https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 05 May 2026 02:08:17 +0000 https://vulnerability.circl.lu/sighting/b180c12d-d9ab-474a-9df6-1567e2550b60/export {"uuid": "b180c12d-d9ab-474a-9df6-1567e2550b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56310", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56310\n\ud83d\udd39 Description: REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.\n\ud83d\udccf Published: 2024-12-22T00:00:00\n\ud83d\udccf Modified: 2025-01-10T10:48:01.411479Z\n\ud83d\udd17 References:\n1. https://www.evms.edu/research/resources_services/redcap/redcap_change_log/\n2. https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", "creation_timestamp": "2025-01-10T11:06:14.000000Z"} {"uuid": "b180c12d-d9ab-474a-9df6-1567e2550b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56310", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56310\n\ud83d\udd39 Description: REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.\n\ud83d\udccf Published: 2024-12-22T00:00:00\n\ud83d\udccf Modified: 2025-01-10T10:48:01.411479Z\n\ud83d\udd17 References:\n1. https://www.evms.edu/research/resources_services/redcap/redcap_change_log/\n2. https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", "creation_timestamp": "2025-01-10T11:06:14.000000Z"} https://vulnerability.circl.lu/sighting/b180c12d-d9ab-474a-9df6-1567e2550b60/export Fri, 10 Jan 2025 11:06:14 +0000 https://vulnerability.circl.lu/sighting/78a9f9ba-dd14-4af1-9513-44f22dcf4dcc/export {"uuid": "78a9f9ba-dd14-4af1-9513-44f22dcf4dcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-56316", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113902768249990714", "content": "", "creation_timestamp": "2025-01-27T22:51:54.936637Z"} {"uuid": "78a9f9ba-dd14-4af1-9513-44f22dcf4dcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-56316", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113902768249990714", "content": "", "creation_timestamp": "2025-01-27T22:51:54.936637Z"} https://vulnerability.circl.lu/sighting/78a9f9ba-dd14-4af1-9513-44f22dcf4dcc/export Mon, 27 Jan 2025 22:51:54 +0000 https://vulnerability.circl.lu/sighting/52cd303c-8905-4686-ae47-9bd296ac911b/export {"uuid": "52cd303c-8905-4686-ae47-9bd296ac911b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgr32gozak2i", "content": "", "creation_timestamp": "2025-01-27T23:15:33.712543Z"} {"uuid": "52cd303c-8905-4686-ae47-9bd296ac911b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgr32gozak2i", "content": "", "creation_timestamp": "2025-01-27T23:15:33.712543Z"} https://vulnerability.circl.lu/sighting/52cd303c-8905-4686-ae47-9bd296ac911b/export Mon, 27 Jan 2025 23:15:33 +0000 https://vulnerability.circl.lu/sighting/b83ba8fa-9dff-42a3-a930-7dc7088d2744/export {"uuid": "b83ba8fa-9dff-42a3-a930-7dc7088d2744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3183", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56316\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service.\n\ud83d\udccf Published: 2025-01-28T00:32:15Z\n\ud83d\udccf Modified: 2025-01-28T00:32:15Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-56316\n2. https://www.y-security.de/news-en/axess-auto-configuration-server-denial-of-service-cve-2024-56316", "creation_timestamp": "2025-01-28T01:08:07.000000Z"} {"uuid": "b83ba8fa-9dff-42a3-a930-7dc7088d2744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3183", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56316\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service.\n\ud83d\udccf Published: 2025-01-28T00:32:15Z\n\ud83d\udccf Modified: 2025-01-28T00:32:15Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-56316\n2. https://www.y-security.de/news-en/axess-auto-configuration-server-denial-of-service-cve-2024-56316", "creation_timestamp": "2025-01-28T01:08:07.000000Z"} https://vulnerability.circl.lu/sighting/b83ba8fa-9dff-42a3-a930-7dc7088d2744/export Tue, 28 Jan 2025 01:08:07 +0000 https://vulnerability.circl.lu/sighting/01f8379b-58e6-4dc1-a560-501de10bac04/export {"uuid": "01f8379b-58e6-4dc1-a560-501de10bac04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "https://t.me/cvedetector/16553", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56316 - AXESS ACS TR069 Permanent Denial of Service Remote Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56316 \nPublished : Jan. 27, 2025, 