{"vulnerability": "CVE-2024-1004", "sightings": [{"uuid": "454f252c-a625-49ad-91b4-8fff3ab0db81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10046", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113609066901902163", "content": "", "creation_timestamp": "2024-12-07T01:59:48.091620Z"}, {"uuid": "53ce0ef2-08ce-4485-9fd3-baf6bc259f87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10043", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113635140492482846", "content": "", "creation_timestamp": "2024-12-11T16:30:39.774277Z"}, {"uuid": "a262ea44-43ea-4752-a24e-cb290911c7d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10044", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113741639003351841", "content": "", "creation_timestamp": "2024-12-30T11:54:37.643200Z"}, {"uuid": "45a64207-429c-442b-b4b9-a438f338ff12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10044", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113741858978390201", "content": "", "creation_timestamp": "2024-12-30T12:50:34.168865Z"}, {"uuid": "11413b36-b832-47d0-b833-a7c559b73fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10042", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhulqllk4i2x", "content": "", "creation_timestamp": "2025-02-11T02:17:27.667689Z"}, {"uuid": "9cf159cd-02e0-48bd-a677-8e1ac7389b3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10041", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lom6f73abs27", "content": "", "creation_timestamp": "2025-05-07T19:53:32.280048Z"}, {"uuid": "c2f3c8d6-2978-4718-b11e-6ae23fbf90b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10041", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3loqxy5op7c2c", "content": "", "creation_timestamp": "2025-05-09T17:42:11.210080Z"}, {"uuid": "c851aebd-2058-4841-b38f-e2e80c66a0b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10041", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3loqzdjbyi22c", "content": "", "creation_timestamp": "2025-05-09T18:06:26.153815Z"}, {"uuid": "d59492b0-322c-46b0-9f7a-5eecbb06e71a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10041", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3loyn7ky5kk2d", "content": "", "creation_timestamp": "2025-05-12T18:50:48.780036Z"}, {"uuid": "cb6bddf4-a15b-4a7f-a82a-6e2c61031b06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10041", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lp5ua7fwtk2t", "content": "", "creation_timestamp": "2025-05-14T20:39:42.625834Z"}, {"uuid": "dd641ebf-cc1f-44e4-acc0-91383e6f75ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10044", "type": "seen", "source": "https://t.me/cvedetector/13932", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10044 - FastChat SSRF\", \n  \"Content\": \"CVE ID : CVE-2024-10044 \nPublished : Dec. 30, 2024, 12:15 p.m. | 39\u00a0minutes ago \nDescription : A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-30T14:17:31.000000Z"}, {"uuid": "486cc056-6001-4920-a1f3-68f62324157e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10046", "type": "seen", "source": "https://t.me/cvedetector/12311", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10046 - The \u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a9 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 Persian WooCommerce SMS p\", \n  \"Content\": \"CVE ID : CVE-2024-10046 \nPublished : Dec. 7, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : The \u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a9 \u0648\u0648\u06a9\u0627\u0645\u0631\u0633 Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T04:10:53.000000Z"}, {"uuid": "0c17cd6a-55fa-47d4-80e2-b207ebb4c5a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10040", "type": "seen", "source": "https://t.me/cvedetector/8288", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10040 - WordPress Infinite-Scroll CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-10040 \nPublished : Oct. 18, 2024, 5:15 a.m. | 19\u00a0minutes ago \nDescription : The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T07:42:57.000000Z"}, {"uuid": "252ad903-4ec6-425e-b559-5f086999d296", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10049", "type": "seen", "source": "https://t.me/cvedetector/8289", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10049 - WooCommerce Edit Templates Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10049 \nPublished : Oct. 18, 2024, 5:15 a.m. | 19\u00a0minutes ago \nDescription : The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page\u2019 parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T07:43:01.000000Z"}, {"uuid": "5fda94eb-0add-4fbd-86b6-42ca1be576b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10041", "type": "seen", "source": "https://t.me/cvedetector/8694", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10041 - PAM Speculative Branch Predictive ROP Chain Memory Leak\", \n  \"Content\": \"CVE ID : CVE-2024-10041 \nPublished : Oct. 23, 2024, 2:15 p.m. | 51\u00a0minutes ago \nDescription : A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T17:23:20.000000Z"}, {"uuid": "0a35cef5-f4d2-4ee9-894b-0754f74cda39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10045", "type": "seen", "source": "https://t.me/cvedetector/8679", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10045 - WordPress Transients Manager CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-10045 \nPublished : Oct. 23, 2024, 8:15 a.m. | 21\u00a0minutes ago \nDescription : The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to delete transients via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T10:41:53.000000Z"}, {"uuid": "bc2b13bf-9dc6-4ae3-a3ae-d85098e3bda0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1004", "type": "seen", "source": "https://t.me/ctinow/189441", "content": "https://ift.tt/ncP4Ad7\nCVE-2024-1004 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi loginAuth http_host stack-based overflow", "creation_timestamp": "2024-02-21T10:41:17.000000Z"}]}