https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 08 May 2026 03:17:20 +0000 https://vulnerability.circl.lu/sighting/7c1f824c-8f55-443b-9cd7-bc014524dcda/export {"uuid": "7c1f824c-8f55-443b-9cd7-bc014524dcda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://t.me/cvedetector/15681", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-11146 - \"TrueFiling Unauthenticated Access to Case Information\"\", \n \"Content\": \"CVE ID : CVE-2024-11146 \nPublished : Jan. 17, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T08:25:43.000000Z"} {"uuid": "7c1f824c-8f55-443b-9cd7-bc014524dcda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://t.me/cvedetector/15681", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-11146 - \"TrueFiling Unauthenticated Access to Case Information\"\", \n \"Content\": \"CVE ID : CVE-2024-11146 \nPublished : Jan. 17, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T08:25:43.000000Z"} https://vulnerability.circl.lu/sighting/7c1f824c-8f55-443b-9cd7-bc014524dcda/export Fri, 17 Jan 2025 08:25:43 +0000 https://vulnerability.circl.lu/sighting/e1e329bf-7dc7-497c-be91-6af99ab716aa/export {"uuid": "e1e329bf-7dc7-497c-be91-6af99ab716aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf32rmm32e", "content": "", "creation_timestamp": "2025-01-23T17:15:35.135227Z"} {"uuid": "e1e329bf-7dc7-497c-be91-6af99ab716aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf32rmm32e", "content": "", "creation_timestamp": "2025-01-23T17:15:35.135227Z"} https://vulnerability.circl.lu/sighting/e1e329bf-7dc7-497c-be91-6af99ab716aa/export Thu, 23 Jan 2025 17:15:35 +0000 https://vulnerability.circl.lu/sighting/a27145c0-6c4b-4ca2-bdc6-1bf2b020cf1d/export {"uuid": "a27145c0-6c4b-4ca2-bdc6-1bf2b020cf1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggggv4c3y2g", "content": "", "creation_timestamp": "2025-01-23T17:40:07.381249Z"} {"uuid": "a27145c0-6c4b-4ca2-bdc6-1bf2b020cf1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggggv4c3y2g", "content": "", "creation_timestamp": "2025-01-23T17:40:07.381249Z"} https://vulnerability.circl.lu/sighting/a27145c0-6c4b-4ca2-bdc6-1bf2b020cf1d/export Thu, 23 Jan 2025 17:40:07 +0000 https://vulnerability.circl.lu/sighting/9a845f0f-8577-426f-8ceb-1ab757e7d32c/export {"uuid": "9a845f0f-8577-426f-8ceb-1ab757e7d32c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://t.me/cvedetector/16215", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-11147 - ECOVACS Root Password Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-11147 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:17.000000Z"} {"uuid": "9a845f0f-8577-426f-8ceb-1ab757e7d32c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://t.me/cvedetector/16215", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-11147 - ECOVACS Root Password Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-11147 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:17.000000Z"} https://vulnerability.circl.lu/sighting/9a845f0f-8577-426f-8ceb-1ab757e7d32c/export Thu, 23 Jan 2025 19:09:17 +0000 https://vulnerability.circl.lu/sighting/6cae05fc-757a-46f7-aa2c-b8c5367c3e4e/export {"uuid": "6cae05fc-757a-46f7-aa2c-b8c5367c3e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5944", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11146\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/V:D/RE:L)\n\ud83d\udd39 Description: TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08.\n\ud83d\udccf Published: 2025-01-17T05:21:15.264Z\n\ud83d\udccf Modified: 2025-02-28T18:01:30.397Z\n\ud83d\udd17 References:\n1. https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-25-017-01.json\n2. https://infosec.exchange/@abreacher", "creation_timestamp": "2025-02-28T18:26:25.000000Z"} {"uuid": "6cae05fc-757a-46f7-aa2c-b8c5367c3e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5944", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11146\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/V:D/RE:L)\n\ud83d\udd39 Description: TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08.\n\ud83d\udccf Published: 2025-01-17T05:21:15.264Z\n\ud83d\udccf Modified: 2025-02-28T18:01:30.397Z\n\ud83d\udd17 References:\n1. https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-25-017-01.json\n2. https://infosec.exchange/@abreacher", "creation_timestamp": "2025-02-28T18:26:25.000000Z"} https://vulnerability.circl.lu/sighting/6cae05fc-757a-46f7-aa2c-b8c5367c3e4e/export Fri, 28 Feb 2025 18:26:25 +0000 https://vulnerability.circl.lu/sighting/7ed5bee8-dd91-4f97-addc-c792bc032b83/export {"uuid": "7ed5bee8-dd91-4f97-addc-c792bc032b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14464", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11142\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0\n\nNOTE: According to the vendor, fixing process is still ongoing for v4.05.