{"vulnerability": "cve-2024-1014", "sightings": [{"uuid": "789f74db-e44d-4131-8097-a2d32821228a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10146", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113479826480414692", "content": "", "creation_timestamp": "2024-11-14T06:12:15.624640Z"}, {"uuid": "147176b9-5ef1-4189-9609-0f02638af5b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10147", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113490494122187280", "content": "", "creation_timestamp": "2024-11-16T03:25:11.386998Z"}, {"uuid": "b577f08b-4fb4-42f5-8dcb-54fa96573b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10142", "type": "seen", "source": "https://t.me/cvedetector/8366", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10142 - Code-Projects Blood Bank System Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10142 \nPublished : Oct. 19, 2024, 5:15 p.m. | 15\u00a0minutes ago \nDescription : A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T19:40:29.000000Z"}, {"uuid": "f3620f05-b95c-4cec-af45-41575bf3519d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10146", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m4jermw6hx2b", "content": "", "creation_timestamp": "2025-10-31T21:02:45.551447Z"}, {"uuid": "3e1f065d-3b29-4506-ab65-e7d81e9849e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10146", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-10146.yaml", "content": "", "creation_timestamp": "2025-10-31T05:02:58.000000Z"}, {"uuid": "51a6ebab-caa4-4352-b907-0ae2aa2d757b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10146", "type": "seen", "source": "https://t.me/cvedetector/10906", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10146 - WordPress Simple File List Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10146 \nPublished : Nov. 14, 2024, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T08:17:19.000000Z"}, {"uuid": "54b33729-3708-441d-905a-b7fb61b0bd96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10147", "type": "seen", "source": "https://t.me/cvedetector/11222", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10147 - Steel WordPress Plugin Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10147 \nPublished : Nov. 16, 2024, 4:15 a.m. | 38\u00a0minutes ago \nDescription : The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-16T06:02:41.000000Z"}, {"uuid": "e3ce503e-2586-4972-b49d-27bf065aac0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10141", "type": "seen", "source": "https://t.me/cvedetector/8365", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10141 - \"jsbroks COCO Annotator Session Handler Predictable SECRET_KEY Remote Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10141 \nPublished : Oct. 19, 2024, 3:15 p.m. | 43\u00a0minutes ago \nDescription : A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T18:00:08.000000Z"}, {"uuid": "b9e9b8d9-2a36-40a9-a21a-2e423cc5cfa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10140", "type": "seen", "source": "https://t.me/cvedetector/8364", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10140 - Pharmacy Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10140 \nPublished : Oct. 19, 2024, 3:15 p.m. | 43\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T18:00:07.000000Z"}, {"uuid": "6a8c919b-c5a6-4904-849c-be9cb3dbecef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10148", "type": "seen", "source": "https://t.me/cvedetector/8902", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10148 - \"WordPress Awesome Buttons Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10148 \nPublished : Oct. 25, 2024, 7:15 a.m. | 39\u00a0minutes ago \nDescription : The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T10:23:38.000000Z"}, {"uuid": "80a8227b-fbdc-45f4-90d7-820214fb22bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1014", "type": "seen", "source": "https://t.me/ctinow/177951", "content": "https://ift.tt/JE3pbFQ\nCVE-2024-1014 Exploit", "creation_timestamp": "2024-02-02T08:16:15.000000Z"}, {"uuid": "5cb16d37-97ef-4cf5-b890-d4fbd6faba6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1014", "type": "seen", "source": "https://t.me/ctinow/189650", "content": "https://ift.tt/HSgU4je\nCVE-2024-1014 | SE-elektronic E-DDC3.3 03.07.03 Administration Panel resource consumption", "creation_timestamp": "2024-02-21T15:11:53.000000Z"}, {"uuid": "15d9766c-bd6f-4268-a432-4800ea83ee24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1014", "type": "seen", "source": "https://t.me/ctinow/175313", "content": "https://ift.tt/eRgQaVO\nCVE-2024-1014", "creation_timestamp": "2024-01-29T15:26:28.000000Z"}]}