{"vulnerability": "cve-2024-1239", "sightings": [{"uuid": "b8d8ab14-020a-4680-9095-405a25ae4f08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12393", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113625459353504569", "content": "", "creation_timestamp": "2024-12-09T23:28:36.860563Z"}, {"uuid": "d5f90565-1477-405d-9340-c3c854013638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113825391866727615", "content": "", "creation_timestamp": "2025-01-14T06:54:04.861134Z"}, {"uuid": "fcb05d93-638a-43ba-8dc2-ab307004fb23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfomasfcjn2z", "content": "", "creation_timestamp": "2025-01-14T06:20:10.760643Z"}, {"uuid": "ee98bb22-0506-4d4a-b6a5-b3b0d4186f7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12397", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113639063433232775", "content": "", "creation_timestamp": "2024-12-12T09:08:18.872735Z"}, {"uuid": "79236380-3774-425b-aded-d91f522912b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12395", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113667894771605837", "content": "", "creation_timestamp": "2024-12-17T11:20:30.238424Z"}, {"uuid": "1b542572-4a48-4adb-870f-ea7b3828a217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12394", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfckh75z7c22", "content": "", "creation_timestamp": "2025-01-09T11:16:00.253989Z"}, {"uuid": "cf8798ef-f44d-4f61-bac0-8a76a40a101e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-617e1e9a-420e913529f35003", "content": "", "creation_timestamp": "2025-01-14T09:40:31.532009Z"}, {"uuid": "08631ffe-1e80-4276-b725-7789e219addf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-12398", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lfoup7rlvs2z", "content": "", "creation_timestamp": "2025-01-14T08:51:24.557486Z"}, {"uuid": "f481cb11-ce39-4f80-bad6-e04ac0d7be97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lfprosiad22e", "content": "", "creation_timestamp": "2025-01-14T17:30:09.071610Z"}, {"uuid": "c7079397-07ce-4477-8feb-4247b5071b76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfoheay5zu2r", "content": "", "creation_timestamp": "2025-01-14T04:52:37.591915Z"}, {"uuid": "41c08419-2d3f-4b93-8bd7-caef01aac827", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/gothburz.bsky.social/post/3lfp3mxmz7i2b", "content": "", "creation_timestamp": "2025-01-14T10:55:24.273030Z"}, {"uuid": "aeb88127-5ecb-4a3b-8926-3a8b7b41f100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfo6lt7ovy2b", "content": "", "creation_timestamp": "2025-01-14T02:15:47.755954Z"}, {"uuid": "e797a0f3-0a6b-4235-895e-23cf6bf404e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113828366476462278", "content": "", "creation_timestamp": "2025-01-14T19:30:36.501195Z"}, {"uuid": "3782a296-a7db-436d-8c20-4d138e27060c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12394", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113798282266042322", "content": "", "creation_timestamp": "2025-01-09T11:59:45.340175Z"}, {"uuid": "b80459d5-5e4f-4642-8492-b3fb4f7effe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113824425156536007", "content": "", "creation_timestamp": "2025-01-14T02:48:14.297106Z"}, {"uuid": "de3d162b-8839-4501-97ad-091bc03d2c04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfpfwnm5as2r", "content": "", "creation_timestamp": "2025-01-14T13:59:47.846330Z"}, {"uuid": "6fb41fd3-58b0-4294-8a69-3a770746f5b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lfofmhqvik2l", "content": "", "creation_timestamp": "2025-01-14T04:21:28.105043Z"}, {"uuid": "976cc788-2ce8-41a5-b9f1-844a092afd55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfohebl7sk2u", "content": "", "creation_timestamp": "2025-01-14T04:52:39.324321Z"}, {"uuid": "53f98bfa-6d94-48a5-b752-96edf91358d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lfpuy563s224", "content": "", "creation_timestamp": "2025-01-14T18:29:04.018600Z"}, {"uuid": "dcbc9b8d-be81-414e-b38b-ba208637995b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12399", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-07", "content": "", "creation_timestamp": "2025-02-04T11:00:00.000000Z"}, {"uuid": "babfd841-d7c4-4067-850a-9a6247d73347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12399", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113843027311899255", "content": "", "creation_timestamp": "2025-01-17T09:39:00.468938Z"}, {"uuid": "5b4ce7c9-e65a-4e79-898a-e151fdc9eb41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12399", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfwksbgidw2r", "content": "", "creation_timestamp": "2025-01-17T10:15:26.841935Z"}, {"uuid": "10bea62a-8806-454d-be5c-b3fce7da3634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12399", