{"vulnerability": "CVE-2024-1059", "sightings": [{"uuid": "54d0e246-fdd3-41ab-ad88-2f5f5e869374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10592", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113491970826892267", "content": "", "creation_timestamp": "2024-11-16T09:40:43.639865Z"}, {"uuid": "9749ab22-bcc4-4c27-994d-a7597805f7ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10591", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxyucbnh62w", "content": "", "creation_timestamp": "2025-01-30T17:24:58.516411Z"}, {"uuid": "8083617b-7793-4e9a-b385-84ce31856ea3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10591", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113918327083539822", "content": "", "creation_timestamp": "2025-01-30T16:50:57.713784Z"}, {"uuid": "a963bc79-bf7a-41c2-8d67-ddcec864fb03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10592", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9074", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-10592 poc exploit \nURL\uff1ahttps://github.com/windz3r0day/CVE-2024-10592\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-18T20:35:47.000000Z"}, {"uuid": "289d452f-2934-4810-8b32-8479c47ccf38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10591", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917612250619649", "content": "", "creation_timestamp": "2025-01-30T13:46:56.892381Z"}, {"uuid": "0c608e64-6e97-4f9f-8015-2895f3378e2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10591", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxocuwwdt2n", "content": "", "creation_timestamp": "2025-01-30T14:16:16.767903Z"}, {"uuid": "2bf1288c-b292-413e-b46a-243c05da42f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10590", "type": "seen", "source": "https://t.me/cvedetector/12723", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10590 - WordPress Opt-In Downloads File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10590 \nPublished : Dec. 12, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:08:13.000000Z"}, {"uuid": "9ed64185-8c97-45ce-9189-fae6e20c385e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1059", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15577", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1059\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)\n\ud83d\udccf Published: 2024-01-30T21:14:24.088Z\n\ud83d\udccf Modified: 2025-05-08T17:51:54.136Z\n\ud83d\udd17 References:\n1. https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html\n2. https://crbug.com/1514777\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/\n4. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/", "creation_timestamp": "2025-05-08T18:24:20.000000Z"}, {"uuid": "c261d532-c8ed-46aa-8b85-50e8e5509281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10593", "type": "seen", "source": "https://t.me/cvedetector/10787", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10593 - WordPress WPForms CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10593 \nPublished : Nov. 13, 2024, 3:15 a.m. | 41\u00a0minutes ago \nDescription : The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the process_admin_ui function. This makes it possible for unauthenticated attackers to delete WPForm logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T04:57:44.000000Z"}, {"uuid": "8ffe6c8e-e07b-40ca-91af-cca1be5ad7a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10592", "type": "seen", "source": "https://t.me/cvedetector/11231", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10592 - Mapster WordPress Maps Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-10592 \nPublished : Nov. 16, 2024, 10:15 a.m. | 36\u00a0minutes ago \nDescription : The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-16T11:53:20.000000Z"}, {"uuid": "05ad7605-38c0-4a50-bdfb-f3067f8bdf4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10598", "type": "seen", "source": "https://t.me/cvedetector/9546", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10598 - Tongda OA Remote Improper Authorization Vulnerability in Annual Leave Handler\", \n  \"Content\": \"CVE ID : CVE-2024-10598 \nPublished : Oct. 31, 2024, 10:15 p.m. | 19\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T23:37:59.000000Z"}, {"uuid": "642a20e6-2dbe-42fe-bb21-8ae3676abbf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10599", "type": "seen", "source": "https://t.me/cvedetector/9543", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10599 - Tongda OA Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10599 \nPublished : Oct. 31, 2024, 10:15 p.m. | 19\u00a0minutes ago \nDescription : A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T23:37:57.000000Z"}, {"uuid": "8b0bb96d-9d31-4c87-a5a1-81af257e1b8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10594", "type": "seen", "source": "https://t.me/cvedetector/9542", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10594 - ESAflenet CDG SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10594 \nPublished : Oct. 31, 2024, 9:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T22:47:53.000000Z"}, {"uuid": "356d8c17-4f8f-4418-aa24-af6d9a541a41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10597", "type": "seen", "source": "https://t.me/cvedetector/9541", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10597 - ESAFENET CDG SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10597 \nPublished : Oct. 31, 2024, 9:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T22:47:52.000000Z"}, {"uuid": "fd8bc6e6-39d5-4257-86bd-69c27d67b9fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10596", "type": "seen", "source": "https://t.me/cvedetector/9540", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10596 - ESAFENET CDG SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10596 \nPublished : Oct. 31, 2024, 9:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T22:47:52.000000Z"}, {"uuid": "c54d2e30-19c3-4321-8c1c-fd9cd6bd2ab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10595", "type": "seen", "source": "https://t.me/cvedetector/9539", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10595 - ESAFENET CDG SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10595 \nPublished : Oct. 31, 2024, 9:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T22:47:51.000000Z"}, {"uuid": "18e25eaf-ecd9-4679-bc0f-ec81b5de4ea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10591", "type": "seen", "source": "Telegram/eG16PRDLnNp0ANOemSWs2vRZO8tLpWkT7Fl4fyV5F7tetuCj", "content": "", "creation_timestamp": "2025-02-06T02:42:29.000000Z"}, {"uuid": "c59f62b7-1a5a-45d9-b831-4f3a10a58a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10591", "type": "seen", "source": "Telegram/2z3pOFomRanFwtknMmzWgJ5i4rPQIXFpUujpg55l6hq-wbqE", "content": "", "creation_timestamp": "2025-02-06T02:41:39.000000Z"}, {"uuid": "0bddecd5-3eb6-4537-b020-3b11a17d76b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1059", "type": "seen", "source": "https://t.me/ctinow/177858", "content": "https://ift.tt/px2FeHh\nChromium: CVE-2024-1059 Use after free in WebRTC", "creation_timestamp": "2024-02-02T01:16:38.000000Z"}, {"uuid": "bab82b1c-c0ff-461b-a2c8-ff13b23870b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1059", "type": "seen", "source": "https://t.me/ctinow/190579", "content": "https://ift.tt/UNou20X\nCVE-2024-1059 | Google Chrome prior 121.0.6167.139 WebRTC use after free (FEDORA-2024-87e0baecb6)", "creation_timestamp": "2024-02-22T10:06:38.000000Z"}, {"uuid": "5222248b-7097-4c34-9765-df27834e4090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1059", "type": "seen", "source": "https://t.me/ctinow/176343", "content": "https://ift.tt/A5u6zlj\nCVE-2024-1059", "creation_timestamp": "2024-01-30T23:26:25.000000Z"}]}