{"vulnerability": "CVE-2024-2166", "sightings": [{"uuid": "fbf5dae6-39aa-4d9c-9e93-9d4b67d61cec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21668", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18600", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21668\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0.\n\ud83d\udccf Published: 2024-01-09T19:05:49.332Z\n\ud83d\udccf Modified: 2025-06-17T14:26:17.894Z\n\ud83d\udd17 References:\n1. https://github.com/mrousavy/react-native-mmkv/security/advisories/GHSA-4jh3-6jhv-2mgp\n2. https://github.com/mrousavy/react-native-mmkv/commit/a8995ccb7184281f7d168bad3e9987c9bd05f00d\n3. https://github.com/mrousavy/react-native-mmkv/releases/tag/v2.11.0", "creation_timestamp": "2025-06-17T14:40:07.000000Z"}, {"uuid": "a274621c-b5a4-4838-a0d2-52627aa58d0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2166", "type": "seen", "source": "https://t.me/cvedetector/4873", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-2166 - Forcepoint Email Security Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-2166 \nPublished : Sept. 4, 2024, 10:15 p.m. | 38\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T01:18:32.000000Z"}, {"uuid": "0ba98b3e-2509-4979-b13f-4e8eae7a43fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21668", "type": "seen", "source": "https://t.me/arpsyndicate/3006", "content": "#ExploitObserverAlert\n\nCVE-2024-21668\n\nDESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21668. react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0.\n\nFIRST-EPSS: 0.000580000\nNVD-IS: 3.6\nNVD-ES: 1.2", "creation_timestamp": "2024-01-26T17:08:26.000000Z"}, {"uuid": "42a21f19-347a-4ea5-bfa6-0fcabf5c1e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21665", "type": "seen", "source": "https://t.me/arpsyndicate/2987", "content": "#ExploitObserverAlert\n\nCVE-2024-21665\n\nDESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21665. ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.\n\nFIRST-EPSS: 0.000480000\nNVD-IS: 1.4\nNVD-ES: 2.8", "creation_timestamp": "2024-01-26T15:39:03.000000Z"}, {"uuid": "70d70c23-bb2a-4e93-9178-d0631305ffd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21666", "type": "seen", "source": "https://t.me/arpsyndicate/3010", "content": "#ExploitObserverAlert\n\nCVE-2024-21666\n\nDESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-21666. The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.\n\nFIRST-EPSS: 0.000540000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2024-01-26T17:18:37.000000Z"}, {"uuid": "de5de019-fc87-40bd-b403-453a3b2df63b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21667", "type": "seen", "source": "https://t.me/arpsyndicate/2847", "content": "#ExploitObserverAlert\n\nCVE-2024-21667\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21667. pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.", "creation_timestamp": "2024-01-16T12:11:47.000000Z"}, {"uuid": "b4d21161-cad7-4863-8ca0-a0dd827eeeb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21662", "type": "seen", "source": "https://t.me/ctinow/210958", "content": "https://ift.tt/lvjQbXF\nCVE-2024-21662", "creation_timestamp": "2024-03-18T21:32:04.000000Z"}, {"uuid": "1efa6d99-8473-41ac-b3c6-8c188eb8b117", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21661", "type": "seen", "source": "https://t.me/ctinow/210943", "content": "https://ift.tt/CAa45Lf\nCVE-2024-21661", "creation_timestamp": "2024-03-18T21:01:58.000000Z"}, {"uuid": "65bea447-7c39-4a9a-8b1f-6dd22f43b0ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21662", "type": "seen", "source": "https://t.me/ctinow/210918", "content": "https://ift.tt/oHUG1nV\nCVE-2024-21662", "creation_timestamp": "2024-03-18T20:26:54.000000Z"}, {"uuid": "ccd2dc48-1f05-4619-a36d-75ddb5fb5215", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21661", "type": "seen", "source": "https://t.me/ctinow/210917", "content": "https://ift.tt/TDSeurQ\nCVE-2024-21661", "creation_timestamp": "2024-03-18T20:26:52.000000Z"}, {"uuid": "394a0a0d-ba55-4712-84a5-f04e2b135de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21665", "type": "seen", "source": "https://t.me/ctinow/169531", "content": "https://ift.tt/nvh9xkB\nCVE-2024-21665 Exploit", "creation_timestamp": "2024-01-18T01:16:40.000000Z"}, {"uuid": "1e9c1155-d203-44cc-af10-3090e8ddfe3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21667", "type": "seen", "source": "https://t.me/ctinow/175715", "content": "https://ift.tt/yGAtzOn\nCVE-2024-21667 | Pimcore Customer Data Framework prior 4.0.6 GDPR Extract access control", "creation_timestamp": "2024-01-30T07:36:14.000000Z"}, {"uuid": "f91d63b6-a62a-4038-9b8c-af26e1efd9b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21669", "type": "seen", "source": "https://t.me/ctinow/170725", "content": "https://ift.tt/4RyoETs\nCVE-2024-21669 Exploit", "creation_timestamp": "2024-01-20T21:16:25.000000Z"}, {"uuid": "47e2ba82-db18-404f-9b96-844e97ccb7da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21666", "type": "seen", "source": "https://t.me/ctinow/175716", "content": "https://ift.tt/un851Hx\nCVE-2024-21666 | Pimcore Customer Data Framework prior 4.0.6 Duplicate access control", "creation_timestamp": "2024-01-30T07:36:15.000000Z"}, {"uuid": "acc03f4d-085a-4041-b95e-eb31411391a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21668", "type": "seen", "source": "https://t.me/ctinow/174607", "content": "https://ift.tt/KJL76mI\nCVE-2024-21668 | mrousavy react-native-mmkv up to 2.10.x log file (GHSA-4jh3-6jhv-2mgp)", "creation_timestamp": "2024-01-27T04:11:13.000000Z"}, {"uuid": "406e4789-9c93-491a-97d9-b805e5bf84b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21664", "type": "seen", "source": "https://t.me/ctinow/174597", "content": "https://ift.tt/FzXJmBV\nCVE-2024-21664 | lestrrat-go jwx up to 2.0.18 JSON deserialization", "creation_timestamp": "2024-01-27T03:06:23.000000Z"}, {"uuid": "00efc847-9832-47b8-bd57-58808d785504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21669", "type": "seen", "source": "https://t.me/ctinow/174856", "content": "https://ift.tt/SyjPGdZ\nCVE-2024-21669 | aries-cloudagent signature verification", "creation_timestamp": "2024-01-28T08:26:43.000000Z"}, {"uuid": "3cd2dc98-f913-4c3e-b396-b2c0ad326039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21665", "type": "seen", "source": "https://t.me/ctinow/174971", "content": "https://ift.tt/4H0FcMw\nCVE-2024-21665 | Pimcore ecommerce-framework-bundle access control", "creation_timestamp": "2024-01-28T15:56:50.000000Z"}, {"uuid": "8f22c2ff-c9a3-45a4-8c8b-aae301db9771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21663", "type": "seen", "source": "https://t.me/ctinow/173759", "content": "https://ift.tt/1e9UjEr\nCVE-2024-21663 | DEMON1A Discord-Recon up to 0.0.7 input validation (ID 23)", "creation_timestamp": "2024-01-25T20:21:41.000000Z"}, {"uuid": "0eaa1e9f-8f9b-4acc-a58d-c33706201f17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21664", "type": "seen", "source": "https://t.me/ctinow/165701", "content": "https://ift.tt/9Ph2JLM\nCVE-2024-21664", "creation_timestamp": "2024-01-10T11:06:46.000000Z"}, {"uuid": "b10a4632-85c4-4b5f-a679-e3f6f72c0174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21669", "type": "seen", "source": "https://t.me/ctinow/166330", "content": "https://ift.tt/DpOW7uj\nCVE-2024-21669", "creation_timestamp": "2024-01-11T07:31:58.000000Z"}, {"uuid": "1f6e44cc-546a-43ea-adad-8661b5d54cea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21666", "type": "seen", "source": "https://t.me/ctinow/169833", "content": "https://ift.tt/TrBzMY2\nCVE-2024-21666 Exploit", "creation_timestamp": "2024-01-18T17:17:00.000000Z"}, {"uuid": "5dbdc35a-e1b9-4831-bf03-a8a7971cda46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21667", "type": "seen", "source": "https://t.me/ctinow/169832", "content": "https://ift.tt/VwA8LDy\nCVE-2024-21667 Exploit", "creation_timestamp": "2024-01-18T17:16:57.000000Z"}, {"uuid": "b44a925c-9000-4ded-a180-50d120a291af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21664", "type": "seen", "source": "https://t.me/ctinow/169036", "content": "https://ift.tt/z9yu3Jr\nCVE-2024-21664 Exploit", "creation_timestamp": "2024-01-16T23:16:49.000000Z"}, {"uuid": "acdad862-bb70-451d-b15b-192e0d76415f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21663", "type": "seen", "source": "https://t.me/ctinow/167465", "content": "https://ift.tt/YnkIc1S\nCVE-2024-21663 Exploit", "creation_timestamp": "2024-01-12T19:26:53.000000Z"}, {"uuid": "05fb6bc1-591a-40f3-8733-fb80a54a631b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21664", "type": "seen", "source": "https://t.me/ctinow/165376", "content": "https://ift.tt/bWMSUNc\nCVE-2024-21664", "creation_timestamp": "2024-01-09T21:27:35.000000Z"}, {"uuid": "b7db6806-e4c1-46c0-8b0d-91810e4e15a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21668", "type": "seen", "source": "https://t.me/ctinow/165339", "content": "https://ift.tt/uyYR2Sk\nCVE-2024-21668", "creation_timestamp": "2024-01-09T20:26:17.000000Z"}, {"uuid": "323597d1-1933-4cb0-8024-0f4fba681322", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21667", "type": "seen", "source": "https://t.me/ctinow/166280", "content": "https://ift.tt/sZTANmu\nCVE-2024-21667", "creation_timestamp": "2024-01-11T02:26:31.000000Z"}, {"uuid": "6ab60158-6a75-4541-9c3e-4db686434421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21666", "type": "seen", "source": "https://t.me/ctinow/166279", "content": "https://ift.tt/x0WpdbC\nCVE-2024-21666", "creation_timestamp": "2024-01-11T02:26:30.000000Z"}, {"uuid": "b326f064-d165-446c-b432-4859a44f323f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21665", "type": "seen", "source": "https://t.me/ctinow/166278", "content": "https://ift.tt/VK8UrMC\nCVE-2024-21665", "creation_timestamp": "2024-01-11T02:26:29.000000Z"}, {"uuid": "fdb6dfaa-0d77-4ab6-b9e3-6b7c1517a854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21663", "type": "seen", "source": "https://t.me/ctinow/164738", "content": "https://ift.tt/DEUJ4Zk\nCVE-2024-21663", "creation_timestamp": "2024-01-09T01:26:33.000000Z"}]}