https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 07 Jun 2026 03:14:09 +0000 https://db.gcve.eu/sighting/3dba322a-21a8-44ed-8472-614fd2f2eeed/export {"uuid": "3dba322a-21a8-44ed-8472-614fd2f2eeed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48914", "type": "seen", "source": "https://t.me/InfoSecInsider/24148", "content": "\u26a1\ufe0fCVE-2024-48914 (CVSS 9.1): Critical File Read Flaw Discovered in Vendure E-commerce Platform.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:34.000000Z"} {"uuid": "3dba322a-21a8-44ed-8472-614fd2f2eeed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48914", "type": "seen", "source": "https://t.me/InfoSecInsider/24148", "content": "\u26a1\ufe0fCVE-2024-48914 (CVSS 9.1): Critical File Read Flaw Discovered in Vendure E-commerce Platform.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:34.000000Z"} https://db.gcve.eu/sighting/3dba322a-21a8-44ed-8472-614fd2f2eeed/export Tue, 22 Oct 2024 15:06:34 +0000 https://db.gcve.eu/sighting/89d201f5-3d9b-456c-b64a-debd53c14558/export {"uuid": "89d201f5-3d9b-456c-b64a-debd53c14558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48914", "type": "seen", "source": "https://t.me/InfoSecInsider/535", "content": "\u26a1\ufe0fCVE-2024-48914 (CVSS 9.1): Critical File Read Flaw Discovered in Vendure E-commerce Platform.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:36.000000Z"} {"uuid": "89d201f5-3d9b-456c-b64a-debd53c14558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48914", "type": "seen", "source": "https://t.me/InfoSecInsider/535", "content": "\u26a1\ufe0fCVE-2024-48914 (CVSS 9.1): Critical File Read Flaw Discovered in Vendure E-commerce Platform.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:36.000000Z"} https://db.gcve.eu/sighting/89d201f5-3d9b-456c-b64a-debd53c14558/export Tue, 22 Oct 2024 15:06:36 +0000 https://db.gcve.eu/sighting/9f6a6b26-ad18-4820-9997-1889a9d37c1e/export {"uuid": "9f6a6b26-ad18-4820-9997-1889a9d37c1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48919", "type": "seen", "source": "https://t.me/cvedetector/8648", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-48919 - \"Cursor Terminal Cmd-K Web Page Code Injection Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-48919 \nPublished : Oct. 22, 2024, 9:15 p.m. | 30\u00a0minutes ago \nDescription : Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. This scenario would require the user explicitly opt-in to including the contents of a compromised webpage, and it would require that the attacker display prompt injection text in the the contents of the compromised webpage. \n \nA server-side patch to not stream back newlines or control characters was released on September 27, 2024, within two hours of the issue being reported. Additionally, Cursor 0.42 includes client-side mitigations to prevent any newline or control character from being streamed into the terminal directly. It also contains a new setting, `\"cursor.terminal.usePreviewBox\"`, which, if set to true, streams the response into a preview box whose contents then have to be manually accepted before being inserted into the terminal. This setting is useful if you're working in a shell environment where commands can be executed without pressing enter or any control character. The patch has been applied server-side, so no additional action is needed, even on older versions of Cursor. Separately, Cursor's maintainers also recommend, as best practice, to only include trusted pieces of context in prompts. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T23:49:34.000000Z"} {"uuid": "9f6a6b26-ad18-4820-9997-1889a9d37c1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48919", "type": "seen", "source": "https://t.me/cvedetector/8648", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-48919 - \"Cursor Terminal Cmd-K Web Page Code Injection Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-48919 \nPublished : Oct. 22, 2024, 9:15 p.m. | 30\u00a0minutes ago \nDescription : Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. This scenario would require the user explicitly opt-in to including the contents of a compromised webpage, and it would require that the attacker display prompt injection text in the the contents of the compromised webpage. \n \nA server-side patch to not stream back newlines or control characters was released on September 27, 2024, within two hours of the issue being reported. Additionally, Cursor 0.42 includes client-side mitigations to prevent any newline or control character from being streamed into the terminal directly. It also contains a new setting, `\"cursor.terminal.usePreviewBox\"`, which, if set to true, streams the response into a preview box whose contents then have to be manually accepted before being inserted into the terminal. This setting is useful if you're working in a shell environment where commands can be executed without pressing enter or any control character. The patch has been applied server-side, so no additional action is needed, even on older versions of Cursor. Separately, Cursor's maintainers also recommend, as best practice, to only include trusted pieces of context in prompts. