{"vulnerability": "CVE-2024-4786", "sightings": [{"uuid": "bfe61cd2-aaa8-4c22-996d-283e1aebc257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47865", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113514131846208630", "content": "", "creation_timestamp": "2024-11-20T07:36:34.039605Z"}, {"uuid": "9455989c-a0a1-484c-8f41-971efaf26e5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-47863", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113528269076401600", "content": "", "creation_timestamp": "2024-11-22T19:31:51.052496Z"}, {"uuid": "b02f7ab3-f09a-4002-8163-53ead6637aaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47864", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113699339312969404", "content": "", "creation_timestamp": "2024-12-23T00:37:15.631487Z"}, {"uuid": "c0400dcf-6319-4d37-a5b3-28626d824ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47864", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113699351923604048", "content": "", "creation_timestamp": "2024-12-23T00:40:28.659352Z"}, {"uuid": "b97b5520-19ad-4a63-9cc3-3fb25dcf5a25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47864", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldwqxz55r52a", "content": "", "creation_timestamp": "2024-12-23T01:15:38.471194Z"}, {"uuid": "eb51421a-457f-4030-a5b4-f2746d6cabe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47866", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3m5evlvu3ci2i", "content": "", "creation_timestamp": "2025-11-11T19:45:27.997503Z"}, {"uuid": "b052f3ce-3bc9-450a-bc6b-05c395df6a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47866", "type": "seen", "source": "https://bsky.app/profile/teenigma.bsky.social/post/3m5ga2yjbrc2c", "content": "", "creation_timestamp": "2025-11-12T08:25:49.472965Z"}, {"uuid": "798032ef-8886-4290-be74-d3c0af3a4d14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47866", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5hi7cowhz2a", "content": "", "creation_timestamp": "2025-11-12T20:23:45.925625Z"}, {"uuid": "e83b563c-bea6-456b-920b-61555cc59796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47864", "type": "seen", "source": "https://t.me/cvedetector/13525", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47864 - Home 5G Wi-Fi STATION SH Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47864 \nPublished : Dec. 23, 2024, 1:15 a.m. | 41\u00a0minutes ago \nDescription : home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-23T03:17:12.000000Z"}, {"uuid": "2e464011-89eb-4cf3-8598-73381d67ea97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47866", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q4/164", "content": "", "creation_timestamp": "2025-11-11T17:50:55.000000Z"}, {"uuid": "37ed8ce5-4e1d-462f-8bad-21e8a789d281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47866", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "abb2c118-7f32-4d2a-b173-2882638767aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47865", "type": "seen", "source": "https://t.me/cvedetector/11570", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47865 - Rakuten Turbo 5G Firmware Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47865 \nPublished : Nov. 20, 2024, 8:15 a.m. | 46\u00a0minutes ago \nDescription : Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-20T10:23:42.000000Z"}, {"uuid": "91eba377-a6d6-4ac5-91e3-cae0733bcfc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47868", "type": "seen", "source": "https://t.me/cvedetector/7651", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47868 - Gradio File Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47868 \nPublished : Oct. 10, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data. Vulnerable Components: 1. **String to FileData:** DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton. 2. **Complex data to FileData:** Chatbot, MultimodalTextbox. 3. **Direct file read in preprocess:** Code. 4. **Dictionary converted to FileData:** ParamViewer, Dataset. Exploit Scenarios: 1. A developer creates a Dropdown list that passes values to a DownloadButton. An attacker bypasses the allowed inputs, sends an arbitrary file path (like `/etc/passwd`), and downloads sensitive files. 2. An attacker crafts a malicious payload in a ParamViewer component, leaking sensitive files from a server through the arbitrary file leak. This issue has been resolved in `gradio>5.0`. Upgrading to the latest version will mitigate this vulnerability. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T01:58:05.000000Z"}, {"uuid": "04cdf1b7-3089-4707-876d-fc48fa390487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47867", "type": "seen", "source": "https://t.me/cvedetector/7650", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47867 - Gradio FRP Client Integrity Verification Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47867 \nPublished : Oct. 10, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature.  Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T01:58:05.000000Z"}, {"uuid": "32ef39e6-3157-407c-98fb-a4c059aad1c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47869", "type": "seen", "source": "https://t.me/cvedetector/7649", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47869 - Gradio Timing Hash Comparison Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47869 \nPublished : Oct. 10, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys. Users are advised to upgrade to `gradio>4.44` to mitigate this issue. To mitigate the risk before applying the patch, developers can manually patch the `analytics_dashboard` dashboard to use a **constant-time comparison** function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T01:58:04.000000Z"}, {"uuid": "51b2d3a2-36fe-49c1-8d4c-071b6d3177de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4786", "type": "seen", "source": "https://t.me/cvedetector/1715", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-4786 - Lenovo Tab K10 Denial of Sleep (DoS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-4786 \nPublished : July 26, 2024, 8:15 p.m. | 44\u00a0minutes ago \nDescription : An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on. \nSeverity: 2.8 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T23:03:20.000000Z"}]}