{"vulnerability": "cve-2024-1234", "sightings": [{"uuid": "5acc0e3c-43ab-4e8d-92c9-d72b954b6432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12348", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113620042594523349", "content": "", "creation_timestamp": "2024-12-09T00:31:03.719778Z"}, {"uuid": "4b656020-38aa-483e-afa6-960f5dc8542f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12343", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113616512565146996", "content": "", "creation_timestamp": "2024-12-08T09:33:20.092902Z"}, {"uuid": "6c7d6b30-dec4-48eb-aadb-bec6d2b14bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12349", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113620042610266633", "content": "", "creation_timestamp": "2024-12-09T00:31:04.281123Z"}, {"uuid": "69522bed-d19c-4bfa-b262-12dae210f90e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12344", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113619720536909057", "content": "", "creation_timestamp": "2024-12-08T23:09:09.854534Z"}, {"uuid": "91c4c32a-2275-4fe2-ac0c-9a21d13bb98d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12346", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113619819168185275", "content": "", "creation_timestamp": "2024-12-08T23:34:14.459560Z"}, {"uuid": "2ccb330b-12df-4cb7-9162-ee6d845f163a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12347", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113619819183044274", "content": "", "creation_timestamp": "2024-12-08T23:34:15.226513Z"}, {"uuid": "795172cc-2273-4e78-961e-aa6193f0b9a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12341", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637984688949211", "content": "", "creation_timestamp": "2024-12-12T04:33:58.816701Z"}, {"uuid": "e6d5f125-0b9f-4512-94ac-8098005c8c9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12340", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113673114767404104", "content": "", "creation_timestamp": "2024-12-18T09:28:00.916983Z"}, {"uuid": "90e113e7-11ea-49ce-af91-d47d908348d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://bsky.app/profile/barrymurrell.bsky.social/post/3leynxkqook2c", "content": "", "creation_timestamp": "2025-01-05T12:52:12.895757Z"}, {"uuid": "0974234c-d2e1-4d79-afaf-e8d372f8d55a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113899992485971241", "content": "", "creation_timestamp": "2025-01-27T11:06:00.055681Z"}, {"uuid": "28141cc4-dbfa-4ba3-ae18-ed727bd4145b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpstcow3g2t", "content": "", "creation_timestamp": "2025-01-27T11:15:45.199977Z"}, {"uuid": "b8bb9d26-25b3-4622-af78-a756e5b61717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgq73klgd52w", "content": "", "creation_timestamp": "2025-01-27T14:55:09.619467Z"}, {"uuid": "e772615a-6b29-4a8c-bf0c-5bde73e8e202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://gist.github.com/ndouglas-cloudsmith/44943d8a7c6ed78006cf65ec5bb79d27", "content": "", "creation_timestamp": "2025-06-10T14:19:59.000000Z"}, {"uuid": "8e4b6c87-3466-4a6e-a4c1-f5c26ea9e302", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m2qxtbturk2f", "content": "", "creation_timestamp": "2025-10-09T10:41:48.215687Z"}, {"uuid": "d098e843-e7f0-46b3-b46a-d869fccd9ad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12342", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ln4jem2w4m2u", "content": "", "creation_timestamp": "2025-04-18T21:02:14.204746Z"}, {"uuid": "ae677281-eb13-4c80-916c-2ad5f79dde88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12344", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ln4jem6ejy2t", "content": "", "creation_timestamp": "2025-04-18T21:02:14.845305Z"}, {"uuid": "5a7b0e47-a998-48a4-8ad2-3f4ea3ce953f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://gist.github.com/ndouglas-cloudsmith/686c24676d9281ea13827f50230bb60b", "content": "", "creation_timestamp": "2025-06-17T11:41:04.000000Z"}, {"uuid": "c6c7ccec-7916-4562-92d0-32b73ccab0e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/mytreya-rh/da4aef61a7ab8816fa11198f9b064846", "content": "", "creation_timestamp": "2025-11-13T12:36:23.000000Z"}, {"uuid": "8526fe66-7a1a-44e8-b658-8ba72db03172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/cd1zz/aa95fc8e06911decc6ab4a72f4c26c2f", "content": "", "creation_timestamp": "2025-09-11T14:10:40.000000Z"}, {"uuid": "b24284fd-36d3-48aa-8818-994fa8a15688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://gist.github.com/Darkcrai86/fa0739ddcf27cecc82d4966f4e19ff1f", "content": "", "creation_timestamp": "2025-09-11T14:49:57.000000Z"}, {"uuid": "e0b05d18-59e6-4ac0-97f9-cb0f6e28e706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/gal-dahan-wiz/a770c7ef4af0cfe9030251cd58d6bb23", "content": "", "creation_timestamp": "2026-03-06T12:29:52.000000Z"}, {"uuid": "a2fefa8d-9562-48a1-bca0-deebc6af98c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mgi4fbshkx2m", "content": "", "creation_timestamp": "2026-03-07T15:11:47.833425Z"}, {"uuid": "7bc416cb-ae0f-44f8-8b59-41594c537a76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://gist.github.com/mjervis-mo/a8bcddf5b94155ee1cdfc53b873a0408", "content": "", "creation_timestamp": "2025-09-09T09:41:23.000000Z"}, {"uuid": "1e8d2e6c-c379-43c2-ac62-f8f34dffd2f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/semo970921/b7900f5845408aca8633df26a5a0059b", "content": "", "creation_timestamp": "2026-02-06T06:51:25.000000Z"}, {"uuid": "06d3fd42-ef6a-4732-96a8-616daf99fc4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mfdedpwzf52x", "content": "", "creation_timestamp": "2026-02-21T00:25:33.830547Z"}, {"uuid": "cfe61d7a-0a0a-4586-8524-6f32afab1898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://gist.github.com/semo970921/b7900f5845408aca8633df26a5a0059b", "content": "", "creation_timestamp": "2026-02-06T06:51:25.000000Z"}, {"uuid": "f157f036-4f9f-4a6c-9635-7f1f8fe0636a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://gist.github.com/ayoubzulfiqar/5b320151951fbdba0fb72a578f7b57ef", "content": "", "creation_timestamp": "2026-02-12T09:05:29.000000Z"}, {"uuid": "8573a3b6-3690-440c-ad09-31f0f201adc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mggzy4feyt2d", "content": "", "creation_timestamp": "2026-03-07T04:55:57.851164Z"}, {"uuid": "79d48e79-edda-47ff-bef2-f9dea3f0de80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/gal-dahan-wiz/13c8354a0ad368d7f2c33206cf8c925d", "content": "", "creation_timestamp": "2026-02-26T14:47:40.000000Z"}, {"uuid": "0932a0a9-98e7-4369-9ee7-1a7038d2425e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/aurixai-solutions/313b026594574c70a22f8d72ef7c665b", "content": "", "creation_timestamp": "2026-02-21T06:48:02.000000Z"}, {"uuid": "cf4cc331-5846-4422-a446-68404d99302e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://gist.github.com/johnmillerATcodemag-com/6197fcf6c9000612e97935ad88d79021", "content": "", "creation_timestamp": "2025-12-30T16:44:44.000000Z"}, {"uuid": "51983c94-d93d-443c-a31e-c0092b361d72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mftp4jriqm2z", "content": "", "creation_timestamp": "2026-02-27T12:20:59.145215Z"}, {"uuid": "25407747-a01f-4ba2-b0ec-24353e581773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mhfjovwlsf2q", "content": "", "creation_timestamp": "2026-03-19T07:57:00.613569Z"}, {"uuid": "eda01484-bb45-43a5-add2-18b8b669b958", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://gist.github.com/alon710/c4a18bfb1b633de803c3c0a7eb9a1a7e", "content": "", "creation_timestamp": "2026-01-24T22:44:25.000000Z"}, {"uuid": "04f90a54-8b57-47ce-9a32-5142b32aa34c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12341", "type": "seen", "source": "https://t.me/cvedetector/12688", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12341 - WordPress Custom Skins Contact Form 7 Unauthenticated Data Tampering Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12341 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the content of any post and create new skins. