{"vulnerability": "cve-2024-4706", "sightings": [{"uuid": "5d212384-ebe1-4bad-b0b1-d46df085453e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/113476472688256606", "content": "", "creation_timestamp": "2024-11-13T15:59:23.519631Z"}, {"uuid": "31de0a2f-9d2c-4e0c-9828-103bbc629983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47065", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114835715205263599", "content": "", "creation_timestamp": "2025-07-11T17:12:35.786888Z"}, {"uuid": "09578b9d-f127-4854-817f-113b48f35c6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47066", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/436", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aProof-of-Concept for CVE-2024-5932\nURL\uff1ahttps://github.com/l8BL/CVE-2024-47066\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-25T05:16:47.000000Z"}, {"uuid": "0e289b8c-d8ee-4dd8-876b-0975fd44415a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8997", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-47062 PoC\nURL\uff1ahttps://github.com/saisathvik1/CVE-2024-47062\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-11T18:20:33.000000Z"}, {"uuid": "25148556-df6a-455f-b658-0e4e9367b35b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47066", "type": "seen", "source": "https://t.me/GithubRedTeam/8585", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aProof-of-Concept for CVE-2024-5932\nURL\uff1ahttps://github.com/l8BL/CVE-2024-47066\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-24T10:01:15.000000Z"}, {"uuid": "8eece8fa-80b1-4253-aac7-890aac073e45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/18929", "content": "https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6\n\ncve-2024-47062\n\n#github #poc", "creation_timestamp": "2024-09-26T11:12:38.000000Z"}, {"uuid": "ca580a53-fdad-4625-9caa-0adaf0c5762e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47067", "type": "seen", "source": "https://t.me/cvedetector/6663", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47067 - AList Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47067 \nPublished : Sept. 30, 2024, 4:15 p.m. | 38\u00a0minutes ago \nDescription : AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-30T19:10:03.000000Z"}, {"uuid": "d9a13a45-3b60-4b79-b52f-3a20336972f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47063", "type": "seen", "source": "https://t.me/cvedetector/6656", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47063 - CVAT Cross-Site Request Forgery (CSRF)\", \n  \"Content\": \"CVE ID : CVE-2024-47063 \nPublished : Sept. 30, 2024, 3:15 p.m. | 38\u00a0minutes ago \nDescription : Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-30T18:19:47.000000Z"}, {"uuid": "411e9f61-67fb-4b97-88b7-c8959b1375c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47064", "type": "seen", "source": "https://t.me/cvedetector/6653", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47064 - CVAT Open API Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-47064 \nPublished : Sept. 30, 2024, 3:15 p.m. | 38\u00a0minutes ago \nDescription : Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-30T18:19:44.000000Z"}, {"uuid": "6c218a18-3232-432d-859c-a6cc3d21bfc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47066", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/4027", "content": "\ud83d\udea8PoC for Lobe Chat CVE-2024-47066\n\nhttps://darkwebinformer.com/poc-for-lobe-chat-cve-2024-47066/", "creation_timestamp": "2024-09-24T19:46:07.000000Z"}, {"uuid": "f54c2f05-3978-4f2b-a75c-03d398f54a36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47069", "type": "seen", "source": "https://t.me/cvedetector/6188", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47069 - Contao Oveleon Cookie Bar Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-47069 \nPublished : Sept. 23, 2024, 4:15 p.m. | 27\u00a0minutes ago \nDescription : Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-23T18:49:34.000000Z"}, {"uuid": "d1be7472-4a4f-4005-9584-70ad075de385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47068", "type": "seen", "source": "https://t.me/cvedetector/6192", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47068 - Rollup DOM Clobbering Vulnerability (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-47068 \nPublished : Sept. 23, 2024, 4:15 p.m. | 27\u00a0minutes ago \nDescription : Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 3.29.5 and 4.22.4  contain a patch for the vulnerability. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-23T18:49:38.000000Z"}, {"uuid": "b545206e-a31c-4254-8f80-335c53750367", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47066", "type": "seen", "source": "https://t.me/cvedetector/6191", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47066 - Lobe Chat SSRF\", \n  \"Content\": \"CVE ID : CVE-2024-47066 \nPublished : Sept. 23, 2024, 4:15 p.m. | 27\u00a0minutes ago \nDescription : Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue. \nSeverity: 9.