{"vulnerability": "CVE-2024-1139", "sightings": [{"uuid": "e466b9a7-2849-4b71-9635-2809808209fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11394", "type": "seen", "source": "https://infosec.exchange/users/thezdi/statuses/113510654528953721", "content": "", "creation_timestamp": "2024-11-19T16:52:14.214440Z"}, {"uuid": "73ae89f3-feb3-426e-87be-8568bff638bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11395", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113511286843034576", "content": "", "creation_timestamp": "2024-11-19T19:33:02.501655Z"}, {"uuid": "16932cbc-0aff-41fe-902d-757469fd64b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11393", "type": "seen", "source": "https://infosec.exchange/users/thezdi/statuses/113510652704842916", "content": "", "creation_timestamp": "2024-11-19T16:51:46.548166Z"}, {"uuid": "f7c7d984-1500-45d6-8f87-35057c4070d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11394", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1515/", "content": "", "creation_timestamp": "2024-11-19T06:00:00.000000Z"}, {"uuid": "9e470bdd-3b07-4609-9dd0-e661cd4581a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11393", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1514/", "content": "", "creation_timestamp": "2024-11-19T06:00:00.000000Z"}, {"uuid": "12ad9c9c-f754-40a1-8d1d-5b71d36f2231", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11395", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113511182696118850", "content": "", "creation_timestamp": "2024-11-19T19:06:33.527296Z"}, {"uuid": "990d6e98-8bd3-425e-9e02-c265a2f6941f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11392", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1513/", "content": "", "creation_timestamp": "2024-11-19T06:00:00.000000Z"}, {"uuid": "7dc9aa6a-8cab-43d5-9e9c-de411c5cc5b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11398", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113593312876665573", "content": "", "creation_timestamp": "2024-12-04T07:13:20.656494Z"}, {"uuid": "3fc64ffb-eec5-47c5-b96f-8753f8a393bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11391", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113589395352356764", "content": "", "creation_timestamp": "2024-12-03T14:37:03.837236Z"}, {"uuid": "4e464723-7325-4ad2-ba89-3d6698fe7793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11398", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113593299997969913", "content": "", "creation_timestamp": "2024-12-04T07:10:04.440815Z"}, {"uuid": "12eb60d2-265f-4ca0-9b6b-14f65815a154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11395", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113524048830700209", "content": "", "creation_timestamp": "2024-11-22T01:38:35.179537Z"}, {"uuid": "cdd1928d-6fea-418b-9a6e-736e112a9e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11398", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113624105624570013", "content": "", "creation_timestamp": "2024-12-09T17:44:20.923019Z"}, {"uuid": "fa4cc7ff-38fc-465d-b659-a538741aa622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11395", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113635299660498681", "content": "", "creation_timestamp": "2024-12-11T17:11:08.496872Z"}, {"uuid": "14da5be2-fcd8-40ba-80e2-c26f90b713be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11396", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113826789763064009", "content": "", "creation_timestamp": "2025-01-14T12:49:35.031618Z"}, {"uuid": "0991900a-793e-42ae-82fc-f7b60502ad24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11396", "type": "seen", "source": "https://bsky.app/profile/gothburz.bsky.social/post/3lfpcp2mq3427", "content": "", "creation_timestamp": "2025-01-14T13:01:50.669689Z"}, {"uuid": "8181ce02-8b78-4b50-adc4-a8f1b3167974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11396", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfo3afete22t", "content": "", "creation_timestamp": "2025-01-14T01:15:43.409720Z"}, {"uuid": "03de8f87-f639-498c-abc2-393448108e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11396", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad5htla2a", "content": "", "creation_timestamp": "2025-01-20T21:02:01.993654Z"}, {"uuid": "4146f229-aec3-4e34-8c9b-85ec81975fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11396", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/114059639760884430", "content": "", "creation_timestamp": "2025-02-24T15:46:24.020857Z"}, {"uuid": "eb08a3b6-b684-44f8-9c21-18f446838ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11397", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhulr4mutn23", "content": "", "creation_timestamp": "2025-02-11T02:17:45.543493Z"}, {"uuid": "9c246830-05bf-48ec-962d-219fb34a73c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11396", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lizr4fujpn2b", "content": "", "creation_timestamp": "2025-02-25T21:02:07.571464Z"}, {"uuid": "dc62582b-dfde-4c5b-af08-30498c48ddec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11392", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4353", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11392\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.