<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 05 Jul 2026 09:30:36 +0000</lastBuildDate>
    <item>
      <title>888686c9-917a-4e98-9419-3ef1b7200354</title>
      <link>https://vulnerability.circl.lu/sighting/888686c9-917a-4e98-9419-3ef1b7200354/export</link>
      <description>{"uuid": "888686c9-917a-4e98-9419-3ef1b7200354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21545", "type": "published-proof-of-concept", "source": "Telegram/q7VD5LFLz0DQI0He0CdIi8UKDEAJAk3zBKou56yKpQVq99g", "content": "", "creation_timestamp": "2025-12-01T03:00:07.000000Z"}</description>
      <content:encoded>{"uuid": "888686c9-917a-4e98-9419-3ef1b7200354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21545", "type": "published-proof-of-concept", "source": "Telegram/q7VD5LFLz0DQI0He0CdIi8UKDEAJAk3zBKou56yKpQVq99g", "content": "", "creation_timestamp": "2025-12-01T03:00:07.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/888686c9-917a-4e98-9419-3ef1b7200354/export</guid>
      <pubDate>Mon, 01 Dec 2025 03:00:07 +0000</pubDate>
    </item>
    <item>
      <title>9a9a6af8-bdce-4b46-868b-3a0d45c64c75</title>
      <link>https://vulnerability.circl.lu/sighting/9a9a6af8-bdce-4b46-868b-3a0d45c64c75/export</link>
      <description>{"uuid": "9a9a6af8-bdce-4b46-868b-3a0d45c64c75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21545", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:33.000000Z"}</description>
      <content:encoded>{"uuid": "9a9a6af8-bdce-4b46-868b-3a0d45c64c75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21545", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:33.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9a9a6af8-bdce-4b46-868b-3a0d45c64c75/export</guid>
      <pubDate>Tue, 26 Aug 2025 13:26:33 +0000</pubDate>
    </item>
    <item>
      <title>256a347e-fc54-408a-b4aa-b8eca4190d1c</title>
      <link>https://vulnerability.circl.lu/sighting/256a347e-fc54-408a-b4aa-b8eca4190d1c/export</link>
      <description>{"uuid": "256a347e-fc54-408a-b4aa-b8eca4190d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21546", "type": "published-proof-of-concept", "source": "Telegram/YaDf5xJ3685njZbA_KRVppFbIpFzplLD7yW1OQGHI6Xa2lo", "content": "", "creation_timestamp": "2025-05-05T21:02:56.000000Z"}</description>
      <content:encoded>{"uuid": "256a347e-fc54-408a-b4aa-b8eca4190d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21546", "type": "published-proof-of-concept", "source": "Telegram/YaDf5xJ3685njZbA_KRVppFbIpFzplLD7yW1OQGHI6Xa2lo", "content": "", "creation_timestamp": "2025-05-05T21:02:56.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/256a347e-fc54-408a-b4aa-b8eca4190d1c/export</guid>
      <pubDate>Mon, 05 May 2025 21:02:56 +0000</pubDate>
    </item>
    <item>
      <title>21199940-c55e-44ac-a7bd-1e7c23896730</title>
      <link>https://vulnerability.circl.lu/sighting/21199940-c55e-44ac-a7bd-1e7c23896730/export</link>
      <description>{"uuid": "21199940-c55e-44ac-a7bd-1e7c23896730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "seen", "source": "Telegram/ynTV8tOGr7piAsl9BTCseHZxVuzmsf9LHsFkrsQztRrZlhcj", "content": "", "creation_timestamp": "2025-02-20T23:38:15.000000Z"}</description>
      <content:encoded>{"uuid": "21199940-c55e-44ac-a7bd-1e7c23896730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "seen", "source": "Telegram/ynTV8tOGr7piAsl9BTCseHZxVuzmsf9LHsFkrsQztRrZlhcj", "content": "", "creation_timestamp": "2025-02-20T23:38:15.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/21199940-c55e-44ac-a7bd-1e7c23896730/export</guid>
      <pubDate>Thu, 20 Feb 2025 23:38:15 +0000</pubDate>
    </item>
    <item>
      <title>c2490a63-27f4-4abd-be39-a0fc087a52e6</title>
      <link>https://vulnerability.circl.lu/sighting/c2490a63-27f4-4abd-be39-a0fc087a52e6/export</link>
      <description>{"uuid": "c2490a63-27f4-4abd-be39-a0fc087a52e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4822", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21543\n\ud83d\udd25 CVSS Score: 5.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.\n\ud83d\udccf Published: 2024-12-13T05:00:16.747Z\n\ud83d\udccf Modified: 2025-02-20T22:02:38.155Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-PYTHON-DJOSER-8366540\n2. https://github.com/sunscrapers/djoser/releases/tag/2.3.0\n3. https://github.com/sunscrapers/djoser/issues/795\n4. https://github.com/sunscrapers/djoser/pull/819\n5. https://github.com/sunscrapers/djoser/commit/d33c3993c0c735f23cbedc60fa59fce69354f19d", "creation_timestamp": "2025-02-20T22:17:43.000000Z"}</description>
      <content:encoded>{"uuid": "c2490a63-27f4-4abd-be39-a0fc087a52e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4822", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21543\n\ud83d\udd25 CVSS Score: 5.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.\n\ud83d\udccf Published: 2024-12-13T05:00:16.747Z\n\ud83d\udccf Modified: 2025-02-20T22:02:38.155Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-PYTHON-DJOSER-8366540\n2. https://github.com/sunscrapers/djoser/releases/tag/2.3.0\n3. https://github.com/sunscrapers/djoser/issues/795\n4. https://github.com/sunscrapers/djoser/pull/819\n5. https://github.com/sunscrapers/djoser/commit/d33c3993c0c735f23cbedc60fa59fce69354f19d", "creation_timestamp": "2025-02-20T22:17:43.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c2490a63-27f4-4abd-be39-a0fc087a52e6/export</guid>
      <pubDate>Thu, 20 Feb 2025 22:17:43 +0000</pubDate>
    </item>
    <item>
      <title>f5c5a4ca-2101-41ec-9349-b307e839e468</title>
      <link>https://vulnerability.circl.lu/sighting/f5c5a4ca-2101-41ec-9349-b307e839e468/export</link>
      <description>{"uuid": "f5c5a4ca-2101-41ec-9349-b307e839e468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://t.me/cvedetector/17272", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-1026 - Spatie Browsershot URL Validation Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-1026 \nPublished : Feb. 5, 2025, 5:15 a.m. | 23\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21549](). \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T07:26:55.000000Z"}</description>
