https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 10 May 2026 13:13:09 +0000 https://vulnerability.circl.lu/sighting/038c8bc4-bdb9-4d22-9905-308918591de8/export {"uuid": "038c8bc4-bdb9-4d22-9905-308918591de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/writeup_ctf/321", "content": "\u0421\u0434\u0435\u043b\u0430\u043b \u0440\u0430\u0439\u0442\u0430\u043f \u043d\u0430 \u043d\u043e\u0432\u0443\u044e \u0442\u0430\u0447\u043a\u0443 \u0448\u0435\u0441\u0442\u043e\u0433\u043e \u0441\u0435\u0437\u043e\u043d\u0430 hackthebox (Chemistry Season6).\n\u0418\u043b\u0438, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442 YandexGPT \"\u0420\u0435\u0448\u0438\u043b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u0443\u044e \u0440\u0430\u0431\u043e\u0442\u0443 \u043f\u043e \u0445\u0438\u043c\u0438\u0438 HTB\" \n\n\u0418\u0437 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0433\u043e, \u0432 \u0442\u0430\u0447\u043a\u0435 \u0431\u044b\u043b\u0430 RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 CIF (Crystallographic Information File) - CVE-2024-23346\n\u0438 LFI \u0432 aiohttp - CVE-2024-23334. \n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0435 \u0448\u0430\u0433\u0438 \u043f\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044e \u0442\u0430\u0447\u043a\u0438 \u0442\u0443\u0442:\nhttps://pentestnotes.ru/ru/writeups/hackthebox/chemistry-htb-writeup/", "creation_timestamp": "2024-10-21T16:17:28.000000Z"} {"uuid": "038c8bc4-bdb9-4d22-9905-308918591de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/writeup_ctf/321", "content": "\u0421\u0434\u0435\u043b\u0430\u043b \u0440\u0430\u0439\u0442\u0430\u043f \u043d\u0430 \u043d\u043e\u0432\u0443\u044e \u0442\u0430\u0447\u043a\u0443 \u0448\u0435\u0441\u0442\u043e\u0433\u043e \u0441\u0435\u0437\u043e\u043d\u0430 hackthebox (Chemistry Season6).\n\u0418\u043b\u0438, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442 YandexGPT \"\u0420\u0435\u0448\u0438\u043b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u0443\u044e \u0440\u0430\u0431\u043e\u0442\u0443 \u043f\u043e \u0445\u0438\u043c\u0438\u0438 HTB\" \n\n\u0418\u0437 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0433\u043e, \u0432 \u0442\u0430\u0447\u043a\u0435 \u0431\u044b\u043b\u0430 RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 CIF (Crystallographic Information File) - CVE-2024-23346\n\u0438 LFI \u0432 aiohttp - CVE-2024-23334. \n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0435 \u0448\u0430\u0433\u0438 \u043f\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044e \u0442\u0430\u0447\u043a\u0438 \u0442\u0443\u0442:\nhttps://pentestnotes.ru/ru/writeups/hackthebox/chemistry-htb-writeup/", "creation_timestamp": "2024-10-21T16:17:28.000000Z"} https://vulnerability.circl.lu/sighting/038c8bc4-bdb9-4d22-9905-308918591de8/export Mon, 21 Oct 2024 16:17:28 +0000 https://vulnerability.circl.lu/sighting/f79cc2cf-135c-4afd-836b-7646fb8e0d49/export {"uuid": "f79cc2cf-135c-4afd-836b-7646fb8e0d49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8937", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aDeveloped PoC for pymatgen <= 2024.2.8 Insecure Deserialization RCE\nURL\uff1ahttps://github.com/bluetoothStrawberry/CVE-2024-23346_poc\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-02T19:43:36.000000Z"} {"uuid": "f79cc2cf-135c-4afd-836b-7646fb8e0d49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8937", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aDeveloped PoC for pymatgen <= 2024.2.8 Insecure Deserialization RCE\nURL\uff1ahttps://github.com/bluetoothStrawberry/CVE-2024-23346_poc\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-02T19:43:36.000000Z"} https://vulnerability.circl.lu/sighting/f79cc2cf-135c-4afd-836b-7646fb8e0d49/export Sat, 02 Nov 2024 