{"vulnerability": "cve-2024-1052", "sightings": [{"uuid": "3a0234b9-bf29-4cc7-b842-183af9e892f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-10524", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113510115411088128", "content": "", "creation_timestamp": "2024-11-19T14:35:08.414796Z"}, {"uuid": "4756c83a-a7e6-4f70-8a75-85dea9fe03ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10522", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518619368802098", "content": "", "creation_timestamp": "2024-11-21T02:37:48.734664Z"}, {"uuid": "070bce7c-90de-4de5-b0bc-ff1c6bf064b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10520", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113515070809674833", "content": "", "creation_timestamp": "2024-11-20T11:35:21.408187Z"}, {"uuid": "d89ad784-6d80-4e8d-80e0-376339af6b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10528", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113519338514864776", "content": "", "creation_timestamp": "2024-11-21T05:40:41.394070Z"}, {"uuid": "7b267231-3da8-43d4-a2a2-38d6dbcf1903", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10521", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113554607114489820", "content": "", "creation_timestamp": "2024-11-27T11:09:57.682255Z"}, {"uuid": "ec205a9a-86fd-4015-8673-981b08a16fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10527", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4venubgb2m", "content": "", "creation_timestamp": "2025-01-07T05:15:28.132523Z"}, {"uuid": "00471240-1386-4dd6-9a1d-410afcc62651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10524", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/114816361290443115", "content": "", "creation_timestamp": "2025-07-08T07:10:40.780447Z"}, {"uuid": "230ba112-06e8-45e4-8604-5356ec1e780b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10524", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:28.000000Z"}, {"uuid": "6aec87f3-ed21-4a53-8101-fb56d58107a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10527", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/451", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10527\n\ud83d\udd39 Description: The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information.\n\ud83d\udccf Published: 2025-01-07T04:21:55.254Z\n\ud83d\udccf Modified: 2025-01-07T16:26:18.914Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/112ece28-27ac-4d3c-b302-7acab43390fb?source=cve\n2. https://plugins.trac.wordpress.org/browser/spacer/tags/3.0.7/index.php#L85", "creation_timestamp": "2025-01-07T16:37:15.000000Z"}, {"uuid": "53b1f7c4-6c5f-4c35-991a-f2b930a0a3ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-10524", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "2bc37ddf-6ca5-4f3a-b91c-8d0440c75fb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10524", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8396", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10524\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.\n\ud83d\udccf Published: 2024-11-19T14:23:09.718Z\n\ud83d\udccf Modified: 2025-03-21T18:03:44.339Z\n\ud83d\udd17 References:\n1. https://seclists.org/oss-sec/2024/q4/107\n2. https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/\n3. https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778", "creation_timestamp": "2025-03-21T18:19:58.000000Z"}, {"uuid": "931a834c-8afd-4517-becf-06734907678a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10520", "type": "seen", "source": "https://t.me/cvedetector/11599", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10520 - \"WordPress WP Project Manager Unauthorized Data Modification\"\", \n  \"Content\": \"CVE ID : CVE-2024-10520 \nPublished : Nov. 20, 2024, 12:15 p.m. | 28\u00a0minutes ago \nDescription : The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. NOTE: Version 2.6.14 implemented a partial fix for this vulnerability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-20T13:44:39.000000Z"}, {"uuid": "3ed94636-aa1c-483f-be5e-b603c22b0a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10524", "type": "seen", "source": "https://t.me/cvedetector/11453", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10524 - Apache Wget Credentials Arp Spoofing\", \n  \"Content\": \"CVE ID : CVE-2024-10524 \nPublished : Nov. 19, 2024, 3:15 p.m. | 25\u00a0minutes ago \nDescription : Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T16:48:32.000000Z"}, {"uuid": "058f8af1-6b9d-41d2-97e5-5fdcf72d301e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10529", "type": "seen", "source": "https://t.me/cvedetector/10789", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10529 - Kognetiks Chatbot for WordPress Missing Capability Check CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-10529 \nPublished : Nov. 13, 2024, 3:15 a.m. | 41\u00a0minutes ago \nDescription : The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T04:57:48.000000Z"}, {"uuid": "d53ec118-990d-4f9c-a709-439362587c04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10523", "type": "seen", "source": "https://t.me/cvedetector/9723", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10523 - \"TP-Link IoT Smart Hub: Wi-Fi Credentials Information Disclosure\"\", \n  \"Content\": \"CVE ID : CVE-2024-10523 \nPublished : Nov. 4, 2024, 12:16 p.m. | 15\u00a0minutes ago \nDescription : This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T13:35:59.000000Z"}, {"uuid": "a5ef6f49-853d-4485-bcb3-b85d9d528df5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10520", "type": "seen", "source": "Telegram/9Qa2-ZuBTG9_997v_gahX7GgBaTpLdd8NSHg4UIRTJFODvAI", "content": "", "creation_timestamp": "2025-02-06T02:44:19.000000Z"}, {"uuid": "9f6ff15f-5cd6-4e16-bb1c-59dec6bde23e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10525", "type": "seen", "source": "https://t.me/cvedetector/9417", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10525 - Eclipse Mosquitto Out-of-Bounds Memory Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10525 \nPublished : Oct. 30, 2024, 12:15 p.m. | 36\u00a0minutes ago \nDescription : In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-30T14:11:34.000000Z"}, {"uuid": "0c51e2ca-5e74-40b5-8653-5b90d172abf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10526", "type": "seen", "source": "https://t.me/cvedetector/10083", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10526 - Rapid7 Velociraptor Privilege Escalation & Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10526 \nPublished : Nov. 7, 2024, 11:15 a.m. | 26\u00a0minutes ago \nDescription : Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely.\u00a0 This issue is fixed in version 0.73.3. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T12:45:21.000000Z"}, {"uuid": "e97e378f-288a-49e7-93e4-5e60ffc973b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1052", "type": "seen", "source": "https://t.me/ctinow/179545", "content": "https://ift.tt/7pvJ6VQ\nCVE-2024-1052", "creation_timestamp": "2024-02-05T22:21:30.000000Z"}]}