{"vulnerability": "cve-2024-5589", "sightings": [{"uuid": "c72217a9-575f-45b9-9a1d-15878a74393e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55891", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfq2xasfvl2e", "content": "", "creation_timestamp": "2025-01-14T20:15:55.504799Z"}, {"uuid": "b274c51a-89f1-485a-92a2-698cf2c07633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55892", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfq2xdlkqx2s", "content": "", "creation_timestamp": "2025-01-14T20:15:58.270710Z"}, {"uuid": "6e1a3658-b5eb-4795-b374-bc26b34c288b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55893", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfq2xfvchl2h", "content": "", "creation_timestamp": "2025-01-14T20:16:00.757894Z"}, {"uuid": "7a43aa42-928a-4238-9f50-87d254d897cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55894", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfq2xic6fq2j", "content": "", "creation_timestamp": "2025-01-14T20:16:03.204006Z"}, {"uuid": "41e55126-4ebe-4047-a084-ba1e6580457c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55896", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113766784516427162", "content": "", "creation_timestamp": "2025-01-03T22:29:29.651411Z"}, {"uuid": "611902af-9823-4c36-b15f-10dbbe813c38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55898", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3litiuhjcfs2y", "content": "", "creation_timestamp": "2025-02-23T09:18:28.608203Z"}, {"uuid": "b1a101cd-1320-4aa6-bfcc-e8de069d963c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55898", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114056818035334137", "content": "", "creation_timestamp": "2025-02-24T03:48:48.161901Z"}, {"uuid": "cbbcedc2-4978-4cc6-b3a3-ea8e70f61b78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55898", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lirprb5m2z2o", "content": "", "creation_timestamp": "2025-02-22T16:16:37.830090Z"}, {"uuid": "61a81bdb-0d97-409c-8335-e8507bde8f6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55898", "type": "seen", "source": "https://t.me/cvedetector/18771", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55898 - IBM i Unqualified Library Call Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55898 \nPublished : Feb. 24, 2025, 2:15 a.m. | 25\u00a0minutes ago \nDescription : IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-24T03:44:41.000000Z"}, {"uuid": "01301f17-6e87-405f-b63d-94c73f399ce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55890", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mah44ehcyv2f", "content": "", "creation_timestamp": "2025-12-20T21:02:59.296521Z"}, {"uuid": "a103e881-2057-45e9-89ed-4e6d1903ab21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55891", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1758", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55891\n\ud83d\udd39 Description: TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-14T19:11:58.861Z\n\ud83d\udccf Modified: 2025-01-15T15:02:46.106Z\n\ud83d\udd17 References:\n1. https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q\n2. https://typo3.org/security/advisory/typo3-core-sa-2025-001", "creation_timestamp": "2025-01-15T15:10:06.000000Z"}, {"uuid": "45cf52d2-5df6-43a3-94c9-338371adf8df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55894", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1590", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55894\n\ud83d\udd39 Description: TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cBackend User Module\u201d allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described.\n\ud83d\udccf Published: 2025-01-14T19:57:28.172Z\n\ud83d\udccf Modified: 2025-01-14T19:57:28.172Z\n\ud83d\udd17 References:\n1. https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v", "creation_timestamp": "2025-01-14T20:08:48.000000Z"}, {"uuid": "055bd47a-5755-4b29-9cc4-fcbdb8a9d82f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55898", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5116", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55898\n\ud83d\udd25 CVSS Score: 8.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.\n\ud83d\udccf Published: 2025-02-24T02:01:55.854Z\n\ud83d\udccf Modified: 2025-02-24T02:01:55.854Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7183835", "creation_timestamp": "2025-02-24T02:21:31.000000Z"}, {"uuid": "71c33a34-9226-40c1-a3c3-13b7fb4764ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55893", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1779", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55893\n\ud83d\udd39 Description: TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cLog Module\u201d allows attackers to remove log entries. