{"vulnerability": "cve-2024-5507", "sightings": [{"uuid": "524b772e-a1a3-4ac2-a9ba-03447d3d5bac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55074", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113783244019784638", "content": "", "creation_timestamp": "2025-01-06T20:15:19.878904Z"}, {"uuid": "661f0bff-4d4d-47be-842b-97c5a705f75d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55074", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3x7wsuki2k", "content": "", "creation_timestamp": "2025-01-06T20:15:57.263366Z"}, {"uuid": "0fd12979-2bee-4513-8505-43ce027f33d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55075", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113783287128672013", "content": "", "creation_timestamp": "2025-01-06T20:26:17.637386Z"}, {"uuid": "12eca186-87f3-41bb-9ba2-bffe34333fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55076", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113783338674267105", "content": "", "creation_timestamp": "2025-01-06T20:39:24.360031Z"}, {"uuid": "8ff2207d-ffce-4e04-a012-d4c3e4bbfb7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55074", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf3yykdznc2b", "content": "", "creation_timestamp": "2025-01-06T20:47:37.112300Z"}, {"uuid": "00e4a406-67b5-4508-9e54-b45228d673ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55075", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf42kdbfdu2l", "content": "", "creation_timestamp": "2025-01-06T21:15:27.148814Z"}, {"uuid": "b3657ce6-6b76-4a53-a482-880ebcd315da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55076", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf42kftlgm2e", "content": "", "creation_timestamp": "2025-01-06T21:15:30.269590Z"}, {"uuid": "6edefe7c-977a-4ab2-838f-018e00fbf763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55076", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113783609699744377", "content": "", "creation_timestamp": "2025-01-06T21:48:28.176883Z"}, {"uuid": "9ef0959f-197b-408f-8059-5214ba54e453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55074", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113783609618371393", "content": "", "creation_timestamp": "2025-01-06T21:48:28.321047Z"}, {"uuid": "1d6d0717-6891-4c2b-92b0-8a16fee843af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55076", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf44mvb6st2r", "content": "", "creation_timestamp": "2025-01-06T21:52:40.775251Z"}, {"uuid": "54845252-10f1-403f-8af4-709abc0f6361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55075", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf44mvkj262y", "content": "", "creation_timestamp": "2025-01-06T21:52:41.671998Z"}, {"uuid": "b644f655-dd65-4f61-9a4b-febd5a722968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55076", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf44mvo32t2k", "content": "", "creation_timestamp": "2025-01-06T21:52:42.324858Z"}, {"uuid": "f0b28102-02e6-4ccd-9ea8-9fe76deb2d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55078", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113764946112818435", "content": "", "creation_timestamp": "2025-01-03T14:41:55.969875Z"}, {"uuid": "2028a734-52e0-41a3-9355-5863e304dc9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55078", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3letuzycxso2m", "content": "", "creation_timestamp": "2025-01-03T15:15:33.144946Z"}, {"uuid": "5b68801c-8c46-477d-9433-ac47b887a9c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55078", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3letx3q5xxk2k", "content": "", "creation_timestamp": "2025-01-03T15:52:52.793314Z"}, {"uuid": "70f1d319-d5b5-4028-ae07-04410b19efea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55074", "type": "seen", "source": "https://t.me/cvedetector/14405", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55074 - Grocy Stored XSS Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55074 \nPublished : Jan. 6, 2025, 8:15 p.m. | 36\u00a0minutes ago \nDescription : The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T21:57:56.000000Z"}, {"uuid": "78045ddc-1552-44a6-b6fe-41238ff29309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55075", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/214", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55075\n\ud83d\udd39 Description: Grocy through 4.2.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes.\n\ud83d\udccf Published: 2025-01-06T00:00:00\n\ud83d\udccf Modified: 2025-01-06T20:29:03.659Z\n\ud83d\udd17 References:\n1. https://m10x.de/posts/2024/11/all-your-recipe-are-belong-to-us-part-1/3-stored-xss-csrf-and-broken-access-control-vulnerabilities-in-grocy/", "creation_timestamp": "2025-01-06T20:48:32.000000Z"}, {"uuid": "0b26835e-f8de-42f2-a1d5-70d296ccf8b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55074", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/218", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55074\n\ud83d\udd39 Description: The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.