19:43:36 +0000 https://vulnerability.circl.lu/sighting/8ce73b08-dd61-43b0-a240-44fbd6574e36/export {"uuid": "8ce73b08-dd61-43b0-a240-44fbd6574e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/681", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aDeveloped PoC for pymatgen <= 2024.2.8 Insecure Deserialization RCE\nURL\uff1ahttps://github.com/bluetoothStrawberry/CVE-2024-23346_poc\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-05T20:57:53.000000Z"} {"uuid": "8ce73b08-dd61-43b0-a240-44fbd6574e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/681", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aDeveloped PoC for pymatgen <= 2024.2.8 Insecure Deserialization RCE\nURL\uff1ahttps://github.com/bluetoothStrawberry/CVE-2024-23346_poc\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-05T20:57:53.000000Z"} https://vulnerability.circl.lu/sighting/8ce73b08-dd61-43b0-a240-44fbd6574e36/export Tue, 05 Nov 2024 20:57:53 +0000 https://vulnerability.circl.lu/sighting/f1a144f2-c39a-42cd-979b-a88b252bf95e/export {"uuid": "f1a144f2-c39a-42cd-979b-a88b252bf95e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9362", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is an exploit for chemistry Hack the Box machines that automates a \\\"terminal\\\" enviornment using CVE-2024-23346\nURL\uff1ahttps://github.com/MAWK0235/CVE-2024-23346\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-09T22:36:23.000000Z"} {"uuid": "f1a144f2-c39a-42cd-979b-a88b252bf95e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9362", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is an exploit for chemistry Hack the Box machines that automates a \\\"terminal\\\" enviornment using CVE-2024-23346\nURL\uff1ahttps://github.com/MAWK0235/CVE-2024-23346\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-09T22:36:23.000000Z"} https://vulnerability.circl.lu/sighting/f1a144f2-c39a-42cd-979b-a88b252bf95e/export Mon, 09 Dec 2024 22:36:23 +0000 https://vulnerability.circl.lu/sighting/ae3a56e3-162e-4fb5-bd1c-7761beaf5bdf/export {"uuid": "ae3a56e3-162e-4fb5-bd1c-7761beaf5bdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "Telegram/iNFvofcejHT1UJTcFqWUlfDrh8sGhUnP2aFNlTJXmorFBwHU", "content": "", "creation_timestamp": "2025-02-06T02:44:21.000000Z"} {"uuid": "ae3a56e3-162e-4fb5-bd1c-7761beaf5bdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "Telegram/iNFvofcejHT1UJTcFqWUlfDrh8sGhUnP2aFNlTJXmorFBwHU", "content": "", "creation_timestamp": "2025-02-06T02:44:21.000000Z"} https://vulnerability.circl.lu/sighting/ae3a56e3-162e-4fb5-bd1c-7761beaf5bdf/export Thu, 06 Feb 2025 02:44:21 +0000 https://vulnerability.circl.lu/sighting/6dbea6fa-127b-4dec-b6b5-65bc7a664dec/export {"uuid": "6dbea6fa-127b-4dec-b6b5-65bc7a664dec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23349", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9454", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23349\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\ud83d\udccf Published: 2024-02-22T09:48:20.873Z\n\ud83d\udccf Modified: 2025-03-28T19:39:55.576Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg\n2. http://www.openwall.com/lists/oss-security/2024/02/22/2", "creation_timestamp": "2025-03-28T20:28:55.000000Z"} {"uuid": "6dbea6fa-127b-4dec-b6b5-65bc7a664dec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23349", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9454", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23349\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\ud83d\udccf Published: 2024-02-22T09:48:20.873Z\n\ud83d\udccf Modified: 2025-03-28T19:39:55.576Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg\n2. http://www.openwall.com/lists/oss-security/2024/02/22/2", "creation_timestamp": "2025-03-28T20:28:55.000000Z"} https://vulnerability.circl.lu/sighting/6dbea6fa-127b-4dec-b6b5-65bc7a664dec/export