{"vulnerability": "cve-2024-5637", "sightings": [{"uuid": "ccece3e4-edec-4bc9-ad19-3d21c5a2ff6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56375", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113698840182852474", "content": "", "creation_timestamp": "2024-12-22T22:30:19.593642Z"}, {"uuid": "e069458f-4b85-43e5-8c55-b4d8c52bbfe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56375", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldwkb3mx2g22", "content": "", "creation_timestamp": "2024-12-22T23:15:27.300767Z"}, {"uuid": "4d848598-a784-4121-9549-aa0cc912a805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56378", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113699094003731520", "content": "", "creation_timestamp": "2024-12-22T23:34:53.087325Z"}, {"uuid": "45f0ffcd-dc37-4767-b501-b245a866833d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56378", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldwnn4tv2f2k", "content": "", "creation_timestamp": "2024-12-23T00:15:52.485473Z"}, {"uuid": "e4d52555-50d7-4266-b5a0-4ae52b4cf907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56376", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113800867405477443", "content": "", "creation_timestamp": "2025-01-09T22:57:11.414311Z"}, {"uuid": "b0e05c27-1c21-43f6-85ed-bfb430a84155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56377", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113800867419845166", "content": "", "creation_timestamp": "2025-01-09T22:57:11.658869Z"}, {"uuid": "c046cdd6-9558-4529-a1ed-e4aff0a4bacb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56376", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdsno3qi52m", "content": "", "creation_timestamp": "2025-01-09T23:15:27.513089Z"}, {"uuid": "ebcc0b98-0328-4510-a0b2-ca5ab2778474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56377", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdsnrdemy2i", "content": "", "creation_timestamp": "2025-01-09T23:15:30.806594Z"}, {"uuid": "ad8ff91e-e48f-4167-9297-3b7318044ff9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56374", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpxmnrcwq2b", "content": "", "creation_timestamp": "2025-01-14T19:16:18.587844Z"}, {"uuid": "7a67503a-3d24-447a-8e8b-5b531d4ebac2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56376", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfduartxbf2g", "content": "", "creation_timestamp": "2025-01-09T23:44:02.291738Z"}, {"uuid": "5cfccb22-ca1e-49e7-b827-34a07c47ec23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56377", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfduasb6232y", "content": "", "creation_timestamp": "2025-01-09T23:44:03.093003Z"}, {"uuid": "1bcac266-5aa7-4059-8592-2f90c6a053bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56374", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfpzwlnrdi2u", "content": "", "creation_timestamp": "2025-01-14T19:57:40.941950Z"}, {"uuid": "fda90941-a13f-4ca3-95aa-5a4effab564e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56372", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhs63ifyk2m", "content": "", "creation_timestamp": "2025-01-11T13:17:23.224015Z"}, {"uuid": "9b40c36a-151c-466d-9252-752027e01e07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56374", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfplsm3dgw23", "content": "", "creation_timestamp": "2025-01-14T15:44:53.886995Z"}, {"uuid": "10b8ec43-b7bd-42ba-b664-a5fb6693d040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56374", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lq5s4zeyz52b", "content": "", "creation_timestamp": "2025-05-27T13:27:18.189323Z"}, {"uuid": "abd07f4b-fcfc-4bad-b6a8-3dee1bd32523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56374", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lhjox6nld52r", "content": "", "creation_timestamp": "2025-02-06T18:15:33.042050Z"}, {"uuid": "0a39f197-5338-4a27-9670-beb12324d2df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56370", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm3tkypas52o", "content": "", "creation_timestamp": "2025-04-05T21:06:54.790845Z"}, {"uuid": "e7bd3a9f-0f4a-4e34-8d5d-b9150394673c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56373", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mfktouha2k23", "content": "", "creation_timestamp": "2026-02-23T23:48:51.740516Z"}, {"uuid": "6432a112-431c-4d6b-b147-04c9b17f3694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56373", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mfmb6uskgg2v", "content": "", "creation_timestamp": "2026-02-24T13:23:07.180863Z"}, {"uuid": "b5bc4201-df95-4971-acd5-220d9ac84344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56377", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1112", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56377\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload (which has been injected into all survey fields) is executed, potentially enabling the execution of arbitrary web scripts.