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-14T20:00:15.247Z\n\ud83d\udccf Modified: 2025-01-15T15:44:53.027Z\n\ud83d\udd17 References:\n1. https://github.com/TYPO3/typo3/security/advisories/GHSA-cjfr-9f5r-3q93\n2. https://typo3.org/security/advisory/typo3-core-sa-2025-003", "creation_timestamp": "2025-01-15T15:55:08.000000Z"}, {"uuid": "81f682d0-3ab3-4ace-8371-7b9cbd8b7be6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55895", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9542", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-55895\n\ud83d\udd25 CVSS Score: 2.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.\n\ud83d\udccf Published: 2025-03-29T12:22:50.518Z\n\ud83d\udccf Modified: 2025-03-29T12:22:50.518Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7185450", "creation_timestamp": "2025-03-29T13:28:42.000000Z"}, {"uuid": "38410e25-83ca-4a20-8c40-cd7ea3f4a9f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55895", "type": "seen", "source": "https://t.me/cvedetector/21509", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55895 - IBM InfoSphere Information Server Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55895 \nPublished : March 29, 2025, 1:15 p.m. | 2\u00a0hours, 12\u00a0minutes ago \nDescription : IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T17:10:02.000000Z"}, {"uuid": "1b0d9a90-8d00-451a-ac2c-7e5de10db86a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55898", "type": "seen", "source": "Telegram/q9ifg7yJf4xGEYmIIenvJSNU6X_bXi9Gjjqd5Nkc9MHGWTQq", "content": "", "creation_timestamp": "2025-02-24T14:08:41.000000Z"}, {"uuid": "7e10fd45-1dfb-4a92-a3b1-6b24a834d1f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55893", "type": "seen", "source": "https://t.me/cvedetector/15365", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55893 - \"TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability in Backend User Interface\"\", \n  \"Content\": \"CVE ID : CVE-2024-55893 \nPublished : Jan. 14, 2025, 8:15 p.m. | 37\u00a0minutes ago \nDescription : TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cLog Module\u201d allows attackers to remove log entries. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T22:22:58.000000Z"}, {"uuid": "31a4580d-4cb8-42eb-9063-ac5e6ac9bafd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55894", "type": "seen", "source": "https://t.me/cvedetector/15363", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55894 - TYPO3 Cross-Site Request Forgery (CSRF) in Backend User Interface\", \n  \"Content\": \"CVE ID : CVE-2024-55894 \nPublished : Jan. 14, 2025, 8:15 p.m. | 37\u00a0minutes ago \nDescription : TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component \u201cBackend User Module\u201d allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T22:22:55.000000Z"}, {"uuid": "9de214e3-2477-4599-8257-ef4154ca256a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55892", "type": "seen", "source": "https://t.me/cvedetector/15370", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55892 - TYPO3 URI Parser SSRF and Open Redirect Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55892 \nPublished : Jan. 14, 2025, 8:15 p.m. | 37\u00a0minutes ago \nDescription : TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\\CMS\\Core\\Http\\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T22:23:02.000000Z"}, {"uuid": "7364fd4f-d2bf-449c-ac12-8e6ff5ade006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55891", "type": "seen", "source": "https://t.me/cvedetector/15369", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55891 - TYPO3 Install Tool Unprotected Password Log\", \n  \"Content\": \"CVE ID : CVE-2024-55891 \nPublished : Jan. 14, 2025, 8:15 p.m. | 37\u00a0minutes ago \nDescription : TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T22:23:01.000000Z"}, {"uuid": "037f5ad6-5519-4a5d-8b05-4efbfe1a57d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55897", "type": "seen", "source": "https://t.me/cvedetector/14248", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55897 - IBM PowerHA SystemMirror for i Insecure Cookie Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-55897 \nPublished : Jan. 3, 2025, 11:15 p.m. | 40\u00a0minutes ago \nDescription : IBM PowerHA SystemMirror for i 7.4 and 7.5   \n  \ndoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-04T01:22:59.000000Z"}, {"uuid": "bb00c1af-9937-4bd0-96c1-1c630bf591ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55896", "type": "seen", "source": "https://t.me/cvedetector/14247", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55896 - IBM PowerHA SystemMirror for i Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-55896 \nPublished : Jan. 3, 2025, 11:15 p.m. | 40\u00a0minutes ago \nDescription : IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. \u00a0This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-04T01:22:58.000000Z"}, {"uuid": "1a3bd57b-a846-4fa1-bc4f-7587d31770ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-55890", "type": "seen", "source": "https://t.me/cvedetector/12899", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-55890 - D-Tale Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-55890 \nPublished : Dec. 13, 2024, 6:15 p.m. | 35\u00a0minutes ago \nDescription : D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T19:57:35.000000Z"}]}