{"vulnerability": "cve-2024-4560", "sightings": [{"uuid": "4d742316-6ab0-425f-821a-0304cacfd028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45609", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113488766565317248", "content": "", "creation_timestamp": "2024-11-15T20:05:50.693432Z"}, {"uuid": "16a54ffb-6c20-445c-9a13-c337df9c3961", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45600", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113721264829675461", "content": "", "creation_timestamp": "2024-12-26T21:33:12.549622Z"}, {"uuid": "adbc60cb-f83e-4a49-8502-33e1d7b608c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45600", "type": "seen", "source": "https://t.me/cvedetector/13701", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45600 - GLPI Fields SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45600 \nPublished : Dec. 26, 2024, 10:15 p.m. | 44\u00a0minutes ago \nDescription : Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T00:05:55.000000Z"}, {"uuid": "b21b791e-3285-491e-a5f3-57d219abbc3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45609", "type": "seen", "source": "https://t.me/cvedetector/11167", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45609 - GLPI Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45609 \nPublished : Nov. 15, 2024, 8:15 p.m. | 23\u00a0minutes ago \nDescription : GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages. Upgrade to 10.0.17. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T21:39:03.000000Z"}, {"uuid": "7cbffc26-cc8a-4b22-9be5-a058a745ff1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45608", "type": "seen", "source": "https://t.me/cvedetector/11152", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45608 - \"GLPI SQL Injection\"\", \n  \"Content\": \"CVE ID : CVE-2024-45608 \nPublished : Nov. 15, 2024, 7:15 p.m. | 33\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T20:48:38.000000Z"}, {"uuid": "f9b9f33b-498a-43a1-867a-1ebfbbf84610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45607", "type": "seen", "source": "https://t.me/cvedetector/5523", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45607 - WhatsApp-API-js Incorrect Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45607 \nPublished : Sept. 12, 2024, 8:15 p.m. | 24\u00a0minutes ago \nDescription : whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-12T22:43:47.000000Z"}, {"uuid": "c33f9e8c-d7e0-4f83-a541-6a7dbc4d188d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45606", "type": "seen", "source": "https://t.me/cvedetector/5849", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45606 - Sentry Authorized Access Mute Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45606 \nPublished : Sept. 17, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project.  In our review, we have identified no instances where alerts have been muted by unauthorized parties.  A patch was issued to ensure authorization checks are properly scoped on requests to mute alert rules. Authenticated users who do not have the necessary permissions are no longer able to mute alerts.  Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version **24.9.0** or higher. The rule mute feature was generally available as of 23.6.0 but users with early access may have had the feature as of 23.4.0. Affected users are advised to upgrade to version 24.9.0. There are no known workarounds for this vulnerability. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T23:08:34.000000Z"}, {"uuid": "b1587999-0ce5-4968-b1ff-3be5133e4acb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45605", "type": "seen", "source": "https://t.me/cvedetector/5848", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45605 - \"Sentry Unauthenticated Alert Notification Deletion Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-45605 \nPublished : Sept. 17, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T23:08:33.000000Z"}, {"uuid": "1173dbae-e46a-4d2d-9621-34b85a5ac99e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45604", "type": "seen", "source": "https://t.me/cvedetector/5852", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45604 - Contao File Path Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45604 \nPublished : Sept. 17, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T23:08:39.000000Z"}, {"uuid": "d2c105e5-d2d5-45f2-adf9-5284a0ff9fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45601", "type": "seen", "source": "https://t.me/cvedetector/6010", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45601 - \"Mesop Unauthorized File Access Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-45601 \nPublished : Sept. 18, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files not intended to be served. Users are strongly advised to update to the latest version of Mesop immediately. The latest version includes a fix for this vulnerability. At time of publication 0.12.4 is the most recently available version of Mesop. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T20:56:02.000000Z"}]}