{"vulnerability": "cve-2024-1002", "sightings": [{"uuid": "9290ca5a-785c-41ff-b7bd-5bf9f39516fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10028", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113432974350208909", "content": "", "creation_timestamp": "2024-11-05T23:37:08.811594Z"}, {"uuid": "cf6cecf8-4451-4e22-8dc1-d5c88e90d97f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10020", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113434669656961794", "content": "", "creation_timestamp": "2024-11-06T06:48:17.224256Z"}, {"uuid": "424846e4-31b3-4141-87f2-dc98c4b58333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10020", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113434682244741631", "content": "", "creation_timestamp": "2024-11-06T06:51:29.116064Z"}, {"uuid": "ebdc7b78-67e2-4c0b-bc94-3ea0cda8f26c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10027", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113440167627592160", "content": "", "creation_timestamp": "2024-11-07T06:06:29.498178Z"}, {"uuid": "0e76278c-d223-429b-b54f-6000137792a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10026", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113918915619723013", "content": "", "creation_timestamp": "2025-01-30T19:18:24.177747Z"}, {"uuid": "de23827b-fd9b-4398-ba8a-616bc52bb6ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10026", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgycfsas6y2f", "content": "", "creation_timestamp": "2025-01-30T20:15:49.340371Z"}, {"uuid": "dac96254-e4a0-49c4-9201-7d700aa532ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10029", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-e25d1f2b-32702de2beb9d6c0", "content": "", "creation_timestamp": "2025-07-21T07:07:45.935638Z"}, {"uuid": "22e971bd-30c4-4ddb-919c-fd65e6062ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10026", "type": "seen", "source": "https://t.me/cvedetector/16823", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10026 - Google gVisor ID Tracking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10026 \nPublished : Jan. 30, 2025, 8:15 p.m. | 59\u00a0minutes ago \nDescription : A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T22:38:19.000000Z"}, {"uuid": "2d1a90a0-eeaa-4bb9-abfd-e344d89fcb9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10026", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5136", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10026\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.\n\ud83d\udccf Published: 2025-01-30T19:12:27.994Z\n\ud83d\udccf Modified: 2025-02-24T11:50:42.192Z\n\ud83d\udd17 References:\n1. https://github.com/google/gvisor/commit/f956b5ac17ae1f60a4d21999b59ba18c55f86d56\n2. https://github.com/google/gvisor/commit/e54bfde79278cafadedbf73c68ee10cb5982f2af\n3. https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2\n4. https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf", "creation_timestamp": "2025-02-24T12:22:04.000000Z"}, {"uuid": "8d45097f-998e-4cbb-8abc-17f5e6933431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10026", "type": "seen", "source": "Telegram/BTidouZx7yOuauy7K6abH7ADnHlJMMAP1nBMVjKGO7AnudRZ", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"}, {"uuid": "e432cb75-2842-4e28-bd9f-d12e4bdb366b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10020", "type": "seen", "source": "https://t.me/cvedetector/9994", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10020 - Heateor Social Login WordPress Plugin Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10020 \nPublished : Nov. 6, 2024, 7:15 a.m. | 40\u00a0minutes ago \nDescription : The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T09:08:42.000000Z"}, {"uuid": "77cf34ff-613d-4463-9802-06ec643d7559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10028", "type": "seen", "source": "https://t.me/cvedetector/9967", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10028 - Everest Backup - WordPress Cloud Backup Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-10028 \nPublished : Nov. 6, 2024, 12:15 a.m. | 43\u00a0minutes ago \nDescription : The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T02:27:01.000000Z"}, {"uuid": "70e5833b-89de-4db2-9c2f-64ffce49b0c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10027", "type": "seen", "source": "https://t.me/cvedetector/10057", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10027 - WordPress Booking Calendar Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10027 \nPublished : Nov. 7, 2024, 6:15 a.m. | 22\u00a0minutes ago \nDescription : The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T07:43:25.000000Z"}, {"uuid": "f6ed6afb-7ced-4743-9543-f123585201c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10024", "type": "seen", "source": "https://t.me/cvedetector/8058", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10024 - Pharmacy Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10024 \nPublished : Oct. 16, 2024, 1:15 p.m. | 39\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T16:22:54.000000Z"}, {"uuid": "455c03af-3e43-4d2c-9a81-c71bcc4cd27a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10023", "type": "seen", "source": "https://t.me/cvedetector/8057", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10023 - Code-projects Pharmacy Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10023 \nPublished : Oct. 16, 2024, 1:15 p.m. | 39\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T16:22:52.000000Z"}, {"uuid": "098deae4-7201-45ec-a65c-e21e8939532d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10021", "type": "seen", "source": "https://t.me/cvedetector/8052", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10021 - Code-projects Pharmacy Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10021 \nPublished : Oct. 16, 2024, 12:15 p.m. | 17\u00a0minutes ago \nDescription : A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T14:41:33.000000Z"}, {"uuid": "18f89930-ec87-4adc-8635-385060209d48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10022", "type": "seen", "source": "https://t.me/cvedetector/8049", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10022 - Code-projects Pharmacy Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10022 \nPublished : Oct. 16, 2024, 12:15 p.m. | 17\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T14:41:30.000000Z"}, {"uuid": "9c88c47e-e2bf-44b2-bc6a-7534f41b7a1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1002", "type": "seen", "source": "https://t.me/ctinow/177353", "content": "https://ift.tt/R6h5jAQ\nCVE-2024-1002 Exploit", "creation_timestamp": "2024-02-01T08:16:20.000000Z"}, {"uuid": "abaa96cb-9553-4371-85f9-f54f02500be3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1002", "type": "seen", "source": "https://t.me/ctinow/175312", "content": "https://ift.tt/DbJWo9F\nCVE-2024-1002", "creation_timestamp": "2024-01-29T15:26:27.000000Z"}, {"uuid": "8725fbeb-00c6-40b1-b923-627134804e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10025", "type": "seen", "source": "https://t.me/cvedetector/8159", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10025 - SICK Unauthorized Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10025 \nPublished : Oct. 17, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an \u201cAuthorized Client\u201d if the customer has not changed the default password. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T13:17:48.000000Z"}, {"uuid": "320ad234-cd8f-4258-986a-6377591e334c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1002", "type": "seen", "source": "https://t.me/ctinow/189424", "content": "https://ift.tt/7Ks8Gg4\nCVE-2024-1002 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi setIpPortFilterRules ePort stack-based overflow", "creation_timestamp": "2024-02-21T10:11:35.000000Z"}]}