{"vulnerability": "cve-2024-4896", "sightings": [{"uuid": "8bc0db94-5a1e-42e3-bde3-494a932dbba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48966", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113483478225910528", "content": "", "creation_timestamp": "2024-11-14T21:40:56.709187Z"}, {"uuid": "3b5684db-ef68-4e08-af26-66ce081d2812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48962", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113503144917733173", "content": "", "creation_timestamp": "2024-11-18T09:02:26.810977Z"}, {"uuid": "0e1cb046-4697-4c94-906a-0b6bc6f4511a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-48962", "type": "seen", "source": "https://bsky.app/profile/sebsrt.bsky.social/post/3lqnsjvhow22b", "content": "", "creation_timestamp": "2025-06-02T22:17:06.652866Z"}, {"uuid": "48e5ad92-c431-4cd0-a21b-5c85442a2f34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48962", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:28.000000Z"}, {"uuid": "c8efb12c-32ba-450b-8155-39ee900db71a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48966", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:28.000000Z"}, {"uuid": "e458fcef-3ca1-476d-a10e-15b995ed58e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48962", "type": "seen", "source": "https://t.me/cvedetector/11300", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48962 - Apache OFBiz Code Injection and CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-48962 \nPublished : Nov. 18, 2024, 9:15 a.m. | 25\u00a0minutes ago \nDescription : Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.  \n  \nThis issue affects Apache OFBiz: before 18.12.17.  \n  \nUsers are recommended to upgrade to version 18.12.17, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T10:41:38.000000Z"}, {"uuid": "6ec2e9fd-0541-4ef0-8a33-a37701b26d39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48967", "type": "seen", "source": "https://t.me/cvedetector/11022", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48967 - \"Philips Ventilator and Service PC Inadequate Audit Logging Weakness\"\", \n  \"Content\": \"CVE ID : CVE-2024-48967 \nPublished : Nov. 14, 2024, 10:15 p.m. | 38\u00a0minutes ago \nDescription : The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T00:11:41.000000Z"}, {"uuid": "0f4279c1-2543-4f7c-bcc0-db65b7ec197c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48966", "type": "seen", "source": "https://t.me/cvedetector/11021", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48966 - \"Medtronic Ventilator Unauthenticated Diagnostic and Calibration Tool Access\"\", \n  \"Content\": \"CVE ID : CVE-2024-48966 \nPublished : Nov. 14, 2024, 10:15 p.m. | 38\u00a0minutes ago \nDescription : The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T00:11:38.000000Z"}, {"uuid": "6544fc9c-c63c-4728-83ab-ac32de25d68f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48963", "type": "seen", "source": "https://t.me/cvedetector/8764", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48963 - Snyk CLI PHP Code Injection\", \n  \"Content\": \"CVE ID : CVE-2024-48963 \nPublished : Oct. 23, 2024, 7:15 p.m. | 16\u00a0minutes ago \nDescription : The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T21:35:28.000000Z"}, {"uuid": "1c93e315-6882-4e4d-93f1-9ba41db605e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48964", "type": "seen", "source": "https://t.me/cvedetector/8763", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48964 - Snyk CLI Gradle Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-48964 \nPublished : Oct. 23, 2024, 7:15 p.m. | 16\u00a0minutes ago \nDescription : The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T21:35:27.000000Z"}]}