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"12 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:22.000000Z"}, {"uuid": "092a1f8c-c71e-457e-a303-a09a119fbb74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/allan-gar2x/1de8a0db406b1b36cdc364fa96d2c93b", "content": "", "creation_timestamp": "2026-04-15T10:12:38.000000Z"}, {"uuid": "814aabd0-ed05-4ec6-a174-e4926acffa99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/allan-gar2x/9fba3a5260416b87679023ab2384d446", "content": "", "creation_timestamp": "2026-04-15T10:38:50.000000Z"}, {"uuid": "36dc0abc-9a34-4ca4-955e-96a4cbe43567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mjnfn3w3d72u", "content": "", "creation_timestamp": "2026-04-16T21:56:11.069550Z"}, {"uuid": "63e2f20a-702d-4e3a-b8f3-14a78479989f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-1234", "type": "seen", "source": "https://gist.github.com/harche/ac8e8399a9bf69091a38a5cf6e3bc56b", "content": "", "creation_timestamp": "2026-04-28T22:02:22.000000Z"}, {"uuid": "0c3c38c9-f0d8-4351-bcc2-88f616021cc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12345", "type": "seen", "source": "https://t.me/cvedetector/16451", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12345 - INW Krbyyyzo File Uploader DoS Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12345 \nPublished : Jan. 27, 2025, 11:15 a.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. It is possible to launch the attack on the local host. Other endpoints might be affected as well. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T14:19:26.000000Z"}, {"uuid": "0146e753-dfd1-4215-9eb7-65e6d0d7f3a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12349", "type": "seen", "source": "https://t.me/cvedetector/12338", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12349 - JFinalCMS Cross-Site Request Forgery Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12349 \nPublished : Dec. 9, 2024, 1:15 a.m. | 39\u00a0minutes ago \nDescription : A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T02:59:06.000000Z"}, {"uuid": "1dbb1dd1-3f1b-46c4-b08b-b8cd536a5edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12348", "type": "seen", "source": "https://t.me/cvedetector/12337", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12348 - A vulnerability was found in Guizhou Xiaoma Techno\", \n \"Content\": \"CVE ID : CVE-2024-12348 \nPublished : Dec. 9, 2024, 1:15 a.m. | 39\u00a0minutes ago \nDescription : A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files[] leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T02:59:05.000000Z"}, {"uuid": "da94c529-43ec-4346-ac91-08e338d3bee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12346", "type": "seen", "source": "https://t.me/cvedetector/12336", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12346 - Talentera Cross Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12346 \nPublished : Dec. 9, 2024, 12:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T02:09:02.000000Z"}, {"uuid": "0f72b4bf-9726-4726-bf71-db4f18c6344f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12347", "type": "seen", "source": "https://t.me/cvedetector/12335", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12347 - \"Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface Unauthorized Access Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-12347 \nPublished : Dec. 9, 2024, 12:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T02:08:58.000000Z"}, {"uuid": "a8c31263-a064-4bf2-ad5e-678532340b45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12344", "type": "seen", "source": "https://t.me/cvedetector/12334", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12344 - TP-Link FTP USER Command Handler Remote Memory Corruption Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12344 \nPublished : Dec. 8, 2024, 11:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T01:18:40.000000Z"}, {"uuid": "4d28adeb-3259-422a-a721-7a34d71353fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12343", "type": "seen", "source": "https://t.me/cvedetector/12332", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12343 - TP-Link SOAP Request Handler Buffer Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12343 \nPublished : Dec. 8, 2024, 10:15 a.m. | 35\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-08T11:56:11.000000Z"}, {"uuid": "74a17fcd-adb5-4d04-8a9f-199fefb34414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12342", "type": "seen", "source": "https://t.me/cvedetector/12331", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12342 - \"TP-Link WANIPConnection Denial of Service Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-12342 \nPublished : Dec. 8, 2024, 7:15 a.m. | 42\u00a0minutes ago \nDescription : A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-08T09:25:40.000000Z"}, {"uuid": "321f8296-1365-4a0c-ac17-e41842de6917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/SamChawla/c8bcbdda8b70e6e1a44bd777f5a4cfae", "content": " # I Taught SQL to Read My Security Tools \u2014 Here's What Happened\n\n ### A beginner-friendly story about CoralSentinel, a hackathon proof-of-concept that turns five different security tools into one giant spreadsheet you can ask questions.\n\n ---\n\n > **Before we start \u2014 what this is and isn't.** CoralSentinel is a *proof-of-concept* I built\n > for a one-week hackathon (Pirates of the Coral-bean, WeMakeDevs \u00d7 Coral). It went through\n > several rounds of writing a plan, building, testing, and throwing things away. It is **not** a\n > finished product, and I won't pretend it is. It's a demonstration of how far one person can\n > get on a genuinely hard problem when the right tool does the heavy lifting. That tool is\n > **Coral**, and this article is mostly a love letter to it.\n >\n > If you're new to security tooling or to SQL, don't worry \u2014 I'll explain every term as we go.\n\n ---\n\n ## The problem, told as a story\n\n Imagine you're on a team that builds an app. Like almost every app today, yours has some AI\n features, so it pulls in popular Python packages \u2014 little bundles of reusable code written by\n other people. Things like `requests` (for talking to the internet), `pillow` (for handling\n images), and `django` (a web framework).\n\n You didn't write those packages. You just `pip install`-ed them and moved on. **And that's\n where the danger hides.**\n\n Every so often, someone discovers a security hole in one of these packages. When that happens,\n it gets a public ID \u2014 a **CVE** (Common Vulnerabilities and Exposures), which is just a unique\n name for a known bug, like `CVE-2024-1234`. There's a free public database called **OSV** that\n lists all of these.