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-23T18:49:37.000000Z"}, {"uuid": "64e906ff-365a-4534-a2b9-ec1e7a01253e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/6123", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47062 - Navidrome SQL Injection and Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-47062 \nPublished : Sept. 20, 2024, 7:15 p.m. | 37\u00a0minutes ago \nDescription : Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T22:15:45.000000Z"}, {"uuid": "1dcce9b7-2ad7-4a0d-b4b7-b423ed564996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47061", "type": "seen", "source": "https://t.me/cvedetector/6122", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47061 - Plate Cross-Site Scripting (XSS) and Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47061 \nPublished : Sept. 20, 2024, 7:15 p.m. | 37\u00a0minutes ago \nDescription : Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the `attributes` property. These attributes are passed to the node component using the `nodeProps` prop. It has come to our attention that this feature can be used for malicious purposes, including cross-site scripting (XSS) and information exposure (specifically, users' IP addresses and whether or not they have opened a malicious document). Note that the risk of information exposure via attributes is only relevant to applications in which web requests to arbitrary URLs are not ordinarily allowed. Plate editors that allow users to embed images from arbitrary URLs, for example, already carry the risk of leaking users' IP addresses to third parties. All Plate editors using an affected version of @udecode/plate-core are vulnerable to these information exposure attacks via the style attribute and other attributes that can cause web requests to be sent. In addition, whether or not a Plate editor is vulnerable to cross-site scripting attacks using attributes depends on a number of factors. The most likely DOM attributes to be vulnerable are href and src on links and iframes respectively. Any component that spreads {...nodeProps} onto an or element and does not later override href or src will be vulnerable to XSS. In patched versions of Plate, we have disabled element.attributes and leaf.attributes for most attribute names by default, with some exceptions including target, alt, width, height, colspan and rowspan on the link, image, video, table cell and table header cell plugins. If this is a breaking change for you, you can selectively re-enable attributes for certain plugins as follows. Please carefully research and assess the security implications of any attribute you allow, as even seemingly innocuous attributes such as style can be used maliciously. If you are unable to upgrade to any of the patched versions, you should use a tool like patch-package or yarn patch to remove the logic from @udecode/plate-core that adds attributes to nodeProps. \nSeverity: 8.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T22:15:44.000000Z"}, {"uuid": "c1e891c0-f43d-4bf3-b48e-88fb4f134f6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47060", "type": "seen", "source": "https://t.me/cvedetector/6090", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47060 - Zitadel Unauthorized Access to Deactivated Projects\", \n  \"Content\": \"CVE ID : CVE-2024-47060 \nPublished : Sept. 20, 2024, 12:15 a.m. | 41\u00a0minutes ago \nDescription : Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these applications, leading to unauthorized access. Additionally, if a project was deactivated access to applications was also still possible. The issue stems from the fact that when an organization is deactivated in Zitadel, the applications associated with it do not automatically deactivate. The application lifecycle is not tightly coupled with the organization's lifecycle, leading to a situation where the organization or project is marked as inactive, but its resources remain accessible. This vulnerability allows for unauthorized access to projects and their resources, which should have been restricted post-organization deactivation. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised to upgrade. Users unable to upgrade may explicitly disable the application to make sure the client is not allowed anymore. