https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 04 Jun 2026 22:17:14 +0000 https://db.gcve.eu/sighting/ab9cbdf5-c895-48ee-9432-7a8a80963539/export {"uuid": "ab9cbdf5-c895-48ee-9432-7a8a80963539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52331", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf3mf72m2t", "content": "", "creation_timestamp": "2025-01-23T17:15:53.714356Z"} {"uuid": "ab9cbdf5-c895-48ee-9432-7a8a80963539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52331", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf3mf72m2t", "content": "", "creation_timestamp": "2025-01-23T17:15:53.714356Z"} https://db.gcve.eu/sighting/ab9cbdf5-c895-48ee-9432-7a8a80963539/export Thu, 23 Jan 2025 17:15:53 +0000 https://db.gcve.eu/sighting/62bc8083-c340-4b5f-b31e-aa83a881d995/export {"uuid": "62bc8083-c340-4b5f-b31e-aa83a881d995", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52331", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgggguul3a2b", "content": "", "creation_timestamp": "2025-01-23T17:40:06.130772Z"} {"uuid": "62bc8083-c340-4b5f-b31e-aa83a881d995", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52331", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgggguul3a2b", "content": "", "creation_timestamp": "2025-01-23T17:40:06.130772Z"} https://db.gcve.eu/sighting/62bc8083-c340-4b5f-b31e-aa83a881d995/export Thu, 23 Jan 2025 17:40:06 +0000 https://db.gcve.eu/sighting/f5206827-7203-40e6-813f-bb1fb3613eb8/export {"uuid": "f5206827-7203-40e6-813f-bb1fb3613eb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52330", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggggvsowy2b", "content": "", "creation_timestamp": "2025-01-23T17:40:11.093818Z"} {"uuid": "f5206827-7203-40e6-813f-bb1fb3613eb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52330", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggggvsowy2b", "content": "", "creation_timestamp": "2025-01-23T17:40:11.093818Z"} https://db.gcve.eu/sighting/f5206827-7203-40e6-813f-bb1fb3613eb8/export Thu, 23 Jan 2025 17:40:11 +0000 https://db.gcve.eu/sighting/7405b498-651f-45c1-b003-dff08d52f79d/export {"uuid": "7405b498-651f-45c1-b003-dff08d52f79d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52330", "type": "seen", "source": "https://t.me/cvedetector/16210", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52330 - ECOVACS TLS Certificate Validation Weakness (Certificate Invalidity; SSL/TLS)\", \n \"Content\": \"CVE ID : CVE-2024-52330 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:10.000000Z"} {"uuid": "7405b498-651f-45c1-b003-dff08d52f79d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52330", "type": "seen", "source": "https://t.me/cvedetector/16210", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52330 - ECOVACS TLS Certificate Validation Weakness (Certificate Invalidity; SSL/TLS)\", \n \"Content\": \"CVE ID : CVE-2024-52330 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:10.000000Z"} https://db.gcve.eu/sighting/7405b498-651f-45c1-b003-dff08d52f79d/export Thu, 23 Jan 2025 19:09:10 +0000 https://db.gcve.eu/sighting/e7090da9-0844-4d4d-9d80-6fe18443fa2e/export {"uuid": "e7090da9-0844-4d4d-9d80-6fe18443fa2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52331", "type": "seen", "source": "https://t.me/cvedetector/16211", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52331 - ECOVACS Robot Firmware Decryption Vulnerability (Symmetric Key Exposure)\", \n \"Content\": \"CVE ID : CVE-2024-52331 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:14.000000Z"} {"uuid": "e7090da9-0844-4d4d-9d80-6fe18443fa2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52331", "type": "seen", "source": "https://t.me/cvedetector/16211", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52331 - ECOVACS Robot Firmware Decryption Vulnerability (Symmetric Key Exposure)\", \n \"Content\": \"CVE ID : CVE-2024-52331 \nPublished : Jan. 23, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"23 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:09:14.000000Z"} https://db.gcve.eu/sighting/e7090da9-0844-4d4d-9d80-6fe18443fa2e/export Thu, 23 Jan 2025 19:09:14 +0000 https://db.gcve.eu/sighting/6307daa0-9e45-4bf6-bf16-35e4fb91b9a4/export {"uuid": "6307daa0-9e45-4bf6-bf16-35e4fb91b9a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52336", "type": "seen", "source": "Telegram/5kMqY-Ap44ThwWL9oupIAHfi-sUGPlayfYQLXsdRLJgDwpSu", "content": "", "creation_timestamp": "2025-02-06T02:40:19.000000Z"} {"uuid": "6307daa0-9e45-4bf6-bf16-35e4fb91b9a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52336", "type": "seen", "source": "Telegram/5kMqY-Ap44ThwWL9oupIAHfi-sUGPlayfYQLXsdRLJgDwpSu", "content": "", "creation_timestamp": "2025-02-06T02:40:19.000000Z"} https://db.gcve.eu/sighting/6307daa0-9e45-4bf6-bf16-35e4fb91b9a4/export Thu, 06 Feb 2025 02:40:19 +0000 https://db.gcve.eu/sighting/b195baf8-0cda-464a-88a0-83cfb3c82c7a/export {"uuid": "b195baf8-0cda-464a-88a0-83cfb3c82c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52337", "type": "seen", "source": "Telegram/HsGWb5fWeHnql6wAF2VupooJKdqpgEyq7CSQf5WtZicr1kgp", "content": "", "creation_timestamp": "2025-02-06T02:40:19.000000Z"} {"uuid": "b195baf8-0cda-464a-88a0-83cfb3c82c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52337", "type": "seen", "source": "Telegram/HsGWb5fWeHnql6wAF2VupooJKdqpgEyq7CSQf5WtZicr1kgp", "content": "", "creation_timestamp": "2025-02-06T02:40:19.000000Z"} https://db.gcve.eu/sighting/b195baf8-0cda-464a-88a0-83cfb3c82c7a/export Thu, 06 Feb 2025 02:40:19 +0000 https://db.gcve.eu/sighting/261786d2-f8d4-4efd-9c38-79e8d64ff12c/export {"uuid": "261786d2-f8d4-4efd-9c38-79e8d64ff12c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52337", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5266", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52337\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.