11:15 p.m. | 1\u00a0hour, 45\u00a0minutes ago \nDescription : In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T02:04:11.000000Z"} {"uuid": "01f8379b-58e6-4dc1-a560-501de10bac04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "https://t.me/cvedetector/16553", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56316 - AXESS ACS TR069 Permanent Denial of Service Remote Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56316 \nPublished : Jan. 27, 2025, 11:15 p.m. | 1\u00a0hour, 45\u00a0minutes ago \nDescription : In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T02:04:11.000000Z"} https://vulnerability.circl.lu/sighting/01f8379b-58e6-4dc1-a560-501de10bac04/export Tue, 28 Jan 2025 02:04:11 +0000 https://vulnerability.circl.lu/sighting/7814f050-c42d-4429-9a02-1fe33f1ea64c/export {"uuid": "7814f050-c42d-4429-9a02-1fe33f1ea64c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "Telegram/cYUWpb4F90EM4EhMEWu7zxiicZd91JOOF2_P98mKY-HPgUaC", "content": "", "creation_timestamp": "2025-01-28T03:22:55.000000Z"} {"uuid": "7814f050-c42d-4429-9a02-1fe33f1ea64c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "Telegram/cYUWpb4F90EM4EhMEWu7zxiicZd91JOOF2_P98mKY-HPgUaC", "content": "", "creation_timestamp": "2025-01-28T03:22:55.000000Z"} https://vulnerability.circl.lu/sighting/7814f050-c42d-4429-9a02-1fe33f1ea64c/export Tue, 28 Jan 2025 03:22:55 +0000 https://vulnerability.circl.lu/sighting/426c045f-022a-4539-b8f4-67c529b5b269/export {"uuid": "426c045f-022a-4539-b8f4-67c529b5b269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56310", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8056", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56310\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.\n\ud83d\udccf Published: 2024-12-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T13:51:20.367Z\n\ud83d\udd17 References:\n1. https://www.evms.edu/research/resources_services/redcap/redcap_change_log/\n2. https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", "creation_timestamp": "2025-03-19T14:16:51.000000Z"} {"uuid": "426c045f-022a-4539-b8f4-67c529b5b269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56310", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8056", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56310\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.\n\ud83d\udccf Published: 2024-12-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T13:51:20.367Z\n\ud83d\udd17 References:\n1. https://www.evms.edu/research/resources_services/redcap/redcap_change_log/\n2. https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", "creation_timestamp": "2025-03-19T14:16:51.000000Z"} https://vulnerability.circl.lu/sighting/426c045f-022a-4539-b8f4-67c529b5b269/export Wed, 19 Mar 2025 14:16:51 +0000 https://vulnerability.circl.lu/sighting/8431caa0-9eb3-4fc4-941d-a0ebfe0141c9/export {"uuid": "8431caa0-9eb3-4fc4-941d-a0ebfe0141c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:02.000000Z"} {"uuid": "8431caa0-9eb3-4fc4-941d-a0ebfe0141c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56316", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:02.000000Z"} https://vulnerability.circl.lu/sighting/8431caa0-9eb3-4fc4-941d-a0ebfe0141c9/export Mon, 01 Sep 2025 19:03:02 +0000 https://vulnerability.circl.lu/sighting/92c26a5f-ceab-40ff-b999-a64359731440/export {"uuid": "92c26a5f-ceab-40ff-b999-a64359731440", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56317", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:32.000000Z"} {"uuid": "92c26a5f-ceab-40ff-b999-a64359731440", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56317", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:32.000000Z"} https://vulnerability.circl.lu/sighting/92c26a5f-ceab-40ff-b999-a64359731440/export Mon, 15 Sep 2025 13:28:32 +0000 https://vulnerability.circl.lu/sighting/357e142c-45cc-4566-9257-d10c492c1068/export {"uuid": "357e142c-45cc-4566-9257-d10c492c1068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56317", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:04.000000Z"} {"uuid": "357e142c-45cc-4566-9257-d10c492c1068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56317", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:04.000000Z"} https://vulnerability.circl.lu/sighting/357e142c-45cc-4566-9257-d10c492c1068/export Tue, 16 Sep 2025 03:45:04 +0000