\n\n Now the trouble starts. One morning your build breaks. Your **container registry** (the place\n that stores the packaged-up version of your app, ready to ship) refuses to accept your new\n build because it spotted a CVE. Or your **CI pipeline** (the automated system that tests and\n ships your code) turns red. Someone has to figure out, fast:\n\n > **\"Is this security hole actually hurting our running app right now \u2014 and is anyone already\n > fixing it?\"**\n\n That sounds like a five-minute question. In real life, it's 30 to 60 minutes of clicking\n between five different tools, each of which knows only its own little corner:\n\n - **OSV** \u2014 *What is this CVE? Which package versions are affected?*\n - **GitHub** \u2014 *Has anyone opened a pull request to fix it?* (A \"pull request,\" or PR, is a\n proposed code change.)\n - **Sentry** \u2014 *Is our live app actually throwing errors related to this?* (Sentry is a tool\n that catches and reports crashes in running apps.)\n - **Jira** \u2014 *Is there a ticket for this? Who owns it?* (Jira is where teams track tasks.)\n - **Grafana** \u2014 *Do our infrastructure dashboards show anything weird?*\n\n You become a human copy-paste machine, stitching five tools together in your head. There's\n even a word for this in the database world: you're doing a **JOIN** \u2014 manually matching up\n related information from different sources. Computers are *really* good at JOINs. Humans are\n slow and make mistakes.\n\n So I wondered: what if I could make the computer do the JOIN?\n\n ---\n\n ## The \"aha\": what if every tool were just a table?\n\n If you've ever used a spreadsheet, you already understand a **database table**: rows and\n columns. And **SQL** (Structured Query Language) is just the most common way to ask questions\n of tables. A SQL question \u2014 called a **query** \u2014 reads almost like English:\n\n ```sql\n SELECT name, severity\n FROM vulnerabilities\n WHERE severity = 'CRITICAL'\n ```\n\n That says: *\"Give me the name and severity from the vulnerabilities table, but only the\n critical ones.\"* That's it. That's SQL.\n\n The dream: what if OSV, GitHub, Sentry, Jira, and Grafana were all just **tables** I could\n query with SQL \u2014 even *join together* in a single question?\n\n Here's the catch, and why this is normally hard. Each of those five tools speaks its own\n language over the internet (an **API**, or Application Programming Interface \u2014 the doorway\n other programs use to talk to a service). Each API has:\n\n - its own way of proving who you are (**authentication**),\n - its own way of handing back results a page at a time (**pagination**),\n - its own limits on how often you're allowed to ask (**rate limits**).\n\n Normally, to talk to five APIs, you'd write five mini-programs, handle five logins, five\n paging systems, five sets of limits, and *then* write the code to match the data up. That's a\n solid week of plumbing before you answer a single question. For a one-person hackathon project,\n that's a non-starter.\n\n This is exactly the wall that stops most people. And this is where Coral comes in.\n\n ---\n\n ## Enter Coral: the universal translator\n\n **Coral** is a tool that turns external services into SQL tables. You connect a \"source\" (like\n GitHub or Sentry) once, and from then on you just write SQL. Coral handles the logins, the\n paging, and the rate limits *below deck* \u2014 you never see them.\n\n So those five separate tools? With Coral, they become five tables I can query and **JOIN** in\n one breath. The week of plumbing... evaporates.\n\n Connecting a source is genuinely a one-liner. Here's how CoralSentinel adds the OSV\n vulnerability database:\n\n ```bash\n coral source add --file ./sources/osv/osv.yaml\n ```\n\n And GitHub, Jira, Sentry, and Grafana are \"bundled\" \u2014 Coral already knows how to talk to them,\n so you just add them and provide your credentials.\n\n > **A small bounty side-quest.** OSV wasn't one of Coral's built-in sources, so I wrote a\n > \"source spec\" for it \u2014 a `osv.yaml` file that teaches Coral how to turn the OSV API into SQL\n > tables. That file is reusable by anyone, and it's my little contribution back to the\n > community. You don't need to understand its internals to follow this article; just know that\n > teaching Coral a *new* tool is a config file, not a codebase.\n\n ---\n\n ## The one query that replaces an hour of clicking\n\n Here's the heart of the whole project. This single SQL query asks all three of the most\n important questions at once \u2014 *Is there a known vulnerability? Is anyone tracking it in Jira?\n Is the live app throwing errors about it in Sentry?* \u2014 for the `pillow` image package:\n\n ```sql\n SELECT\n osv.id AS cve, -- the vulnerability's public ID\n osv.summary, -- a human description of it\n osv.severity, -- how bad it is\n j.key AS jira_ticket, -- the Jira ticket, if one exists\n j.status_name AS jira_status, -- e.g. \"In Progress\"\n CASE WHEN j.key IS NULL THEN 'UNTRACKED'\n ELSE COALESCE(j.status_name, 'Tracked') END AS tracking_status,\n COALESCE(se.count, 0) AS error_count, -- how many live errors\n se.level AS error_level\n FROM osv.search_vulnerabilities(\n package => 'pillow',\n ecosystem => 'PyPI'\n ) osv\n LEFT JOIN jira.issues j\n ON j.summary LIKE CONCAT('%', osv.id, '%')\n OR j.summary LIKE CONCAT('%', 'pillow', '%')\n LEFT JOIN sentry.issues se\n ON se.level IN ('fatal', 'error')\n AND CAST(se.last_seen AS TIMESTAMP) >= NOW() - INTERVAL '30' DAY\n AND se.title LIKE CONCAT('%', 'pillow', '%')\n ORDER BY osv.published DESC\n LIMIT 5;\n ```\n\n Don't be intimidated \u2014 let's read it in plain English, top to bottom:\n\n 1. **`SELECT ...`** \u2014 \"Here are the columns I want back.\" (The CVE, its summary, the Jira\n ticket, the error count, and so on.)\n 2. **`FROM osv.search_vulnerabilities(package => 'pillow', ...)`** \u2014 \"Start with all known\n vulnerabilities for the `pillow` package, from PyPI (Python's package store).\"\n 3. **`LEFT JOIN jira.issues ...`** \u2014 \"For each vulnerability, also try to find a matching Jira\n ticket.\"\n 4. **`LEFT JOIN sentry.issues ...`** \u2014 \"And also try to find matching live errors from the last\n 30 days in Sentry.\"\n\n That `LEFT JOIN` is doing the work a human would otherwise do by tabbing between browser\n windows. **Three tools, one question, a couple of seconds.**\n\n ### Two beginner-friendly tricks that make it actually work\n\n When I first tried this, it returned nothing. Here's why \u2014 and the two lessons that made it\n click. These are worth knowing even if you only ever write SQL casually:\n\n **1. Match *loosely*, not exactly.** A Jira ticket titled *\"Upgrade pillow to fix\n CVE-2024-1234\"* will never be *exactly equal* to the string `CVE-2024-1234`. If you demand an\n exact match, you get nothing. So instead of `=`, the query uses `LIKE` with `%` wildcards,\n which means \"contains this somewhere.\" `j.summary LIKE '%pillow%'` means \"any Jira ticket whose\n title contains the word pillow.\" Real-world data is messy; loose matching is how you cope.\n\n **2. Match on *time windows*, not exact timestamps.** A live error and a vulnerability won't\n happen at the exact same millisecond. So rather than demanding equal timestamps, the query\n asks for errors \"in the last 30 days\" (`NOW() - INTERVAL '30' DAY`). Time *ranges*, not exact\n moments.\n\n These two ideas \u2014 **loose text matching** and **time windows** \u2014 are the difference between a\n query that works in a tidy demo and one that works on real, messy data.