\n\ud83d\udccf Published: 2024-11-26T15:21:17.538Z\n\ud83d\udccf Modified: 2025-02-25T11:46:21.468Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:10381\n2. https://access.redhat.com/errata/RHSA-2024:10384\n3. https://access.redhat.com/errata/RHSA-2024:11161\n4. https://access.redhat.com/errata/RHSA-2025:0195\n5. https://access.redhat.com/errata/RHSA-2025:0327\n6. https://access.redhat.com/errata/RHSA-2025:0368\n7. https://access.redhat.com/errata/RHSA-2025:0879\n8. https://access.redhat.com/errata/RHSA-2025:0880\n9. https://access.redhat.com/errata/RHSA-2025:0881\n10. https://access.redhat.com/errata/RHSA-2025:1785\n11. https://access.redhat.com/errata/RHSA-2025:1802\n12. https://access.redhat.com/security/cve/CVE-2024-52337\n13. https://bugzilla.redhat.com/show_bug.cgi?id=2324541\n14. https://security.opensuse.org/2024/11/26/tuned-instance-create.html\n15. https://www.openwall.com/lists/oss-security/2024/11/28/1", "creation_timestamp": "2025-02-25T12:24:13.000000Z"} {"uuid": "261786d2-f8d4-4efd-9c38-79e8d64ff12c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52337", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5266", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52337\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.\n\ud83d\udccf Published: 2024-11-26T15:21:17.538Z\n\ud83d\udccf Modified: 2025-02-25T11:46:21.468Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:10381\n2. https://access.redhat.com/errata/RHSA-2024:10384\n3. https://access.redhat.com/errata/RHSA-2024:11161\n4. https://access.redhat.com/errata/RHSA-2025:0195\n5. https://access.redhat.com/errata/RHSA-2025:0327\n6. https://access.redhat.com/errata/RHSA-2025:0368\n7. https://access.redhat.com/errata/RHSA-2025:0879\n8. https://access.redhat.com/errata/RHSA-2025:0880\n9. https://access.redhat.com/errata/RHSA-2025:0881\n10. https://access.redhat.com/errata/RHSA-2025:1785\n11. https://access.redhat.com/errata/RHSA-2025:1802\n12. https://access.redhat.com/security/cve/CVE-2024-52337\n13. https://bugzilla.redhat.com/show_bug.cgi?id=2324541\n14. https://security.opensuse.org/2024/11/26/tuned-instance-create.html\n15. https://www.openwall.com/lists/oss-security/2024/11/28/1", "creation_timestamp": "2025-02-25T12:24:13.000000Z"} https://db.gcve.eu/sighting/261786d2-f8d4-4efd-9c38-79e8d64ff12c/export Tue, 25 Feb 2025 12:24:13 +0000 https://db.gcve.eu/sighting/7b6143a0-5cae-499f-98d4-b917af7fdf2b/export {"uuid": "7b6143a0-5cae-499f-98d4-b917af7fdf2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52336", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17097", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52336\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.\n\ud83d\udccf Published: 2024-11-26T15:21:13.518Z\n\ud83d\udccf Modified: 2025-05-21T01:04:32.633Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:10384\n2. https://access.redhat.com/errata/RHSA-2025:0879\n3. https://access.redhat.com/errata/RHSA-2025:0880\n4. https://access.redhat.com/security/cve/CVE-2024-52336\n5. https://bugzilla.redhat.com/show_bug.cgi?id=2324540\n6. https://security.opensuse.org/2024/11/26/tuned-instance-create.html\n7. https://www.openwall.com/lists/oss-security/2024/11/28/1", "creation_timestamp": "2025-05-21T01:45:15.000000Z"} {"uuid": "7b6143a0-5cae-499f-98d4-b917af7fdf2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52336", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17097", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52336\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.\n\ud83d\udccf Published: 2024-11-26T15:21:13.518Z\n\ud83d\udccf Modified: 2025-05-21T01:04:32.633Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:10384\n2. https://access.redhat.com/errata/RHSA-2025:0879\n3. https://access.redhat.com/errata/RHSA-2025:0880\n4. https://access.redhat.com/security/cve/CVE-2024-52336\n5. https://bugzilla.redhat.com/show_bug.cgi?id=2324540\n6. https://security.opensuse.org/2024/11/26/tuned-instance-create.html\n7. https://www.openwall.com/lists/oss-security/2024/11/28/1", "creation_timestamp": "2025-05-21T01:45:15.000000Z"} https://db.gcve.eu/sighting/7b6143a0-5cae-499f-98d4-b917af7fdf2b/export Wed, 21 May 2025 01:45:15 +0000 https://db.gcve.eu/sighting/763ef670-cf1a-4b96-a540-7608ed581bc2/export {"uuid": "763ef670-cf1a-4b96-a540-7608ed581bc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52332", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} {"uuid": "763ef670-cf1a-4b96-a540-7608ed581bc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52332", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} https://db.gcve.eu/sighting/763ef670-cf1a-4b96-a540-7608ed581bc2/export Thu, 14 Aug 2025 10:00:00 +0000