<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-03T20:51:19.577178+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d3373243-7045-4ef7-a799-fb78f3d2c58b/export</id>
    <title>d3373243-7045-4ef7-a799-fb78f3d2c58b</title>
    <updated>2026-07-03T20:51:19.604144+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d3373243-7045-4ef7-a799-fb78f3d2c58b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12044", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8212", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12044\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A remote code execution vulnerability exists in open-mmlab/mmdetection version v3.3.0. The vulnerability is due to the use of the `pickle.loads()` function in the `all_reduce_dict()` distributed training API without proper sanitization. This allows an attacker to execute arbitrary code by broadcasting a malicious payload to the distributed training network.\n\ud83d\udccf Published: 2025-03-20T10:10:03.510Z\n\ud83d\udccf Modified: 2025-03-20T14:36:03.940Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/f7e4fc32-e167-49fb-9fc7-f092b9c27e8a", "creation_timestamp": "2025-03-20T15:18:24.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d3373243-7045-4ef7-a799-fb78f3d2c58b/export"/>
    <published>2025-03-20T15:18:24+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8335ef12-3ff9-4955-ae57-05dc6a405cb7/export</id>
    <title>8335ef12-3ff9-4955-ae57-05dc6a405cb7</title>
    <updated>2026-07-03T20:51:19.606225+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8335ef12-3ff9-4955-ae57-05dc6a405cb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12044", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmheps2e2v", "content": "", "creation_timestamp": "2025-03-20T11:40:29.037075Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8335ef12-3ff9-4955-ae57-05dc6a405cb7/export"/>
    <published>2025-03-20T11:40:29.037075+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e8de8ba7-4f65-43f8-8e55-db8f910d59c6/export</id>
    <title>e8de8ba7-4f65-43f8-8e55-db8f910d59c6</title>
    <updated>2026-07-03T20:51:19.606423+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e8de8ba7-4f65-43f8-8e55-db8f910d59c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12048", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8199", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12048\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.\n\ud83d\udccf Published: 2025-03-20T10:11:27.726Z\n\ud83d\udccf Modified: 2025-03-20T10:11:27.726Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/6def3e3a-c443-44bb-b20e-3e69b48f37dc", "creation_timestamp": "2025-03-20T10:19:42.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e8de8ba7-4f65-43f8-8e55-db8f910d59c6/export"/>
    <published>2025-03-20T10:19:42+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ea7e5fae-e9d9-44dd-946b-e780d50d5d81/export</id>
    <title>ea7e5fae-e9d9-44dd-946b-e780d50d5d81</title>
    <updated>2026-07-03T20:51:19.606593+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ea7e5fae-e9d9-44dd-946b-e780d50d5d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12043", "type": "seen", "source": "Telegram/YMCv5dMQxodcWu4TdnyjLFwpFk0jY6Qur6jrHl0dBqx_tOWG", "content": "", "creation_timestamp": "2025-02-06T02:44:20.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ea7e5fae-e9d9-44dd-946b-e780d50d5d81/export"/>
    <published>2025-02-06T02:44:20+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b1c26d75-4b91-4b0b-9abf-590d2427ec7c/export</id>
    <title>b1c26d75-4b91-4b0b-9abf-590d2427ec7c</title>
    <updated>2026-07-03T20:51:19.606752+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b1c26d75-4b91-4b0b-9abf-590d2427ec7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12046", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhdmj5taqt2b", "content": "", "creation_timestamp": "2025-02-04T08:15:56.452087Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b1c26d75-4b91-4b0b-9abf-590d2427ec7c/export"/>
    <published>2025-02-04T08:15:56.452087+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e2cc80b3-5201-4528-bffe-a9ab5d5218b3/export</id>
    <title>e2cc80b3-5201-4528-bffe-a9ab5d5218b3</title>
    <updated>2026-07-03T20:51:19.606893+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e2cc80b3-5201-4528-bffe-a9ab5d5218b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12046", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113944437736684051", "content": "", "creation_timestamp": "2025-02-04T07:29:00.757521Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e2cc80b3-5201-4528-bffe-a9ab5d5218b3/export"/>
    <published>2025-02-04T07:29:00.757521+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2c9aad92-5900-41f4-9c38-fdd25287afb6/export</id>
    <title>2c9aad92-5900-41f4-9c38-fdd25287afb6</title>
    <updated>2026-07-03T20:51:19.607026+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2c9aad92-5900-41f4-9c38-fdd25287afb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://t.me/cvedetector/16996", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12041 - Directorist WordPress Business Directory Plugin Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12041 \nPublished : Feb. 1, 2025, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:22.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2c9aad92-5900-41f4-9c38-fdd25287afb6/export"/>
    <published>2025-02-01T08:07:22+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/795ec7f1-3f1f-4825-9a6f-133dd7ba39e6/export</id>
    <title>795ec7f1-3f1f-4825-9a6f-133dd7ba39e6</title>
    <updated>2026-07-03T20:51:19.607172+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "795ec7f1-3f1f-4825-9a6f-133dd7ba39e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z46xisq2u", "content": "", "creation_timestamp": "2025-02-01T07:40:03.553196Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/795ec7f1-3f1f-4825-9a6f-133dd7ba39e6/export"/>
    <published>2025-02-01T07:40:03.553196+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fdc9d759-e8d8-45af-a9be-e5e70da003ee/export</id>
    <title>fdc9d759-e8d8-45af-a9be-e5e70da003ee</title>
    <updated>2026-07-03T20:51:19.607297+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fdc9d759-e8d8-45af-a9be-e5e70da003ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3742", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12041\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T06:15:29.527\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3208874/directorist/tags/8.0.9/includes/rest-api/Version1/class-users-controller.php\n2. https://plugins.trac.wordpress.org/changeset/3231156/directorist/tags/8.1/includes/rest-api/Version1/class-users-controller.php\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9817ff-ca56-4941-97bc-f26defe7ddd5?source=cve", "creation_timestamp": "2025-02-01T07:25:46.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fdc9d759-e8d8-45af-a9be-e5e70da003ee/export"/>
    <published>2025-02-01T07:25:46+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f4aa832b-75d8-460b-8b10-73c224bfd84a/export</id>
    <title>f4aa832b-75d8-460b-8b10-73c224bfd84a</title>
    <updated>2026-07-03T20:51:19.607434+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f4aa832b-75d8-460b-8b10-73c224bfd84a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3721", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12041\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.\n\ud83d\udccf Published: 2025-02-01T06:31:01Z\n\ud83d\udccf Modified: 2025-02-01T06:31:01Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12041\n2. https://plugins.trac.wordpress.org/changeset/3208874/directorist/tags/8.0.9/includes/rest-api/Version1/class-users-controller.php\n3. https://plugins.trac.wordpress.org/changeset/3231156/directorist/tags/8.1/includes/rest-api/Version1/class-users-controller.php\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9817ff-ca56-4941-97bc-f26defe7ddd5?source=cve", "creation_timestamp": "2025-02-01T07:16:13.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f4aa832b-75d8-460b-8b10-73c224bfd84a/export"/>
    <published>2025-02-01T07:16:13+00:00</published>
  </entry>
</feed>
