{"vulnerability": "cve-2024-5147", "sightings": [{"uuid": "c7ead165-7c04-432a-86ad-f269f7ebb38e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51471", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113680632170125877", "content": "", "creation_timestamp": "2024-12-19T17:19:47.320629Z"}, {"uuid": "2e8ee44f-e7b0-4333-9eaa-8c5a4e86e713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-51479", "type": "seen", "source": "https://infosec.exchange/users/mttaggart/statuses/113683355203817189", "content": "", "creation_timestamp": "2024-12-20T04:52:18.141001Z"}, {"uuid": "6be0b92f-02da-46c9-bde1-a065fdaaaba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3ldo4gqssju2e", "content": "", "creation_timestamp": "2024-12-19T14:46:47.588684Z"}, {"uuid": "4f20ecda-f9ed-4e8f-b187-388be38e4db9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113669566323116247", "content": "", "creation_timestamp": "2024-12-17T18:25:35.808340Z"}, {"uuid": "b56d928c-2cb9-4a34-833b-cee6b2c9b64c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51470", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113675598653035443", "content": "", "creation_timestamp": "2024-12-18T19:59:41.980845Z"}, {"uuid": "14609375-1f77-41d9-a44d-0c7b44e33a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51471", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldoi4vbxhw2t", "content": "", "creation_timestamp": "2024-12-19T18:16:01.210001Z"}, {"uuid": "2f1986a8-591c-4677-9363-184d74e9c4b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51472", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113782415137517154", "content": "", "creation_timestamp": "2025-01-06T16:44:32.779039Z"}, {"uuid": "bc7e351e-4fb9-4be0-9bc5-c120e5a781d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51472", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3n6745wb2i", "content": "", "creation_timestamp": "2025-01-06T17:16:01.252891Z"}, {"uuid": "683fdcc7-5486-43d9-8c9b-70c817b3bdae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:48:00.000000Z"}, {"uuid": "e22bdbc8-bd1a-47bd-ba3d-298b94e41f9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51471", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:01.000000Z"}, {"uuid": "a98f291d-7c14-4b42-a2c5-6eafde4ac186", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51471", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:31.000000Z"}, {"uuid": "cd9fb7d5-4984-437c-84b9-b33efdc4770e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:45.000000Z"}, {"uuid": "bf9b5b5d-b287-440a-a23b-60746864a74e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51476", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6699", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51476\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.\n\ud83d\udccf Published: 2025-03-06T16:28:03.671Z\n\ud83d\udccf Modified: 2025-03-06T16:28:03.671Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7184961", "creation_timestamp": "2025-03-06T16:33:54.000000Z"}, {"uuid": "86f5b970-dffe-448f-ab54-c0a0ca7bd42e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51475", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16592", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51475\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.\n\ud83d\udccf Published: 2025-05-16T00:44:43.744Z\n\ud83d\udccf Modified: 2025-05-16T00:44:43.744Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7233695", "creation_timestamp": "2025-05-16T01:34:20.000000Z"}, {"uuid": "b4244186-af9c-49f7-a382-ccb9b4b539ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51477", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9513", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51477\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: IBM InfoSphere Information Server 11.7 \n\ncould allow an authenticated to obtain sensitive username information due to an observable response discrepancy.\n\ud83d\udccf Published: 2025-03-28T23:51:32.765Z\n\ud83d\udccf Modified: 2025-03-28T23:51:32.765Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7185058", "creation_timestamp": "2025-03-29T00:28:38.000000Z"}, {"uuid": "a26f5921-b845-40d4-a1a0-c487c1fde27f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51472", "type": "seen", "source": "https://t.me/cvedetector/14389", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51472 - IBM UrbanCode Deploy (UCD) HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51472 \nPublished : Jan. 6, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T19:26:47.000000Z"}, {"uuid": "33154d68-5958-4d4b-8cd9-afa3859d1400", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51477", "type": "seen", "source": "https://t.me/cvedetector/21489", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51477 - IBM InfoSphere Information Server Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51477 \nPublished : March 29, 2025, 12:15 a.m. | 34\u00a0minutes ago \nDescription : IBM InfoSphere Information Server 11.7   \n  \ncould allow an authenticated to obtain sensitive username information due to an observable response discrepancy. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T02:07:15.000000Z"}, {"uuid": "a075a18b-ee27-4ab7-8415-bd0afdf46b9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "https://t.me/cvedetector/13124", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51479 - Vercel Next.js Root Directory Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-51479 \nPublished : Dec. 17, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `` * [Affected] `` * [Not affected] ``. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T20:57:59.000000Z"}, {"uuid": "b4ea5451-1c33-46b3-b94d-2b4e3ace7cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51471", "type": "seen", "source": "https://t.me/cvedetector/13352", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51471 - IBM MQ Appliance Out-of-Bounds Write Denial-of-Service\", \n  \"Content\": \"CVE ID : CVE-2024-51471 \nPublished : Dec. 19, 2024, 6:15 p.m. | 33\u00a0minutes ago \nDescription : IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS\u00a0web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T19:50:11.000000Z"}, {"uuid": "5ed72c64-4082-4782-b310-82bdfdf7ddac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51478", "type": "seen", "source": "https://t.me/cvedetector/9515", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51478 - YesWiki Weak Password Reset Key Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-51478 \nPublished : Oct. 31, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T19:26:59.000000Z"}, {"uuid": "9693659d-9ec1-4e7a-93da-b2550aa8142c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51470", "type": "seen", "source": "https://t.me/cvedetector/13243", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51470 - IBM MQ Denial of Service (DoS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51470 \nPublished : Dec. 18, 2024, 8:15 p.m. | 36\u00a0minutes ago \nDescription : IBM MQ\u00a09.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance\u00a09.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25\u00a0could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T22:03:51.000000Z"}, {"uuid": "04104f13-934f-4154-b257-ffb9cdc9c3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "Telegram/lXRzYknB6SBUTd3lazzYxB5xeOdU1Cklky9RaxLfOhf4z6Qw", "content": "", "creation_timestamp": "2025-02-23T20:21:25.000000Z"}, {"uuid": "b83412d6-7239-481e-bc65-2e41f56cba65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5147", "type": "seen", "source": "Telegram/fTsBj-4hqZUJRyHvTE-0ETX0RKjs526WCW-SUvGC6LYaW-Ok", "content": "", "creation_timestamp": "2025-02-06T02:43:29.000000Z"}, {"uuid": "1dd6d475-8c40-4e87-8a30-c9264db78f0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "published-proof-of-concept", "source": "https://t.me/suboxone_chatroom/7709", "content": "\ud83c\udf00 This is wild!\n\nYou\u2019ve probably seen the buzz around the Next.js middleware auth bypass (CVE-2025-29927) \u2014 but there\u2019s another less-known yet similar vulnerability: CVE-2024-51479.\n\nThis flaw allows attackers to bypass authentication by abusing the __nextLocale query parameter in the URL, tricking the middleware into granting access to protected routes.\n\nProof of Concept (PoC):\n\ncurl https://target.com/?__nextLocale=/admin\n\nThis vulnerability was fixed in Next.js v14.2.15, and Vercel-hosted apps have already been patched automatically.\n\nI found a very cool article explaining everything in detail:\n\nhttps://gmo-cybersecurity.com/blog/another-nextjs-middleware-bypass-en", "creation_timestamp": "2025-04-06T23:09:44.000000Z"}, {"uuid": "274a6590-0fd6-448c-9a7f-172f1b378cfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-51478", "type": "published-proof-of-concept", "source": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3", "content": "", "creation_timestamp": "2024-10-31T15:56:22.000000Z"}]}