\n\n ---\n\n ## The moment it all pays off\n\n So you run a scan across a handful of your AI-stack packages, and CoralSentinel sorts every\n vulnerability into one of three buckets. (The colored dots are exactly what the dashboard\n shows.)\n\n - \ud83d\udd34 **Untracked** \u2014 There are CVEs in `requests` and `pillow`, but **no Jira ticket exists for\n them**. Nobody on the team even knows. These slipped through the cracks. These are packages\n in nearly *every* AI app, by the way.\n - \ud83d\udd34 **Actively breaking** \u2014 Here's the one that gives me chills. The `pillow` vulnerability\n isn't just theoretical: it lines up with **12 \"fatal\" errors in Sentry in the same time\n window.** That's not a someday-problem on a backlog \u2014 that's *your image feature crashing for\n real users right now.* And you could **only** see that because OSV (the vulnerability) was\n joined to Sentry (the live crashes). Neither tool knows that on its own.\n - \ud83d\udfe2 **Already handled** \u2014 The `django` vulnerability already has a Jira ticket marked \"In\n Progress.\" Someone's on it. So the tool stays quiet about it \u2014 no nagging, no \"alert\n fatigue.\"\n\n That middle one \u2014 connecting *\"there's a known bug\"* to *\"and it's crashing the app right\n now\"* \u2014 is the insight that's basically impossible without cross-tool SQL. That's the whole\n pitch in one screenshot.\n\n ---\n\n ## From \"here's the problem\" to \"here's the fix\" \u2014 safely\n\n Spotting the problem is only half the job. CoralSentinel then acts like a careful assistant. I\n call the overall flow **DETECT \u2192 RECOMMEND \u2192 ACT**:\n\n | Step | What happens | In plain words |\n |---|---|---|\n | **DETECT** | Cross-source SQL reads all five tools | \"Here's what I found.\" |\n | **RECOMMEND** | The assistant suggests a to-do list | \"Here's what I'd do about it.\" |\n | **ACT** | It does the tasks \u2014 *only after you approve* | \"Want me to? Click yes.\" |\n\n For our example, the RECOMMEND step produces a tidy, ordered list like:\n\n 1. Open a Jira ticket for the untracked `requests` vulnerability.\n 2. Open a Jira ticket for the `pillow` one \u2014 **flagged urgent** (it's actively crashing things).\n 3. Draft a GitHub pull request to upgrade `pillow` from version 9.0.0 to 10.3.0.\n 4. Add a note (an \"annotation\") to the Grafana dashboard timeline.\n 5. Write up a short security report.\n\n ### The safety rule I'm most proud of\n\n Here's the part that matters if you're nervous about letting software touch your systems:\n\n > **Coral can only ever *read*. It physically cannot change anything.**\n\n Reading data and changing data are kept in completely separate parts of the program. Nothing\n gets written to Jira, GitHub, or Grafana until **a human clicks \"Approve.\"** No runaway robot\n making changes on its own. You stay in control; the tool just removes the busywork. The result:\n about 30 minutes of manual detective work collapses into roughly 30 seconds \u2014 without handing\n over the keys.\n\n ---\n\n ## \"Wait, where's the AI?\"\n\n Good \u2014 you noticed I've barely mentioned AI, even though this is an AI-security tool. That's on\n purpose. The clever part isn't the AI; it's the SQL. But there *is* a friendly AI layer on top,\n and it does two nice things:\n\n **1. It writes the SQL for you.** You can type a plain-English question like *\"Which packages\n have untracked critical CVEs?\"* and the AI (an **LLM**, or Large Language Model \u2014 the same kind\n of tech behind chatbots) turns it into a proper Coral SQL query, runs it, and explains the\n results. Importantly, **it then shows you the exact SQL it wrote.** No mystery, no black box \u2014\n you can read precisely what it asked the database.\n\n **2. You can bring your own AI.** I didn't lock the project to one AI company. It works with\n four interchangeable options, so you can use whatever you already have access to:\n\n | AI provider | How you'd use it |\n |---|---|\n | **Cursor** | Use your existing Cursor subscription via a small local helper \u2014 no extra key needed |\n | **EURI** | A simple API key |\n | **Grok** (from xAI) | A simple API key |\n | **Anthropic** (Claude) | A simple API key |\n\n You set one setting (`LLM_PROVIDER`), or just leave it on `auto` and it picks the first one\n you've configured. Under the hood it's one tidy function that all four plug into.\n\n And there's a guardrail baked into the AI's instructions: it's **only ever allowed to write\n read-only queries.** The code literally rejects any AI-generated query that tries to change\n data \u2014 it checks for forbidden words like `INSERT`, `UPDATE`, and `DELETE` and refuses to run\n them. Belt *and* suspenders.\n\n ---\n\n ## A few grown-up touches\n\n Because I wanted this to feel like a real tool and not a toy script, I added a couple of things\n beginners might find interesting:\n\n - **A login screen with organizations.** When you sign up, you create an \"organization\" (think:\n your team's workspace) and become its first member. Passwords are stored scrambled (a process\n called **hashing**, so even I can't read them), and you stay logged in via a secure browser\n cookie. All built with Python's standard toolkit \u2014 no heavy extra libraries.\n - **A memory for recent questions (caching).** If the tool just asked Coral something, it\n remembers the answer for a short while instead of pestering the five APIs again. So flipping\n between tabs feels instant. (In the code, this is a small dictionary that stores results with\n a timestamp \u2014 simple, but effective.)\n - **Two ways to use it.** There's a slick dark-themed web dashboard *and* a command-line version\n for terminal fans. Both run the exact same SQL underneath.\n\n Here's the command-line version, start to finish:\n\n ```bash\n # 1. DETECT \u2014 scan some packages for trouble\n coralsentinel scan --packages django,requests,pillow,celery\n\n # 2. RECOMMEND \u2014 see the suggested to-do list\n coralsentinel recommend --packages django,requests,pillow,celery\n\n # 3. ACT \u2014 approve everything (only now does anything get written)\n coralsentinel act --approve-all\n ```\n\n ---\n\n ## Try it yourself\n\n If you want to poke at it, here's the short version:\n\n ```bash\n git clone coral-sentinel\n cd coral-sentinel\n pip install -e .\n\n # Teach Coral about the OSV vulnerability database (it's a public API, no login needed)\n coral source add --file ./sources/osv/osv.yaml\n\n # Start the web dashboard\n uvicorn devsecops_coral.api:app --reload --port 8000\n cd frontend && npm install && npm run dev # then open http://localhost:5173\n ```\n\n > Repo: `` \u00b7 Live demo: ``\n\n ---\n\n ## What I actually learned\n\n If you take one thing from this article, let it be this:\n\n Teams building AI products don't really have a vulnerability **detection** problem anymore \u2014\n scanners and registries are good at shouting \"this package is risky!\" What they have is a\n **triage** problem: *out of all these warnings, which one is actually on fire right now, and\n who owns putting it out?*\n\n Answering that means connecting tools that were never designed to talk to each other. And the\n reason I \u2014 one person, in a hackathon week \u2014 could build a five-tool correlation engine, an\n approval-gated assistant, a login system, *and* support for four different AI providers, is\n **not** that I'm especially fast. It's that Coral deleted the part that's normally the hard\n part. Once your messy, far-flung tools all become tidy SQL tables, the work stops being\n *plumbing* and starts being the *interesting question*.