https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 01 May 2026 18:14:17 +0000 https://db.gcve.eu/sighting/d706604d-26e9-4a2a-8849-3ee3e8c9f120/export {"uuid": "d706604d-26e9-4a2a-8849-3ee3e8c9f120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45292", "type": "seen", "source": "https://t.me/cvedetector/7273", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45292 - PHPSpreadsheet Html Writer Cross-Site Scripting\", \n \"Content\": \"CVE ID : CVE-2024-45292 \nPublished : Oct. 7, 2024, 8:15 p.m. | 24\u00a0minutes ago \nDescription : PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\\PhpOffice\\PhpSpreadsheet\\Writer\\Html` does not sanitize \"javascript:\" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-07T22:39:27.000000Z"} {"uuid": "d706604d-26e9-4a2a-8849-3ee3e8c9f120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45292", "type": "seen", "source": "https://t.me/cvedetector/7273", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45292 - PHPSpreadsheet Html Writer Cross-Site Scripting\", \n \"Content\": \"CVE ID : CVE-2024-45292 \nPublished : Oct. 7, 2024, 8:15 p.m. | 24\u00a0minutes ago \nDescription : PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\\PhpOffice\\PhpSpreadsheet\\Writer\\Html` does not sanitize \"javascript:\" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-07T22:39:27.000000Z"} https://db.gcve.eu/sighting/d706604d-26e9-4a2a-8849-3ee3e8c9f120/export Mon, 07 Oct 2024 22:39:27 +0000 https://db.gcve.eu/sighting/c037e3fd-3879-4598-94e1-ae36e9c9e5dd/export {"uuid": "c037e3fd-3879-4598-94e1-ae36e9c9e5dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45290", "type": "seen", "source": "https://t.me/cvedetector/7281", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45290 - PhpSpreadsheet File URI Filter Disclosure vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45290 \nPublished : Oct. 7, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T00:19:44.000000Z"} {"uuid": "c037e3fd-3879-4598-94e1-ae36e9c9e5dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45290", "type": "seen", "source": "https://t.me/cvedetector/7281", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45290 - PhpSpreadsheet File URI Filter Disclosure vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45290 \nPublished : Oct. 7, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T00:19:44.000000Z"} https://db.gcve.eu/sighting/c037e3fd-3879-4598-94e1-ae36e9c9e5dd/export Tue, 08 Oct 2024 00:19:44 +0000 https://db.gcve.eu/sighting/6356939d-6ffc-4b8e-914f-423e05e63b5b/export {"uuid": "6356939d-6ffc-4b8e-914f-423e05e63b5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45291", "type": "seen", "source": "https://t.me/cvedetector/7282", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45291 - PHPSpreadsheet SSRF (Arbitrary File Read and Remote Code Execution)\", \n \"Content\": \"CVE ID : CVE-2024-45291 \nPublished : Oct. 7, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T00:19:44.000000Z"} {"uuid": "6356939d-6ffc-4b8e-914f-423e05e63b5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45291", "type": "seen", "source": "https://t.me/cvedetector/7282", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45291 - PHPSpreadsheet SSRF (Arbitrary File Read and Remote Code Execution)\", \n \"Content\": \"CVE ID : CVE-2024-45291 \nPublished : Oct. 7, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T00:19:44.000000Z"} https://db.gcve.eu/sighting/6356939d-6ffc-4b8e-914f-423e05e63b5b/export Tue, 08 Oct 2024 00:19:44 +0000 https://db.gcve.eu/sighting/adb60ec2-86a7-4def-b595-30172976730e/export {"uuid": "adb60ec2-86a7-4def-b595-30172976730e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45297", "type": "seen", "source": "https://t.me/cvedetector/7283", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45297 - Discourse Information Disclosure Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45297 \nPublished : Oct. 7, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T00:19:45.000000Z"} {"uuid": "adb60ec2-86a7-4def-b595-30172976730e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45297", "type": "seen", "source": "https://t.me/cvedetector/7283", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-45297 - Discourse Information Disclosure Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-45297 \nPublished : Oct. 7, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T00:19:45.000000Z"} https://db.gcve.eu/sighting/adb60ec2-86a7-4def-b595-30172976730e/export Tue, 08 Oct 2024 00:19:45 +0000 https://db.gcve.eu/sighting/87c8ec80-e3ac-4728-b1df-bd05b362da83/export {"uuid": "87c8ec80-e3ac-4728-b1df-bd05b362da83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45296", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113602650357813905", "content": "", "creation_timestamp": "2024-12-05T22:47:59.577069Z"} {"uuid": "87c8ec80-e3ac-4728-b1df-bd05b362da83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45296", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113602650357813905", "content": "", "creation_timestamp": "2024-12-05T22:47:59.577069Z"} https://db.gcve.eu/sighting/87c8ec80-e3ac-4728-b1df-bd05b362da83/export Thu, 05 Dec 2024 22:47:59 +0000 https://db.gcve.eu/sighting/2a0cbfb2-db9b-4cce-989f-a7ec747a8343/export {"uuid": "2a0cbfb2-db9b-4cce-989f-a7ec747a8343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45296", "type": "seen", "source": "https://t.me/cvedetector/12148", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52798 - path-to-regexp turns path strings into a regular e\", \n \"Content\": \"CVE ID : CVE-2024-52798 \nPublished : Dec. 5, 2024, 11:15 p.m. | 42\u00a0minutes ago \nDescription : path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"06 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T01:23:56.000000Z"} {"uuid": "2a0cbfb2-db9b-4cce-989f-a7ec747a8343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45296", "type": "seen", "source": "https://t.me/cvedetector/12148", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-52798 - path-to-regexp turns path strings into a regular e\", \n \"Content\": \"CVE ID : CVE-2024-52798 \nPublished : Dec. 5, 2024, 11:15 p.m. | 42\u00a0minutes ago \nDescription : path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"06 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T01:23:56.000000Z"} https://db.gcve.eu/sighting/2a0cbfb2-db9b-4cce-989f-a7ec747a8343/export Fri, 06 Dec 2024 01:23:56 +0000 https://db.gcve.eu/sighting/4773a1b6-a391-46c9-bb72-895977cc829f/export {"uuid": "4773a1b6-a391-46c9-bb72-895977cc829f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45293", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-45293.yaml", "content": "", "creation_timestamp": "2024-12-12T05:25:46.000000Z"} {"uuid": "4773a1b6-a391-46c9-bb72-895977cc829f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45293", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-45293.yaml", "content": "", "creation_timestamp": "2024-12-12T05:25:46.000000Z"} https://db.gcve.eu/sighting/4773a1b6-a391-46c9-bb72-895977cc829f/export Thu, 12 Dec 2024 05:25:46 +0000 https://db.gcve.eu/sighting/1c764d51-70f1-4426-80ef-da72a5269882/export {"uuid": "1c764d51-70f1-4426-80ef-da72a5269882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45292", "type": "seen", "source": "Telegram/oJP4qItMuRLF_d8pKEvI9dzkUh7fXmzMd6ELp7Xw-az4Jzf3", "content": "", "creation_timestamp": "2025-03-08T04:35:51.000000Z"} {"uuid": "1c764d51-70f1-4426-80ef-da72a5269882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45292", "type": "seen", "source": "Telegram/oJP4qItMuRLF_d8pKEvI9dzkUh7fXmzMd6ELp7Xw-az4Jzf3", "content": "", "creation_timestamp": "2025-03-08T04:35:51.000000Z"} https://db.gcve.eu/sighting/1c764d51-70f1-4426-80ef-da72a5269882/export Sat, 08 Mar 2025 04:35:51 +0000 https://db.gcve.eu/sighting/ddea089c-e595-43b6-ab6f-d0e936ee5504/export {"uuid": "ddea089c-e595-43b6-ab6f-d0e936ee5504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45293", "type": "seen", "source": "Telegram/EE3pHbPRRhxISM-XwfNigq155t5OMi9Cg7kQXW9PN89zqyYI", "content": "", "creation_timestamp": "2025-03-08T04:35:51.000000Z"} {"uuid": "ddea089c-e595-43b6-ab6f-d0e936ee5504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45293", "type": "seen", "source": "Telegram/EE3pHbPRRhxISM-XwfNigq155t5OMi9Cg7kQXW9PN89zqyYI", "content": "", "creation_timestamp": "2025-03-08T04:35:51.000000Z"} https://db.gcve.eu/sighting/ddea089c-e595-43b6-ab6f-d0e936ee5504/export Sat, 08 Mar 2025 04:35:51 +0000 https://db.gcve.eu/sighting/bab538ba-918a-4baa-b343-aafceec95f59/export {"uuid": "bab538ba-918a-4baa-b343-aafceec95f59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45296", "type": "seen", "source": "https://gist.github.com/EduardoCorpay/fdaeb4ec65cc4a1c8fcd2fb0162de09c", "content": "", "creation_timestamp": "2025-06-11T15:29:00.000000Z"} {"uuid": "bab538ba-918a-4baa-b343-aafceec95f59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45296", "type": "seen", "source": "https://gist.github.com/EduardoCorpay/fdaeb4ec65cc4a1c8fcd2fb0162de09c", "content": "", "creation_timestamp": "2025-06-11T15:29:00.000000Z"} https://db.gcve.eu/sighting/bab538ba-918a-4baa-b343-aafceec95f59/export Wed, 11 Jun 2025 15:29:00 +0000