Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 23 Jun 2026 09:24:55 +0000 094bf714-3527-4699-a5c7-1ea7887c7096 https://vulnerability.circl.lu/sighting/094bf714-3527-4699-a5c7-1ea7887c7096/export {"uuid": "094bf714-3527-4699-a5c7-1ea7887c7096", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-VCP4-P2MP-8FPQ", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/56", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:32:48.000000Z"} {"uuid": "094bf714-3527-4699-a5c7-1ea7887c7096", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-VCP4-P2MP-8FPQ", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/56", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:32:48.000000Z"} https://vulnerability.circl.lu/sighting/094bf714-3527-4699-a5c7-1ea7887c7096/export Sun, 05 Jan 2025 01:32:48 +0000 17f111a6-a518-4e0f-8d9c-f881a848e062 https://vulnerability.circl.lu/sighting/17f111a6-a518-4e0f-8d9c-f881a848e062/export {"uuid": "17f111a6-a518-4e0f-8d9c-f881a848e062", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-VCP4-P2MP-8FPQ", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/78", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **Aliases**: CVE-2024-10957\n\ud83d\udd39 **Details**: The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-502\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:35:30.000000Z"} {"uuid": "17f111a6-a518-4e0f-8d9c-f881a848e062", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-VCP4-P2MP-8FPQ", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/78", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **Aliases**: CVE-2024-10957\n\ud83d\udd39 **Details**: The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-502\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:35:30.000000Z"} https://vulnerability.circl.lu/sighting/17f111a6-a518-4e0f-8d9c-f881a848e062/export Sun, 05 Jan 2025 01:35:30 +0000 3e777eab-096d-44db-b195-ec361af714ec https://vulnerability.circl.lu/sighting/3e777eab-096d-44db-b195-ec361af714ec/export {"uuid": "3e777eab-096d-44db-b195-ec361af714ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-VCP4-P2MP-8FPQ", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/100", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **Aliases**: CVE-2024-10957\n\ud83d\udd39 **Details**: The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-502\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:38:16.000000Z"} {"uuid": "3e777eab-096d-44db-b195-ec361af714ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-VCP4-P2MP-8FPQ", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/100", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **Aliases**: CVE-2024-10957\n\ud83d\udd39 **Details**: The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-502\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:38:16.000000Z"} https://vulnerability.circl.lu/sighting/3e777eab-096d-44db-b195-ec361af714ec/export Sun, 05 Jan 2025 01:38:16 +0000