\n\n That's the real lesson, and it's a beginner-friendly one: **the right tool doesn't just make\n hard work easier \u2014 it makes a different kind of work possible.** CoralSentinel is an 80%\n proof-of-concept of that idea. It's rough in places, it's unfinished on purpose, and I think\n it's all the more convincing for it.\n\n Thanks for reading. If you're just getting into security tooling or SQL, I hope this made the\n whole thing feel a little less mysterious. \ud83e\udeb8\n\n ---\n\n *Built for Pirates of the Coral-bean (WeMakeDevs \u00d7 Coral), Track 1 \u2014 Enterprise Agent.*\n\n \n", "creation_timestamp": "2026-05-30T07:39:07.000000Z"}, {"uuid": "7241b8b4-c894-4a7d-9405-608567533dd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://t.me/arpsyndicate/4213", "content": "#ExploitObserverAlert\n\nCVE-2024-1234\n\nDESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2024-1234. The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-03-15T04:06:12.000000Z"}, {"uuid": "232b3895-caaa-4ebb-9ace-1f9a4153717d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12340", "type": "seen", "source": "https://t.me/cvedetector/13179", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12340 - Elementor Animation Addons Sensitive Information Exposur\", \n \"Content\": \"CVE ID : CVE-2024-12340 \nPublished : Dec. 18, 2024, 10:15 a.m. | 42\u00a0minutes ago \nDescription : The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T12:01:14.000000Z"}, {"uuid": "8963e65a-7d5d-408a-ad01-b3fd7d0c9b09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12342", "type": "published-proof-of-concept", "source": "Telegram/WaBw3Jw0vb5AGJc9tIYoYKjH3e2RrXYOROLA0rL6tF_sE5E", "content": "", "creation_timestamp": "2025-04-30T05:00:10.000000Z"}, {"uuid": "a13d81e6-4694-449d-8691-2f37b065927b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12342", "type": "published-proof-of-concept", "source": "Telegram/oXbZUyDkh9HvYDCcVwESbtZAPUw4sF4JBZ0Dd5j_85BRE8U", "content": "", "creation_timestamp": "2025-04-30T05:00:07.000000Z"}, {"uuid": "70d3d0c4-5525-4767-a13a-1ba4466df3d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1234", "type": "seen", "source": "https://gist.github.com/yannhowe/bc79334e9ba4f17106e2a63e09047707", "content": "#!/usr/bin/env python3\n\"\"\"\nFalcon Container Image Assessment Report\nExports ALL image fields to CSV - bypasses the 10-column UI limit.\n\nFixes:\n - UI only shows 10 vulnerability columns \u2192 exports all 25+ fields\n - Can't filter by last scanned date \u2192 use --last-scanned-after / --before\n - Missing fields (container_id, registry, tag, image_id) \u2192 all included\n - Build labels included in output (note: FQL filter not supported by API)\n\nUsage:\n # All images, full CSV\n python3 falcon-image-assessment-report.py\n\n # Filter by registry (Azure Container Registry)\n python3 falcon-image-assessment-report.py --registry myregistry.azurecr.io\n\n # Images with critical vulnerabilities\n python3 falcon-image-assessment-report.py --severity critical\n\n # Scanned in last 7 days\n python3 falcon-image-assessment-report.py --last-scanned-after 2024-01-01\n\n # Images affected by a specific CVE\n python3 falcon-image-assessment-report.py --cve CVE-2024-1234\n\n # Only running containers\n python3 falcon-image-assessment-report.py --running-only\n\n # Expand to one row per CVE (for per-vulnerability filtering)\n python3 falcon-image-assessment-report.py --expand-vulns --severity critical\n\n # Save output\n python3 falcon-image-assessment-report.py --output /tmp/images.csv\n\"\"\"\n\nimport sys\nimport os\nimport json\nimport subprocess\nimport requests\nimport csv\nimport argparse\nfrom datetime import datetime, timezone, timedelta\nfrom typing import Optional\n\n\n# \u2500\u2500 Auth boilerplate \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef get_falcon_profile() -> str:\n profile = os.getenv('FALCON_PROFILE')\n if profile:\n return profile\n for path in ['.claude/memory/active-cid.txt',\n os.path.expanduser('~/.claude/projects/-Users-ykwan-Documents-code-knowledgebase/memory/active-cid.txt')]:\n try:\n with open(path) as f:\n for line in f:\n if line.startswith('profile='):\n return line.strip().split('=', 1)[1]\n except FileNotFoundError:\n continue\n return 'default'\n\n\ndef get_keychain_password(service: str, account: str, profile: Optional[str] = None) -> Optional[str]:\n if profile is None:\n profile = get_falcon_profile()\n try:\n result = subprocess.run(\n ['security', 'find-generic-password', '-s', service, '-a', profile, '-w'],\n capture_output=True, text=True, check=True)\n return result.stdout.strip()\n except subprocess.CalledProcessError:\n pass\n if profile == 'default':\n try:\n result = subprocess.run(\n ['security', 'find-generic-password', '-s', 'crowdstrike-falcon-api', '-a', account, '-w'],\n capture_output=True, text=True, check=True)\n return result.stdout.strip()\n except subprocess.CalledProcessError:\n pass\n return None\n\n\ndef get_oauth_token(base_url=\"https://api.crowdstrike.com\", profile=None):\n if profile is None:\n profile = get_falcon_profile()\n client_id = get_keychain_password(\"falcon-client-id\", \"client-id\", profile)\n client_secret = get_keychain_password(\"falcon-client-secret\", \"client-secret\", profile)\n if not client_id or not client_secret:\n print(f\"Credentials not found for profile: {profile}\")\n print(f\"Run: /cid add {profile}\")\n sys.exit(1)\n url = f\"{base_url}/oauth2/token\"\n data = {\"client_id\": client_id, \"client_secret\": client_secret}\n resp = requests.post(url, headers={\"Content-Type\": \"application/x-www-form-urlencoded\"}, data=data)\n if resp.status_code != 201:\n print(f\"Auth failed: {resp.status_code} {resp.text}\")\n sys.exit(1)\n return resp.json()[\"access_token\"]\n\n\n# \u2500\u2500 API helpers \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef fetch_images_page(token, fql_filter, offset, limit, expand_vulns, base_url):\n \"\"\"Single page from /container-security/combined/images/export/v1\"\"\"\n url = f\"{base_url}/container-security/combined/images/export/v1\"\n params = {\n \"limit\": limit,\n \"offset\": offset,\n \"expand_vulnerabilities\": \"true\" if expand_vulns else \"false\",\n \"expand_detections\": \"false\",\n \"sort\": \"last_seen.desc\",\n }\n if fql_filter:\n params[\"filter\"] = fql_filter\n headers = {\"Authorization\": f\"Bearer {token}\"}\n resp = requests.get(url, headers=headers, params=params)\n if resp.status_code != 200:\n print(f\" API error {resp.status_code}: {resp.text[:300]}\")\n return [], 0\n body = resp.json()\n resources = body.get(\"resources\") or []\n total = body.get(\"meta\", {}).get(\"pagination\", {}).get(\"total\", len(resources))\n return resources, total\n\n\ndef fetch_all_images(token, fql_filter, expand_vulns, base_url, page_size=500):\n \"\"\"Paginate through all matching images.\"\"\"\n all_images = []\n offset = 0\n total = None\n while True:\n batch, total = fetch_images_page(token, fql_filter, offset, page_size, expand_vulns, base_url)\n if not batch:\n break\n all_images.extend(batch)\n print(f\" Fetched {len(all_images)} / {total}\", end=\"\\r\")\n if len(all_images) >= total or len(batch) < page_size:\n break\n offset += page_size\n print()\n return all_images, total\n\n\n# \u2500\u2500 Flattening \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef safe_get(d, *keys, default=\"\"):\n \"\"\"Nested dict get with default.