https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 27 Jun 2026 21:29:11 +0000 https://vulnerability.circl.lu/sighting/8eea71b9-94e4-4ac1-b947-c503f2a729bf/export {"uuid": "8eea71b9-94e4-4ac1-b947-c503f2a729bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45204", "type": "seen", "source": "https://t.me/cvedetector/11926", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45204 - A vulnerability exists where a low-privileged user\", \n \"Content\": \"CVE ID : CVE-2024-45204 \nPublished : Dec. 4, 2024, 2:15 a.m. | 48\u00a0minutes ago \nDescription : A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T04:12:17.000000Z"} {"uuid": "8eea71b9-94e4-4ac1-b947-c503f2a729bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45204", "type": "seen", "source": "https://t.me/cvedetector/11926", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45204 - A vulnerability exists where a low-privileged user\", \n \"Content\": \"CVE ID : CVE-2024-45204 \nPublished : Dec. 4, 2024, 2:15 a.m. | 48\u00a0minutes ago \nDescription : A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T04:12:17.000000Z"} https://vulnerability.circl.lu/sighting/8eea71b9-94e4-4ac1-b947-c503f2a729bf/export Wed, 04 Dec 2024 04:12:17 +0000 https://vulnerability.circl.lu/sighting/cdab9264-c098-42fa-94d5-1815743a2de9/export {"uuid": "cdab9264-c098-42fa-94d5-1815743a2de9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45205", "type": "seen", "source": "https://t.me/cvedetector/11927", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45205 - An Improper Certificate Validation on the UniFi iO\", \n \"Content\": \"CVE ID : CVE-2024-45205 \nPublished : Dec. 4, 2024, 2:15 a.m. | 48\u00a0minutes ago \nDescription : An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. \n \n \nAffected Products: \nUniFi iOS App (Version 10.17.7 and earlier) \n \nMitigation: \nUniFi iOS App (Version 10.18.0 or later). \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T04:12:18.000000Z"} {"uuid": "cdab9264-c098-42fa-94d5-1815743a2de9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45205", "type": "seen", "source": "https://t.me/cvedetector/11927", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45205 - An Improper Certificate Validation on the UniFi iO\", \n \"Content\": \"CVE ID : CVE-2024-45205 \nPublished : Dec. 4, 2024, 2:15 a.m. | 48\u00a0minutes ago \nDescription : An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. \n \n \nAffected Products: \nUniFi iOS App (Version 10.17.7 and earlier) \n \nMitigation: \nUniFi iOS App (Version 10.18.0 or later). \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T04:12:18.000000Z"} https://vulnerability.circl.lu/sighting/cdab9264-c098-42fa-94d5-1815743a2de9/export Wed, 04 Dec 2024 04:12:18 +0000 https://vulnerability.circl.lu/sighting/283898ab-ee6c-42d7-817e-a570cad86968/export {"uuid": "283898ab-ee6c-42d7-817e-a570cad86968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45206", "type": "seen", "source": "https://t.me/cvedetector/11928", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45206 - A vulnerability in Veeam Service Provider Console\", \n \"Content\": \"CVE ID : CVE-2024-45206 \nPublished : Dec. 4, 2024, 2:15 a.m. | 48\u00a0minutes ago \nDescription : A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T04:12:19.000000Z"} {"uuid": "283898ab-ee6c-42d7-817e-a570cad86968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45206", "type": "seen", "source": "https://t.me/cvedetector/11928", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45206 - A vulnerability in Veeam Service Provider Console\", \n \"Content\": \"CVE ID : CVE-2024-45206 \nPublished : Dec. 4, 2024, 2:15 a.m. | 48\u00a0minutes ago \nDescription : A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T04:12:19.000000Z"} https://vulnerability.circl.lu/sighting/283898ab-ee6c-42d7-817e-a570cad86968/export Wed, 04 Dec 2024 04:12:19 +0000 https://vulnerability.circl.lu/sighting/fc7d0390-be35-4d90-b9b4-75ca630bb4ad/export {"uuid": "fc7d0390-be35-4d90-b9b4-75ca630bb4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45207", "type": "seen", "source": "https://t.me/cvedetector/11929", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45207 - DLL injection in Veeam Agent for Windows can occur\", \n \"Content\": \"CVE ID : CVE-2024-45207 \nPublished : Dec. 4, 2024, 2:15 a.m. | 48\u00a0minutes ago \nDescription : DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T04:12:22.000000Z"} {"uuid": "fc7d0390-be35-4d90-b9b4-75ca630bb4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45207", "type": "seen", "source": "https://t.me/cvedetector/11929", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45207 - DLL injection in Veeam Agent for Windows can occur\", \n \"Content\": \"CVE ID : CVE-2024-45207 \nPublished : Dec. 4, 2024, 2:15 a.m. | 48\u00a0minutes ago \nDescription : DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T04:12:22.000000Z"} https://vulnerability.circl.lu/sighting/fc7d0390-be35-4d90-b9b4-75ca630bb4ad/export Wed, 04 Dec 2024 04:12:22 +0000 https://vulnerability.circl.lu/sighting/ee5bb0dd-a0ee-45a8-aba0-cc2c1f1f3add/export {"uuid": "ee5bb0dd-a0ee-45a8-aba0-cc2c1f1f3add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45206", "type": "seen", "source": "https://t.me/xakep_ru/17175", "content": "\u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u0438 \u0443\u0441\u043b\u0443\u0433\u0430\u043c\u0438 \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0438\u0441-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u043e\u0432 Veeam\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Veeam Software \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Veeam Service Provider Console \u2014 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c\u0438 \u0443\u0441\u043b\u0443\u0433 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e\u0433\u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF) \u0438 \u043c\u043e\u0433\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439.\n\nhttps://xakep.ru/2025/02/28/cve-2024-45206/", "creation_timestamp": "2025-02-28T15:36:15.000000Z"} {"uuid": "ee5bb0dd-a0ee-45a8-aba0-cc2c1f1f3add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45206", "type": "seen", "source": "https://t.me/xakep_ru/17175", "content": "\u0423\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u0438 \u0443\u0441\u043b\u0443\u0433\u0430\u043c\u0438 \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0438\u0441-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u043e\u0432 Veeam\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Veeam Software \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Veeam Service Provider Console \u2014 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c\u0438 \u0443\u0441\u043b\u0443\u0433 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e\u0433\u043e \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF) \u0438 \u043c\u043e\u0433\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439.\n\nhttps://xakep.ru/2025/02/28/cve-2024-45206/", "creation_timestamp": "2025-02-28T15:36:15.000000Z"} https://vulnerability.circl.lu/sighting/ee5bb0dd-a0ee-45a8-aba0-cc2c1f1f3add/export Fri, 28 Feb 2025 15:36:15 +0000 https://vulnerability.circl.lu/sighting/1ec9ee1c-488f-4d3e-95cd-e82efa0385a1/export {"uuid": "1ec9ee1c-488f-4d3e-95cd-e82efa0385a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45206", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7462", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45206\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.\n\ud83d\udccf Published: 2024-12-04T01:06:04.650Z\n\ud83d\udccf Modified: 2025-03-13T18:36:04.573Z\n\ud83d\udd17 References:\n1. https://www.veeam.com/kb4649", "creation_timestamp": "2025-03-13T18:42:22.000000Z"} {"uuid": "1ec9ee1c-488f-4d3e-95cd-e82efa0385a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45206", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7462", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45206\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.\n\ud83d\udccf Published: 2024-12-04T01:06:04.650Z\n\ud83d\udccf Modified: 2025-03-13T18:36:04.573Z\n\ud83d\udd17 References:\n1. https://www.veeam.com/kb4649", "creation_timestamp": "2025-03-13T18:42:22.000000Z"} https://vulnerability.circl.lu/sighting/1ec9ee1c-488f-4d3e-95cd-e82efa0385a1/export Thu, 13 Mar 2025 18:42:22 +0000 https://vulnerability.circl.lu/sighting/184400f9-da19-4d5f-9a6a-ddfe6c0fb527/export {"uuid": "184400f9-da19-4d5f-9a6a-ddfe6c0fb527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45203", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7472", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45203\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper authorization in handler for custom URL scheme issue in \"@cosme\" App for Android versions prior 5.69.0 and \"@cosme\" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.