{"vulnerability": "CVE-2024-4194", "sightings": [{"uuid": "57ab4ac8-f0f5-4935-b3d1-20124275bb9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41946", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3lzzeuxkcgj2c", "content": "", "creation_timestamp": "2025-09-30T01:31:30.781151Z"}, {"uuid": "b0fac6ca-0962-4062-9b8a-24cc60e74b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41947", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmxigystby27", "content": "", "creation_timestamp": "2025-04-16T21:02:25.163881Z"}, {"uuid": "aee4a9f5-5cba-4e8d-8d1f-94c51f821814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41946", "type": "seen", "source": "https://gist.github.com/alex-aizman/e37d58b44d071bb27940f4db465b3263", "content": "", "creation_timestamp": "2025-05-19T14:17:45.000000Z"}, {"uuid": "71d7e248-6d2f-4986-856f-8ea6d8f333da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41945", "type": "seen", "source": "https://t.me/cvedetector/2072", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41945 - Fuels-ts Unauthenticated Transaction Fund Prune Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41945 \nPublished : July 30, 2024, 8:15 p.m. | 42\u00a0minutes ago \nDescription : fuels-ts is a library for interacting with Fuel v2.  The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the `fund` function in `fuels-ts/packages/account/src/account.ts` gets the needed ressources statelessly with the function `getResourcesToSpend` without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the `txpool` / in a block or a previous transaction silently getting removed from the `txpool` and replaced with a new one. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T23:16:30.000000Z"}, {"uuid": "a8f88452-bd06-4281-9b96-6aecebbaa7c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41941", "type": "seen", "source": "https://t.me/cvedetector/2970", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41941 - SINEC NMS Auth Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41941 \nPublished : Aug. 13, 2024, 8:15 a.m. | 58\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEC NMS (All versions Severity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T11:14:59.000000Z"}, {"uuid": "fe2c6d00-5c5e-4440-997a-9c4b4ffe5537", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41948", "type": "seen", "source": "https://t.me/cvedetector/2295", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41948 - Biscuit-java Signing Denial of Trust Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41948 \nPublished : Aug. 1, 2024, 10:15 p.m. | 16\u00a0minutes ago \nDescription : biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. This vulnerability is fixed in 4.0.0. \nSeverity: 3.0 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-02T00:38:04.000000Z"}, {"uuid": "811bb43a-d724-4e06-b5b6-e591488de264", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41942", "type": "seen", "source": "https://t.me/cvedetector/2796", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41942 - JupyterHub Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41942 \nPublished : Aug. 8, 2024, 3:15 p.m. | 35\u00a0minutes ago \nDescription : JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users.  \nIn effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-08T18:04:36.000000Z"}, {"uuid": "de4afc13-230d-43e7-8d0c-69d0e0b5d90b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41944", "type": "seen", "source": "https://t.me/Black4Fan/10", "content": "\u0410 \u0435\u0449\u0435 \u044f \u043d\u0430\u043b\u0443\u0442\u0430\u043b \u043f\u0430\u0447\u043a\u0443 CVE.\n\u041f\u0440\u0430\u0432\u0434\u0430 \u0447\u0430\u0441\u0442\u044c \u0438\u0437 \u043d\u0438\u0445 \u0431\u0435\u0437 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u0440\u0430 \u00af\\_(\u30c4)_/\u00af\n\nOracle E-Business Suite\nCVE-2024-21071 RCE\nCVE-2024-21074 SQL Injection\nCVE-2024-21075 SQL Injection\nCVE-2024-21080 SQL Injection\nCVE-2024-21143 Unvalidated Forward\n\nOracle Critical Patch Update - April 2024\nOracle Critical Patch Update - July 2024\n\n\nXibo CMS\nCVE-2024-41802 SQL Injection\nCVE-2024-41803 SQL Injection\nCVE-2024-41804 SQL Injection\nCVE-2024-41944 SQL Injection\n\nXibo CMS Security Advisory\n\n\nThruk\nCVE-2024-39915 RCE\n\nThruk Security", "creation_timestamp": "2024-08-13T15:58:56.000000Z"}, {"uuid": "1dc0e81d-ae85-4c15-92a7-971219ecc86d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41949", "type": "seen", "source": "https://t.me/cvedetector/2292", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41949 - Biscuit-Rust Malicious Third-Party Block Request Forgery\", \n  \"Content\": \"CVE ID : CVE-2024-41949 \nPublished : Aug. 1, 2024, 10:15 p.m. | 16\u00a0minutes ago \nDescription : biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. \nSeverity: 3.0 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-02T00:38:01.000000Z"}, {"uuid": "bd35c4c0-c1b5-4abc-8894-09f563746543", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41940", "type": "seen", "source": "https://t.me/cvedetector/2974", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41940 - SINEC NMS Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41940 \nPublished : Aug. 13, 2024, 8:15 a.m. | 58\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEC NMS (All versions Severity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T11:15:05.000000Z"}, {"uuid": "0941b30e-6ab8-42b0-8a12-e325581b033e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41946", "type": "seen", "source": "https://t.me/cvedetector/2234", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41946 - REXML XML Toolkit DoS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41946 \nPublished : Aug. 1, 2024, 3:15 p.m. | 37\u00a0minutes ago \nDescription : REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-01T17:55:48.000000Z"}, {"uuid": "4d364323-bfa7-4361-ae77-b45b952ccf27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41943", "type": "seen", "source": "https://t.me/cvedetector/2057", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41943 - Adobe I, Librarian Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41943 \nPublished : July 30, 2024, 6:15 p.m. | 22\u00a0minutes ago \nDescription : I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T20:45:50.000000Z"}, {"uuid": "06d1c5d9-998d-4803-a76e-d89bd84d4ad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41947", "type": "seen", "source": "https://t.me/cvedetector/2147", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41947 - XWiki Platform JavaScript Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41947 \nPublished : July 31, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1. \nSeverity: 9.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-31T19:20:42.000000Z"}, {"uuid": "99e99375-9af2-4ab1-b9d5-0ce54049a417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41944", "type": "seen", "source": "https://t.me/cvedetector/2052", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41944 - Xibo SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41944 \nPublished : July 30, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T19:55:44.000000Z"}]}