https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 11:13:19 +0000 https://vulnerability.circl.lu/sighting/5e598c79-b5b2-4293-bef2-070442379443/export {"uuid": "5e598c79-b5b2-4293-bef2-070442379443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5280", "type": "seen", "source": "https://t.me/cvedetector/809", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-5280 - The wp-affiliate-platform WordPress plugin before\", \n \"Content\": \"CVE ID : CVE-2024-5280 \nPublished : July 13, 2024, 6:15 a.m. | 32\u00a0minutes ago \nDescription : The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-13T08:49:50.000000Z"} {"uuid": "5e598c79-b5b2-4293-bef2-070442379443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5280", "type": "seen", "source": "https://t.me/cvedetector/809", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-5280 - The wp-affiliate-platform WordPress plugin before\", \n \"Content\": \"CVE ID : CVE-2024-5280 \nPublished : July 13, 2024, 6:15 a.m. | 32\u00a0minutes ago \nDescription : The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-13T08:49:50.000000Z"} https://vulnerability.circl.lu/sighting/5e598c79-b5b2-4293-bef2-070442379443/export Sat, 13 Jul 2024 08:49:50 +0000 https://vulnerability.circl.lu/sighting/ed0be3e5-31a7-48d2-9eb7-87827b4f1b91/export {"uuid": "ed0be3e5-31a7-48d2-9eb7-87827b4f1b91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52803", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113522000459979063", "content": "", "creation_timestamp": "2024-11-21T16:57:39.844704Z"} {"uuid": "ed0be3e5-31a7-48d2-9eb7-87827b4f1b91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52803", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113522000459979063", "content": "", "creation_timestamp": "2024-11-21T16:57:39.844704Z"} https://vulnerability.circl.lu/sighting/ed0be3e5-31a7-48d2-9eb7-87827b4f1b91/export Thu, 21 Nov 2024 16:57:39 +0000 https://vulnerability.circl.lu/sighting/9d695c57-c104-4041-b992-09c5582b254f/export {"uuid": "9d695c57-c104-4041-b992-09c5582b254f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52809", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113567706103109724", "content": "", "creation_timestamp": "2024-11-29T18:41:12.682798Z"} {"uuid": "9d695c57-c104-4041-b992-09c5582b254f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52809", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113567706103109724", "content": "", "creation_timestamp": "2024-11-29T18:41:12.682798Z"} https://vulnerability.circl.lu/sighting/9d695c57-c104-4041-b992-09c5582b254f/export Fri, 29 Nov 2024 18:41:12 +0000 https://vulnerability.circl.lu/sighting/6e2a4c77-5863-436b-ace7-5841f3bee6f4/export {"uuid": "6e2a4c77-5863-436b-ace7-5841f3bee6f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52800", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9255", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aGHSA-4cx5-89vm-833x/CVE-2024-52800\nURL\uff1ahttps://github.com/JAckLosingHeart/GHSA-4cx5-89vm-833x-POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-30T06:58:11.000000Z"} {"uuid": "6e2a4c77-5863-436b-ace7-5841f3bee6f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52800", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9255", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aGHSA-4cx5-89vm-833x/CVE-2024-52800\nURL\uff1ahttps://github.com/JAckLosingHeart/GHSA-4cx5-89vm-833x-POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-30T06:58:11.000000Z"} https://vulnerability.circl.lu/sighting/6e2a4c77-5863-436b-ace7-5841f3bee6f4/export Sat, 30 Nov 2024 06:58:11 +0000 https://vulnerability.circl.lu/sighting/366e1d0f-5e76-48da-9970-7acfc80bce85/export {"uuid": "366e1d0f-5e76-48da-9970-7acfc80bce85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52806", "type": "seen", "source": "https://t.me/cvedetector/11805", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52806 - SimpleSAMLphp SAML2 XXE Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-52806 \nPublished : Dec. 2, 2024, 5:15 p.m. | 51\u00a0minutes ago \nDescription : SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. \nSeverity: 8.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"02 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T19:35:47.000000Z"} {"uuid": "366e1d0f-5e76-48da-9970-7acfc80bce85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52806", "type": "seen", "source": "https://t.me/cvedetector/11805", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52806 - SimpleSAMLphp SAML2 XXE Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-52806 \nPublished : Dec. 2, 2024, 5:15 p.m. | 51\u00a0minutes ago \nDescription : SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. \nSeverity: 8.