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T23:49:34.000000Z"} https://db.gcve.eu/sighting/9f6a6b26-ad18-4820-9997-1889a9d37c1e/export Tue, 22 Oct 2024 23:49:34 +0000 https://db.gcve.eu/sighting/b414d169-e6d5-48b6-ba2b-54654636dddd/export {"uuid": "b414d169-e6d5-48b6-ba2b-54654636dddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48910", "type": "seen", "source": "https://t.me/cvedetector/9508", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-48910 - DOMPurify Prototype Pollution Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-48910 \nPublished : Oct. 31, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T16:56:34.000000Z"} {"uuid": "b414d169-e6d5-48b6-ba2b-54654636dddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48910", "type": "seen", "source": "https://t.me/cvedetector/9508", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-48910 - DOMPurify Prototype Pollution Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-48910 \nPublished : Oct. 31, 2024, 3:15 p.m. | 34\u00a0minutes ago \nDescription : DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T16:56:34.000000Z"} https://db.gcve.eu/sighting/b414d169-e6d5-48b6-ba2b-54654636dddd/export Thu, 31 Oct 2024 16:56:34 +0000 https://db.gcve.eu/sighting/f48afd20-c659-4c3d-8396-962ec285f252/export {"uuid": "f48afd20-c659-4c3d-8396-962ec285f252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48917", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113505700408685113", "content": "", "creation_timestamp": "2024-11-18T19:52:20.569992Z"} {"uuid": "f48afd20-c659-4c3d-8396-962ec285f252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48917", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113505700408685113", "content": "", "creation_timestamp": "2024-11-18T19:52:20.569992Z"} https://db.gcve.eu/sighting/f48afd20-c659-4c3d-8396-962ec285f252/export Mon, 18 Nov 2024 19:52:20 +0000 https://db.gcve.eu/sighting/a1b7b447-bd6d-46fa-b4cf-01bda6f29c91/export {"uuid": "a1b7b447-bd6d-46fa-b4cf-01bda6f29c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48917", "type": "seen", "source": "https://t.me/cvedetector/11378", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-48917 - Apache PhpSpreadsheet XXE Encoder Bypass\", \n \"Content\": \"CVE ID : CVE-2024-48917 \nPublished : Nov. 18, 2024, 8:15 p.m. | 16\u00a0minutes ago \nDescription : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The `XmlScanner` class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported `CVE-2024-47873`, the regexes from the `findCharSet` method, which is used for determining the current encoding can be bypassed by using a payload in the encoding UTF-7, and adding at end of the file a comment with the value `encoding=\"UTF-8\"` with `\"`, which is matched by the first regex, so that `encoding='UTF-7'` with single quotes `'` in the XML header is not matched by the second regex. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T21:34:11.000000Z"} {"uuid": "a1b7b447-bd6d-46fa-b4cf-01bda6f29c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48917", "type": "seen", "source": "https://t.me/cvedetector/11378", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-48917 - Apache PhpSpreadsheet XXE Encoder Bypass\", \n \"Content\": \"CVE ID : CVE-2024-48917 \nPublished : Nov. 18, 2024, 8:15 p.m. | 16\u00a0minutes ago \nDescription : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The `XmlScanner` class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported `CVE-2024-47873`, the regexes from the `findCharSet` method, which is used for determining the current encoding can be bypassed by using a payload in the encoding UTF-7, and adding at end of the file a comment with the value `encoding=\"UTF-8\"` with `\"`, which is matched by the first regex, so that `encoding='UTF-7'` with single quotes `'` in the XML header is not matched by the second regex. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T21:34:11.000000Z"} https://db.gcve.eu/sighting/a1b7b447-bd6d-46fa-b4cf-01bda6f29c91/export Mon, 18 Nov 2024 21:34:11 +0000 https://db.gcve.eu/sighting/6b93dd8d-c46e-4b08-ab2d-ab41a8336836/export {"uuid": "6b93dd8d-c46e-4b08-ab2d-ab41a8336836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48912", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635295264729068", "content": "", "creation_timestamp": "2024-12-11T17:10:00.947609Z"} {"uuid": "6b93dd8d-c46e-4b08-ab2d-ab41a8336836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48912", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635295264729068", "content": "", "creation_timestamp": "2024-12-11T17:10:00.947609Z"} https://db.gcve.eu/sighting/6b93dd8d-c46e-4b08-ab2d-ab41a8336836/export Wed, 11 Dec 2024 17:10:00 +0000 https://db.gcve.eu/sighting/af94fd07-8448-4d35-9de4-5a5142eece74/export {"uuid": "af94fd07-8448-4d35-9de4-5a5142eece74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48912", "type": "seen", "source": "https://t.me/cvedetector/12643", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-48912 - GLPI User Account Deletion Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-48912 \nPublished : Dec. 11, 2024, 5:15 p.m. | 19\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T18:35:00.000000Z"} {"uuid": "af94fd07-8448-4d35-9de4-5a5142eece74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48912", "type": "seen", "source": "https://t.me/cvedetector/12643", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-48912 - GLPI User Account Deletion Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-48912 \nPublished : Dec. 11, 2024, 5:15 p.m. | 19\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T18:35:00.000000Z"} https://db.gcve.eu/sighting/af94fd07-8448-4d35-9de4-5a5142eece74/export Wed, 11 Dec 2024 18:35:00 +0000 https://db.gcve.eu/sighting/e49bcef8-501a-4844-bfc0-1b66d9e169f3/export {"uuid": "e49bcef8-501a-4844-bfc0-1b66d9e169f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48916", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lv7le2schv2z", "content": "", "creation_timestamp": "2025-07-30T21:37:15.747958Z"} {"uuid": "e49bcef8-501a-4844-bfc0-1b66d9e169f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48916", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lv7le2schv2z", "content": "", "creation_timestamp": "2025-07-30T21:37:15.747958Z"} https://db.gcve.eu/sighting/e49bcef8-501a-4844-bfc0-1b66d9e169f3/export Wed, 30 Jul 2025 21:37:15 +0000 https://db.gcve.eu/sighting/6a5ef765-9a64-49bb-8a75-3b8dbc3383c1/export {"uuid": "6a5ef765-9a64-49bb-8a75-3b8dbc3383c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48917", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:28.000000Z"} {"uuid": "6a5ef765-9a64-49bb-8a75-3b8dbc3383c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48917", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:28.000000Z"} https://db.gcve.eu/sighting/6a5ef765-9a64-49bb-8a75-3b8dbc3383c1/export Thu, 25 Sep 2025 00:36:28 +0000