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfwmoe5bv62w", "content": "", "creation_timestamp": "2025-01-17T10:49:02.925687Z"}, {"uuid": "10c296bb-a4f8-4334-85fe-0c3970d12f69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12399", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113843982218783924", "content": "", "creation_timestamp": "2025-01-17T13:41:51.701467Z"}, {"uuid": "e2042388-fc87-49ff-a8c0-bb6896ec62b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lgbvhkoohc2g", "content": "", "creation_timestamp": "2025-01-21T22:25:51.396564Z"}, {"uuid": "c1174d9a-a451-49fa-b406-09b720996e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lgbvixwdnk2g", "content": "", "creation_timestamp": "2025-01-21T22:26:22.963819Z"}, {"uuid": "fc872c47-a09e-49a0-82eb-374e312a3415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-8e663f79-45a3417748370530", "content": "", "creation_timestamp": "2025-04-22T06:11:45.959891Z"}, {"uuid": "0672adae-2f1b-423e-b881-e7e7680cff3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1451", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12398\n\ud83d\udd39 Description: An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and\u00a0WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.\n\ud83d\udccf Published: 2025-01-14T01:39:04.348Z\n\ud83d\udccf Modified: 2025-01-14T01:39:04.348Z\n\ud83d\udd17 References:\n1. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025", "creation_timestamp": "2025-01-14T02:08:29.000000Z"}, {"uuid": "4d21fc6f-6d92-4e96-a898-61a8e7088b47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12394", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/929", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12394\n\ud83d\udd39 Description: The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-09T11:11:04.460Z\n\ud83d\udccf Modified: 2025-01-09T11:11:04.460Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c90dadc9-0109-4ebd-8135-3efd26682ad9?source=cve\n2. https://wordpress.org/plugins/wp-action-network/#developers", "creation_timestamp": "2025-01-09T12:15:20.000000Z"}, {"uuid": "92bf123f-a813-4042-b2e1-b24641f1872d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12399", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2112", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12399\n\ud83d\udd39 Description: CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability\nexists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs\nman in the middle attack by intercepting the communication.\n\ud83d\udccf Published: 2025-01-17T09:37:35.734Z\n\ud83d\udccf Modified: 2025-01-17T09:37:35.734Z\n\ud83d\udd17 References:\n1. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-02.pdf", "creation_timestamp": "2025-01-17T09:56:18.000000Z"}, {"uuid": "e56bca5f-5f98-48b9-8b8b-c7bbbafc40b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12392", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8186", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12392\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL, including internal services, and read the response. This can be used to access data that are only accessible from the server, such as AWS metadata credentials, and can escalate local exploits to network-based attacks.\n\ud83d\udccf Published: 2025-03-20T10:11:36.215Z\n\ud83d\udccf Modified: 2025-03-20T10:11:36.215Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/858de346-698e-4a72-a9e9-3dbd6c60ac18", "creation_timestamp": "2025-03-20T10:19:26.000000Z"}, {"uuid": "b16ca01f-5aa2-4fc1-a1f8-773d71edef0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12397", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14537", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12397\n\ud83d\udd25 CVSS Score: 7.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with\ncertain value-delimiting characters in incoming requests. This issue could\nallow an attacker to construct a cookie value to exfiltrate HttpOnly cookie\nvalues or spoof arbitrary additional cookie values, leading to unauthorized\ndata access or modification. The main threat from this flaw impacts data\nconfidentiality and integrity.\n\ud83d\udccf Published: 2024-12-12T09:05:28.451Z\n\ud83d\udccf Modified: 2025-05-02T16:29:42.017Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:0900\n2. https://access.redhat.com/errata/RHSA-2025:1082\n3. https://access.redhat.com/errata/RHSA-2025:3018\n4. https://access.redhat.com/security/cve/CVE-2024-12397\n5. https://bugzilla.redhat.com/show_bug.cgi?id=2331298", "creation_timestamp": "2025-05-02T17:16:41.000000Z"}, {"uuid": "ee6b03e7-3145-4707-838b-9576fcaefbda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12398", "type": "seen", "source": "https://t.me/cvedetector/15228", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12398 - Zyxel WBE Web Management Interface Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12398 \nPublished : Jan. 14, 2025, 2:15 a.m. | 36\u00a0minutes ago \nDescription : An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and\u00a0WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T03:57:35.000000Z"}, {"uuid": "d12ed81b-38b4-432c-9760-f09c63b1bd6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12397", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8096", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12397\n\ud83d\udd25 CVSS Score: 7.