Fri, 28 Mar 2025 20:28:55 +0000 https://vulnerability.circl.lu/sighting/fe7ab77c-a362-45b1-bc1e-f56759979ca1/export {"uuid": "fe7ab77c-a362-45b1-bc1e-f56759979ca1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmteau4rtd2g", "content": "", "creation_timestamp": "2025-04-15T05:36:42.705285Z"} {"uuid": "fe7ab77c-a362-45b1-bc1e-f56759979ca1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmteau4rtd2g", "content": "", "creation_timestamp": "2025-04-15T05:36:42.705285Z"} https://vulnerability.circl.lu/sighting/fe7ab77c-a362-45b1-bc1e-f56759979ca1/export Tue, 15 Apr 2025 05:36:42 +0000 https://vulnerability.circl.lu/sighting/0028525d-efd2-4aea-96b4-92b164dd9240/export {"uuid": "0028525d-efd2-4aea-96b4-92b164dd9240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmxigyn5dv2h", "content": "", "creation_timestamp": "2025-04-16T21:02:24.108203Z"} {"uuid": "0028525d-efd2-4aea-96b4-92b164dd9240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmxigyn5dv2h", "content": "", "creation_timestamp": "2025-04-16T21:02:24.108203Z"} https://vulnerability.circl.lu/sighting/0028525d-efd2-4aea-96b4-92b164dd9240/export Wed, 16 Apr 2025 21:02:24 +0000 https://vulnerability.circl.lu/sighting/a6dea491-5e7f-4f28-87bb-66d8ec783ab5/export {"uuid": "a6dea491-5e7f-4f28-87bb-66d8ec783ab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23344", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15790", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23344\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.\n\ud83d\udccf Published: 2024-02-06T15:58:19.781Z\n\ud83d\udccf Modified: 2025-05-09T16:26:14.004Z\n\ud83d\udd17 References:\n1. https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w\n2. https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42\n3. https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42\n4. https://tuleap.net/plugins/tracker/?aid=35862", "creation_timestamp": "2025-05-09T17:25:56.000000Z"} {"uuid": "a6dea491-5e7f-4f28-87bb-66d8ec783ab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23344", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15790", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23344\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.\n\ud83d\udccf Published: 2024-02-06T15:58:19.781Z\n\ud83d\udccf Modified: 2025-05-09T16:26:14.004Z\n\ud83d\udd17 References:\n1. https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w\n2. https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42\n3. https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42\n4. https://tuleap.net/plugins/tracker/?aid=35862", "creation_timestamp": "2025-05-09T17:25:56.000000Z"} https://vulnerability.circl.lu/sighting/a6dea491-5e7f-4f28-87bb-66d8ec783ab5/export Fri, 09 May 2025 17:25:56 +0000 https://vulnerability.circl.lu/sighting/84475602-2b44-4f76-b114-15ad773d2705/export {"uuid": "84475602-2b44-4f76-b114-15ad773d2705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/45234", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aPoC exploit and vulnerable server demo for CVE-2025-1302 in jsonpath-plus.\nURL\uff1ahttps://github.com/DAVIDAROCA27/CVE-2024-23346-exploit\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-07-24T18:23:12.000000Z"} {"uuid": "84475602-2b44-4f76-b114-15ad773d2705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/45234", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aPoC exploit and vulnerable server demo for CVE-2025-1302 in jsonpath-plus.\nURL\uff1ahttps://github.com/DAVIDAROCA27/CVE-2024-23346-exploit\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-07-24T18:23:12.000000Z"} https://vulnerability.circl.lu/sighting/84475602-2b44-4f76-b114-15ad773d2705/export Thu, 24 Jul 2025 18:23:12 +0000