{"vulnerability": "cve-2024-5033", "sightings": [{"uuid": "c187777d-099a-43b0-aa06-c5a5f1962a97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50335", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113431836014035976", "content": "", "creation_timestamp": "2024-11-05T18:47:40.209574Z"}, {"uuid": "76263087-b9bc-476f-883e-c61b9c582e03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50333", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113431836000326931", "content": "", "creation_timestamp": "2024-11-05T18:47:40.263265Z"}, {"uuid": "523b0569-b89d-415f-a9b9-a89a8c1a48ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50332", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113431835985090910", "content": "", "creation_timestamp": "2024-11-05T18:47:40.313315Z"}, {"uuid": "f9770191-a608-43f7-9dbc-d0e6384dedb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50331", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470861610596963", "content": "", "creation_timestamp": "2024-11-12T16:12:22.533487Z"}, {"uuid": "28693b1a-f921-4f64-80c7-f43bec163c8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50330", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1510/", "content": "", "creation_timestamp": "2024-11-13T06:00:00.000000Z"}, {"uuid": "e048fb34-1c2d-4ae7-ab42-4abdf2da236a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-50330", "type": "seen", "source": "https://infosec.exchange/users/patchnow24x7/statuses/113479841836620242", "content": "", "creation_timestamp": "2024-11-14T06:16:10.565073Z"}, {"uuid": "e6455431-d0a8-41bb-acd6-4c7de253c0be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50336", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113635355747091624", "content": "", "creation_timestamp": "2024-12-11T17:25:42.087735Z"}, {"uuid": "89bef5bb-393a-4467-a771-74648818a587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50339", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635458929398685", "content": "", "creation_timestamp": "2024-12-11T17:51:38.252442Z"}, {"uuid": "3c7e5ab6-7e68-4c1f-85a6-c3420a6b8646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50338", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpxmfxuev2s", "content": "", "creation_timestamp": "2025-01-14T19:16:10.459058Z"}, {"uuid": "e86922ce-16df-4ebf-a739-60959f38632e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-503387", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0011", "content": "", "creation_timestamp": "2025-01-14T18:10:44.000000Z"}, {"uuid": "c408ba24-ecce-4e85-bc92-ca1022baa32e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50338", "type": "seen", "source": "https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review", "content": "", "creation_timestamp": "2025-01-14T17:29:48.000000Z"}, {"uuid": "631c5565-4e8c-4af3-9372-78cc0a424067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50338", "type": "seen", "source": "https://github.blog/open-source/git/git-security-vulnerabilities-announced-5/", "content": "", "creation_timestamp": "2025-01-14T17:04:36.000000Z"}, {"uuid": "11a29784-43c6-4362-aeab-f3d6e3e765b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50338", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lgsvanwiok2v", "content": "", "creation_timestamp": "2025-01-28T16:37:00.455284Z"}, {"uuid": "06b92353-1c1d-4151-a0e4-862ce8eb1b9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50334", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ltfoohkbqk2c", "content": "", "creation_timestamp": "2025-07-07T21:02:22.998370Z"}, {"uuid": "3177f52a-05a5-4fad-9340-3646b1016793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50338", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:03.000000Z"}, {"uuid": "fb013de8-5dff-49f0-9a2b-a44bd30011c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50334", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-50334.yaml", "content": "", "creation_timestamp": "2025-07-05T02:03:26.000000Z"}, {"uuid": "b395a6b5-c218-4339-8c0f-001359d8a4e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50334", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ludubgurn323", "content": "", "creation_timestamp": "2025-07-19T21:02:20.412332Z"}, {"uuid": "cce810e3-7169-4f78-b6d5-2fb4cbda849b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50338", "type": "seen", "source": "https://t.me/thehackernews/6235", "content": "\ud83d\udea8 Alert \u2014 GitHub Desktop & GitHub projects have critical vulnerabilities that can expose your credentials to attackers.\n\n\ud83d\udd11 CVE-2024-53263 \u2013 Git LFS leaks credentials via crafted URLs.\n\u26a1 CVE-2024-50338 \u2013 GitHub CLI sends tokens to attacker-controlled hosts.\n\nAttackers can use this to gain unauthorized access to your private repositories.