{"vulnerability": "CVE-2024-1027", "sightings": [{"uuid": "d86f295c-75f6-4007-a83b-23d79a9542aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10273", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3lksphygiha2u", "content": "", "creation_timestamp": "2025-03-20T12:34:29.387892Z"}, {"uuid": "c542b92b-be46-49e4-a26b-917ae63ac29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10270", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/6dcc559a-77e3-4a18-986f-df02f894221c", "content": "", "creation_timestamp": "2024-11-22T09:53:24.398477Z"}, {"uuid": "0b6449fb-1582-458e-9fbd-32d11e46d1b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10270", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113542463845335027", "content": "", "creation_timestamp": "2024-11-25T07:41:46.273170Z"}, {"uuid": "33d953a9-9523-4cbc-b932-0eede8f2bc96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10273", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8274", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10273\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. The PATCH endpoint for models does not have appropriate privilege checks, enabling low-privilege users to update models they should not have access to modify. This vulnerability could lead to unauthorized changes in critical resources, affecting the integrity and reliability of the system.\n\ud83d\udccf Published: 2025-03-20T10:08:48.120Z\n\ud83d\udccf Modified: 2025-03-20T19:03:10.116Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/883d9fe2-5730-41e1-a5c2-59972489876e\n2. https://github.com/lunary-ai/lunary/commit/8ba1b8ba2c2c30b1cec30eb5777c1fda670cbbfc", "creation_timestamp": "2025-03-20T19:18:40.000000Z"}, {"uuid": "9bfce859-478a-4aa6-9011-fe1af5641491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10279", "type": "seen", "source": "https://t.me/cvedetector/8689", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10279 - \"ESADEFNET CDG SQL Injection\"\", \n  \"Content\": \"CVE ID : CVE-2024-10279 \nPublished : Oct. 23, 2024, 1:15 p.m. | 19\u00a0minutes ago \nDescription : A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T15:42:58.000000Z"}, {"uuid": "f9f1fb53-e17e-4282-8d73-6fee79d5f0a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10278", "type": "seen", "source": "https://t.me/cvedetector/8688", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10278 - \"ESafenet CDG SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10278 \nPublished : Oct. 23, 2024, 1:15 p.m. | 19\u00a0minutes ago \nDescription : A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T15:42:58.000000Z"}, {"uuid": "69fa35ec-ed9d-429e-b56a-10c61ff7164d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10277", "type": "seen", "source": "https://t.me/cvedetector/8686", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10277 - ESAFENET CDG 5 SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10277 \nPublished : Oct. 23, 2024, 12:15 p.m. | 27\u00a0minutes ago \nDescription : A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T14:52:48.000000Z"}, {"uuid": "97a419a2-931c-485c-b2fc-5e8237e67302", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10276", "type": "seen", "source": "https://t.me/cvedetector/8680", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10276 - Tektronix Sentry Cross Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10276 \nPublished : Oct. 23, 2024, 11:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability has been found in Tektronix Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T14:02:35.000000Z"}, {"uuid": "3ff5e7ea-75a7-40db-8c7a-2db6d5144b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1027", "type": "seen", "source": "https://t.me/ctinow/189636", "content": "https://ift.tt/WsBnK1y\nCVE-2024-1027 | SourceCodester Facebook News Feed Like 1.0 Post unrestricted upload", "creation_timestamp": "2024-02-21T14:41:54.000000Z"}, {"uuid": "e2beea9d-5529-4a19-815b-d0641e230b18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1027", "type": "seen", "source": "https://t.me/ctinow/175677", "content": "https://ift.tt/8jvNnwm\nCVE-2024-1027", "creation_timestamp": "2024-01-30T04:26:41.000000Z"}]}