https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 05 Jun 2026 04:11:47 +0000 https://db.gcve.eu/sighting/31ecf346-d66e-4c91-87d3-7aba15727202/export {"uuid": "31ecf346-d66e-4c91-87d3-7aba15727202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgmuwz5fse2f", "content": "", "creation_timestamp": "2025-01-26T07:15:37.352962Z"} {"uuid": "31ecf346-d66e-4c91-87d3-7aba15727202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgmuwz5fse2f", "content": "", "creation_timestamp": "2025-01-26T07:15:37.352962Z"} https://db.gcve.eu/sighting/31ecf346-d66e-4c91-87d3-7aba15727202/export Sun, 26 Jan 2025 07:15:37 +0000 https://db.gcve.eu/sighting/2d88b28c-aac0-4a15-bbea-6242c6eefd11/export {"uuid": "2d88b28c-aac0-4a15-bbea-6242c6eefd11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgmzfl6m5z2w", "content": "", "creation_timestamp": "2025-01-26T08:35:24.244651Z"} {"uuid": "2d88b28c-aac0-4a15-bbea-6242c6eefd11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgmzfl6m5z2w", "content": "", "creation_timestamp": "2025-01-26T08:35:24.244651Z"} https://db.gcve.eu/sighting/2d88b28c-aac0-4a15-bbea-6242c6eefd11/export Sun, 26 Jan 2025 08:35:24 +0000 https://db.gcve.eu/sighting/8fb1c360-ba8f-4d53-87f1-6a9c1d54a1f9/export {"uuid": "8fb1c360-ba8f-4d53-87f1-6a9c1d54a1f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://t.me/cvedetector/16405", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46881 - Develocity Gradle Enterprise Incorrect Access Control\", \n \"Content\": \"CVE ID : CVE-2024-46881 \nPublished : Jan. 26, 2025, 7:15 a.m. | 37\u00a0minutes ago \nDescription : Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable versions) does not include the projects section of the configuration. This leads to all of the project settings being reset to their defaults when the old schema is loaded. In the case of projects.enabled, the default is false. Thus, using an enterprise config v8 results in Project level access control being disabled, even if it was previously enabled, and previously restricted project information disclosed. Most commonly, this occurs when a Develocity instance is upgraded from an earlier version. Specifically, this occurs if: Develocity 2023.3.X is upgraded to 2023.4.X; Develocity 2023.3.X is upgraded to 2024.1.X up to and including 2024.1.7; or Develocity 2023.4.X is upgraded to 2024.1.X up to and including 2024.1.7. The flaw does not occur when upgrading to a fixed version. An upgrade can only be triggered via administrator access, and cannot be forced by an external attacker. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"26 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-26T09:03:11.000000Z"} {"uuid": "8fb1c360-ba8f-4d53-87f1-6a9c1d54a1f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://t.me/cvedetector/16405", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46881 - Develocity Gradle Enterprise Incorrect Access Control\", \n \"Content\": \"CVE ID : CVE-2024-46881 \nPublished : Jan. 26, 2025, 7:15 a.m. | 37\u00a0minutes ago \nDescription : Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable versions) does not include the projects section of the configuration. This leads to all of the project settings being reset to their defaults when the old schema is loaded. In the case of projects.enabled, the default is false. Thus, using an enterprise config v8 results in Project level access control being disabled, even if it was previously enabled, and previously restricted project information disclosed. Most commonly, this occurs when a Develocity instance is upgraded from an earlier version. Specifically, this occurs if: Develocity 2023.3.X is upgraded to 2023.4.X; Develocity 2023.3.X is upgraded to 2024.1.X up to and including 2024.1.7; or Develocity 2023.4.X is upgraded to 2024.1.X up to and including 2024.1.7. The flaw does not occur when upgrading to a fixed version. An upgrade can only be triggered via administrator access, and cannot be forced by an external attacker. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"26 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-26T09:03:11.000000Z"} https://db.gcve.eu/sighting/8fb1c360-ba8f-4d53-87f1-6a9c1d54a1f9/export Sun, 26 Jan 2025 09:03:11 +0000 https://db.gcve.eu/sighting/7a266406-0768-4318-8420-f8916e4097ca/export {"uuid": "7a266406-0768-4318-8420-f8916e4097ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46881\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-26T07:15:08.947\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://security.gradle.com/advisory/2024-03", "creation_timestamp": "2025-01-26T09:14:38.000000Z"} {"uuid": "7a266406-0768-4318-8420-f8916e4097ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46881\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-26T07:15:08.947\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://security.gradle.com/advisory/2024-03", "creation_timestamp": "2025-01-26T09:14:38.000000Z"} https://db.gcve.eu/sighting/7a266406-0768-4318-8420-f8916e4097ca/export