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"02 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T19:35:47.000000Z"} https://vulnerability.circl.lu/sighting/366e1d0f-5e76-48da-9970-7acfc80bce85/export Mon, 02 Dec 2024 19:35:47 +0000 https://vulnerability.circl.lu/sighting/8e28693b-d58a-412d-98a6-64d2ad9de9f5/export {"uuid": "8e28693b-d58a-412d-98a6-64d2ad9de9f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52805", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113589996255229449", "content": "", "creation_timestamp": "2024-12-03T17:09:53.082041Z"} {"uuid": "8e28693b-d58a-412d-98a6-64d2ad9de9f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52805", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113589996255229449", "content": "", "creation_timestamp": "2024-12-03T17:09:53.082041Z"} https://vulnerability.circl.lu/sighting/8e28693b-d58a-412d-98a6-64d2ad9de9f5/export Tue, 03 Dec 2024 17:09:53 +0000 https://vulnerability.circl.lu/sighting/a45558ea-8840-4f4c-ad07-5cb1452cdc3b/export {"uuid": "a45558ea-8840-4f4c-ad07-5cb1452cdc3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52805", "type": "seen", "source": "https://t.me/cvedetector/11904", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52805 - Synapse is an open-source Matrix homeserver. In Sy\", \n \"Content\": \"CVE ID : CVE-2024-52805 \nPublished : Dec. 3, 2024, 5:15 p.m. | 2\u00a0hours ago \nDescription : Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T20:40:50.000000Z"} {"uuid": "a45558ea-8840-4f4c-ad07-5cb1452cdc3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52805", "type": "seen", "source": "https://t.me/cvedetector/11904", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52805 - Synapse is an open-source Matrix homeserver. In Sy\", \n \"Content\": \"CVE ID : CVE-2024-52805 \nPublished : Dec. 3, 2024, 5:15 p.m. | 2\u00a0hours ago \nDescription : Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T20:40:50.000000Z"} https://vulnerability.circl.lu/sighting/a45558ea-8840-4f4c-ad07-5cb1452cdc3b/export Tue, 03 Dec 2024 20:40:50 +0000 https://vulnerability.circl.lu/sighting/1c178b22-988c-40be-a9ac-22e7f032a643/export {"uuid": "1c178b22-988c-40be-a9ac-22e7f032a643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52807", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113885058909709347", "content": "", "creation_timestamp": "2025-01-24T19:48:48.062393Z"} {"uuid": "1c178b22-988c-40be-a9ac-22e7f032a643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52807", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113885058909709347", "content": "", "creation_timestamp": "2025-01-24T19:48:48.062393Z"} https://vulnerability.circl.lu/sighting/1c178b22-988c-40be-a9ac-22e7f032a643/export Fri, 24 Jan 2025 19:48:48 +0000 https://vulnerability.circl.lu/sighting/92dcf670-be15-4ce8-a3f2-f642d3de999a/export {"uuid": "92dcf670-be15-4ce8-a3f2-f642d3de999a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52807", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3008", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52807\n\ud83d\udd39 Description: The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available.\n\ud83d\udccf Published: 2025-01-24T18:34:23.255Z\n\ud83d\udccf Modified: 2025-01-24T19:42:52.498Z\n\ud83d\udd17 References:\n1. https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-8c3x-hq82-gjcm\n2. https://github.com/HL7/fhir-ig-publisher/compare/1.7.3...1.7.4", "creation_timestamp": "2025-01-24T20:04:51.000000Z"} {"uuid": "92dcf670-be15-4ce8-a3f2-f642d3de999a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52807", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3008", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52807\n\ud83d\udd39 Description: The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available.\n\ud83d\udccf Published: 2025-01-24T18:34:23.255Z\n\ud83d\udccf Modified: 2025-01-24T19:42:52.498Z\n\ud83d\udd17 References:\n1. https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-8c3x-hq82-gjcm\n2. https://github.com/HL7/fhir-ig-publisher/compare/1.7.3...1.7.4", "creation_timestamp": "2025-01-24T20:04:51.000000Z"} https://vulnerability.circl.lu/sighting/92dcf670-be15-4ce8-a3f2-f642d3de999a/export Fri, 24 Jan 2025 20:04:51 +0000 https://vulnerability.circl.lu/sighting/0fcc452a-b5cd-439d-b932-8ff521adc411/export {"uuid": "0fcc452a-b5cd-439d-b932-8ff521adc411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52807", "type": "seen", "source": "https://t.me/cvedetector/16340", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52807 - Apache FHIR IG Publisher XML External Entity Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-52807 \nPublished : Jan. 24, 2025, 7:15 p.m. | 38\u00a0minutes ago \nDescription : The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"24 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T21:06:18.000000Z"} {"uuid": "0fcc452a-b5cd-439d-b932-8ff521adc411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52807", "type": "seen", "source": "https://t.me/cvedetector/16340", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52807 - Apache FHIR IG Publisher XML External Entity Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-52807 \nPublished : Jan. 24, 2025, 7:15 p.m. | 38\u00a0minutes ago \nDescription : The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"24 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T21:06:18.000000Z"} https://vulnerability.circl.lu/sighting/0fcc452a-b5cd-439d-b932-8ff521adc411/export Fri, 24 Jan 2025 21:06:18 +0000