{"vulnerability": "cve-2024-4335", "sightings": [{"uuid": "7fb5f459-a5ce-4207-924c-05fd8a0f3dbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43350", "type": "seen", "source": "https://t.me/cvedetector/3480", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43350 - Propovoice CRM Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-43350 \nPublished : Aug. 18, 2024, 10:15 p.m. | 34\u00a0minutes ago \nDescription : Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This issue affects Propovoice CRM: from n/a through 1.7.6.4. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-19T00:58:23.000000Z"}, {"uuid": "cc08f40f-1d7a-4ce7-990d-ff2b0b035c34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43354", "type": "seen", "source": "https://t.me/cvedetector/3554", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43354 - myCred Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43354 \nPublished : Aug. 19, 2024, 8:15 p.m. | 22\u00a0minutes ago \nDescription : Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue affects myCred: from n/a through 2.7.2. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-19T22:43:23.000000Z"}, {"uuid": "0ff301a5-b9c9-41fe-bca5-7d782c0ca7de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43359", "type": "seen", "source": "https://t.me/cvedetector/2902", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43359 - ZoneMinder Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43359 \nPublished : Aug. 12, 2024, 9:15 p.m. | 39\u00a0minutes ago \nDescription : ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61. \nSeverity: 0.0 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T00:22:00.000000Z"}, {"uuid": "a2b91001-b22b-4543-a724-e5f3e4bad12c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43351", "type": "seen", "source": "https://t.me/cvedetector/3446", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43351 - CryoutCreations Bravada Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2024-43351 \nPublished : Aug. 18, 2024, 2:15 p.m. | 18\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Bravada bravada allows Stored XSS.This issue affects Bravada: from n/a through 1.1.2. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-18T16:36:10.000000Z"}, {"uuid": "39e39e07-0101-4556-9dd6-2eee4c39f6ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43352", "type": "seen", "source": "https://t.me/cvedetector/3445", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43352 - Adobe GivingPress Lite Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43352 \nPublished : Aug. 18, 2024, 2:15 p.m. | 18\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Organic Themes GivingPress Lite allows Stored XSS.This issue affects GivingPress Lite: from n/a through 1.8.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-18T16:36:09.000000Z"}, {"uuid": "3aaeee68-4ccf-4925-8e14-f3665ea81c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43353", "type": "seen", "source": "https://t.me/cvedetector/3443", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43353 - myCred Stored Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-43353 \nPublished : Aug. 18, 2024, 1:15 p.m. | 26\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.7.2. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-18T15:46:01.000000Z"}, {"uuid": "25dc77f4-9115-4d4e-a3b8-2eb320aaabb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43356", "type": "seen", "source": "https://t.me/cvedetector/4206", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43356 - BobbingWide Oik CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-43356 \nPublished : Aug. 26, 2024, 9:15 p.m. | 31\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T23:50:52.000000Z"}, {"uuid": "0de41afb-8e55-4c5d-8848-23a5eb6a0824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43357", "type": "seen", "source": "https://t.me/cvedetector/3273", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43357 - JavaScript Async Generator Type Confusion Vulnerability in ECMAScript\", \n  \"Content\": \"CVE ID : CVE-2024-43357 \nPublished : Aug. 15, 2024, 7:15 p.m. | 25\u00a0minutes ago \nDescription : ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference.  \n  \nThe internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. Unfortunately, these IteratorResult objects inherit from `Object.prototype`, so these IteratorResult objects can be made then-able, triggering arbitrary behaviour, including re-entering the async generator machinery in a way that violates some internal invariants.  \n  \nThe ECMAScript specification is a living standard and the issue has been addressed at the time of this advisory's public disclosure. JavaScript engine implementors should refer to the latest specification and update their implementations to comply with the `AsyncGenerator` section.  \n  \n## References  \n  \n-   \n-   \n-   \n-   \n-   \n-  \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-15T21:49:31.000000Z"}, {"uuid": "5605ece7-797a-420d-b679-68bfdf6dcd3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43358", "type": "seen", "source": "https://t.me/cvedetector/2901", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43358 - ZoneMinder Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43358 \nPublished : Aug. 12, 2024, 9:15 p.m. | 39\u00a0minutes ago \nDescription : ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T00:21:59.000000Z"}]}