\n\ud83d\udccf Published: 2025-01-09T00:00:00\n\ud83d\udccf Modified: 2025-01-09T23:02:37.249Z\n\ud83d\udd17 References:\n1. https://www.evms.edu/research/resources_services/redcap/redcap_change_log/\n2. https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE-2024-56377/README.md", "creation_timestamp": "2025-01-09T23:14:53.000000Z"}, {"uuid": "334d3e04-090a-4ff0-87da-07047b19b74e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56376", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1111", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56376\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.\n\ud83d\udccf Published: 2025-01-09T00:00:00\n\ud83d\udccf Modified: 2025-01-09T23:03:55.418Z\n\ud83d\udd17 References:\n1. https://www.evms.edu/research/resources_services/redcap/redcap_change_log/\n2. https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE-2024-56376/README.md", "creation_timestamp": "2025-01-09T23:14:50.000000Z"}, {"uuid": "9fd2e396-1eac-456c-9787-20b0ab4130cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56374", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1564", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56374\n\ud83d\udd39 Description: An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)\n\ud83d\udccf Published: 2025-01-14T00:00:00\n\ud83d\udccf Modified: 2025-01-14T19:07:03.855Z\n\ud83d\udd17 References:\n1. https://docs.djangoproject.com/en/dev/releases/security/\n2. https://groups.google.com/g/django-announce\n3. https://www.djangoproject.com/weblog/2025/jan/14/security-releases/", "creation_timestamp": "2025-01-14T19:09:25.000000Z"}, {"uuid": "2cf0d336-00b2-4bb0-a588-4281a67b3c81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56370", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10610", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56370\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically Net::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.\n\ud83d\udccf Published: 2025-04-05T18:26:22.102Z\n\ud83d\udccf Modified: 2025-04-05T18:26:22.102Z\n\ud83d\udd17 References:\n1. https://perldoc.perl.org/functions/rand\n2. https://security.metacpan.org/docs/guides/random-data-for-security.html\n3. https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537\n4. https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L58\n5. https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L9", "creation_timestamp": "2025-04-05T18:38:37.000000Z"}, {"uuid": "a6557dac-cdd9-4c24-9a1b-0cf42b1757a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56370", "type": "seen", "source": "https://t.me/cvedetector/22196", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56370 - Xero Perl Cryptographic Entropy Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-56370 \nPublished : April 5, 2025, 7:15 p.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.  \n  \nSpecifically Net::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-05T23:16:21.000000Z"}, {"uuid": "c6007489-7480-409d-adba-2311fe2eb62a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56372", "type": "seen", "source": "https://t.me/cvedetector/15071", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56372 - Linux Tun Network Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56372 \nPublished : Jan. 11, 2025, 1:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: tun: fix tun_napi_alloc_frags()  \n  \nsyzbot reported the following crash [1]  \n  \nIssue came with the blamed commit. Instead of going through  \nall the iov components, we keep using the first one  \nand end up with a malformed skb.  \n  \n[1]  \n  \nkernel BUG at net/core/skbuff.c:2849 !  \nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI  \nCPU: 0 UID: 0 PID: 6230 Comm: syz-executor132 Not tainted 6.13.0-rc1-syzkaller-00407-g96b6fcc0ee41 #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024  \n RIP: 0010:__pskb_pull_tail+0x1568/0x1570 net/core/skbuff.c:2848  \nCode: 38 c1 0f 8c 32 f1 ff ff 4c 89 f7 e8 92 96 74 f8 e9 25 f1 ff ff e8 e8 ae 09 f8 48 8b 5c 24 08 e9 eb fb ff ff e8 d9 ae 09 f8 90 <0f0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90  \nRSP: 0018:ffffc90004cbef30 EFLAGS: 00010293  \nRAX: ffffffff8995c347 RBX: 00000000fffffff2 RCX: ffff88802cf45a00  \nRDX: 0000000000000000 RSI: 00000000fffffff2 RDI: 0000000000000000  \nRBP: ffff88807df0c06a R08: ffffffff8995b084 R09: 1ffff1100fbe185c  \nR10: dffffc0000000000 R11: ffffed100fbe185d R12: ffff888076e85d50  \nR13: ffff888076e85c80 R14: ffff888076e85cf4 R15: ffff888076e85c80  \nFS:  00007f0dca6ea6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000  \nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \nCR2: 00007f0dca6ead58 CR3: 00000000119da000 CR4: 00000000003526f0  \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  \nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  \nCall Trace:  \n   \n  skb_cow_data+0x2da/0xcb0 net/core/skbuff.c:5284  \n  tipc_aead_decrypt net/tipc/crypto.c:894 [inline]  \n  tipc_crypto_rcv+0x402/0x24e0 net/tipc/crypto.c:1844  \n  tipc_rcv+0x57e/0x12a0 net/tipc/node.c:2109  \n  tipc_l2_rcv_msg+0x2bd/0x450 net/tipc/bearer.c:668  \n  __netif_receive_skb_list_ptype net/core/dev.c:5720 [inline]  \n  __netif_receive_skb_list_core+0x8b7/0x980 net/core/dev.c:5762  \n  __netif_receive_skb_list net/core/dev.c:5814 [inline]  \n  netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:5905  \n  gro_normal_list include/net/gro.h:515 [inline]  \n  napi_complete_done+0x2b5/0x870 net/core/dev.c:6256  \n  napi_complete include/linux/netdevice.h:567 [inline]  \n  tun_get_user+0x2ea0/0x4890 drivers/net/tun.c:1982  \n  tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2057  \n do_iter_readv_writev+0x600/0x880  \n  vfs_writev+0x376/0xba0 fs/read_write.c:1050  \n  do_writev+0x1b6/0x360 fs/read_write.c:1096  \n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T14:55:24.000000Z"}, {"uuid": "507bce8c-bb19-4f72-a8e2-c559feadb1a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56374", "type": "seen", "source": "https://t.me/cvedetector/15347", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56374 - Django Denial-of-Service IPv6 Validation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56374 \nPublished : Jan. 14, 2025, 7:15 p.m. | 26\u00a0minutes ago \nDescription : An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T20:42:25.000000Z"}, {"uuid": "49891d91-469d-4433-acc9-cdd99c05e59a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56377", "type": "seen", "source": "https://t.me/cvedetector/14946", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56377 - REDCap Stored Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56377 \nPublished : Jan. 9, 2025, 11:15 p.m. | 42\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload (which has been injected into all survey fields) is executed, potentially enabling the execution of arbitrary web scripts. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-10T01:18:33.000000Z"}, {"uuid": "79f94abc-0bd1-4c5e-95c1-c3a63ad49fd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56376", "type": "seen", "source": "https://t.me/cvedetector/14947", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56376 - REDCap Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-56376 \nPublished : Jan. 9, 2025, 11:15 p.m. | 42\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-10T01:18:33.000000Z"}, {"uuid": "33339bf8-1ca2-4c4a-b7b6-de8947110f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56378", "type": "seen", "source": "https://t.me/cvedetector/13520", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56378 - Poppler libpoppler.so JBIG2Bitmap Combine Out-of-Bounds Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56378 \nPublished : Dec. 23, 2024, 12:15 a.m. | 42\u00a0minutes ago \nDescription : libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-23T02:26:59.000000Z"}, {"uuid": "70c0b14b-5c42-4c84-9548-cb77939f5bb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56375", "type": "seen", "source": "https://t.me/cvedetector/13518", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56375 - Fort RPKI Integer Underflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56375 \nPublished : Dec. 22, 2024, 11:15 p.m. | 21\u00a0minutes ago \nDescription : An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn't actually exist, a crash is nearly guaranteed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-23T00:46:38.000000Z"}]}