      <content:encoded>{"uuid": "f5c5a4ca-2101-41ec-9349-b307e839e468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://t.me/cvedetector/17272", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-1026 - Spatie Browsershot URL Validation Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-1026 \nPublished : Feb. 5, 2025, 5:15 a.m. | 23\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21549](). \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T07:26:55.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f5c5a4ca-2101-41ec-9349-b307e839e468/export</guid>
      <pubDate>Wed, 05 Feb 2025 07:26:55 +0000</pubDate>
    </item>
    <item>
      <title>338da72a-1f52-44ed-9994-7b420e0375a9</title>
      <link>https://vulnerability.circl.lu/sighting/338da72a-1f52-44ed-9994-7b420e0375a9/export</link>
      <description>{"uuid": "338da72a-1f52-44ed-9994-7b420e0375a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113949546327052981", "content": "", "creation_timestamp": "2025-02-05T05:08:11.721492Z"}</description>
      <content:encoded>{"uuid": "338da72a-1f52-44ed-9994-7b420e0375a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113949546327052981", "content": "", "creation_timestamp": "2025-02-05T05:08:11.721492Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/338da72a-1f52-44ed-9994-7b420e0375a9/export</guid>
      <pubDate>Wed, 05 Feb 2025 05:08:11 +0000</pubDate>
    </item>
    <item>
      <title>99ec7338-b0ef-448e-ab8e-9b9b0191d242</title>
      <link>https://vulnerability.circl.lu/sighting/99ec7338-b0ef-448e-ab8e-9b9b0191d242/export</link>
      <description>{"uuid": "99ec7338-b0ef-448e-ab8e-9b9b0191d242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21541", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1528", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21541\n\ud83d\udd39 Description: Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.\n\ud83d\udccf Published: 2024-11-13T05:00:12.270Z\n\ud83d\udccf Modified: 2025-01-14T16:53:39.641Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199\n2. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166\n3. https://github.com/matthewmueller/dom-iterator/commit/9e0e0fad5a251de5b42feb326c4204eb04080805", "creation_timestamp": "2025-01-14T17:21:01.000000Z"}</description>
      <content:encoded>{"uuid": "99ec7338-b0ef-448e-ab8e-9b9b0191d242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21541", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1528", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21541\n\ud83d\udd39 Description: Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.\n\ud83d\udccf Published: 2024-11-13T05:00:12.270Z\n\ud83d\udccf Modified: 2025-01-14T16:53:39.641Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199\n2. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166\n3. https://github.com/matthewmueller/dom-iterator/commit/9e0e0fad5a251de5b42feb326c4204eb04080805", "creation_timestamp": "2025-01-14T17:21:01.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/99ec7338-b0ef-448e-ab8e-9b9b0191d242/export</guid>
      <pubDate>Tue, 14 Jan 2025 17:21:01 +0000</pubDate>
    </item>
    <item>
      <title>3346d93f-7326-45b3-bfe5-6d9f244e1e1a</title>
      <link>https://vulnerability.circl.lu/sighting/3346d93f-7326-45b3-bfe5-6d9f244e1e1a/export</link>
      <description>{"uuid": "3346d93f-7326-45b3-bfe5-6d9f244e1e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://t.me/cvedetector/13408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21549 - Spatie Browsershot Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21549 \nPublished : Dec. 20, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21544](). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T06:42:37.000000Z"}</description>
      <content:encoded>{"uuid": "3346d93f-7326-45b3-bfe5-6d9f244e1e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://t.me/cvedetector/13408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21549 - Spatie Browsershot Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21549 \nPublished : Dec. 20, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21544](). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T06:42:37.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3346d93f-7326-45b3-bfe5-6d9f244e1e1a/export</guid>
      <pubDate>Fri, 20 Dec 2024 06:42:37 +0000</pubDate>
    </item>
    <item>
      <title>cf3ee060-bf8a-4add-9f5a-f2de16f3bbff</title>
      <link>https://vulnerability.circl.lu/sighting/cf3ee060-bf8a-4add-9f5a-f2de16f3bbff/export</link>
      <description>{"uuid": "cf3ee060-bf8a-4add-9f5a-f2de16f3bbff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21544", "type": "seen", "source": "https://t.me/cvedetector/13408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21549 - Spatie Browsershot Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21549 \nPublished : Dec. 20, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21544](). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T06:42:37.000000Z"}</description>
      <content:encoded>{"uuid": "cf3ee060-bf8a-4add-9f5a-f2de16f3bbff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21544", "type": "seen", "source": "https://t.me/cvedetector/13408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21549 - Spatie Browsershot Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21549 \nPublished : Dec. 20, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21544](). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T06:42:37.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/cf3ee060-bf8a-4add-9f5a-f2de16f3bbff/export</guid>
      <pubDate>Fri, 20 Dec 2024 06:42:37 +0000</pubDate>
    </item>
  </channel>
</rss>