\n\ud83d\udccf Published: 2025-05-02T07:47:30.429Z\n\ud83d\udccf Modified: 2025-05-02T07:47:30.429Z\n\ud83d\udd17 References:\n1. https://www.usom.gov.tr/bildirim/tr-25-0098", "creation_timestamp": "2025-05-02T08:16:14.000000Z"} {"uuid": "7ed5bee8-dd91-4f97-addc-c792bc032b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14464", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11142\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0\n\nNOTE: According to the vendor, fixing process is still ongoing for v4.05.\n\ud83d\udccf Published: 2025-05-02T07:47:30.429Z\n\ud83d\udccf Modified: 2025-05-02T07:47:30.429Z\n\ud83d\udd17 References:\n1. https://www.usom.gov.tr/bildirim/tr-25-0098", "creation_timestamp": "2025-05-02T08:16:14.000000Z"} https://vulnerability.circl.lu/sighting/7ed5bee8-dd91-4f97-addc-c792bc032b83/export Fri, 02 May 2025 08:16:14 +0000 https://vulnerability.circl.lu/sighting/a92b3ea1-7ea2-4220-8880-5d0149ab8e74/export {"uuid": "a92b3ea1-7ea2-4220-8880-5d0149ab8e74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://t.me/cvedetector/24336", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-11142 - Gosoft Software Proticaret E-Commerce CSRF Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-11142 \nPublished : May 2, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 \n \nNOTE: According to the vendor, fixing process is still ongoing for v4.05. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"02 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T11:45:44.000000Z"} {"uuid": "a92b3ea1-7ea2-4220-8880-5d0149ab8e74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://t.me/cvedetector/24336", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-11142 - Gosoft Software Proticaret E-Commerce CSRF Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-11142 \nPublished : May 2, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 \n \nNOTE: According to the vendor, fixing process is still ongoing for v4.05. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"02 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T11:45:44.000000Z"} https://vulnerability.circl.lu/sighting/a92b3ea1-7ea2-4220-8880-5d0149ab8e74/export Fri, 02 May 2025 11:45:44 +0000 https://vulnerability.circl.lu/sighting/d3f3f49f-ba08-4d16-8800-e250cc6ed9d2/export {"uuid": "d3f3f49f-ba08-4d16-8800-e250cc6ed9d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo6rn5izn62p", "content": "", "creation_timestamp": "2025-05-02T12:00:41.917790Z"} {"uuid": "d3f3f49f-ba08-4d16-8800-e250cc6ed9d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo6rn5izn62p", "content": "", "creation_timestamp": "2025-05-02T12:00:41.917790Z"} https://vulnerability.circl.lu/sighting/d3f3f49f-ba08-4d16-8800-e250cc6ed9d2/export Fri, 02 May 2025 12:00:41 +0000 https://vulnerability.circl.lu/sighting/c8289b80-d1ff-4eb2-afd5-d3be3a325b53/export {"uuid": "c8289b80-d1ff-4eb2-afd5-d3be3a325b53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo6g64dwbgd2", "content": "", "creation_timestamp": "2025-05-02T13:21:00.430779Z"} {"uuid": "c8289b80-d1ff-4eb2-afd5-d3be3a325b53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo6g64dwbgd2", "content": "", "creation_timestamp": "2025-05-02T13:21:00.430779Z"} https://vulnerability.circl.lu/sighting/c8289b80-d1ff-4eb2-afd5-d3be3a325b53/export Fri, 02 May 2025 13:21:00 +0000 https://vulnerability.circl.lu/sighting/91b19216-21ca-4f29-a73b-f57ce5064d0d/export {"uuid": "91b19216-21ca-4f29-a73b-f57ce5064d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11141", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17048", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11141\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-15T20:06:47.658Z\n\ud83d\udccf Modified: 2025-05-20T19:36:52.199Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/6fe3544b-fb86-43e4-9771-6e9343f9f835/", "creation_timestamp": "2025-05-20T19:41:20.000000Z"} {"uuid": "91b19216-21ca-4f29-a73b-f57ce5064d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11141", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17048", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11141\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-15T20:06:47.658Z\n\ud83d\udccf Modified: 2025-05-20T19:36:52.199Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/6fe3544b-fb86-43e4-9771-6e9343f9f835/", "creation_timestamp": "2025-05-20T19:41:20.000000Z"} https://vulnerability.circl.lu/sighting/91b19216-21ca-4f29-a73b-f57ce5064d0d/export Tue, 20 May 2025 19:41:20 +0000