https://vulnerability.circl.lu/sightings/feed 2026-05-08T03:17:21.743056+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/7c1f824c-8f55-443b-9cd7-bc014524dcda/export 2026-05-08T03:17:22.049975+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "7c1f824c-8f55-443b-9cd7-bc014524dcda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://t.me/cvedetector/15681", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-11146 - \"TrueFiling Unauthenticated Access to Case Information\"\", \n \"Content\": \"CVE ID : CVE-2024-11146 \nPublished : Jan. 17, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T08:25:43.000000Z"} 2025-01-17T08:25:43+00:00 https://vulnerability.circl.lu/sighting/e1e329bf-7dc7-497c-be91-6af99ab716aa/export 2026-05-08T03:17:22.049898+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "e1e329bf-7dc7-497c-be91-6af99ab716aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf32rmm32e", "content": "", "creation_timestamp": "2025-01-23T17:15:35.135227Z"} 2025-01-23T17:15:35.135227+00:00 https://vulnerability.circl.lu/sighting/a27145c0-6c4b-4ca2-bdc6-1bf2b020cf1d/export 2026-05-08T03:17:22.049815+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "a27145c0-6c4b-4ca2-bdc6-1bf2b020cf1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggggv4c3y2g", "content": "", "creation_timestamp": "2025-01-23T17:40:07.381249Z"} 2025-01-23T17:40:07.381249+00:00 https://vulnerability.circl.lu/sighting/9a845f0f-8577-426f-8ceb-1ab757e7d32c/export 2026-05-08T03:17:22.049731+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "9a845f0f-8577-426f-8ceb-1ab757e7d32c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://t.me/cvedetector/16215", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-11147 - ECOVACS Root Password Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-11147 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:17.000000Z"} 2025-01-23T19:09:17+00:00 https://vulnerability.circl.lu/sighting/6cae05fc-757a-46f7-aa2c-b8c5367c3e4e/export 2026-05-08T03:17:22.049648+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "6cae05fc-757a-46f7-aa2c-b8c5367c3e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5944", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11146\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/V:D/RE:L)\n\ud83d\udd39 Description: TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08.\n\ud83d\udccf Published: 2025-01-17T05:21:15.264Z\n\ud83d\udccf Modified: 2025-02-28T18:01:30.397Z\n\ud83d\udd17 References:\n1. https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-25-017-01.json\n2. https://infosec.exchange/@abreacher", "creation_timestamp": "2025-02-28T18:26:25.000000Z"} 2025-02-28T18:26:25+00:00 https://vulnerability.circl.lu/sighting/7ed5bee8-dd91-4f97-addc-c792bc032b83/export 2026-05-08T03:17:22.049558+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "7ed5bee8-dd91-4f97-addc-c792bc032b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14464", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11142\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0\n\nNOTE: According to the vendor, fixing process is still ongoing for v4.05.\n\ud83d\udccf Published: 2025-05-02T07:47:30.429Z\n\ud83d\udccf Modified: 2025-05-02T07:47:30.429Z\n\ud83d\udd17 References:\n1. https://www.usom.gov.tr/bildirim/tr-25-0098", "creation_timestamp": "2025-05-02T08:16:14.000000Z"} 2025-05-02T08:16:14+00:00 https://vulnerability.circl.lu/sighting/a92b3ea1-7ea2-4220-8880-5d0149ab8e74/export 2026-05-08T03:17:22.049462+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "a92b3ea1-7ea2-4220-8880-5d0149ab8e74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://t.me/cvedetector/24336", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-11142 - Gosoft Software Proticaret E-Commerce CSRF Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-11142 \nPublished : May 2, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 \n \nNOTE: According to the vendor, fixing process is still ongoing for v4.05. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"02 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T11:45:44.000000Z"} 2025-05-02T11:45:44+00:00 https://vulnerability.circl.lu/sighting/d3f3f49f-ba08-4d16-8800-e250cc6ed9d2/export 2026-05-08T03:17:22.049365+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "d3f3f49f-ba08-4d16-8800-e250cc6ed9d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo6rn5izn62p", "content": "", "creation_timestamp": "2025-05-02T12:00:41.917790Z"} 2025-05-02T12:00:41.917790+00:00 https://vulnerability.circl.lu/sighting/c8289b80-d1ff-4eb2-afd5-d3be3a325b53/export 2026-05-08T03:17:22.049228+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "c8289b80-d1ff-4eb2-afd5-d3be3a325b53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo6g64dwbgd2", "content": "", "creation_timestamp": "2025-05-02T13:21:00.430779Z"} 2025-05-02T13:21:00.430779+00:00 https://vulnerability.circl.lu/sighting/91b19216-21ca-4f29-a73b-f57ce5064d0d/export 2026-05-08T03:17:22.047720+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "91b19216-21ca-4f29-a73b-f57ce5064d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11141", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17048", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11141\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-15T20:06:47.658Z\n\ud83d\udccf Modified: 2025-05-20T19:36:52.199Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/6fe3544b-fb86-43e4-9771-6e9343f9f835/", "creation_timestamp": "2025-05-20T19:41:20.000000Z"} 2025-05-20T19:41:20+00:00