{"vulnerability": "cve-2024-4379", "sightings": [{"uuid": "4fce84cb-9292-4fe5-8aae-1edbe6f462fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43792", "type": "seen", "source": "https://t.me/cvedetector/4653", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43792 - \"Halo Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-43792 \nPublished : Sept. 2, 2024, 6:15 p.m. | 42\u00a0minutes ago \nDescription : Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. Users are advised to upgrade to version 2.17.0+. There are no known workarounds for this vulnerability. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-02T21:24:27.000000Z"}, {"uuid": "e57437d8-edad-40ec-891b-cbae16bab6d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43796", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3ls26axz56c2q", "content": "", "creation_timestamp": "2025-06-20T13:44:02.964777Z"}, {"uuid": "737ab396-17d3-42e9-9d65-d835df3e36d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-43796", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "798cd6a2-77b8-4ac2-87b5-05656be9e256", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43795", "type": "seen", "source": "https://t.me/cvedetector/6881", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43795 - OpenC3 COSMOS Reflected Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-43795 \nPublished : Oct. 2, 2024, 8:15 p.m. | 43\u00a0minutes ago \nDescription : OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T23:03:34.000000Z"}, {"uuid": "7917b1e6-2335-401a-85a0-78a4090959de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43793", "type": "seen", "source": "https://t.me/cvedetector/5365", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43793 - Apache Halo CSS (Cross-Site Scripting)\", \n  \"Content\": \"CVE ID : CVE-2024-43793 \nPublished : Sept. 11, 2024, 3:15 p.m. | 27\u00a0minutes ago \nDescription : Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. This vulnerability is fixed in 2.19.0. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T17:51:10.000000Z"}, {"uuid": "e84ea030-4e9b-4934-aed2-867f72d4abc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43797", "type": "seen", "source": "https://t.me/cvedetector/4652", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43797 - \"Audiobookshelf Path Traversal Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-43797 \nPublished : Sept. 2, 2024, 6:15 p.m. | 42\u00a0minutes ago \nDescription : audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Role-Based Access Control (RBAC). This issue has been addressed in release version 2.13.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-02T21:24:26.000000Z"}, {"uuid": "84f3fdbe-d575-4e0a-aee2-835136a095bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43796", "type": "seen", "source": "https://t.me/cvedetector/5243", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43796 - Express.js Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-43796 \nPublished : Sept. 10, 2024, 3:15 p.m. | 45\u00a0minutes ago \nDescription : Express.js minimalist web framework for node. In express Severity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T18:25:13.000000Z"}, {"uuid": "6b9d3c59-46a5-4143-a9af-38fcbbffc6f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43799", "type": "seen", "source": "https://t.me/cvedetector/5242", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43799 - Send RCE Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43799 \nPublished : Sept. 10, 2024, 3:15 p.m. | 45\u00a0minutes ago \nDescription : Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T18:25:09.000000Z"}, {"uuid": "cd06ff40-d68a-4214-9baa-d58d604bf4b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43791", "type": "seen", "source": "https://t.me/cvedetector/3996", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43791 - Rack RequestStore World-Writable File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43791 \nPublished : Aug. 23, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-23T17:58:05.000000Z"}, {"uuid": "fefb7dfe-9bf5-4514-a6be-b64c9db9829b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43794", "type": "seen", "source": "https://t.me/cvedetector/4017", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43794 - OpenSearch-Dashboards Redirect Vulnerability (Traversal of Entity Bounds)\", \n  \"Content\": \"CVE ID : CVE-2024-43794 \nPublished : Aug. 23, 2024, 5:15 p.m. | 19\u00a0minutes ago \nDescription : OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-23T19:38:37.000000Z"}, {"uuid": "9b6a67fd-6287-48e9-83a0-402af0cb05ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43790", "type": "seen", "source": "https://t.me/cvedetector/3966", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43790 - Vim Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-43790 \nPublished : Aug. 22, 2024, 10:15 p.m. | 42\u00a0minutes ago \nDescription : Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689. \nSeverity: 4.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-23T01:14:35.000000Z"}, {"uuid": "ffcdf294-7114-45ce-885e-98a8e06fa1af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43798", "type": "seen", "source": "https://t.me/cvedetector/4225", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43798 - Chisel SSH Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-43798 \nPublished : Aug. 26, 2024, 11:15 p.m. | 46\u00a0minutes ago \nDescription : Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented `AUTH` environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is using the `AUTH` environment variable to specify credentials to authenticate against is affected by this vulnerability. Chisel is often used to provide an entrypoint to a private network, which means services that are gated by Chisel may be affected. Additionally, Chisel is often used for exposing services to the internet. An attacker could MITM requests by connecting to a Chisel server and requesting to forward traffic from a remote port. This issue has been addressed in release version 1.10.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-27T02:21:34.000000Z"}, {"uuid": "0f809371-acec-4d25-8562-40c22ef53dd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-43798", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-38jh-8h67-m7mj", "content": "", "creation_timestamp": "2024-08-27T18:40:29.000000Z"}]}