{"vulnerability": "CVE-2024-4170", "sightings": [{"uuid": "da741055-6a05-4012-ba39-a7a53e5a272e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41709", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8441", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-41709\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the \"administer fields\" permission.\n\ud83d\udccf Published: 2024-07-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T20:51:26.743Z\n\ud83d\udd17 References:\n1. https://backdropcms.org/security/backdrop-sa-core-2024-001", "creation_timestamp": "2025-03-21T21:21:58.000000Z"}, {"uuid": "012b631f-40a8-4e31-afbf-6851481be164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41700", "type": "seen", "source": "https://t.me/cvedetector/3611", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41700 - Barix Insecure Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41700 \nPublished : Aug. 20, 2024, 12:15 p.m. | 17\u00a0minutes ago \nDescription : Barix \u2013 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-20T14:37:00.000000Z"}, {"uuid": "68a5b445-e293-43cb-9c0c-68b06d69e660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41708", "type": "seen", "source": "https://t.me/cvedetector/6339", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41708 - AdaCore ada_web_services Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-41708 \nPublished : Sept. 25, 2024, 5:15 p.m. | 35\u00a0minutes ago \nDescription : An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-25T20:13:08.000000Z"}, {"uuid": "192e5420-39df-4811-8fb8-51e67a5b5e6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41703", "type": "seen", "source": "https://t.me/cvedetector/1378", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41703 - LibreChat Incorrect Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41703 \nPublished : July 22, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-22T07:46:25.000000Z"}, {"uuid": "a519e41d-ee75-4174-9c6a-baa7deb566af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41706", "type": "seen", "source": "https://t.me/cvedetector/1621", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41706 - Archer Platform Stored Web Scripting Error\", \n  \"Content\": \"CVE ID : CVE-2024-41706 \nPublished : July 25, 2024, 8:15 a.m. | 38\u00a0minutes ago \nDescription : A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P4 (6.14.0.4) is also a fixed release. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-25T11:03:40.000000Z"}, {"uuid": "4f6f0a46-6aa4-4b9f-8235-ed50dbd3c2db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41707", "type": "seen", "source": "https://t.me/cvedetector/1620", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41707 - Archer Platform Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-41707 \nPublished : July 25, 2024, 8:15 a.m. | 38\u00a0minutes ago \nDescription : An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-25T11:03:38.000000Z"}, {"uuid": "db30a295-1da1-4355-a08e-c1de34500d3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41705", "type": "seen", "source": "https://t.me/cvedetector/1619", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41705 - Archer Platform Stored Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41705 \nPublished : July 25, 2024, 8:15 a.m. | 38\u00a0minutes ago \nDescription : A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14.P4 (6.14.0.4) and 6.13 P4 (6.13.0.4) are also fixed releases. This vulnerability is similar to, but not identical to, CVE-2023-30639. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-25T11:03:37.000000Z"}, {"uuid": "71c2ee35-6ae2-4743-9fe3-662dbdcc16ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41704", "type": "seen", "source": "https://t.me/cvedetector/1377", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41704 - LibreChat Image Path Normalization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41704 \nPublished : July 22, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-22T07:46:24.000000Z"}, {"uuid": "41656a3d-faf8-4bd5-b31a-05a506de1e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41709", "type": "seen", "source": "https://t.me/cvedetector/1384", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41709 - Backdrop CMS XSS: Unsanitized Field Labels\", \n  \"Content\": \"CVE ID : CVE-2024-41709 \nPublished : July 22, 2024, 6:15 a.m. | 43\u00a0minutes ago \nDescription : Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the \"administer fields\" permission. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-22T09:26:54.000000Z"}, {"uuid": "c040a9a5-2ddf-4423-b247-9b901ead92d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41700", "type": "seen", "source": "https://t.me/nusantaraMYID/822", "content": "https://www.cve.org/CVERecord?id=CVE-2024-41700\n\n\ud83e\udee3\u26a1\ufe0f", "creation_timestamp": "2024-08-20T15:49:28.000000Z"}, {"uuid": "fbb9f14e-e145-49ec-937c-281f4f904014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41701", "type": "seen", "source": "https://t.me/cvedetector/2033", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41701 - AccuPOS Exposed Sensitive Information Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41701 \nPublished : July 30, 2024, 10:15 a.m. | 44\u00a0minutes ago \nDescription : AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T13:14:16.000000Z"}, {"uuid": "aecc095e-ece9-46a1-b1de-06aad544faa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41702", "type": "seen", "source": "https://t.me/cvedetector/2032", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41702 - SiberianCMS SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-41702 \nPublished : July 30, 2024, 10:15 a.m. | 44\u00a0minutes ago \nDescription : SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T13:14:15.000000Z"}]}