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T03:01:56.000000Z"}, {"uuid": "fbcf4185-4c58-4456-b84b-80c11f1941a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "seen", "source": "https://t.me/HackingInsights/14181", "content": "\u200aCVE-2024-47062 (CVSS 9.4): Flaws Discovered in Navidrome Music Server Expose Sensitive Data\n\nhttps://securityonline.info/cve-2024-47062-cvss-9-4-flaws-discovered-in-navidrome-music-server-expose-sensitive-data/", "creation_timestamp": "2024-09-24T10:52:18.000000Z"}, {"uuid": "a32c8bbd-50b2-464d-9e2d-21b42d37d6c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/1594", "content": "https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6\n\ncve-2024-47062\n\n#github #poc", "creation_timestamp": "2024-09-25T23:21:09.000000Z"}, {"uuid": "9726d4f6-8c36-48e7-8896-20ca6cf0aae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/6937", "content": "\ud83d\udea8CVE-2024-47062 PoC; SQL Injection Vulnerability in Navidrome\n\nhttps://github.com/saisathvik1/CVE-2024-47062", "creation_timestamp": "2024-11-13T16:59:08.000000Z"}, {"uuid": "1eb75456-7a10-4432-9a22-90ae2f02b8cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/2078", "content": "https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6\n\ncve-2024-47062\n\n#github #poc", "creation_timestamp": "2024-09-25T16:36:33.000000Z"}, {"uuid": "35735b9e-68b3-4626-9d5f-f34066deade2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "seen", "source": "https://t.me/GarudaSecID/2606", "content": "CVE-2024-47062: SQL Injection dan Auth Bypass di Navidrome Music Server, rating 9.4 \ud83d\udd25\n\nPemberitahuan terbaru mengungkapkan beberapa kerentanan, yang secara teori memungkinkan penyerang untuk mendapatkan akses ke data sensitif.\n\nCari di Netlas.io: \n\ud83d\udc49 Link: https://nt.ls/N9Jj8 \n\ud83d\udc49 Dork: http.description:\"Navidrome Music Server\"\n\nPemberitahuan vendor: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6", "creation_timestamp": "2024-10-08T13:35:25.000000Z"}, {"uuid": "1dc73b14-87af-44e9-bc6a-c0ad279684af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "Telegram/gDFVoHUuB6H--lSlEA0FwxdrgJcGZ12Usz4zXGcpZiimTGk", "content": "", "creation_timestamp": "2024-10-10T18:12:19.000000Z"}, {"uuid": "8a0f863d-ea6f-41c5-9da1-d4301f13a329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3219", "content": "https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6\n\ncve-2024-47062\n\n#github #poc", "creation_timestamp": "2024-09-25T16:35:07.000000Z"}, {"uuid": "f9100900-b169-4d2b-9aa3-b395e3c61a0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://t.me/DEVIL_La_RSx/744", "content": "https://github.com/saisathvik1/CVE-2024-47062", "creation_timestamp": "2024-11-22T10:05:08.000000Z"}, {"uuid": "b5319880-fedc-44bc-ad4f-d9b5e208478c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://t.me/DEVIL_La_RSx/1583", "content": "https://github.com/saisathvik1/CVE-2024-47062", "creation_timestamp": "2024-12-02T01:56:49.000000Z"}, {"uuid": "5e1f3fd6-6917-4d3a-b6f7-9f5333783cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "seen", "source": "https://t.me/BlackLineCH/65", "content": "CVE-2024-47062: SQL Injection dan Auth Bypass di Navidrome Music Server, rating 9.4 \ud83d\udd25\n\nPemberitahuan terbaru mengungkapkan beberapa kerentanan, yang secara teori memungkinkan penyerang untuk mendapatkan akses ke data sensitif.\n\nCari di Netlas.io: \n\ud83d\udc49 Link: https://nt.ls/N9Jj8 \n\ud83d\udc49 Dork: http.description:\"Navidrome Music Server\"\n\nPemberitahuan vendor: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6", "creation_timestamp": "2024-10-08T11:29:13.000000Z"}, {"uuid": "7925b071-d2ec-4103-921d-8f91d3d0d4ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47062", "type": "seen", "source": "https://t.me/cyberteamvlayingsecurity/521", "content": "CVE-2024-47062: SQL Injection dan Auth Bypass di Navidrome Music Server, rating 9.4 \ud83d\udd25\n\nPemberitahuan terbaru mengungkapkan beberapa kerentanan, yang secara teori memungkinkan penyerang untuk mendapatkan akses ke data sensitif.\n\nCari di Netlas.io: \n\ud83d\udc49 Link: https://nt.ls/N9Jj8 \n\ud83d\udc49 Dork: http.description:\"Navidrome Music Server\"\n\nPemberitahuan vendor: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6", "creation_timestamp": "2024-10-08T11:58:03.000000Z"}, {"uuid": "0b7a706c-02c8-4370-8c65-fbcdaaa4dc5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47060", "type": "published-proof-of-concept", "source": "https://github.com/zitadel/zitadel/security/advisories/GHSA-jj94-6f5c-65r8", "content": "", "creation_timestamp": "2024-09-19T04:43:08.000000Z"}, {"uuid": "b0043c44-0779-439a-ade7-f96e8d340333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47068", "type": "published-proof-of-concept", "source": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm", "content": "", "creation_timestamp": "2024-09-21T08:49:11.000000Z"}, {"uuid": "8c68f048-5baa-44b9-a505-70232ed49883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47069", "type": "published-proof-of-concept", "source": "https://github.com/oveleon/contao-cookiebar/security/advisories/GHSA-296q-rj83-g9rq", "content": "", "creation_timestamp": "2024-07-26T08:54:59.000000Z"}, {"uuid": "5f16dfc7-190b-4e0f-bc79-8e470b525b47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-47062", "type": "published-proof-of-concept", "source": "https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6", "content": "", "creation_timestamp": "2024-09-20T00:57:15.000000Z"}]}