Sun, 26 Jan 2025 09:14:38 +0000 https://db.gcve.eu/sighting/df375779-3a38-49b1-9183-446c7578b65a/export {"uuid": "df375779-3a38-49b1-9183-446c7578b65a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3127", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-cw76-h7wr-rh77\n\ud83d\udd25 CVSS Score: N/A (CVSS_V3)\n\ud83d\udd39 Description: Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable versions) does not include the projects section of the configuration. This leads to all of the project settings being reset to their defaults when the old schema is loaded. In the case of projects.enabled, the default is false. Thus, using an enterprise config v8 results in Project level access control being disabled, even if it was previously enabled, and previously restricted project information disclosed. Most commonly, this occurs when a Develocity instance is upgraded from an earlier version. Specifically, this occurs if: Develocity 2023.3.X is upgraded to 2023.4.X; Develocity 2023.3.X is upgraded to 2024.1.X up to and including 2024.1.7; or Develocity 2023.4.X is upgraded to 2024.1.X up to and including 2024.1.7. The flaw does not occur when upgrading to a fixed version. An upgrade can only be triggered via administrator access, and cannot be forced by an external attacker.\n\ud83d\udccf Published: 2025-01-26T09:30:32Z\n\ud83d\udccf Modified: 2025-01-26T09:30:32Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-46881\n2. https://security.gradle.com/advisory/2024-03", "creation_timestamp": "2025-01-26T10:06:15.000000Z"} {"uuid": "df375779-3a38-49b1-9183-446c7578b65a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46881", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3127", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-cw76-h7wr-rh77\n\ud83d\udd25 CVSS Score: N/A (CVSS_V3)\n\ud83d\udd39 Description: Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable versions) does not include the projects section of the configuration. This leads to all of the project settings being reset to their defaults when the old schema is loaded. In the case of projects.enabled, the default is false. Thus, using an enterprise config v8 results in Project level access control being disabled, even if it was previously enabled, and previously restricted project information disclosed. Most commonly, this occurs when a Develocity instance is upgraded from an earlier version. Specifically, this occurs if: Develocity 2023.3.X is upgraded to 2023.4.X; Develocity 2023.3.X is upgraded to 2024.1.X up to and including 2024.1.7; or Develocity 2023.4.X is upgraded to 2024.1.X up to and including 2024.1.7. The flaw does not occur when upgrading to a fixed version. An upgrade can only be triggered via administrator access, and cannot be forced by an external attacker.\n\ud83d\udccf Published: 2025-01-26T09:30:32Z\n\ud83d\udccf Modified: 2025-01-26T09:30:32Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-46881\n2. https://security.gradle.com/advisory/2024-03", "creation_timestamp": "2025-01-26T10:06:15.000000Z"} https://db.gcve.eu/sighting/df375779-3a38-49b1-9183-446c7578b65a/export Sun, 26 Jan 2025 10:06:15 +0000 https://db.gcve.eu/sighting/fd4e6eff-5cdc-4ff4-b919-745094ff21f4/export {"uuid": "fd4e6eff-5cdc-4ff4-b919-745094ff21f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4688", "type": "seen", "source": "Telegram/wLTEsbk-i3gdE-bTC8ToFixpb3eKiE1svUJWQcpaLRWfqoxA", "content": "", "creation_timestamp": "2025-02-19T22:21:29.000000Z"} {"uuid": "fd4e6eff-5cdc-4ff4-b919-745094ff21f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4688", "type": "seen", "source": "Telegram/wLTEsbk-i3gdE-bTC8ToFixpb3eKiE1svUJWQcpaLRWfqoxA", "content": "", "creation_timestamp": "2025-02-19T22:21:29.000000Z"} https://db.gcve.eu/sighting/fd4e6eff-5cdc-4ff4-b919-745094ff21f4/export Wed, 19 Feb 2025 22:21:29 +0000 https://db.gcve.eu/sighting/606c30f9-5121-44e5-b1b3-e6c252399ff8/export {"uuid": "606c30f9-5121-44e5-b1b3-e6c252399ff8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46887", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46887\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C)\n\ud83d\udd39 Description: The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.