{"vulnerability": "cve-2024-5063", "sightings": [{"uuid": "e3ec3fa3-c4dd-4e8f-95ba-1bc73ac395c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50634", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113448443209203280", "content": "", "creation_timestamp": "2024-11-08T17:11:04.899467Z"}, {"uuid": "8359cffd-1755-4a3e-ac95-beaf5b8a2db7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50636", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113466768148978841", "content": "", "creation_timestamp": "2024-11-11T22:51:21.242588Z"}, {"uuid": "e25275a9-d9da-46c7-b03a-0ddb2bb2ab44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50633", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839189115908037", "content": "", "creation_timestamp": "2025-01-16T17:22:54.280295Z"}, {"uuid": "0bada9bd-df2f-4095-9571-b7d95b6d3c29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50633", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfuv6cfvxf2r", "content": "", "creation_timestamp": "2025-01-16T18:15:48.126021Z"}, {"uuid": "bc329558-4389-432e-97d6-92a95901f2e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50631", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-213/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "6490a076-1912-4f51-9026-5c3291115e6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50630", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-212/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "73c681a2-01e6-4593-9d87-4b7ed0026f6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50630", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8029", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50630\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.\n\ud83d\udccf Published: 2025-03-19T05:50:05.059Z\n\ud83d\udccf Modified: 2025-03-19T05:50:05.059Z\n\ud83d\udd17 References:\n1. https://www.synology.com/en-global/security/advisory/Synology_SA_24_21", "creation_timestamp": "2025-03-19T06:52:07.000000Z"}, {"uuid": "6032a6f8-14de-4801-938a-4d705cb6bf38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50631", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8028", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-50631\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors.\n\ud83d\udccf Published: 2025-03-19T05:50:08.565Z\n\ud83d\udccf Modified: 2025-03-19T05:50:08.565Z\n\ud83d\udd17 References:\n1. https://www.synology.com/en-global/security/advisory/Synology_SA_24_21", "creation_timestamp": "2025-03-19T06:52:07.000000Z"}, {"uuid": "4ffba929-da36-40b9-801b-f12fe8b818bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50631", "type": "seen", "source": "https://t.me/cvedetector/20622", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50631 - Synology Drive Server SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50631 \nPublished : March 19, 2025, 6:15 a.m. | 39\u00a0minutes ago \nDescription : Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T07:57:40.000000Z"}, {"uuid": "d5986508-bb70-4b70-a040-ac3b2f399e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50630", "type": "seen", "source": "https://t.me/cvedetector/20621", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50630 - Synology Drive Server Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-50630 \nPublished : March 19, 2025, 6:15 a.m. | 39\u00a0minutes ago \nDescription : Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T07:57:36.000000Z"}, {"uuid": "e5a34588-e687-48ac-8ae5-97e6ec389e7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50633", "type": "seen", "source": "https://t.me/cvedetector/15601", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50633 - Indico Broken Object Level Authorization (BOLA)\", \n  \"Content\": \"CVE ID : CVE-2024-50633 \nPublished : Jan. 16, 2025, 6:15 p.m. | 43\u00a0minutes ago \nDescription : A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-16T20:24:56.000000Z"}, {"uuid": "bd2b0e42-0af6-44e0-bea8-4f1d7a67b19f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50636", "type": "seen", "source": "https://t.me/cvedetector/10554", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50636 - PyMOL Command Execution through Malicious .PYM Files\", \n  \"Content\": \"CVE ID : CVE-2024-50636 \nPublished : Nov. 11, 2024, 11:15 p.m. | 37\u00a0minutes ago \nDescription : PyMOL 2.5.0 contains a vulnerability in its \"Run Script\" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T01:18:39.000000Z"}, {"uuid": "00a840d2-e3e4-4a35-bb3e-9b89a2a76383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50634", "type": "seen", "source": "https://t.me/cvedetector/10208", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50634 - \"Watcharr JWT Token Weakness\"\", \n  \"Content\": \"CVE ID : CVE-2024-50634 \nPublished : Nov. 8, 2024, 5:15 p.m. | 32\u00a0minutes ago \nDescription : A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T18:52:58.000000Z"}, {"uuid": "968bc55d-f5c8-44b8-8de8-5238d171f8d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50637", "type": "seen", "source": "https://t.me/cvedetector/10015", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50637 - UnoPim Cross-Site Scripting (XSS) Vulnerability in Create User Function\", \n  \"Content\": \"CVE ID : CVE-2024-50637 \nPublished : Nov. 6, 2024, 5:15 p.m. | 36\u00a0minutes ago \nDescription : UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. \u00b6\u00b6 The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T19:10:35.000000Z"}]}