\n\ud83d\udccf Published: 2024-11-23T03:31:58Z\n\ud83d\udccf Modified: 2025-02-13T22:15:58Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-11392\n2. https://github.com/huggingface/transformers/issues/34840\n3. https://github.com/huggingface/transformers/pull/35296\n4. https://github.com/huggingface/transformers\n5. https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-227.yaml\n6. https://www.zerodayinitiative.com/advisories/ZDI-24-1513", "creation_timestamp": "2025-02-13T23:10:44.000000Z"}, {"uuid": "d5eda177-c084-40f2-9056-5a6ac3fb73b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11392", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmvyydefez2e", "content": "", "creation_timestamp": "2025-04-16T06:53:05.083947Z"}, {"uuid": "9db0310f-83cf-4e79-9949-a516413627c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11394", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9337", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aTechnical Details and Exploit for CVE-2024-11394\nURL\uff1ahttps://github.com/Piyush-Bhor/CVE-2024-11394\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-07T11:28:47.000000Z"}, {"uuid": "c7b79cdb-d04a-4729-8f04-726ddbcef3fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11392", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9336", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aTechnical Details and Exploit for CVE-2024-11392\nURL\uff1ahttps://github.com/Piyush-Bhor/CVE-2024-11392\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-07T11:15:59.000000Z"}, {"uuid": "6b5fda37-9b5d-495a-bb00-c1c414f158b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11393", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9346", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aTechnical Details and Exploit for CVE-2024-11393\nURL\uff1ahttps://github.com/Piyush-Bhor/CVE-2024-11393\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-08T00:33:01.000000Z"}, {"uuid": "0e1f6bd5-2f2e-4d5e-bd3e-f05f4133bfc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11392", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmzyvyphgz2e", "content": "", "creation_timestamp": "2025-04-17T21:02:33.128592Z"}, {"uuid": "198c930b-ac0f-4874-be16-6d32172ce5c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11393", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4351", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11393\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.\n\ud83d\udccf Published: 2024-11-23T03:31:58Z\n\ud83d\udccf Modified: 2025-02-13T22:16:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-11393\n2. https://github.com/huggingface/transformers/issues/34840\n3. https://github.com/huggingface/transformers/pull/35296\n4. https://github.com/huggingface/transformers\n5. https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-228.yaml\n6. https://www.zerodayinitiative.com/advisories/ZDI-24-1514", "creation_timestamp": "2025-02-13T23:10:36.000000Z"}, {"uuid": "34ec072d-76ad-4de2-ac60-34acb8122976", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11391", "type": "seen", "source": "https://t.me/cvedetector/11886", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11391 - The Advanced File Manager plugin for WordPress is\", \n  \"Content\": \"CVE ID : CVE-2024-11391 \nPublished : Dec. 3, 2024, 3:15 p.m. | 58\u00a0minutes ago \nDescription : The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T17:20:12.000000Z"}, {"uuid": "e8adb651-d085-4c91-a513-d5d327c3439e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11395", "type": "seen", "source": "https://t.me/cvedetector/11518", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11395 - Google Chrome V8 Type Confusion Heap Corruption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11395 \nPublished : Nov. 19, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T21:51:20.000000Z"}, {"uuid": "ebef25b8-5043-4705-a0bd-702ea69076b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11396", "type": "published-proof-of-concept", "source": "Telegram/nQrdilQjQl99lIMRwlBIzfx1gXvNFdI2V5simBs1rgDfZ-k", "content": "", "creation_timestamp": "2025-01-14T22:00:06.000000Z"}, {"uuid": "bfcab5cf-0083-4bef-a255-829d9dccbad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11393", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11533", "content": "#exploit\n1. CVE-2020-0401:\nAndroid PackageManagerService LPE\nhttps://pwner.gg/blog/Android's-CVE-2020-0401\n\n2. CVE-2024-7591:\nCommand Injection in Kemp LoadMaster Load Balancer\nhttps://insinuator.net/2024/11/vulnerability-disclosure-command-injection-in-kemp-loadmaster-load-balancer-cve-2024-7591\n\n3. CVE-2024-11393:\nHugging Face Transformers MaskFormer Model Deserialization of Untrusted Data RCE\nhttps://github.com/Piyush-Bhor/CVE-2024-11393", "creation_timestamp": "2024-12-09T10:59:01.000000Z"}, {"uuid": "0562d0ad-9ad4-477e-8505-3c058bf61e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11398", "type": "seen", "source": "https://t.me/cvedetector/11954", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11398 - Improper limitation of a pathname to a restricted\", \n  \"Content\": \"CVE ID : CVE-2024-11398 \nPublished : Dec. 4, 2024, 7:15 a.m. | 41\u00a0minutes ago \nDescription : Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T09:13:32.000000Z"}]}