\n\ud83d\udccf Published: 2025-01-06T00:00:00\n\ud83d\udccf Modified: 2025-01-06T20:26:25.597Z\n\ud83d\udd17 References:\n1. https://m10x.de/posts/2024/11/all-your-recipe-are-belong-to-us-part-1/3-stored-xss-csrf-and-broken-access-control-vulnerabilities-in-grocy/", "creation_timestamp": "2025-01-06T20:49:06.000000Z"}, {"uuid": "5602681a-f6d6-4432-8b92-d649d39e0a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55070", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9183", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55070\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.\n\ud83d\udccf Published: 2025-03-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T19:07:11.681Z\n\ud83d\udd17 References:\n1. https://github.com/mealie-recipes/mealie/issues/4593\n2. https://m10x.de/posts/2025/03/all-your-recipe-are-belong-to-us-part-3/3-broken-access-controls-leading-to-privilege-escalation-and-more-in-mealie/", "creation_timestamp": "2025-03-27T19:26:56.000000Z"}, {"uuid": "f06438fd-6007-4938-90ae-82c2bf3ffdbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55073", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9188", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55073\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.\n\ud83d\udccf Published: 2025-03-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T19:05:02.855Z\n\ud83d\udd17 References:\n1. https://github.com/mealie-recipes/mealie/issues/4593\n2. https://m10x.de/posts/2025/03/all-your-recipe-are-belong-to-us-part-3/3-broken-access-controls-leading-to-privilege-escalation-and-more-in-mealie/", "creation_timestamp": "2025-03-27T19:27:01.000000Z"}, {"uuid": "f7119c9b-31f6-4556-8c7c-c3ee8daba6c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55072", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9187", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55072\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.\n\ud83d\udccf Published: 2025-03-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T19:06:11.033Z\n\ud83d\udd17 References:\n1. https://github.com/mealie-recipes/mealie/issues/4593\n2. https://m10x.de/posts/2025/03/all-your-recipe-are-belong-to-us-part-3/3-broken-access-controls-leading-to-privilege-escalation-and-more-in-mealie/", "creation_timestamp": "2025-03-27T19:27:00.000000Z"}, {"uuid": "0d2efbd4-f3b3-4e2b-8751-253bfb8ce45b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55070", "type": "seen", "source": "https://t.me/cvedetector/21339", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55070 - Hay-Kot Mealie Broken Object Level Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55070 \nPublished : March 27, 2025, 8:15 p.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T23:20:52.000000Z"}, {"uuid": "cae72d04-4236-4a0c-bba5-eb3f376da5ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55073", "type": "seen", "source": "https://t.me/cvedetector/21336", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55073 - \"Mealie Object Level Authorization Bypass\"\", \n  \"Content\": \"CVE ID : CVE-2024-55073 \nPublished : March 27, 2025, 7:15 p.m. | 28\u00a0minutes ago \nDescription : A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T20:50:27.000000Z"}, {"uuid": "5bca22f3-abdd-4b88-8bec-c2c196e810f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55072", "type": "seen", "source": "https://t.me/cvedetector/21335", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55072 - Hay-Kot Mealie Object Level Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-55072 \nPublished : March 27, 2025, 7:15 p.m. | 28\u00a0minutes ago \nDescription : A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T20:50:27.000000Z"}, {"uuid": "fcc93116-58f8-46b9-b904-42471f06bf5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55075", "type": "seen", "source": "https://t.me/cvedetector/14408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55075 - Grocy Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-55075 \nPublished : Jan. 6, 2025, 9:15 p.m. | 26\u00a0minutes ago \nDescription : Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T22:48:07.000000Z"}, {"uuid": "6604e22f-2fec-4a75-8632-09bfaee954aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55076", "type": "seen", "source": "https://t.me/cvedetector/14407", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55076 - Grocy CSRF Password Change Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55076 \nPublished : Jan. 6, 2025, 9:15 p.m. | 26\u00a0minutes ago \nDescription : Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T22:48:06.000000Z"}, {"uuid": "d2052c93-d945-4a23-9f62-35c6ae5d1a1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55078", "type": "seen", "source": "https://t.me/cvedetector/14219", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55078 - WukongCRM Arbitrary Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55078 \nPublished : Jan. 3, 2025, 3:15 p.m. | 36\u00a0minutes ago \nDescription : An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-03T17:01:16.000000Z"}]}