{"vulnerability": "cve-2024-1043", "sightings": [{"uuid": "ca720ad4-8ae1-4bf2-b03e-32c6d7746a7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10432", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:31.000000Z"}, {"uuid": "b1f5ed22-50a5-4e85-9624-0413aecfe602", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10433", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:30.000000Z"}, {"uuid": "c039aec4-3237-41b6-a9d1-4f06d3c7ff43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10432", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "ebea290e-22d3-4fc3-a06f-6a7a7b2f2fe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10433", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "5b3b071a-70e0-4bab-8838-9868fe89adce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10437", "type": "seen", "source": "https://t.me/cvedetector/9274", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10437 - WPC Smart Messages for WooCommerce Unauthenticated Ajax Capability Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-10437 \nPublished : Oct. 29, 2024, 10:15 a.m. | 39\u00a0minutes ago \nDescription : The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate smart messages. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T12:15:35.000000Z"}, {"uuid": "e4b24b4e-8b42-4c09-a238-38bccf84fe7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10436", "type": "seen", "source": "https://t.me/cvedetector/9278", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10436 - WPC Smart Messages for WooCommerce Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10436 \nPublished : Oct. 29, 2024, 10:15 a.m. | 39\u00a0minutes ago \nDescription : The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T12:15:38.000000Z"}, {"uuid": "9edc8a8c-9350-4a6f-b8ae-1d2516d2b64d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10435", "type": "seen", "source": "https://t.me/cvedetector/9083", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10435 - DIDI Super-Jacoco Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10435 \nPublished : Oct. 28, 2024, 1:15 a.m. | 29\u00a0minutes ago \nDescription : A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T02:46:38.000000Z"}, {"uuid": "7d6db8f9-f358-4e5e-98f7-62e1d6668d7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10434", "type": "seen", "source": "https://t.me/cvedetector/9082", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10434 - Tenda AC1206 Stack-Based Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10434 \nPublished : Oct. 28, 2024, 1:15 a.m. | 29\u00a0minutes ago \nDescription : A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T02:46:38.000000Z"}, {"uuid": "2efb94cc-14fa-41c7-a3cc-f4036653f365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10439", "type": "seen", "source": "https://t.me/cvedetector/9088", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10439 - Sunnet eHRD CTMS IDOR\", \n  \"Content\": \"CVE ID : CVE-2024-10439 \nPublished : Oct. 28, 2024, 3:15 a.m. | 39\u00a0minutes ago \nDescription : The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T05:17:15.000000Z"}, {"uuid": "8222f2eb-11b0-4033-aac1-3ca4232f1f47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10438", "type": "seen", "source": "https://t.me/cvedetector/9087", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10438 - Sunnet eHRD CTMS Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-10438 \nPublished : Oct. 28, 2024, 3:15 a.m. | 39\u00a0minutes ago \nDescription : The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T05:17:14.000000Z"}, {"uuid": "535ad31f-a3ea-4897-84a1-2e637742d81b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10433", "type": "seen", "source": "https://t.me/cvedetector/9079", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10433 - Cisco Project Worlds Simple Web-Based Chat Application Cross Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10433 \nPublished : Oct. 28, 2024, 12:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions different parameters to be affected which do not correlate with the screenshots of a successful attack. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T01:56:28.000000Z"}, {"uuid": "26b0f9cd-8809-4ed6-ac67-a31066ef58b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10432", "type": "seen", "source": "https://t.me/cvedetector/9078", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10432 - \"Project Worlds Simple Web-Based Chat Application SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10432 \nPublished : Oct. 28, 2024, 12:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T01:56:27.000000Z"}, {"uuid": "be414f49-2d18-4b68-aaa2-06e51d95dccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10431", "type": "seen", "source": "https://t.me/cvedetector/9077", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10431 - Codezips Pet Shop Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10431 \nPublished : Oct. 27, 2024, 11:15 p.m. | 38\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file /deletebird.php. The manipulation of the argument t1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T01:06:17.000000Z"}, {"uuid": "6fb25112-af0e-4077-a0ce-28a275510473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10430", "type": "seen", "source": "https://t.me/cvedetector/9076", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10430 - Codezips Pet Shop Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10430 \nPublished : Oct. 27, 2024, 11:15 p.m. | 38\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in Codezips Pet Shop Management System 1.0. This issue affects some unknown processing of the file /animalsupdate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T01:06:16.000000Z"}, {"uuid": "0277533b-f8ab-494b-b04e-eeebefcee4dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1043", "type": "seen", "source": "https://t.me/ctinow/197624", "content": "https://ift.tt/XErPbsw\nCVE-2024-1043 | AMP for WP Plugin up to 1.0.93.1 on WordPress amppb_remove_saved_layout_data access control (ID 3030425)", "creation_timestamp": "2024-03-01T14:11:54.000000Z"}]}