{"vulnerability": "CVE-2024-1028", "sightings": [{"uuid": "27956ad1-ae9f-4066-9994-003afc5fef90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10288", "type": "seen", "source": "https://t.me/HackerArsenal/599", "content": "\u203c\ufe0f CVE-2024-10288 \u203c\ufe0f\n\nCrossSite Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through mlssSubscribeToList, parameter ListName.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"National Vulnerability Database\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity_CVEs", "creation_timestamp": "2024-10-23T14:37:06.000000Z"}, {"uuid": "1f6aee87-1b24-4cf2-8e6c-4b91d89b8d4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10284", "type": "seen", "source": "https://t.me/cvedetector/10264", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10284 - WordPress CE21 Suite Hardcoded Encryption Key Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-10284 \nPublished : Nov. 9, 2024, 3:15 a.m. | 37\u00a0minutes ago \nDescription : The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T04:55:28.000000Z"}, {"uuid": "82be25e7-b178-4d98-83d6-b5b6fb24db94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10285", "type": "seen", "source": "https://t.me/cvedetector/10261", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10285 - WordPress CE21 Suite Plugin JWT Sensitive Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-10285 \nPublished : Nov. 9, 2024, 3:15 a.m. | 37\u00a0minutes ago \nDescription : The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T04:55:26.000000Z"}, {"uuid": "6e8ced59-55d3-4ca6-b8dd-ed1b7f9ba0ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10283", "type": "seen", "source": "https://t.me/cvedetector/8706", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10283 - Tenda RX9/Pro Stack Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10283 \nPublished : Oct. 23, 2024, 3:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T18:13:43.000000Z"}, {"uuid": "603ec6a2-cdf6-4061-a212-a716e66c73fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10282", "type": "seen", "source": "https://t.me/cvedetector/8705", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10282 - Tenda RX9 and RX9 Pro Stack-Based Buffer Overflow Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-10282 \nPublished : Oct. 23, 2024, 3:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T18:13:42.000000Z"}, {"uuid": "ceb0ade9-af86-4df6-a9b4-99333fa195e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10280", "type": "seen", "source": "https://t.me/cvedetector/8693", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10280 - Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 Remote Web-Read Event Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10280 \nPublished : Oct. 23, 2024, 2:15 p.m. | 51\u00a0minutes ago \nDescription : A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T17:23:19.000000Z"}, {"uuid": "40068041-62fb-4770-bad3-03253076d5a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10281", "type": "seen", "source": "https://t.me/cvedetector/8691", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10281 - Tenda RX9 and RX9 Pro Stack-Based Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10281 \nPublished : Oct. 23, 2024, 2:15 p.m. | 51\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T17:23:18.000000Z"}, {"uuid": "d7e5b6a7-9881-4595-b00b-88f75db4ee07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10286", "type": "seen", "source": "https://t.me/cvedetector/8687", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10286 - LocalServer XSS Leverage\", \n  \"Content\": \"CVE ID : CVE-2024-10286 \nPublished : Oct. 23, 2024, 12:15 p.m. | 27\u00a0minutes ago \nDescription : Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T14:52:49.000000Z"}, {"uuid": "19dc232d-47cb-4bbd-b82e-bf50148399ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10289", "type": "seen", "source": "https://t.me/cvedetector/8685", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10289 - LocalServer XSS Attack Steals Session Details\", \n  \"Content\": \"CVE ID : CVE-2024-10289 \nPublished : Oct. 23, 2024, 12:15 p.m. | 27\u00a0minutes ago \nDescription : Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T14:52:48.000000Z"}, {"uuid": "255988da-62b5-45cc-a34c-cf7b5e23978b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10288", "type": "seen", "source": "https://t.me/cvedetector/8684", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10288 - LocalServer XSS Hazards\", \n  \"Content\": \"CVE ID : CVE-2024-10288 \nPublished : Oct. 23, 2024, 12:15 p.m. | 27\u00a0minutes ago \nDescription : Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T14:52:47.000000Z"}, {"uuid": "db5b86b2-691d-4c54-9469-101357c0338a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10287", "type": "seen", "source": "https://t.me/cvedetector/8683", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10287 - LocalServer XSS\", \n  \"Content\": \"CVE ID : CVE-2024-10287 \nPublished : Oct. 23, 2024, 12:15 p.m. | 27\u00a0minutes ago \nDescription : Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T14:52:46.000000Z"}, {"uuid": "5d999597-d8ed-4cfc-88cf-b0df708d6bf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10289", "type": "seen", "source": "https://t.me/HackerArsenal/600", "content": "\u203c\ufe0f CVE-2024-10289 \u203c\ufe0f\n\nCrossSite Scripting XSS vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through mlssManageSubscription, parameter MSubListName.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"National Vulnerability Database\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity_CVEs", "creation_timestamp": "2024-10-23T14:37:06.000000Z"}, {"uuid": "6a8c9451-997b-4c06-847e-79ddf93f9b92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1028", "type": "seen", "source": "https://t.me/ctinow/189637", "content": "https://ift.tt/1PsEdJQ\nCVE-2024-1028 | SourceCodester Facebook News Feed Like 1.0 Post Description cross site scripting", "creation_timestamp": "2024-02-21T14:41:55.000000Z"}, {"uuid": "480fadc2-ce58-4c7d-add9-aa66c7031115", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1028", "type": "seen", "source": "https://t.me/ctinow/175700", "content": "https://ift.tt/bfDMqux\nCVE-2024-1028", "creation_timestamp": "2024-01-30T06:21:22.000000Z"}, {"uuid": "49e541aa-af56-4db7-b17d-1de745a4bb4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10284", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113450679715253097", "content": "", "creation_timestamp": "2024-11-09T02:39:51.291931Z"}, {"uuid": "d49cc1d6-6170-4162-9f72-c2a8fc3f2adb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10285", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113450679730462510", "content": "", "creation_timestamp": "2024-11-09T02:39:51.486347Z"}, {"uuid": "8b1c51f5-6a35-4def-8874-6ead7c092a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10285", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3394", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10285\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-11-09T03:15:04.410\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L237\n2. https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L281\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=cve", "creation_timestamp": "2025-01-29T19:18:36.000000Z"}, {"uuid": "b56dd824-bfaa-4457-859b-218432cc2195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10284", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3395", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10284\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-11-09T03:15:03.943\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L242\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/45d66743-300e-480d-98b8-99dc30b6e786?source=cve", "creation_timestamp": "2025-01-29T19:18:37.000000Z"}]}