\"\"\"\n for k in keys:\n if not isinstance(d, dict):\n return default\n d = d.get(k, default)\n return d if d != \"\" or default == \"\" else default\n\n\ndef flatten_image_base(img):\n \"\"\"Extract all standard image fields into a flat dict.\"\"\"\n # Vulnerability counts - API may return nested or flat depending on endpoint\n vuln = img.get(\"vulnerabilities\") or {}\n if isinstance(vuln, list):\n # Expanded mode - list of CVE objects; summarise counts\n sev_counts = {\"critical\": 0, \"high\": 0, \"medium\": 0, \"low\": 0, \"negligible\": 0}\n for v in vuln:\n s = (v.get(\"severity\") or \"\").lower()\n if s in sev_counts:\n sev_counts[s] += 1\n vuln_summary = sev_counts\n vuln_list = vuln\n else:\n vuln_summary = vuln\n vuln_list = []\n\n detection = img.get(\"detections\") or {}\n\n # Build labels - present if API returns them; not FQL-filterable today\n labels = img.get(\"labels\") or img.get(\"build_labels\") or {}\n labels_str = \"; \".join(f\"{k}={v}\" for k, v in labels.items()) if isinstance(labels, dict) else str(labels)\n\n row = {\n # Identity\n \"image_id\": img.get(\"id\") or img.get(\"image_id\", \"\"),\n \"image_digest\": img.get(\"image_digest\", \"\"),\n \"registry\": img.get(\"registry\", \"\"),\n \"repository\": img.get(\"repository\", \"\"),\n \"tag\": img.get(\"tag\", \"\"),\n \"source\": img.get(\"source\", \"\"),\n # Properties\n \"arch\": img.get(\"arch\", \"\"),\n \"base_os\": img.get(\"base_os\", \"\"),\n \"multi_arch\": img.get(\"multi_arch\", \"\"),\n # Runtime\n \"container_id\": img.get(\"container_id\", \"\"),\n \"container_running_status\": img.get(\"container_running_status\", \"\"),\n # Timestamps\n \"first_seen\": img.get(\"first_seen\", \"\"),\n \"last_seen\": img.get(\"last_seen\", \"\"),\n # Scores\n \"cps_rating\": img.get(\"highest_cps_current_rating\", \"\"),\n # Vulnerabilities\n \"vuln_critical\": vuln_summary.get(\"critical\", 0),\n \"vuln_high\": vuln_summary.get(\"high\", 0),\n \"vuln_medium\": vuln_summary.get(\"medium\", 0),\n \"vuln_low\": vuln_summary.get(\"low\", 0),\n \"vuln_negligible\": vuln_summary.get(\"negligible\", 0),\n \"vuln_total\": img.get(\"vulnerability_count\", sum(vuln_summary.get(s, 0) for s in [\"critical\",\"high\",\"medium\",\"low\",\"negligible\"])),\n \"highest_vuln_severity\": img.get(\"highest_vulnerability_severity\", \"\"),\n # Detections\n \"detection_count\": img.get(\"detection_count\", safe_get(detection, \"total\")),\n \"highest_detection_severity\": img.get(\"highest_detection_severity\", \"\"),\n # Packages / layers\n \"package_count\": img.get(\"packages\", \"\"),\n \"layers_with_vulns\": img.get(\"layers_with_vulnerabilities\", \"\"),\n # Build metadata\n \"build_labels\": labels_str,\n }\n return row, vuln_list\n\n\ndef expand_vuln_rows(base_row, vuln_list):\n \"\"\"Return one row per CVE for expanded mode.\"\"\"\n if not vuln_list:\n return [base_row]\n rows = []\n for v in vuln_list:\n row = dict(base_row)\n row[\"cve_id\"] = v.get(\"cve_id\", \"\")\n row[\"cve_severity\"] = v.get(\"severity\", \"\")\n row[\"cvss_score\"] = v.get(\"cvss_score\", \"\")\n row[\"cve_description\"] = v.get(\"description\", \"\")\n row[\"fix_status\"] = v.get(\"fix_status\", \"\")\n row[\"remediation\"] = v.get(\"remediation\", \"\")\n row[\"exploited_status\"] = v.get(\"exploited_status\", \"\")\n row[\"package_name\"] = v.get(\"package_name\", \"\")\n row[\"package_version\"] = v.get(\"package_version\", \"\")\n row[\"package_path\"] = v.get(\"package_path\", \"\")\n rows.append(row)\n return rows\n\n\n# \u2500\u2500 FQL filter builder \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef build_fql(args):\n parts = []\n if args.registry:\n parts.append(f\"registry:'{args.registry}'\")\n if args.repository:\n parts.append(f\"repository:'{args.repository}'\")\n if args.tag:\n parts.append(f\"tag:'{args.tag}'\")\n if args.severity:\n parts.append(f\"vulnerability_severity:'{args.severity}'\")\n if args.cve:\n parts.append(f\"cve_id:'{args.cve}'\")\n if args.running_only:\n parts.append(\"container_running_status:true\")\n if args.last_scanned_after:\n ts = args.last_scanned_after\n if len(ts) == 10: # date only \u2192 add time\n ts += \"T00:00:00Z\"\n parts.append(f\"last_seen:>='{ts}'\")\n if args.last_scanned_before:\n ts = args.last_scanned_before\n if len(ts) == 10:\n ts += \"T23:59:59Z\"\n parts.append(f\"last_seen:<='{ts}'\")\n return \"+\".join(parts) if parts else None\n\n\n# \u2500\u2500 Main \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef main():\n parser = argparse.ArgumentParser(\n description=\"Export Falcon Container Image Assessment data to CSV with ALL fields.\")\n parser.add_argument(\"--profile\", help=\"CID profile (default: active profile)\")\n parser.add_argument(\"--registry\", help=\"Filter by registry (e.g. myregistry.azurecr.io)\")\n parser.add_argument(\"--repository\", help=\"Filter by repository name\")\n parser.add_argument(\"--tag\", help=\"Filter by image tag\")\n parser.add_argument(\"--severity\", choices=[\"critical\",\"high\",\"medium\",\"low\"],\n help=\"Filter by highest vulnerability severity\")\n parser.add_argument(\"--cve\", help=\"Filter images affected by a specific CVE\")\n parser.add_argument(\"--running-only\", action=\"store_true\",\n help=\"Only include currently running containers\")\n parser.add_argument(\"--last-scanned-after\", metavar=\"DATE\",\n help=\"Only images scanned after this date (YYYY-MM-DD or ISO8601)\")\n parser.add_argument(\"--last-scanned-before\", metavar=\"DATE\",\n help=\"Only images scanned before this date (YYYY-MM-DD or ISO8601)\")\n parser.add_argument(\"--expand-vulns\", action=\"store_true\",\n help=\"One row per CVE (instead of one row per image)\")\n parser.add_argument(\"--output\", \"-o\", default=\"-\",\n help=\"Output CSV file path (default: stdout)\")\n parser.add_argument(\"--limit\", type=int, default=5000,\n help=\"Max images to fetch (default: 5000)\")\n args = parser.parse_args()\n\n profile = args.profile or get_falcon_profile()\n region = get_keychain_password(\"falcon-cloud-region\", \"region\", profile) or \"us-1\"\n base_url = \"https://api.crowdstrike.com\" if region == \"us-1\" else f\"https://api.{region}.crowdstrike.com\"\n\n print(f\"=== Falcon Image Assessment Report ===\", file=sys.stderr)\n print(f\"Profile: {profile} Region: {region}\", file=sys.stderr)\n\n token = get_oauth_token(base_url, profile=profile)\n print(\"\u2713 Authenticated\", file=sys.stderr)\n\n fql = build_fql(args)\n if fql:\n print(f\"Filter: {fql}\", file=sys.stderr)\n\n print(\"Fetching images...\", file=sys.stderr)\n images, total = fetch_all_images(token, fql, args.expand_vulns, base_url,\n page_size=min(500, args.limit))\n if total and len(images) < total:\n print(f\"\u26a0 Fetched {len(images)} of {total} total (increase --limit to get all)\", file=sys.stderr)\n print(f\"\u2713 {len(images)} images retrieved\", file=sys.stderr)\n\n if not images:\n print(\"No images found matching filters.