{"vulnerability": "CVE-2024-1114", "sightings": [{"uuid": "acf074b3-66ff-4366-a4df-7e5d7c29b378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11145", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113550886338089718", "content": "", "creation_timestamp": "2024-11-26T19:23:43.246005Z"}, {"uuid": "7c922470-c79c-458f-8c8d-210d00247fdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11148", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113601960061562738", "content": "", "creation_timestamp": "2024-12-05T19:52:26.178879Z"}, {"uuid": "c0b6a018-2261-406b-8ba8-c88b5cb7e932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11149", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113603461798381913", "content": "", "creation_timestamp": "2024-12-06T02:14:20.887537Z"}, {"uuid": "d91e6b2c-16ef-453e-a347-1721421b27c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113842041671276996", "content": "", "creation_timestamp": "2025-01-17T05:28:20.861209Z"}, {"uuid": "427f1ede-c02a-4523-a35d-036dc2f8f3e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfw5faizis2b", "content": "", "creation_timestamp": "2025-01-17T06:15:30.753220Z"}, {"uuid": "b86b3875-07da-40c6-be99-0cbdd01997ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfw7jrn4522e", "content": "", "creation_timestamp": "2025-01-17T06:53:50.652591Z"}, {"uuid": "6986d8a0-8a63-49e0-8fc2-2e0b2185f473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2099", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11146\n\ud83d\udd39 Description: TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08.\n\ud83d\udccf Published: 2025-01-17T05:21:15.264Z\n\ud83d\udccf Modified: 2025-01-17T05:21:15.264Z\n\ud83d\udd17 References:\n1. https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-25-016-01.json", "creation_timestamp": "2025-01-17T05:56:43.000000Z"}, {"uuid": "e1e329bf-7dc7-497c-be91-6af99ab716aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf32rmm32e", "content": "", "creation_timestamp": "2025-01-23T17:15:35.135227Z"}, {"uuid": "a27145c0-6c4b-4ca2-bdc6-1bf2b020cf1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggggv4c3y2g", "content": "", "creation_timestamp": "2025-01-23T17:40:07.381249Z"}, {"uuid": "d3f3f49f-ba08-4d16-8800-e250cc6ed9d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo6rn5izn62p", "content": "", "creation_timestamp": "2025-05-02T12:00:41.917790Z"}, {"uuid": "c8289b80-d1ff-4eb2-afd5-d3be3a325b53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo6g64dwbgd2", "content": "", "creation_timestamp": "2025-05-02T13:21:00.430779Z"}, {"uuid": "7ed5bee8-dd91-4f97-addc-c792bc032b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14464", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11142\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0\n\nNOTE: According to the vendor, fixing process is still ongoing for v4.05.\n\ud83d\udccf Published: 2025-05-02T07:47:30.429Z\n\ud83d\udccf Modified: 2025-05-02T07:47:30.429Z\n\ud83d\udd17 References:\n1. https://www.usom.gov.tr/bildirim/tr-25-0098", "creation_timestamp": "2025-05-02T08:16:14.000000Z"}, {"uuid": "6cae05fc-757a-46f7-aa2c-b8c5367c3e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5944", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11146\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/V:D/RE:L)\n\ud83d\udd39 Description: TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08.\n\ud83d\udccf Published: 2025-01-17T05:21:15.264Z\n\ud83d\udccf Modified: 2025-02-28T18:01:30.397Z\n\ud83d\udd17 References:\n1. https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-25-017-01.json\n2. https://infosec.exchange/@abreacher", "creation_timestamp": "2025-02-28T18:26:25.000000Z"}, {"uuid": "231e4f11-9206-47af-b633-94cb68ff5bf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11149", "type": "seen", "source": "https://t.me/cvedetector/12164", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11149 - In OpenBSD 7.4 before errata 014, vmm(4) did not r\", \n  \"Content\": \"CVE ID : CVE-2024-11149 \nPublished : Dec. 6, 2024, 2:15 a.m. | 32\u00a0minutes ago \nDescription : In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. \nSeverity: 7.9 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T03:54:43.000000Z"}, {"uuid": "91b19216-21ca-4f29-a73b-f57ce5064d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11141", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17048", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11141\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-15T20:06:47.658Z\n\ud83d\udccf Modified: 2025-05-20T19:36:52.199Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/6fe3544b-fb86-43e4-9771-6e9343f9f835/", "creation_timestamp": "2025-05-20T19:41:20.000000Z"}, {"uuid": "7c1f824c-8f55-443b-9cd7-bc014524dcda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11146", "type": "seen", "source": "https://t.me/cvedetector/15681", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11146 - \"TrueFiling Unauthenticated Access to Case Information\"\", \n  \"Content\": \"CVE ID : CVE-2024-11146 \nPublished : Jan. 17, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T08:25:43.000000Z"}, {"uuid": "9a845f0f-8577-426f-8ceb-1ab757e7d32c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11147", "type": "seen", "source": "https://t.me/cvedetector/16215", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11147 - ECOVACS Root Password Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11147 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:17.000000Z"}, {"uuid": "f4618a3c-fabe-434e-b070-7219c7f4c8fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1114", "type": "seen", "source": "https://t.me/ctinow/190781", "content": "https://ift.tt/pVXKsHQ\nCVE-2024-1114 | openBI up to 1.0.8 Screen.php dlfile fileUrl access control", "creation_timestamp": "2024-02-22T15:12:31.000000Z"}, {"uuid": "2cd9d3eb-4143-4d47-afef-4906fbea65fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11144", "type": "seen", "source": "https://t.me/cvedetector/13022", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11144 - Apache FTP Denial of Service/Resource Exhaustion(points)\", \n  \"Content\": \"CVE ID : CVE-2024-11144 \nPublished : Dec. 16, 2024, 5:15 p.m. | 40\u00a0minutes ago \nDescription : The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it could lead to incomplete file transfers, potentially corrupting data. The repeated crash might also affect the stability of the underlying system, especially if it leads to resource leaks or affects other services. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-16T19:02:41.000000Z"}, {"uuid": "36bf0748-c09f-4243-8ea5-68993eda397e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11148", "type": "seen", "source": "https://t.me/cvedetector/12137", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11148 - In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 b\", \n  \"Content\": \"CVE ID : CVE-2024-11148 \nPublished : Dec. 5, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T22:03:17.000000Z"}, {"uuid": "577199ea-9e74-4140-8057-15270d30dffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11143", "type": "seen", "source": "https://t.me/cvedetector/10784", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11143 - Kognetiks Chatbot for WordPress CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-11143 \nPublished : Nov. 13, 2024, 3:15 a.m. | 41\u00a0minutes ago \nDescription : The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_assistant functions. This makes it possible for unauthenticated attackers to modify assistants via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T04:57:42.000000Z"}, {"uuid": "92e7b695-cedd-478e-b728-e31f279d9545", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1114", "type": "seen", "source": "https://t.me/ctinow/177109", "content": "https://ift.tt/2xp59v6\nCVE-2024-1114", "creation_timestamp": "2024-01-31T21:22:08.000000Z"}, {"uuid": "a92b3ea1-7ea2-4220-8880-5d0149ab8e74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11142", "type": "seen", "source": "https://t.me/cvedetector/24336", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11142 - Gosoft Software Proticaret E-Commerce CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11142 \nPublished : May 2, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0  \n  \nNOTE: According to the vendor, fixing process is still ongoing for v4.05. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T11:45:44.000000Z"}]}