2026 00:00:00 +0000 https://vulnerability.circl.lu/sighting/4d72b67c-5abd-40c0-bc21-33a7aa649df0/export {"uuid": "4d72b67c-5abd-40c0-bc21-33a7aa649df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-43898", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"} {"uuid": "4d72b67c-5abd-40c0-bc21-33a7aa649df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-43898", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"} https://vulnerability.circl.lu/sighting/4d72b67c-5abd-40c0-bc21-33a7aa649df0/export Thu, 02 Apr 2026 17:00:00 +0000