https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 06 Jun 2026 01:22:42 +0000 https://vulnerability.circl.lu/sighting/f3315975-d411-48e4-bbcd-fbdcae895915/export {"uuid": "f3315975-d411-48e4-bbcd-fbdcae895915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10827", "type": "seen", "source": "https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review", "content": "", "creation_timestamp": "2024-11-12T18:26:35.000000Z"} {"uuid": "f3315975-d411-48e4-bbcd-fbdcae895915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10827", "type": "seen", "source": "https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review", "content": "", "creation_timestamp": "2024-11-12T18:26:35.000000Z"} https://vulnerability.circl.lu/sighting/f3315975-d411-48e4-bbcd-fbdcae895915/export Tue, 12 Nov 2024 18:26:35 +0000 https://vulnerability.circl.lu/sighting/23deb98b-b6a3-4e28-a0e8-afb2c94ce712/export {"uuid": "23deb98b-b6a3-4e28-a0e8-afb2c94ce712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10826", "type": "seen", "source": "https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review", "content": "", "creation_timestamp": "2024-11-12T18:26:35.000000Z"} {"uuid": "23deb98b-b6a3-4e28-a0e8-afb2c94ce712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10826", "type": "seen", "source": "https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review", "content": "", "creation_timestamp": "2024-11-12T18:26:35.000000Z"} https://vulnerability.circl.lu/sighting/23deb98b-b6a3-4e28-a0e8-afb2c94ce712/export Tue, 12 Nov 2024 18:26:35 +0000 https://vulnerability.circl.lu/sighting/f505dfe9-0c33-4b8a-abae-6182acceb7db/export {"uuid": "f505dfe9-0c33-4b8a-abae-6182acceb7db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10828", "type": "seen", "source": "https://t.me/cvedetector/10792", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10828 - WooCommerce Advanced Order Export PHP Object Injection\", \n \"Content\": \"CVE ID : CVE-2024-10828 \nPublished : Nov. 13, 2024, 4:15 a.m. | 23\u00a0minutes ago \nDescription : The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the \"Try to convert serialized values\" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T05:47:58.000000Z"} {"uuid": "f505dfe9-0c33-4b8a-abae-6182acceb7db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10828", "type": "seen", "source": "https://t.me/cvedetector/10792", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10828 - WooCommerce Advanced Order Export PHP Object Injection\", \n \"Content\": \"CVE ID : CVE-2024-10828 \nPublished : Nov. 13, 2024, 4:15 a.m. | 23\u00a0minutes ago \nDescription : The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the \"Try to convert serialized values\" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T05:47:58.000000Z"} https://vulnerability.circl.lu/sighting/f505dfe9-0c33-4b8a-abae-6182acceb7db/export Wed, 13 Nov 2024 05:47:58 +0000 https://vulnerability.circl.lu/sighting/41f73430-ca06-4c4a-b5a5-791ceef391c3/export {"uuid": "41f73430-ca06-4c4a-b5a5-791ceef391c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10820", "type": "seen", "source": "https://t.me/cvedetector/10795", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10820 - \"WooCommerce Upload Files Remote Code Execution Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-10820 \nPublished : Nov. 13, 2024, 4:15 a.m. | 23\u00a0minutes ago \nDescription : The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T05:48:01.000000Z"} {"uuid": "41f73430-ca06-4c4a-b5a5-791ceef391c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10820", "type": "seen", "source": "https://t.me/cvedetector/10795", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10820 - \"WooCommerce Upload Files Remote Code Execution Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-10820 \nPublished : Nov. 13, 2024, 4:15 a.m. | 23\u00a0minutes ago \nDescription : The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T05:48:01.000000Z"} https://vulnerability.circl.lu/sighting/41f73430-ca06-4c4a-b5a5-791ceef391c3/export Wed, 13 Nov 2024 05:48:01 +0000 https://vulnerability.circl.lu/sighting/16293160-d83e-4a66-aded-2784ea1d4514/export {"uuid": "16293160-d83e-4a66-aded-2784ea1d4514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10825", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113485643510251007", "content": "", "creation_timestamp": "2024-11-15T06:51:36.825235Z"} {"uuid": "16293160-d83e-4a66-aded-2784ea1d4514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10825", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113485643510251007", "content": "", "creation_timestamp": "2024-11-15T06:51:36.825235Z"} https://vulnerability.circl.lu/sighting/16293160-d83e-4a66-aded-2784ea1d4514/export Fri, 15 Nov 2024 06:51:36 +0000 https://vulnerability.circl.lu/sighting/107d16c4-197e-40a5-9b3f-a6a8c794c354/export {"uuid": "107d16c4-197e-40a5-9b3f-a6a8c794c354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10825", "type": "seen", "source": "https://t.me/cvedetector/11047", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10825 - Hide My WP Ghost WordPress Reflected Cross-Site Scripting\", \n \"Content\": \"CVE ID : CVE-2024-10825 \nPublished : Nov. 15, 2024, 7:15 a.m. | 45\u00a0minutes ago \nDescription : The Hide My WP Ghost \u2013 Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T09:23:48.000000Z"} {"uuid": "107d16c4-197e-40a5-9b3f-a6a8c794c354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10825", "type": "seen", "source": "https://t.me/cvedetector/11047", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10825 - Hide My WP Ghost WordPress Reflected Cross-Site Scripting\", \n \"Content\": \"CVE ID : CVE-2024-10825 \nPublished : Nov. 15, 2024, 7:15 a.m. | 45\u00a0minutes ago \nDescription : The Hide My WP Ghost \u2013 Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T09:23:48.000000Z"} https://vulnerability.circl.lu/sighting/107d16c4-197e-40a5-9b3f-a6a8c794c354/export Fri, 15 Nov 2024 09:23:48 +0000 https://vulnerability.circl.lu/sighting/06c6631c-d34b-4535-97b5-34c0df92e593/export {"uuid": "06c6631c-d34b-4535-97b5-34c0df92e593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1082", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15811", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1082\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an\u00a0attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udccf Published: 2024-02-13T18:47:10.591Z\n\ud83d\udccf Modified: 2025-05-09T18:16:58.580Z\n\ud83d\udd17 References:\n1. https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15\n2. https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10\n3. https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7\n4. https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5", "creation_timestamp": "2025-05-09T18:26:25.000000Z"} {"uuid": "06c6631c-d34b-4535-97b5-34c0df92e593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1082", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15811", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1082\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an\u00a0attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udccf Published: 2024-02-13T18:47:10.591Z\n\ud83d\udccf Modified: 2025-05-09T18:16:58.580Z\n\ud83d\udd17 References:\n1. https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15\n2. https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10\n3. https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7\n4. https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5", "creation_timestamp": "2025-05-09T18:26:25.000000Z"} https://vulnerability.circl.lu/sighting/06c6631c-d34b-4535-97b5-34c0df92e593/export Fri, 09 May 2025 18:26:25 +0000 https://vulnerability.circl.lu/sighting/69494ecb-20b1-40bd-93bf-79fe4e247692/export {"uuid": "69494ecb-20b1-40bd-93bf-79fe4e247692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10821", "type": "published-proof-of-concept", "source": "Telegram/xh4XcnfPk8jKp2qpT8jzWwwvaCwZdGZH1ZOpAikcTE7X2rw", "content": "", "creation_timestamp": "2026-05-20T03:00:06.000000Z"} {"uuid": "69494ecb-20b1-40bd-93bf-79fe4e247692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10821", "type": "published-proof-of-concept", "source": "Telegram/xh4XcnfPk8jKp2qpT8jzWwwvaCwZdGZH1ZOpAikcTE7X2rw", "content": "", "creation_timestamp": "2026-05-20T03:00:06.000000Z"} https://vulnerability.circl.lu/sighting/69494ecb-20b1-40bd-93bf-79fe4e247692/export Wed, 20 May 2026 03:00:06 +0000 https://vulnerability.circl.lu/sighting/618e606a-719e-4bf3-9d37-810b12a80422/export {"uuid": "618e606a-719e-4bf3-9d37-810b12a80422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10821", "type": "published-proof-of-concept", "source": "Telegram/zNPCcRZLVUnG7MzXxuguKud9BYCf7Gj51sr3J84x37QbILk", "content": "", "creation_timestamp": "2026-05-20T09:00:05.000000Z"} {"uuid": "618e606a-719e-4bf3-9d37-810b12a80422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10821", "type": "published-proof-of-concept", "source": "Telegram/zNPCcRZLVUnG7MzXxuguKud9BYCf7Gj51sr3J84x37QbILk", "content": "", "creation_timestamp": "2026-05-20T09:00:05.000000Z"} https://vulnerability.circl.lu/sighting/618e606a-719e-4bf3-9d37-810b12a80422/export Wed, 20 May 2026 09:00:05 +0000 https://vulnerability.circl.lu/sighting/5cdef702-4517-48d7-9102-f8908e59a265/export {"uuid": "5cdef702-4517-48d7-9102-f8908e59a265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10829", "type": "seen", "source": "Telegram/p4pSz48sW8Fl1dqUeH21RBDMwtfRPHmaTBryFak7xdWuTDY", "content": "", "creation_timestamp": "2026-05-25T15:00:06.000000Z"} {"uuid": "5cdef702-4517-48d7-9102-f8908e59a265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10829", "type": "seen", "source": "Telegram/p4pSz48sW8Fl1dqUeH21RBDMwtfRPHmaTBryFak7xdWuTDY", "content": "", "creation_timestamp": "2026-05-25T15:00:06.000000Z"} https://vulnerability.circl.lu/sighting/5cdef702-4517-48d7-9102-f8908e59a265/export Mon, 25 May 2026 15:00:06 +0000