\n\n\ud83d\udd17 Read full details: https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html", "creation_timestamp": "2025-01-27T15:21:54.000000Z"}, {"uuid": "ca184254-9f1e-4944-8657-ca3b86545984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-50330", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/66553903-f96d-485e-b1f9-0f25e2695b51", "content": "", "creation_timestamp": "2024-11-13T09:12:33.737749Z"}, {"uuid": "e2a20331-acdb-4e47-9ff3-186fc91ac30d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50338", "type": "seen", "source": "Telegram/2jkVbon0AKvDKm9vj_F7rnMeTxCzgQeChMbLUtudeUZLIg", "content": "", "creation_timestamp": "2025-01-28T11:57:13.000000Z"}, {"uuid": "3cd26c3b-9777-4217-b874-07f56152af24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50334", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-14)", "content": "", "creation_timestamp": "2026-02-14T00:00:00.000000Z"}, {"uuid": "39f4a8c8-be80-4c90-af8d-686cbe04b75b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50336", "type": "seen", "source": "https://t.me/cvedetector/10665", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50336 - Matrix-js-sdk Remote File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50336 \nPublished : Nov. 12, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:53:50.000000Z"}, {"uuid": "23531dd0-fbbe-466b-a912-ee0a3e21e29c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50331", "type": "seen", "source": "https://t.me/cvedetector/10643", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50331 - Ivanti Avalanche Out-of-Bounds Read Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-50331 \nPublished : Nov. 12, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:03:16.000000Z"}, {"uuid": "94afd067-b758-47cf-a22b-b5cd20ebbd27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50330", "type": "seen", "source": "https://t.me/cvedetector/10642", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50330 - Ivanti Endpoint Manager SQL Injection Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-50330 \nPublished : Nov. 12, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote unauthenticated attacker to achieve remote code execution. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:03:15.000000Z"}, {"uuid": "002ba925-939b-4905-9b32-5e9cff147928", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50334", "type": "seen", "source": "https://t.me/cvedetector/9337", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50334 - Scoold; Semicolon Path Injection and File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50334 \nPublished : Oct. 29, 2024, 3:15 p.m. | 43\u00a0minutes ago \nDescription : Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T17:17:22.000000Z"}, {"uuid": "ce586e88-531c-4c51-9038-d1d7f204ea6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50333", "type": "seen", "source": "https://t.me/cvedetector/9944", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50333 - SuiteCRM File Write OS CommandInjection\", \n  \"Content\": \"CVE ID : CVE-2024-50333 \nPublished : Nov. 5, 2024, 7:15 p.m. | 42\u00a0minutes ago \nDescription : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T21:25:48.000000Z"}, {"uuid": "0d71356b-b4ae-45b1-b374-714bd0ae3871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50332", "type": "seen", "source": "https://t.me/cvedetector/9943", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50332 - SuiteCRM Blind SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50332 \nPublished : Nov. 5, 2024, 7:15 p.m. | 42\u00a0minutes ago \nDescription : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T21:25:47.000000Z"}, {"uuid": "6c98fb58-3811-4d58-b6f8-8b5e62abf449", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50335", "type": "seen", "source": "https://t.me/cvedetector/9935", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50335 - SuiteCRM Reflected Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50335 \nPublished : Nov. 5, 2024, 7:15 p.m. | 42\u00a0minutes ago \nDescription : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The \"Publish Key\" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject malicious JavaScript code. This can be exploited to steal CSRF tokens and perform unauthorized actions, such as creating new administrative users without proper authentication. The vulnerability arises due to insufficient input validation and sanitization of the Publish Key field within the SuiteCRM application. When an attacker injects a malicious script, it gets executed within the context of an authenticated user's session. The injected script (o.js) then leverages the captured CSRF token to forge requests that create new administrative users, effectively compromising the integrity and security of the CRM instance. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T21:25:35.000000Z"}]}