\n\ud83d\udccf Published: 2024-10-08T08:40:43.510Z\n\ud83d\udccf Modified: 2025-03-11T09:47:55.985Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-054046.html", "creation_timestamp": "2025-03-11T10:39:07.000000Z"} {"uuid": "606c30f9-5121-44e5-b1b3-e6c252399ff8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46887", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7124", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46887\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C)\n\ud83d\udd39 Description: The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.\n\ud83d\udccf Published: 2024-10-08T08:40:43.510Z\n\ud83d\udccf Modified: 2025-03-11T09:47:55.985Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-054046.html", "creation_timestamp": "2025-03-11T10:39:07.000000Z"} https://db.gcve.eu/sighting/606c30f9-5121-44e5-b1b3-e6c252399ff8/export Tue, 11 Mar 2025 10:39:07 +0000 https://db.gcve.eu/sighting/2467d3a3-8711-419d-9be7-3c39987ef47c/export {"uuid": "2467d3a3-8711-419d-9be7-3c39987ef47c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46886", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7125", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46886\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C)\n\ud83d\udd39 Description: The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.\n\ud83d\udccf Published: 2024-10-08T08:40:41.244Z\n\ud83d\udccf Modified: 2025-03-11T09:47:53.656Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-876787.html", "creation_timestamp": "2025-03-11T10:39:08.000000Z"} {"uuid": "2467d3a3-8711-419d-9be7-3c39987ef47c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46886", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7125", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46886\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C)\n\ud83d\udd39 Description: The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.\n\ud83d\udccf Published: 2024-10-08T08:40:41.244Z\n\ud83d\udccf Modified: 2025-03-11T09:47:53.656Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-876787.html", "creation_timestamp": "2025-03-11T10:39:08.000000Z"} https://db.gcve.eu/sighting/2467d3a3-8711-419d-9be7-3c39987ef47c/export Tue, 11 Mar 2025 10:39:08 +0000 https://db.gcve.eu/sighting/2629b0f4-847a-4aac-88dc-23fda061469a/export {"uuid": "2629b0f4-847a-4aac-88dc-23fda061469a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46886", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10876", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46886\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C)\n\ud83d\udd39 Description: The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.\n\ud83d\udccf Published: 2024-10-08T08:40:41.244Z\n\ud83d\udccf Modified: 2025-04-08T08:22:17.262Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-876787.html", "creation_timestamp": "2025-04-08T08:46:39.000000Z"} {"uuid": "2629b0f4-847a-4aac-88dc-23fda061469a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46886", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10876", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46886\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C)\n\ud83d\udd39 Description: The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.\n\ud83d\udccf Published: 2024-10-08T08:40:41.244Z\n\ud83d\udccf Modified: 2025-04-08T08:22:17.262Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-876787.html", "creation_timestamp": "2025-04-08T08:46:39.000000Z"} https://db.gcve.eu/sighting/2629b0f4-847a-4aac-88dc-23fda061469a/export Tue, 08 Apr 2025 08:46:39 +0000 https://db.gcve.eu/sighting/a65260bd-0e13-4cad-9e2a-362339b7ae93/export {"uuid": "a65260bd-0e13-4cad-9e2a-362339b7ae93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46887", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10875", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46887\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C)\n\ud83d\udd39 Description: The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.\n\ud83d\udccf Published: 2024-10-08T08:40:43.510Z\n\ud83d\udccf Modified: 2025-04-08T08:22:19.997Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-054046.html", "creation_timestamp": "2025-04-08T08:46:39.000000Z"} {"uuid": "a65260bd-0e13-4cad-9e2a-362339b7ae93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46887", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10875", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46887\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C)\n\ud83d\udd39 Description: The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load.\n\ud83d\udccf Published: 2024-10-08T08:40:43.510Z\n\ud83d\udccf Modified: 2025-04-08T08:22:19.997Z\n\ud83d\udd17 References:\n1. https://cert-portal.siemens.com/productcert/html/ssa-054046.html", "creation_timestamp": "2025-04-08T08:46:39.000000Z"} https://db.gcve.eu/sighting/a65260bd-0e13-4cad-9e2a-362339b7ae93/export Tue, 08 Apr 2025 08:46:39 +0000