https://db.gcve.eu/sightings/feedMost recent sightings.2026-05-31T15:14:57.296915+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/4d18569b-abd3-4f55-b8cc-8bf95f625e6f/export4d18569b-abd3-4f55-b8cc-8bf95f625e6f2026-05-31T15:14:57.550459+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "4d18569b-abd3-4f55-b8cc-8bf95f625e6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45617", "type": "seen", "source": "https://t.me/cvedetector/4727", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45617 - OpenSC Off-Heap Buffer Underwrite Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45617 \nPublished : Sept. 3, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. \nSeverity: 3.9 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T01:00:15.000000Z"}2024-09-04T01:00:15+00:00https://db.gcve.eu/sighting/58bbb7f1-7b37-46c8-808d-34ab98b3035c/export58bbb7f1-7b37-46c8-808d-34ab98b3035c2026-05-31T15:14:57.550350+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "58bbb7f1-7b37-46c8-808d-34ab98b3035c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45616", "type": "seen", "source": "https://t.me/cvedetector/4729", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45616 - OpenSC Buffer Over-read Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45616 \nPublished : Sept. 3, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. \nSeverity: 3.9 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T01:00:16.000000Z"}2024-09-04T01:00:16+00:00https://db.gcve.eu/sighting/66324403-ebb3-45e9-8e55-f38d94b6c240/export66324403-ebb3-45e9-8e55-f38d94b6c2402026-05-31T15:14:57.550234+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "66324403-ebb3-45e9-8e55-f38d94b6c240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45615", "type": "seen", "source": "https://t.me/cvedetector/4730", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45615 - OpenSC Smart Card Buffer Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45615 \nPublished : Sept. 3, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. \nSeverity: 3.9 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T01:00:20.000000Z"}2024-09-04T01:00:20+00:00https://db.gcve.eu/sighting/682f0acb-3cd5-4a87-9ffc-b30cbeb128a0/export682f0acb-3cd5-4a87-9ffc-b30cbeb128a02026-05-31T15:14:57.550113+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "682f0acb-3cd5-4a87-9ffc-b30cbeb128a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45612", "type": "seen", "source": "https://t.me/cvedetector/5839", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45612 - Contao Canonical Tag Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45612 \nPublished : Sept. 17, 2024, 7:15 p.m. | 38\u00a0minutes ago \nDescription : Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-17T22:18:15.000000Z"}2024-09-17T22:18:15+00:00https://db.gcve.eu/sighting/2d8fd9e1-5d9b-4420-b4c3-69b666e2e5be/export2d8fd9e1-5d9b-4420-b4c3-69b666e2e5be2026-05-31T15:14:57.549988+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "2d8fd9e1-5d9b-4420-b4c3-69b666e2e5be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45614", "type": "seen", "source": "https://t.me/cvedetector/6087", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45614 - Puma Rack Web Server Proxied Header Tampering\", \n \"Content\": \"CVE ID : CVE-2024-45614 \nPublished : Sept. 19, 2024, 11:15 p.m. | 41\u00a0minutes ago \nDescription : Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now discards any headers using underscores if the non-underscore version also exists. Effectively, allowing the proxy defined headers to always win. Users are advised to upgrade. Nginx has a underscores_in_headers configuration variable to discard these headers at the proxy level as a mitigation. Any users that are implicitly trusting the proxy defined headers for security should immediately cease doing so until upgraded to the fixed versions. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"20 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T02:11:47.000000Z"}2024-09-20T02:11:47+00:00https://db.gcve.eu/sighting/90fc544a-efbb-4769-98e6-a036f9e5e09f/export90fc544a-efbb-4769-98e6-a036f9e5e09f2026-05-31T15:14:57.549856+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "90fc544a-efbb-4769-98e6-a036f9e5e09f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45613", "type": "seen", "source": "https://t.me/cvedetector/6316", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45613 - CKEditor 5 Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45613 \nPublished : Sept. 25, 2024, 2:15 p.m. | 32\u00a0minutes ago \nDescription : CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-25T16:50:01.000000Z"}2024-09-25T16:50:01+00:00https://db.gcve.eu/sighting/3715bfbd-6e33-49d8-b909-1d3230b2b853/export3715bfbd-6e33-49d8-b909-1d3230b2b8532026-05-31T15:14:57.549741+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "3715bfbd-6e33-49d8-b909-1d3230b2b853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45614", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8635", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPuma Header normalization CVE-2024-45614 \u78ba\u8a8d\nURL\uff1ahttps://github.com/ooooooo-q/puma_header_normalization-CVE-2024-45614\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-29T06:08:42.000000Z"}2024-09-29T06:08:42+00:00https://db.gcve.eu/sighting/41dab508-56f4-495f-b8b5-3b63d147bd3c/export41dab508-56f4-495f-b8b5-3b63d147bd3c2026-05-31T15:14:57.549623+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "41dab508-56f4-495f-b8b5-3b63d147bd3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45611", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113488856541985424", "content": "", "creation_timestamp": "2024-11-15T20:28:43.525808Z"}2024-11-15T20:28:43.525808+00:00https://db.gcve.eu/sighting/f3f1896c-b4bb-41ff-b29b-1ebfd93c8255/exportf3f1896c-b4bb-41ff-b29b-1ebfd93c82552026-05-31T15:14:57.549457+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "f3f1896c-b4bb-41ff-b29b-1ebfd93c8255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45611", "type": "seen", "source": "https://t.me/cvedetector/11186", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45611 - GLPI Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2024-45611 \nPublished : Nov. 15, 2024, 9:15 p.m. | 45\u00a0minutes ago \nDescription : GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another user account and use a malicious payload to triggger a stored XSS. Upgrade to 10.0.17. \nSeverity: 5.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T23:19:41.000000Z"}2024-11-15T23:19:41+00:00https://db.gcve.eu/sighting/ee874a3a-965d-4a1c-98ee-b1a3cbc2bb34/exportee874a3a-965d-4a1c-98ee-b1a3cbc2bb342026-05-31T15:14:57.547733+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "ee874a3a-965d-4a1c-98ee-b1a3cbc2bb34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45610", "type": "seen", "source": "https://t.me/cvedetector/11185", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45610 - \"GLPI Cable Form Reflected XSS Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-45610 \nPublished : Nov. 15, 2024, 9:15 p.m. | 45\u00a0minutes ago \nDescription : GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form. Upgrade to 10.0.17. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T23:19:41.000000Z"}2024-11-15T23:19:41+00:00