\", file=sys.stderr)\n sys.exit(0)\n\n # Build rows\n all_rows = []\n for img in images:\n base_row, vuln_list = flatten_image_base(img)\n if args.expand_vulns:\n all_rows.extend(expand_vuln_rows(base_row, vuln_list))\n else:\n all_rows.append(base_row)\n\n # Write CSV\n fieldnames = list(all_rows[0].keys())\n\n out = open(args.output, \"w\", newline=\"\") if args.output != \"-\" else sys.stdout\n writer = csv.DictWriter(out, fieldnames=fieldnames, extrasaction=\"ignore\")\n writer.writeheader()\n writer.writerows(all_rows)\n if args.output != \"-\":\n out.close()\n print(f\"\u2713 Written to {args.output} ({len(all_rows)} rows)\", file=sys.stderr)\n else:\n print(f\"\\n\u2713 {len(all_rows)} rows written\", file=sys.stderr)\n\n\nif __name__ == \"__main__\":\n main()\n\n\n#!/usr/bin/env python3\n\"\"\"\nFalcon Package Vulnerability Report - Exploded CVE Format\nOne row per (package \u00d7 CVE) combination. Fixes the \"combined fields\" CSV problem.\n\nFixes:\n - Package Vulnerabilities CSV combines all CVE IDs into one field \u2192 each CVE = own row\n - Can't filter by a specific CVE to see every affected package \u2192 use --cve\n - Missing image/container context per package \u2192 includes image list per package+CVE\n - CVE descriptions and remediations combined \u2192 each in its own column\n\nUsage:\n # All packages with vulnerabilities\n python3 falcon-package-cve-report.py\n\n # See every package affected by a specific CVE\n python3 falcon-package-cve-report.py --cve CVE-2024-1234\n\n # Critical and high only\n python3 falcon-package-cve-report.py --severity critical\n python3 falcon-package-cve-report.py --severity high\n\n # Fixable vulnerabilities only\n python3 falcon-package-cve-report.py --fix-available\n\n # Filter by registry (to scope to Azure Container Apps images)\n python3 falcon-package-cve-report.py --registry myregistry.azurecr.io\n\n # Save output\n python3 falcon-package-cve-report.py --cve CVE-2024-1234 --output /tmp/cve-impact.csv\n\"\"\"\n\nimport sys\nimport os\nimport json\nimport subprocess\nimport requests\nimport csv\nimport argparse\nfrom typing import Optional\n\n\n# \u2500\u2500 Auth boilerplate \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef get_falcon_profile() -> str:\n profile = os.getenv('FALCON_PROFILE')\n if profile:\n return profile\n for path in ['.claude/memory/active-cid.txt',\n os.path.expanduser('~/.claude/projects/-Users-ykwan-Documents-code-knowledgebase/memory/active-cid.txt')]:\n try:\n with open(path) as f:\n for line in f:\n if line.startswith('profile='):\n return line.strip().split('=', 1)[1]\n except FileNotFoundError:\n continue\n return 'default'\n\n\ndef get_keychain_password(service: str, account: str, profile: Optional[str] = None) -> Optional[str]:\n if profile is None:\n profile = get_falcon_profile()\n try:\n result = subprocess.run(\n ['security', 'find-generic-password', '-s', service, '-a', profile, '-w'],\n capture_output=True, text=True, check=True)\n return result.stdout.strip()\n except subprocess.CalledProcessError:\n pass\n if profile == 'default':\n try:\n result = subprocess.run(\n ['security', 'find-generic-password', '-s', 'crowdstrike-falcon-api', '-a', account, '-w'],\n capture_output=True, text=True, check=True)\n return result.stdout.strip()\n except subprocess.CalledProcessError:\n pass\n return None\n\n\ndef get_oauth_token(base_url=\"https://api.crowdstrike.com\", profile=None):\n if profile is None:\n profile = get_falcon_profile()\n client_id = get_keychain_password(\"falcon-client-id\", \"client-id\", profile)\n client_secret = get_keychain_password(\"falcon-client-secret\", \"client-secret\", profile)\n if not client_id or not client_secret:\n print(f\"Credentials not found for profile: {profile}\")\n print(f\"Run: /cid add {profile}\")\n sys.exit(1)\n url = f\"{base_url}/oauth2/token\"\n data = {\"client_id\": client_id, \"client_secret\": client_secret}\n resp = requests.post(url, headers={\"Content-Type\": \"application/x-www-form-urlencoded\"}, data=data)\n if resp.status_code != 201:\n print(f\"Auth failed: {resp.status_code} {resp.text}\")\n sys.exit(1)\n return resp.json()[\"access_token\"]\n\n\n# \u2500\u2500 API: Package export (with embedded CVEs) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef fetch_packages_page(token, fql_filter, offset, limit, base_url):\n \"\"\"GET /container-security/combined/packages-export/v1\"\"\"\n url = f\"{base_url}/container-security/combined/packages-export/v1\"\n params = {\"limit\": limit, \"offset\": offset}\n if fql_filter:\n params[\"filter\"] = fql_filter\n headers = {\"Authorization\": f\"Bearer {token}\"}\n resp = requests.get(url, headers=headers, params=params)\n if resp.status_code != 200:\n print(f\" API error {resp.status_code}: {resp.text[:400]}\", file=sys.stderr)\n return [], 0\n body = resp.json()\n resources = body.get(\"resources\") or []\n total = body.get(\"meta\", {}).get(\"pagination\", {}).get(\"total\", len(resources))\n return resources, total\n\n\ndef fetch_all_packages(token, fql_filter, base_url, page_size=500):\n all_pkgs = []\n offset = 0\n total = None\n while True:\n batch, total = fetch_packages_page(token, fql_filter, offset, page_size, base_url)\n if not batch:\n break\n all_pkgs.extend(batch)\n print(f\" Fetched {len(all_pkgs)} / {total}\", end=\"\\r\", file=sys.stderr)\n if len(all_pkgs) >= total or len(batch) < page_size:\n break\n offset += page_size\n print(file=sys.stderr)\n return all_pkgs, total\n\n\n# \u2500\u2500 API: CVE-specific vulnerability info (images + packages per CVE) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef fetch_vuln_info(token, cve_id, base_url, limit=500):\n \"\"\"\n GET /container-security/combined/vulnerabilities-info/v1\n Returns package + image data for a single CVE.\n Use this for --cve mode to get the most complete picture.\n \"\"\"\n url = f\"{base_url}/container-security/combined/vulnerabilities-info/v1\"\n all_results = []\n offset = 0\n while True:\n params = {\"cve_id\": cve_id, \"limit\": limit, \"offset\": offset}\n headers = {\"Authorization\": f\"Bearer {token}\"}\n resp = requests.get(url, headers=headers, params=params)\n if resp.status_code != 200:\n print(f\" vuln-info error {resp.status_code}: {resp.text[:300]}\", file=sys.stderr)\n break\n body = resp.json()\n batch = body.get(\"resources\") or []\n all_results.extend(batch)\n total = body.get(\"meta\", {}).get(\"pagination\", {}).get(\"total\", len(batch))\n if len(all_results) >= total or len(batch) < limit:\n break\n offset += limit\n return all_results\n\n\n# \u2500\u2500 Row builders \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef explode_package_to_rows(pkg):\n \"\"\"\n Convert one package record (with embedded vulnerabilities list) into\n N rows, one per CVE.