\n\ud83d\udccf Published: 2024-09-09T06:42:30.971Z\n\ud83d\udccf Modified: 2025-03-13T19:35:38.439Z\n\ud83d\udd17 References:\n1. https://jvn.jp/en/jp/JVN81570776/", "creation_timestamp": "2025-03-13T19:42:30.000000Z"} {"uuid": "184400f9-da19-4d5f-9a6a-ddfe6c0fb527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45203", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7472", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45203\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper authorization in handler for custom URL scheme issue in \"@cosme\" App for Android versions prior 5.69.0 and \"@cosme\" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.\n\ud83d\udccf Published: 2024-09-09T06:42:30.971Z\n\ud83d\udccf Modified: 2025-03-13T19:35:38.439Z\n\ud83d\udd17 References:\n1. https://jvn.jp/en/jp/JVN81570776/", "creation_timestamp": "2025-03-13T19:42:30.000000Z"} https://vulnerability.circl.lu/sighting/184400f9-da19-4d5f-9a6a-ddfe6c0fb527/export Thu, 13 Mar 2025 19:42:30 +0000 https://vulnerability.circl.lu/sighting/9c36dd4e-7324-4da7-a437-dd57223514c1/export {"uuid": "9c36dd4e-7324-4da7-a437-dd57223514c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45208", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18818", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45208\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide.\n\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.\n\ud83d\udccf Published: 2025-06-18T23:30:53.998Z\n\ud83d\udccf Modified: 2025-06-18T23:30:53.998Z\n\ud83d\udd17 References:\n1. https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718\n2. https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation\n3. https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4\n4. https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3\n5. https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2\n6. https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3\n7. https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566", "creation_timestamp": "2025-06-18T23:41:29.000000Z"} {"uuid": "9c36dd4e-7324-4da7-a437-dd57223514c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45208", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18818", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45208\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide.\n\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.\n\ud83d\udccf Published: 2025-06-18T23:30:53.998Z\n\ud83d\udccf Modified: 2025-06-18T23:30:53.998Z\n\ud83d\udd17 References:\n1. https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718\n2. https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation\n3. https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4\n4. https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3\n5. https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2\n6. https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3\n7. https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566", "creation_timestamp": "2025-06-18T23:41:29.000000Z"} https://vulnerability.circl.lu/sighting/9c36dd4e-7324-4da7-a437-dd57223514c1/export Wed, 18 Jun 2025 23:41:29 +0000 https://vulnerability.circl.lu/sighting/d38e05d8-6982-42a2-919a-0093517e4382/export {"uuid": "d38e05d8-6982-42a2-919a-0093517e4382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45208", "type": "published-proof-of-concept", "source": "Telegram/FjbWTpBvDVB8b-pGnTCwu8ghpX2yuTMdzG-IIPUWqt4oh7U", "content": "", "creation_timestamp": "2025-06-19T01:05:19.000000Z"} {"uuid": "d38e05d8-6982-42a2-919a-0093517e4382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45208", "type": "published-proof-of-concept", "source": "Telegram/FjbWTpBvDVB8b-pGnTCwu8ghpX2yuTMdzG-IIPUWqt4oh7U", "content": "", "creation_timestamp": "2025-06-19T01:05:19.000000Z"} https://vulnerability.circl.lu/sighting/d38e05d8-6982-42a2-919a-0093517e4382/export Thu, 19 Jun 2025 01:05:19 +0000 https://vulnerability.circl.lu/sighting/555db6b3-b075-43fe-8613-f9efb61fff47/export {"uuid": "555db6b3-b075-43fe-8613-f9efb61fff47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45208", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrwduuydns2i", "content": "", "creation_timestamp": "2025-06-19T01:13:57.648160Z"} {"uuid": "555db6b3-b075-43fe-8613-f9efb61fff47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45208", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrwduuydns2i", "content": "", "creation_timestamp": "2025-06-19T01:13:57.648160Z"} https://vulnerability.circl.lu/sighting/555db6b3-b075-43fe-8613-f9efb61fff47/export Thu, 19 Jun 2025 01:13:57 +0000