https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 13 May 2026 13:45:38 +0000 https://vulnerability.circl.lu/sighting/7562fca6-1193-4d02-ad5d-9bccf2fa0383/export {"uuid": "7562fca6-1193-4d02-ad5d-9bccf2fa0383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13043", "type": "seen", "source": "https://t.me/cvedetector/13960", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13043 - Panda Security Dome Link Following Local Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13043 \nPublished : Dec. 30, 2024, 9:15 p.m. | 20\u00a0minutes ago \nDescription : Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. \n \nThe specific flaw exists within the Hotspot Shield. By creating a junction, an attacker can abuse the application to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23478. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-30T22:39:18.000000Z"} {"uuid": "7562fca6-1193-4d02-ad5d-9bccf2fa0383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13043", "type": "seen", "source": "https://t.me/cvedetector/13960", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13043 - Panda Security Dome Link Following Local Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13043 \nPublished : Dec. 30, 2024, 9:15 p.m. | 20\u00a0minutes ago \nDescription : Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. \n \nThe specific flaw exists within the Hotspot Shield. By creating a junction, an attacker can abuse the application to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23478. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-30T22:39:18.000000Z"} https://vulnerability.circl.lu/sighting/7562fca6-1193-4d02-ad5d-9bccf2fa0383/export Mon, 30 Dec 2024 22:39:18 +0000 https://vulnerability.circl.lu/sighting/8db1f95f-a005-4122-895d-2731c5eaf456/export {"uuid": "8db1f95f-a005-4122-895d-2731c5eaf456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13044", "type": "seen", "source": "https://t.me/cvedetector/13961", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13044 - Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13044 \nPublished : Dec. 30, 2024, 9:15 p.m. | 20\u00a0minutes ago \nDescription : Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n \nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24870. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-30T22:39:21.000000Z"} {"uuid": "8db1f95f-a005-4122-895d-2731c5eaf456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13044", "type": "seen", "source": "https://t.me/cvedetector/13961", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13044 - Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13044 \nPublished : Dec. 30, 2024, 9:15 p.m. | 20\u00a0minutes ago \nDescription : Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n \nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24870. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-30T22:39:21.000000Z"} https://vulnerability.circl.lu/sighting/8db1f95f-a005-4122-895d-2731c5eaf456/export Mon, 30 Dec 2024 22:39:21 +0000 https://vulnerability.circl.lu/sighting/e11d815c-fc78-4a75-aac6-f91cd0303798/export {"uuid": "e11d815c-fc78-4a75-aac6-f91cd0303798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13045", "type": "seen", "source": "https://t.me/cvedetector/13962", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13045 - Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13045 \nPublished : Dec. 30, 2024, 9:15 p.m. | 20\u00a0minutes ago \nDescription : Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n \nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24848. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-30T22:39:22.000000Z"} {"uuid": "e11d815c-fc78-4a75-aac6-f91cd0303798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13045", "type": "seen", "source": "https://t.me/cvedetector/13962", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13045 - Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13045 \nPublished : Dec. 30, 2024, 9:15 p.m. | 20\u00a0minutes ago \nDescription : Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n \nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24848. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-30T22:39:22.000000Z"} https://vulnerability.circl.lu/sighting/e11d815c-fc78-4a75-aac6-f91cd0303798/export Mon, 30 Dec 2024 22:39:22 +0000 https://vulnerability.circl.lu/sighting/2aa4d6a6-c7ec-40d9-baf0-9475fc800286/export {"uuid": "2aa4d6a6-c7ec-40d9-baf0-9475fc800286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13040", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113744992650690013", "content": "", "creation_timestamp": "2024-12-31T02:07:30.310808Z"} {"uuid": "2aa4d6a6-c7ec-40d9-baf0-9475fc800286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13040", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113744992650690013", "content": "", "creation_timestamp": "2024-12-31T02:07:30.310808Z"} https://vulnerability.circl.lu/sighting/2aa4d6a6-c7ec-40d9-baf0-9475fc800286/export Tue, 31 Dec 2024 02:07:30 +0000 https://vulnerability.circl.lu/sighting/9d90a6a5-3c42-4f40-8f30-3024d324984c/export {"uuid": "9d90a6a5-3c42-4f40-8f30-3024d324984c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13040", "type": "seen", "source": "https://t.me/cvedetector/13967", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13040 - \"Quanta Computer QOCA Authorization Bypass Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-13040 \nPublished : Dec. 31, 2024, 2:15 a.m. | 24\u00a0minutes ago \nDescription : The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-31T03:40:08.000000Z"} {"uuid": "9d90a6a5-3c42-4f40-8f30-3024d324984c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13040", "type": "seen", "source": "https://t.me/cvedetector/13967", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13040 - \"Quanta Computer QOCA Authorization Bypass Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-13040 \nPublished : Dec. 31, 2024, 2:15 a.m. | 24\u00a0minutes ago \nDescription : The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-31T03:40:08.000000Z"} https://vulnerability.circl.lu/sighting/9d90a6a5-3c42-4f40-8f30-3024d324984c/export Tue, 31 Dec 2024 03:40:08 +0000 https://vulnerability.circl.lu/sighting/f30a498a-88f3-411d-a92c-da1ff1e5a605/export {"uuid": "f30a498a-88f3-411d-a92c-da1ff1e5a605", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13040", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113747171252357787", "content": "", "creation_timestamp": "2024-12-31T11:21:32.975044Z"} {"uuid": "f30a498a-88f3-411d-a92c-da1ff1e5a605", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13040", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113747171252357787", "content": "", "creation_timestamp": "2024-12-31T11:21:32.975044Z"} https://vulnerability.circl.lu/sighting/f30a498a-88f3-411d-a92c-da1ff1e5a605/export Tue, 31 Dec 2024 11:21:32 +0000 https://vulnerability.circl.lu/sighting/4a4ef3b9-fe43-4583-8cef-849fc0535680/export {"uuid": "4a4ef3b9-fe43-4583-8cef-849fc0535680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13041", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113793610252558322", "content": "", "creation_timestamp": "2025-01-08T16:11:36.236214Z"} {"uuid": "4a4ef3b9-fe43-4583-8cef-849fc0535680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13041", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113793610252558322", "content": "", "creation_timestamp": "2025-01-08T16:11:36.236214Z"} https://vulnerability.circl.lu/sighting/4a4ef3b9-fe43-4583-8cef-849fc0535680/export Wed, 08 Jan 2025 16:11:36 +0000 https://vulnerability.circl.lu/sighting/b40359f3-44be-4451-afb9-7cd91de9561c/export {"uuid": "b40359f3-44be-4451-afb9-7cd91de9561c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13041", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113797009211537411", "content": "", "creation_timestamp": "2025-01-09T06:36:02.915869Z"} {"uuid": "b40359f3-44be-4451-afb9-7cd91de9561c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13041", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113797009211537411", "content": "", "creation_timestamp": "2025-01-09T06:36:02.915869Z"} https://vulnerability.circl.lu/sighting/b40359f3-44be-4451-afb9-7cd91de9561c/export Thu, 09 Jan 2025 06:36:02 +0000 https://vulnerability.circl.lu/sighting/944cd15a-6eda-48be-9923-49d785bd519c/export {"uuid": "944cd15a-6eda-48be-9923-49d785bd519c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13041", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfc4zvpojh27", "content": "", "creation_timestamp": "2025-01-09T07:15:55.928230Z"} {"uuid": "944cd15a-6eda-48be-9923-49d785bd519c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13041", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfc4zvpojh27", "content": "", "creation_timestamp": "2025-01-09T07:15:55.928230Z"} https://vulnerability.circl.lu/sighting/944cd15a-6eda-48be-9923-49d785bd519c/export Thu, 09 Jan 2025 07:15:55 +0000 https://vulnerability.circl.lu/sighting/e5c903d9-7162-47f5-a3a5-9bf8a83ff76f/export {"uuid": "e5c903d9-7162-47f5-a3a5-9bf8a83ff76f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13041", "type": "seen", "source": "https://t.me/cvedetector/14799", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13041 - GitLab SAML Provider External Group Configuration Bypass Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13041 \nPublished : Jan. 9, 2025, 7:15 a.m. | 40\u00a0minutes ago \nDescription : An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T09:23:32.000000Z"} {"uuid": "e5c903d9-7162-47f5-a3a5-9bf8a83ff76f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13041", "type": "seen", "source": "https://t.me/cvedetector/14799", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13041 - GitLab SAML Provider External Group Configuration Bypass Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13041 \nPublished : Jan. 9, 2025, 7:15 a.m. | 40\u00a0minutes ago \nDescription : An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T09:23:32.000000Z"} https://vulnerability.circl.lu/sighting/e5c903d9-7162-47f5-a3a5-9bf8a83ff76f/export Thu, 09 Jan 2025 09:23:32 +0000