https://vulnerability.circl.lu/sightings/feed 2026-06-26T02:27:43.997353+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/6484c059-60df-436f-8b51-3fb21afd7e4c/export 2026-06-26T02:27:44.020098+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "6484c059-60df-436f-8b51-3fb21afd7e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113791241171697923", "content": "", "creation_timestamp": "2025-01-08T06:09:06.699434Z"} 2025-01-08T06:09:06.699434+00:00 https://vulnerability.circl.lu/sighting/908aaecf-803a-427a-b1fc-ea64ca6d0724/export 2026-06-26T02:27:44.020036+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "908aaecf-803a-427a-b1fc-ea64ca6d0724", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7j75mbtl2d", "content": "", "creation_timestamp": "2025-01-08T06:15:37.635085Z"} 2025-01-08T06:15:37.635085+00:00 https://vulnerability.circl.lu/sighting/963957d9-0b2c-4394-be36-7c9135756004/export 2026-06-26T02:27:44.019969+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "963957d9-0b2c-4394-be36-7c9135756004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/666", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10151\n\ud83d\udd39 Description: The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.\n\ud83d\udccf Published: 2025-01-08T06:00:12.427Z\n\ud83d\udccf Modified: 2025-01-08T06:00:12.427Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/487facf7-8880-48b3-b1b2-0d09823d3c46/", "creation_timestamp": "2025-01-08T06:38:12.000000Z"} 2025-01-08T06:38:12+00:00 https://vulnerability.circl.lu/sighting/bbd5c32e-7a53-41ca-b65a-09cf690027be/export 2026-06-26T02:27:44.019904+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "bbd5c32e-7a53-41ca-b65a-09cf690027be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7khytevf2e", "content": "", "creation_timestamp": "2025-01-08T06:38:27.904388Z"} 2025-01-08T06:38:27.904388+00:00 https://vulnerability.circl.lu/sighting/f7a3ecca-64bd-4d17-8894-0a8bea4c92eb/export 2026-06-26T02:27:44.019831+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "f7a3ecca-64bd-4d17-8894-0a8bea4c92eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://t.me/cvedetector/14660", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10151 - WordPress Auto iFrame Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-10151 \nPublished : Jan. 8, 2025, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T08:17:26.000000Z"} 2025-01-08T08:17:26+00:00 https://vulnerability.circl.lu/sighting/3236f05d-d59c-4b68-8bd7-f689c0d6e262/export 2026-06-26T02:27:44.019758+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "3236f05d-d59c-4b68-8bd7-f689c0d6e262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10152", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5474", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10152\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-26T06:00:02.971Z\n\ud83d\udccf Modified: 2025-02-26T06:00:02.971Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/", "creation_timestamp": "2025-02-26T06:25:31.000000Z"} 2025-02-26T06:25:31+00:00 https://vulnerability.circl.lu/sighting/e0c76e77-669d-4543-87dd-4d4b1e95c027/export 2026-06-26T02:27:44.019665+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "e0c76e77-669d-4543-87dd-4d4b1e95c027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10153", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7717", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10153\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument bookingdatefrom/nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.\n\ud83d\udccf Published: 2024-10-19T18:00:09.081Z\n\ud83d\udccf Modified: 2025-03-16T17:15:23.804Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.280939\n2. https://vuldb.com/?ctiid.280939\n3. https://vuldb.com/?submit.425365\n4. https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_sqli.md\n5. https://phpgurukul.com/", "creation_timestamp": "2025-03-16T17:46:16.000000Z"} 2025-03-16T17:46:16+00:00 https://vulnerability.circl.lu/sighting/6d9400bb-ae5a-41c4-bd24-07378a130755/export 2026-06-26T02:27:44.019588+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "6d9400bb-ae5a-41c4-bd24-07378a130755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10157", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10189", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10157\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username/mobileno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2024-10-19T22:31:05.359Z\n\ud83d\udccf Modified: 2025-04-03T06:46:01.796Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.280943\n2. https://vuldb.com/?ctiid.280943\n3. https://vuldb.com/?submit.425399\n4. https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_admin_password_recovery_sqli.md\n5. https://phpgurukul.com/", "creation_timestamp": "2025-04-03T07:34:24.000000Z"} 2025-04-03T07:34:24+00:00 https://vulnerability.circl.lu/sighting/deab154b-2223-46de-9d5b-7210a79401f9/export 2026-06-26T02:27:44.019480+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "deab154b-2223-46de-9d5b-7210a79401f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10152", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-10152.yaml", "content": "", "creation_timestamp": "2026-02-11T14:55:22.000000Z"} 2026-02-11T14:55:22+00:00 https://vulnerability.circl.lu/sighting/74edeb0e-6662-4c8b-a4e0-23da24275cde/export 2026-06-26T02:27:44.016596+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "74edeb0e-6662-4c8b-a4e0-23da24275cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10152", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovccvdjs2j", "content": "", "creation_timestamp": "2026-02-12T21:03:14.403008Z"} 2026-02-12T21:03:14.403008+00:00