https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 22 May 2026 16:08:25 +0000 https://db.gcve.eu/sighting/af670582-dbe8-4529-af9a-0d104ac507a8/export {"uuid": "af670582-dbe8-4529-af9a-0d104ac507a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-41667", "type": "seen", "source": "https://t.me/cvedetector/1581", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-41667 - OpenAM Template Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-41667 \nPublished : July 24, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"24 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-24T20:49:53.000000Z"} {"uuid": "af670582-dbe8-4529-af9a-0d104ac507a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-41667", "type": "seen", "source": "https://t.me/cvedetector/1581", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-41667 - OpenAM Template Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-41667 \nPublished : July 24, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"24 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-24T20:49:53.000000Z"} https://db.gcve.eu/sighting/af670582-dbe8-4529-af9a-0d104ac507a8/export Wed, 24 Jul 2024 20:49:53 +0000 https://db.gcve.eu/sighting/674deff1-0efd-4f05-a4f6-04cb273cda8c/export {"uuid": "674deff1-0efd-4f05-a4f6-04cb273cda8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-41667", "type": "seen", "source": "https://t.me/HackingInsights/8271", "content": "\u200aCVE-2024-41667: OpenAM Vulnerability Exposes Authentication Systems to Critical Risk\n\nhttps://securityonline.info/cve-2024-41667-openam-vulnerability-exposes-authentication-systems-to-critical-risk/", "creation_timestamp": "2024-08-01T10:18:46.000000Z"} {"uuid": "674deff1-0efd-4f05-a4f6-04cb273cda8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-41667", "type": "seen", "source": "https://t.me/HackingInsights/8271", "content": "\u200aCVE-2024-41667: OpenAM Vulnerability Exposes Authentication Systems to Critical Risk\n\nhttps://securityonline.info/cve-2024-41667-openam-vulnerability-exposes-authentication-systems-to-critical-risk/", "creation_timestamp": "2024-08-01T10:18:46.000000Z"} https://db.gcve.eu/sighting/674deff1-0efd-4f05-a4f6-04cb273cda8c/export Thu, 01 Aug 2024 10:18:46 +0000