<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-05T09:30:35.686593+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/888686c9-917a-4e98-9419-3ef1b7200354/export</id>
    <title>888686c9-917a-4e98-9419-3ef1b7200354</title>
    <updated>2026-07-05T09:30:35.930542+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "888686c9-917a-4e98-9419-3ef1b7200354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21545", "type": "published-proof-of-concept", "source": "Telegram/q7VD5LFLz0DQI0He0CdIi8UKDEAJAk3zBKou56yKpQVq99g", "content": "", "creation_timestamp": "2025-12-01T03:00:07.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/888686c9-917a-4e98-9419-3ef1b7200354/export"/>
    <published>2025-12-01T03:00:07+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9a9a6af8-bdce-4b46-868b-3a0d45c64c75/export</id>
    <title>9a9a6af8-bdce-4b46-868b-3a0d45c64c75</title>
    <updated>2026-07-05T09:30:35.932938+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9a9a6af8-bdce-4b46-868b-3a0d45c64c75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21545", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:33.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9a9a6af8-bdce-4b46-868b-3a0d45c64c75/export"/>
    <published>2025-08-26T13:26:33+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/256a347e-fc54-408a-b4aa-b8eca4190d1c/export</id>
    <title>256a347e-fc54-408a-b4aa-b8eca4190d1c</title>
    <updated>2026-07-05T09:30:35.933142+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "256a347e-fc54-408a-b4aa-b8eca4190d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21546", "type": "published-proof-of-concept", "source": "Telegram/YaDf5xJ3685njZbA_KRVppFbIpFzplLD7yW1OQGHI6Xa2lo", "content": "", "creation_timestamp": "2025-05-05T21:02:56.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/256a347e-fc54-408a-b4aa-b8eca4190d1c/export"/>
    <published>2025-05-05T21:02:56+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/21199940-c55e-44ac-a7bd-1e7c23896730/export</id>
    <title>21199940-c55e-44ac-a7bd-1e7c23896730</title>
    <updated>2026-07-05T09:30:35.933328+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "21199940-c55e-44ac-a7bd-1e7c23896730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "seen", "source": "Telegram/ynTV8tOGr7piAsl9BTCseHZxVuzmsf9LHsFkrsQztRrZlhcj", "content": "", "creation_timestamp": "2025-02-20T23:38:15.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/21199940-c55e-44ac-a7bd-1e7c23896730/export"/>
    <published>2025-02-20T23:38:15+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c2490a63-27f4-4abd-be39-a0fc087a52e6/export</id>
    <title>c2490a63-27f4-4abd-be39-a0fc087a52e6</title>
    <updated>2026-07-05T09:30:35.933486+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c2490a63-27f4-4abd-be39-a0fc087a52e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4822", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21543\n\ud83d\udd25 CVSS Score: 5.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.\n\ud83d\udccf Published: 2024-12-13T05:00:16.747Z\n\ud83d\udccf Modified: 2025-02-20T22:02:38.155Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-PYTHON-DJOSER-8366540\n2. https://github.com/sunscrapers/djoser/releases/tag/2.3.0\n3. https://github.com/sunscrapers/djoser/issues/795\n4. https://github.com/sunscrapers/djoser/pull/819\n5. https://github.com/sunscrapers/djoser/commit/d33c3993c0c735f23cbedc60fa59fce69354f19d", "creation_timestamp": "2025-02-20T22:17:43.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c2490a63-27f4-4abd-be39-a0fc087a52e6/export"/>
    <published>2025-02-20T22:17:43+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f5c5a4ca-2101-41ec-9349-b307e839e468/export</id>
    <title>f5c5a4ca-2101-41ec-9349-b307e839e468</title>
    <updated>2026-07-05T09:30:35.933665+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f5c5a4ca-2101-41ec-9349-b307e839e468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://t.me/cvedetector/17272", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-1026 - Spatie Browsershot URL Validation Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-1026 \nPublished : Feb. 5, 2025, 5:15 a.m. | 23\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21549](). \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T07:26:55.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f5c5a4ca-2101-41ec-9349-b307e839e468/export"/>
    <published>2025-02-05T07:26:55+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/338da72a-1f52-44ed-9994-7b420e0375a9/export</id>
    <title>338da72a-1f52-44ed-9994-7b420e0375a9</title>
    <updated>2026-07-05T09:30:35.933846+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "338da72a-1f52-44ed-9994-7b420e0375a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113949546327052981", "content": "", "creation_timestamp": "2025-02-05T05:08:11.721492Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/338da72a-1f52-44ed-9994-7b420e0375a9/export"/>
    <published>2025-02-05T05:08:11.721492+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/99ec7338-b0ef-448e-ab8e-9b9b0191d242/export</id>
    <title>99ec7338-b0ef-448e-ab8e-9b9b0191d242</title>
    <updated>2026-07-05T09:30:35.933993+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "99ec7338-b0ef-448e-ab8e-9b9b0191d242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21541", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1528", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21541\n\ud83d\udd39 Description: Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.\n\ud83d\udccf Published: 2024-11-13T05:00:12.270Z\n\ud83d\udccf Modified: 2025-01-14T16:53:39.641Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199\n2. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166\n3. https://github.com/matthewmueller/dom-iterator/commit/9e0e0fad5a251de5b42feb326c4204eb04080805", "creation_timestamp": "2025-01-14T17:21:01.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/99ec7338-b0ef-448e-ab8e-9b9b0191d242/export"/>
    <published>2025-01-14T17:21:01+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3346d93f-7326-45b3-bfe5-6d9f244e1e1a/export</id>
    <title>3346d93f-7326-45b3-bfe5-6d9f244e1e1a</title>
    <updated>2026-07-05T09:30:35.934152+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3346d93f-7326-45b3-bfe5-6d9f244e1e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://t.me/cvedetector/13408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21549 - Spatie Browsershot Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21549 \nPublished : Dec. 20, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21544](). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T06:42:37.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3346d93f-7326-45b3-bfe5-6d9f244e1e1a/export"/>
    <published>2024-12-20T06:42:37+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cf3ee060-bf8a-4add-9f5a-f2de16f3bbff/export</id>
    <title>cf3ee060-bf8a-4add-9f5a-f2de16f3bbff</title>
    <updated>2026-07-05T09:30:35.934330+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cf3ee060-bf8a-4add-9f5a-f2de16f3bbff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21544", "type": "seen", "source": "https://t.me/cvedetector/13408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21549 - Spatie Browsershot Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21549 \nPublished : Dec. 20, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21544](). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T06:42:37.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cf3ee060-bf8a-4add-9f5a-f2de16f3bbff/export"/>
    <published>2024-12-20T06:42:37+00:00</published>
  </entry>
</feed>
