{"vulnerability": "CVE-2024-3886", "sightings": [{"uuid": "f47e06cb-8a2a-492a-9937-28cedec1acd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38864", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113680359880252754", "content": "", "creation_timestamp": "2024-12-19T16:10:33.351458Z"}, {"uuid": "fb988057-e8bc-4d79-9df2-8130a3b4ac6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38864", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldobfmornr2s", "content": "", "creation_timestamp": "2024-12-19T16:15:37.474824Z"}, {"uuid": "cc05a1f4-9f7d-4dab-877a-3070e86b80bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38866", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq57wv3xlfm2", "content": "", "creation_timestamp": "2025-05-27T08:02:08.369320Z"}, {"uuid": "5fa2a977-1db0-40e6-92c9-d2fe57d240c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38866", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq5fh6mfut27", "content": "", "creation_timestamp": "2025-05-27T09:40:20.231621Z"}, {"uuid": "b5e96a3e-9367-471c-be23-686bb26127be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38864", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:01.000000Z"}, {"uuid": "9f46a723-36ca-4101-b110-fd02ffe34451", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38864", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:31.000000Z"}, {"uuid": "dbccec86-38d1-4d19-9202-3f450bab61a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38861", "type": "seen", "source": "https://t.me/cvedetector/6491", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38861 - MikroTik Checkmk Exchange Plugin SSL/TLS Man-in-the-Middle Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38861 \nPublished : Sept. 27, 2024, 9:15 a.m. | 45\u00a0minutes ago \nDescription : Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T12:24:09.000000Z"}, {"uuid": "d7235452-e745-49cc-a43f-3283d981af00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38865", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11197", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38865\n\ud83d\udd25 CVSS Score: 6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host.\n\ud83d\udccf Published: 2025-04-10T07:35:35.143Z\n\ud83d\udccf Modified: 2025-04-10T07:35:35.143Z\n\ud83d\udd17 References:\n1. https://checkmk.com/werk/17028", "creation_timestamp": "2025-04-10T07:50:24.000000Z"}, {"uuid": "6d55b7ec-c336-4cda-abcb-d0c3b4100e88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38866", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17612", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38866\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L)\n\ud83d\udd39 Description: Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection\n\ud83d\udccf Published: 2025-05-27T07:01:35.160Z\n\ud83d\udccf Modified: 2025-05-27T07:01:35.160Z\n\ud83d\udd17 References:\n1. https://github.com/NagVis/nagvis/pull/398/commits/8d5d07e22dfca78df7420ac81cffff6f45ca9694\n2. https://www.nagvis.org/downloads/changelog/1.9.47", "creation_timestamp": "2025-05-27T07:48:16.000000Z"}, {"uuid": "b9f5bc9c-76f4-463c-a218-8613af91f4c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38864", "type": "seen", "source": "https://t.me/cvedetector/13341", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38864 - Checkmk Windows Agent Directory Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-38864 \nPublished : Dec. 19, 2024, 4:15 p.m. | 43\u00a0minutes ago \nDescription : Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <=\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T18:09:50.000000Z"}, {"uuid": "10684d66-911f-468b-8a57-8eb30384bfba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38863", "type": "seen", "source": "https://t.me/cvedetector/7801", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38863 - Checkmk CSRF Token Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-38863 \nPublished : Oct. 14, 2024, 8:15 a.m. | 24\u00a0minutes ago \nDescription : Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18,<2.2.0p35<2.1.0p48\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-14T10:48:51.000000Z"}, {"uuid": "d95d51ac-c93c-4a42-8d06-e17d85a28fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38862", "type": "seen", "source": "https://t.me/cvedetector/7800", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38862 - Checkmk SNMP and IMPI Secrets Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38862 \nPublished : Oct. 14, 2024, 8:15 a.m. | 24\u00a0minutes ago \nDescription : Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18,<2.2.0p35,<2.1.0p48<=2.0.0p39\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-14T10:48:50.000000Z"}, {"uuid": "5290d410-1413-42a5-98e9-eda5d158be21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38860", "type": "seen", "source": "https://t.me/cvedetector/5812", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38860 - Apache Checkmk Input Validation XSS\", \n  \"Content\": \"CVE ID : CVE-2024-38860 \nPublished : Sept. 17, 2024, 2:15 p.m. | 40\u00a0minutes ago \nDescription : Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T17:16:52.000000Z"}, {"uuid": "74e98caf-4ebf-4831-8548-87e0dd8aad66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3886", "type": "seen", "source": "https://t.me/cvedetector/4564", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-3886 - TagDiv Composer - WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-3886 \nPublished : Aug. 31, 2024, 5:15 a.m. | 15\u00a0minutes ago \nDescription : The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018envato_code[]\u2019 parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-31T07:32:11.000000Z"}, {"uuid": "08a76a62-4d3d-40e2-a03a-2f94053d61b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38868", "type": "seen", "source": "https://t.me/cvedetector/4538", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38868 - Zohocorp ManageEngine Endpoint Central Incorrect Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38868 \nPublished : Aug. 30, 2024, 6:15 p.m. | 15\u00a0minutes ago \nDescription : Zohocorp ManageEngine Endpoint Central affected by\u00a0Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-30T20:39:58.000000Z"}, {"uuid": "f52ce877-bba0-4d4b-99d9-52a974c5a589", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38869", "type": "seen", "source": "https://t.me/cvedetector/4004", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38869 - Zohocorp ManageEngine Stored Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-38869 \nPublished : Aug. 23, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : An Stored Cross-site Scripting vulnerability affects Zohocorp\u00a0ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-23T17:58:18.000000Z"}]}