{"vulnerability": "cve-2024-4783", "sightings": [{"uuid": "ab0a91a1-5207-4453-9b43-48496e7bf1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47834", "type": "seen", "source": "https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/", "content": "", "creation_timestamp": "2024-12-17T12:51:51.000000Z"}, {"uuid": "0cd6bec2-6428-4b70-a9be-4328beb85426", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47835", "type": "seen", "source": "https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/", "content": "", "creation_timestamp": "2024-12-17T12:51:51.000000Z"}, {"uuid": "67322b61-0228-4856-a113-0721453e7bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47831", "type": "seen", "source": "https://t.me/cvedetector/7846", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47831 - Next.js Excessive CPU Consumption DoS\", \n  \"Content\": \"CVE ID : CVE-2024-47831 \nPublished : Oct. 14, 2024, 6:15 p.m. | 30\u00a0minutes ago \nDescription : Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-14T20:51:43.000000Z"}, {"uuid": "a50df78c-64ff-4db7-8b0a-ba1342f9d91e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47830", "type": "seen", "source": "https://t.me/cvedetector/7685", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47830 - Plane Open-Source Project Management Server Side Request Forgery (SSRF)\", \n  \"Content\": \"CVE ID : CVE-2024-47830 \nPublished : Oct. 11, 2024, 3:15 p.m. | 31\u00a0minutes ago \nDescription : Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T17:51:36.000000Z"}, {"uuid": "2ebaa201-5479-402c-8ec6-f25adf54b931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47833", "type": "seen", "source": "https://t.me/cvedetector/7523", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47833 - Taipy Cookie Insecure Session Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47833 \nPublished : Oct. 9, 2024, 7:15 p.m. | 35\u00a0minutes ago \nDescription : Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T22:21:01.000000Z"}, {"uuid": "8927bfec-09a0-46e1-9f8f-caf93c3ce04a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47832", "type": "seen", "source": "https://t.me/cvedetector/7522", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47832 - \"SSOReady XML Signature Bypass\"\", \n  \"Content\": \"CVE ID : CVE-2024-47832 \nPublished : Oct. 9, 2024, 7:15 p.m. | 35\u00a0minutes ago \nDescription : ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of , the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T22:21:00.000000Z"}, {"uuid": "bff51b33-1863-423c-a0fd-32e1f22e5da9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47836", "type": "seen", "source": "https://t.me/cvedetector/8121", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47836 - Admidio Deserialization Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47836 \nPublished : Oct. 16, 2024, 8:15 p.m. | 35\u00a0minutes ago \nDescription : Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T23:05:05.000000Z"}, {"uuid": "8e3848e7-375d-46f3-bb44-93fda826611b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47833", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-r3jq-4r5c-j9hp", "content": "", "creation_timestamp": "2024-08-27T19:50:59.000000Z"}, {"uuid": "4e3bbfeb-4f8a-459e-a5ce-99547a97b8d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47836", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-7c4c-749j-pfp2", "content": "", "creation_timestamp": "2024-10-16T19:50:40.000000Z"}, {"uuid": "b2b65a28-90b2-46e2-9fdc-b987bede078e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47830", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpdeczu3dw24", "content": "\ud83d\udccc CVE-2024-47830 - Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js.... https://www.cyberhub.blog/cves/CVE-2024-47830", "creation_timestamp": "2026-06-28T06:37:06.189404Z"}, {"uuid": "8a968198-36a0-4972-99b3-dcf7b9c8ed1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47832", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpdfyolqpx2x", "content": "\ud83d\udccc CVE-2024-47832 - ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry ... https://www.cyberhub.blog/cves/CVE-2024-47832", "creation_timestamp": "2026-06-28T07:07:06.807537Z"}]}