{"vulnerability": "cve-2024-5727", "sightings": [{"uuid": "bd36da71-9f20-4a11-847a-16cd4271e27e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57272", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgqmj562ml2g", "content": "", "creation_timestamp": "2025-01-27T18:55:20.937759Z"}, {"uuid": "311872e9-a10d-4708-916d-ecd9fc2c2108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57276", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgqmj5rwqv2y", "content": "", "creation_timestamp": "2025-01-27T18:55:23.994512Z"}, {"uuid": "ed959c3a-ff59-4ee5-a3a0-89a5a97a966f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57276", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqgxv6iqm2h", "content": "", "creation_timestamp": "2025-01-27T17:16:13.250746Z"}, {"uuid": "2abee582-bdc1-42d4-bb17-b060018b4176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57276", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113901292449278960", "content": "", "creation_timestamp": "2025-01-27T16:36:36.033209Z"}, {"uuid": "0fe96b9c-dd3d-49b4-9690-8da88622bf23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57277", "type": "seen", "source": "https://t.me/cvedetector/16345", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57277 - InnoShop SVG File Upload Reflected XSS\", \n  \"Content\": \"CVE ID : CVE-2024-57277 \nPublished : Jan. 24, 2025, 8:15 p.m. | 40\u00a0minutes ago \nDescription : InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T21:56:25.000000Z"}, {"uuid": "6cb52444-0a81-489e-8dfd-c8e0bff7f222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57272", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqgxripgq2p", "content": "", "creation_timestamp": "2025-01-27T17:16:09.345539Z"}, {"uuid": "77bec773-f907-49fe-8d06-a2d82b8325e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57278", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhmmtahhjy2u", "content": "", "creation_timestamp": "2025-02-07T22:15:32.467339Z"}, {"uuid": "1c64a855-ad85-466c-a85b-01bf1e5ad1ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57279", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhmmtcpp7o27", "content": "", "creation_timestamp": "2025-02-07T22:15:35.214596Z"}, {"uuid": "563db0fb-8e82-4f7a-accc-7d160b2b198a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57279", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhmrjbbggh2b", "content": "", "creation_timestamp": "2025-02-07T23:39:30.060868Z"}, {"uuid": "aa050fca-34c3-485e-a37f-2f648d30a561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57273", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5htyuzpq2h", "content": "", "creation_timestamp": "2025-05-14T16:58:07.286997Z"}, {"uuid": "0fcac737-fbf8-49d0-a410-3ac5937afa1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57278", "type": "seen", "source": "https://t.me/cvedetector/17525", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57278 - QingScan Reflected Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-57278 \nPublished : Feb. 7, 2025, 10:15 p.m. | 1\u00a0hour, 10\u00a0minutes ago \nDescription : A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0.\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-08T00:41:47.000000Z"}, {"uuid": "6a25a2ac-ed16-4fa6-8dc0-d018f0c36fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57279", "type": "seen", "source": "https://t.me/cvedetector/17526", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57279 - OpenLDAP LDAP User Manager Reflected Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-57279 \nPublished : Feb. 7, 2025, 10:15 p.m. | 1\u00a0hour, 10\u00a0minutes ago \nDescription : A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <=\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-08T00:41:51.000000Z"}, {"uuid": "d41abc0a-ca2b-4bf5-ab02-360d08700917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57277", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3010", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57277\n\ud83d\udd39 Description: InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.\n\ud83d\udccf Published: 2025-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T19:40:20.835Z\n\ud83d\udd17 References:\n1. https://youtu.be/ved96wsIYlQ\n2. https://github.com/innocommerce/innoshop/issues/115\n3. https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Innocommerce/Findings.md", "creation_timestamp": "2025-01-24T20:04:56.000000Z"}, {"uuid": "13c6262e-74f5-4006-89e4-ad17c1666862", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57276", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3523", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57276\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-27T17:15:16.827\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/yamerooo123/CVE/blob/main/CVE-2024-57276/Description.md\n2. https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Dragon%20Age%20Origins/Description.md", "creation_timestamp": "2025-01-30T23:19:51.000000Z"}, {"uuid": "4019441b-19a7-4018-a5dc-5a21ceb74605", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57276", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3543", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57276\n\ud83d\udd25 CVSS Score: 7.3 (CVSS_V3)\n\ud83d\udd39 Description: In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path.\n\ud83d\udccf Published: 2025-01-27T18:32:01Z\n\ud83d\udccf Modified: 2025-01-31T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-57276\n2. https://github.com/yamerooo123/CVE/blob/main/CVE-2024-57276/Description.md\n3. https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Dragon%20Age%20Origins/Description.md", "creation_timestamp": "2025-01-31T01:12:28.000000Z"}, {"uuid": "afe100af-0aee-47c9-98e3-bc56c9de55d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57273", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16984", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57273\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized \"reason\" field and a derivable device key generated from the public SSH key.\n\ud83d\udccf Published: 2025-05-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-20T14:27:40.251Z\n\ud83d\udd17 References:\n1. http://netgate.com\n2. https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack/\n3. https://www.netgate.com/blog/important-security-updates-for-pfsense-plus-24.11-and-ce-2.7.2\n4. https://docs.netgate.com/downloads/pfSense-SA-25_03.webgui.asc", "creation_timestamp": "2025-05-20T14:40:44.000000Z"}]}