\n \"\"\"\n # Package-level fields\n base = {\n \"package_name\": pkg.get(\"package_name\") or pkg.get(\"name\", \"\"),\n \"package_version\": pkg.get(\"package_version\") or pkg.get(\"version\", \"\"),\n \"package_type\": pkg.get(\"type\", \"\"),\n \"package_path\": pkg.get(\"package_path\") or pkg.get(\"path\", \"\"),\n \"license\": pkg.get(\"license\", \"\"),\n \"fix_status\": pkg.get(\"fix_status\", \"\"),\n \"running_images_count\": pkg.get(\"running_images_count\", \"\"),\n \"all_images_count\": pkg.get(\"images_count\", \"\"),\n # Image context - API may return a list of images for this package\n \"affected_registries\": \"; \".join(set(\n i.get(\"registry\", \"\") for i in (pkg.get(\"images\") or []) if i.get(\"registry\")\n )),\n \"affected_repositories\": \"; \".join(set(\n i.get(\"repository\", \"\") for i in (pkg.get(\"images\") or []) if i.get(\"repository\")\n )),\n \"affected_image_ids\": \"; \".join(\n i.get(\"image_id\") or i.get(\"id\", \"\") for i in (pkg.get(\"images\") or [])[:20]\n ),\n \"affected_image_tags\": \"; \".join(\n f\"{i.get('repository','')}:{i.get('tag','')}\" for i in (pkg.get(\"images\") or [])[:20]\n ),\n \"affected_container_ids\": \"; \".join(\n i.get(\"container_id\", \"\") for i in (pkg.get(\"images\") or []) if i.get(\"container_id\")\n ),\n }\n\n vulns = pkg.get(\"vulnerabilities\") or pkg.get(\"cve_ids\") or []\n\n if not vulns:\n # No CVE data embedded - return one row with empty CVE fields\n row = dict(base)\n row.update({\n \"cve_id\": \"\",\n \"severity\": \"\",\n \"cvss_score\": \"\",\n \"description\": \"\",\n \"remediation\": \"\",\n \"fix_available\": \"\",\n \"exploited_status\": \"\",\n \"is_zero_day\": \"\",\n \"published_date\": \"\",\n })\n return [row]\n\n rows = []\n for v in vulns:\n # vulns may be strings (CVE IDs) or dicts depending on endpoint\n if isinstance(v, str):\n row = dict(base)\n row.update({\n \"cve_id\": v,\n \"severity\": \"\",\n \"cvss_score\": \"\",\n \"description\": \"\",\n \"remediation\": \"\",\n \"fix_available\": \"\",\n \"exploited_status\": \"\",\n \"is_zero_day\": \"\",\n \"published_date\": \"\",\n })\n else:\n row = dict(base)\n row.update({\n \"cve_id\": v.get(\"cve_id\", \"\"),\n \"severity\": v.get(\"severity\", \"\"),\n \"cvss_score\": v.get(\"cvss_score\", \"\"),\n \"description\": v.get(\"description\", \"\"),\n \"remediation\": v.get(\"remediation\", \"\"),\n \"fix_available\": v.get(\"fix_status\", \"\") or base[\"fix_status\"],\n \"exploited_status\": v.get(\"exploited_status\", \"\"),\n \"is_zero_day\": v.get(\"is_zero_day\", \"\"),\n \"published_date\": v.get(\"published_date\", \"\"),\n })\n rows.append(row)\n return rows\n\n\ndef rows_from_vuln_info(cve_id, resources):\n \"\"\"\n Build rows from /vulnerabilities-info/v1 response.\n Each resource is a package with embedded image list.\n \"\"\"\n rows = []\n for r in resources:\n row = {\n \"cve_id\": cve_id,\n \"severity\": r.get(\"severity\", \"\"),\n \"cvss_score\": r.get(\"cvss_score\", \"\"),\n \"description\": r.get(\"description\", \"\"),\n \"remediation\": r.get(\"remediation\", \"\"),\n \"fix_available\": r.get(\"fix_status\", \"\"),\n \"exploited_status\": r.get(\"exploited_status\", \"\"),\n \"is_zero_day\": r.get(\"is_zero_day\", \"\"),\n \"published_date\": r.get(\"published_date\", \"\"),\n \"package_name\": r.get(\"package_name\", \"\"),\n \"package_version\": r.get(\"package_version\", \"\"),\n \"package_type\": r.get(\"package_type\") or r.get(\"type\", \"\"),\n \"package_path\": r.get(\"package_path\", \"\"),\n \"license\": r.get(\"license\", \"\"),\n \"running_images_count\": r.get(\"running_images_count\", \"\"),\n \"all_images_count\": r.get(\"images_count\", \"\"),\n # Affected images list\n \"affected_registries\": \"; \".join(set(\n i.get(\"registry\", \"\") for i in (r.get(\"images\") or []) if i.get(\"registry\")\n )),\n \"affected_repositories\": \"; \".join(set(\n i.get(\"repository\", \"\") for i in (r.get(\"images\") or []) if i.get(\"repository\")\n )),\n \"affected_image_tags\": \"; \".join(\n f\"{i.get('repository','')}:{i.get('tag','')}\" for i in (r.get(\"images\") or [])[:30]\n ),\n \"affected_image_ids\": \"; \".join(\n i.get(\"image_id\") or i.get(\"id\", \"\") for i in (r.get(\"images\") or [])[:30]\n ),\n \"affected_container_ids\": \"; \".join(\n i.get(\"container_id\", \"\") for i in (r.get(\"images\") or []) if i.get(\"container_id\")\n ),\n }\n rows.append(row)\n return rows\n\n\n# \u2500\u2500 FQL builder \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef build_fql(args):\n parts = []\n if args.severity:\n parts.append(f\"severity:'{args.severity}'\")\n if args.registry:\n # package API filters by image metadata\n parts.append(f\"registry:'{args.registry}'\")\n if args.cve:\n parts.append(f\"cveid:'{args.cve}'\")\n if args.fix_available:\n parts.append(\"fix_status:'TRUE'\")\n return \"+\".join(parts) if parts else None\n\n\n# \u2500\u2500 Main \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\ndef main():\n parser = argparse.ArgumentParser(\n description=\"Export package vulnerabilities as one row per CVE (fixes combined-fields CSV).\")\n parser.add_argument(\"--profile\", help=\"CID profile\")\n parser.add_argument(\"--cve\", help=\"Show all packages affected by this CVE (e.g. CVE-2024-1234)\")\n parser.add_argument(\"--severity\", choices=[\"critical\",\"high\",\"medium\",\"low\"],\n help=\"Filter by vulnerability severity\")\n parser.add_argument(\"--registry\", help=\"Filter by image registry\")\n parser.add_argument(\"--fix-available\", action=\"store_true\",\n help=\"Only include vulnerabilities with a fix available\")\n parser.add_argument(\"--output\", \"-o\", default=\"-\",\n help=\"Output CSV path (default: stdout)\")\n parser.add_argument(\"--limit\", type=int, default=5000,\n help=\"Max packages to fetch (default: 5000)\")\n args = parser.parse_args()\n\n profile = args.profile or get_falcon_profile()\n region = get_keychain_password(\"falcon-cloud-region\", \"region\", profile) or \"us-1\"\n base_url = \"https://api.crowdstrike.com\" if region == \"us-1\" else f\"https://api.{region}.crowdstrike.com\"\n\n print(\"=== Falcon Package CVE Report ===\", file=sys.stderr)\n print(f\"Profile: {profile} Region: {region}\", file=sys.stderr)\n\n token = get_oauth_token(base_url, profile=profile)\n print(\"\u2713 Authenticated\", file=sys.stderr)\n\n all_rows = []\n\n if args.cve:\n # CVE-first mode: use vulnerabilities-info endpoint for richest data\n print(f\"Fetching all packages affected by {args.cve}...\", file=sys.stderr)\n resources = fetch_vuln_info(token, args.cve, base_url)\n print(f\"\u2713 {len(resources)} package records found\", file=sys.stderr)\n all_rows = rows_from_vuln_info(args.cve, resources)\n else:\n # Package-first mode: dump all packages with exploded CVEs\n fql = build_fql(args)\n if fql:\n print(f\"Filter: {fql}\", file=sys.stderr)\n print(\"Fetching packages...\", file=sys.stderr)\n packages, total = fetch_all_packages(token, fql, base_url,\n page_size=min(500, args.limit))\n if total and len(packages) < total:\n print(f\"\u26a0 Fetched {len(packages)} of {total} total\", file=sys.stderr)\n print(f\"\u2713 {len(packages)} packages retrieved, exploding CVEs...\", file=sys.stderr)\n for pkg in packages:\n all_rows.extend(explode_package_to_rows(pkg))\n\n if not all_rows:\n print(\"No results found.\", file=sys.stderr)\n sys.exit(0)\n\n # Apply post-filter for severity (can't always push to FQL in package endpoint)\n if args.severity and not args.cve:\n before = len(all_rows)\n all_rows = [r for r in all_rows if r.get(\"severity\", \"\").lower() == args.severity]\n print(f\" Severity filter: {before} \u2192 {len(all_rows)} rows\", file=sys.stderr)\n\n if args.fix_available:\n before = len(all_rows)\n all_rows = [r for r in all_rows\n if str(r.get(\"fix_available\", \"\")).upper() in (\"TRUE\", \"YES\", \"1\")]\n print(f\" Fix-available filter: {before} \u2192 {len(all_rows)} rows\", file=sys.stderr)\n\n fieldnames = list(all_rows[0].keys())\n out = open(args.output, \"w\", newline=\"\") if args.output != \"-\" else sys.stdout\n writer = csv.DictWriter(out, fieldnames=fieldnames, extrasaction=\"ignore\")\n writer.writeheader()\n writer.writerows(all_rows)\n if args.output != \"-\":\n out.close()\n print(f\"\u2713 Written to {args.output} ({len(all_rows)} rows)\", file=sys.stderr)\n else:\n print(f\"\\n\u2713 {len(all_rows)} rows written\", file=sys.stderr)\n\n\nif __name__ == \"__main__\":\n main()\n", "creation_timestamp": "2026-05-11T14:19:10.000000Z"}]}