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with\ncertain value-delimiting characters in incoming requests. This issue could\nallow an attacker to construct a cookie value to exfiltrate HttpOnly cookie\nvalues or spoof arbitrary additional cookie values, leading to unauthorized\ndata access or modification. The main threat from this flaw impacts data\nconfidentiality and integrity.\n\ud83d\udccf Published: 2024-12-12T09:05:28.451Z\n\ud83d\udccf Modified: 2025-03-19T16:56:57.173Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:0900\n2. https://access.redhat.com/errata/RHSA-2025:1082\n3. https://access.redhat.com/security/cve/CVE-2024-12397\n4. https://bugzilla.redhat.com/show_bug.cgi?id=2331298", "creation_timestamp": "2025-03-19T17:20:59.000000Z"}, {"uuid": "5d545d10-19e6-46ec-aaaf-41941174f814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12399", "type": "seen", "source": "https://t.me/cvedetector/15698", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12399 - \"Rockwell Automations HMI Untrusted Transmission Integrity Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12399 \nPublished : Jan. 17, 2025, 10:15 a.m. | 22\u00a0minutes ago \nDescription : CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability  \nexists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs  \nman in the middle attack by intercepting the communication. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T11:46:29.000000Z"}, {"uuid": "147f618c-84af-449f-bd4f-1a577c244960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12394", "type": "seen", "source": "https://t.me/cvedetector/14839", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12394 - Action Network (WordPress) CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-12394 \nPublished : Jan. 9, 2025, 11:15 a.m. | 22\u00a0minutes ago \nDescription : The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T12:44:51.000000Z"}, {"uuid": "693f1f70-b3c4-484d-8407-3f6361a69062", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12397", "type": "seen", "source": "https://t.me/cvedetector/12759", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12397 - Quarkus-HTTP Cookie Parsing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12397 \nPublished : Dec. 12, 2024, 9:15 a.m. | 43\u00a0minutes ago \nDescription : A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with  \ncertain value-delimiting characters in incoming requests. This issue could  \nallow an attacker to construct a cookie value to exfiltrate HttpOnly cookie  \nvalues or spoof arbitrary additional cookie values, leading to unauthorized  \ndata access or modification. The main threat from this flaw impacts data  \nconfidentiality and integrity. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T11:19:28.000000Z"}, {"uuid": "64a3977f-6820-4da7-9d08-3c3620cdc93b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1239", "type": "seen", "source": "https://t.me/ctinow/209325", "content": "https://ift.tt/clQt6CL\nCVE-2024-1239", "creation_timestamp": "2024-03-16T04:26:05.000000Z"}, {"uuid": "c22baf6a-f559-45b3-ba83-81bcdeb5e4ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1239", "type": "seen", "source": "https://t.me/ctinow/209322", "content": "https://ift.tt/clQt6CL\nCVE-2024-1239", "creation_timestamp": "2024-03-16T04:21:36.000000Z"}, {"uuid": "21c87449-1954-4c65-b61a-aa080eca6c15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12393", "type": "seen", "source": "https://t.me/cvedetector/12457", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12393 - Improper Neutralization of Input During Web Page G\", \n  \"Content\": \"CVE ID : CVE-2024-12393 \nPublished : Dec. 10, 2024, 12:15 a.m. | 19\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T01:34:58.000000Z"}, {"uuid": "b24f52ab-dbd8-4e10-bf44-f2700701aae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12395", "type": "seen", "source": "https://t.me/cvedetector/13084", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12395 - WooCommerce Additional Fees On Checkout Cross-Site Scripting Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-12395 \nPublished : Dec. 17, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018number\u2019 parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T14:15:59.000000Z"}]}