{"vulnerability": "CVE-2024-1084", "sightings": [{"uuid": "fc1bba39-2eaf-496e-a10e-536c75ff6770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10846", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13560", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10846\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H)\n\ud83d\udd39 Description: The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions  v2.27.0 to v2.29.7 included\n\ud83d\udccf Published: 2025-01-23T15:22:56.170Z\n\ud83d\udccf Modified: 2025-04-25T23:02:53.505Z\n\ud83d\udd17 References:\n1. https://github.com/compose-spec/compose-go/security/advisories/GHSA-36gq-35j3-p9r9", "creation_timestamp": "2025-04-26T00:07:36.000000Z"}, {"uuid": "de06f9c3-8355-4063-906e-bbe0f6257753", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10848", "type": "seen", "source": "https://t.me/cvedetector/12069", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10848 - The NewsMunch theme for WordPress is vulnerable to\", \n  \"Content\": \"CVE ID : CVE-2024-10848 \nPublished : Dec. 5, 2024, 10:31 a.m. | 1\u00a0hour, 10\u00a0minutes ago \nDescription : The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T12:50:34.000000Z"}, {"uuid": "10f98ac7-b9e0-44a0-ac68-2e9aa5699a77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10840", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113430477504281459", "content": "", "creation_timestamp": "2024-11-05T13:02:10.176145Z"}, {"uuid": "40129771-7fb3-4982-a289-a4654188f633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10841", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113430712316800351", "content": "", "creation_timestamp": "2024-11-05T14:01:52.982070Z"}, {"uuid": "e9ee696f-a42a-4cd8-ac1f-b58024a6297d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10842", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113430712331102235", "content": "", "creation_timestamp": "2024-11-05T14:01:53.229185Z"}, {"uuid": "dadcc7e5-657c-489c-ba41-e6ff60055335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10849", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113604963616642781", "content": "", "creation_timestamp": "2024-12-06T08:36:16.800263Z"}, {"uuid": "2243d459-c72a-4fc3-af6e-34c58fb84c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10848", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113599519411172621", "content": "", "creation_timestamp": "2024-12-05T09:31:45.099486Z"}, {"uuid": "2e01da6a-a656-4c2a-bf42-94e7a656b905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10846", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113878382100891566", "content": "", "creation_timestamp": "2025-01-23T15:30:12.371335Z"}, {"uuid": "b1a845fe-6a92-4244-9b33-9a17ddf56210", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10846", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113878400720241278", "content": "", "creation_timestamp": "2025-01-23T15:34:55.918424Z"}, {"uuid": "c871894a-f2b4-481f-9627-f56c1c5ef660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-10844", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mhrytzo44o2q", "content": "", "creation_timestamp": "2026-03-24T07:00:15.022857Z"}, {"uuid": "901893f8-bb65-4b91-bf0e-f8fc2d0f7d73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-10845", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mhsjmi7gam2b", "content": "", "creation_timestamp": "2026-03-24T12:00:15.877992Z"}, {"uuid": "118bf1cc-0e12-4a02-b18b-970ce1d48dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10841", "type": "seen", "source": "https://t.me/cvedetector/9867", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10841 - Romadebrian WEB-Sekolah SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10841 \nPublished : Nov. 5, 2024, 2:15 p.m. | 41\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Affected by this vulnerability is an unknown functionality of the file /Proses_Kirim.php of the component Mail Handler. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T16:22:42.000000Z"}, {"uuid": "0c66b2e9-6fcc-447f-86bf-5fc96674a5ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10842", "type": "seen", "source": "https://t.me/cvedetector/9866", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10842 - \"Romadebrian WEB-Sekolah Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10842 \nPublished : Nov. 5, 2024, 2:15 p.m. | 41\u00a0minutes ago \nDescription : A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of the argument Username_Baru/Password leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T16:22:41.000000Z"}, {"uuid": "f4a8327e-e36b-478f-b7ff-2f4b0a89857e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10840", "type": "seen", "source": "https://t.me/cvedetector/9864", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10840 - Romadebrian WEB-Sekolah Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10840 \nPublished : Nov. 5, 2024, 1:15 p.m. | 22\u00a0minutes ago \nDescription : A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Affected is an unknown function of the file /Admin/akun_edit.php of the component Backend. The manipulation of the argument kode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T14:42:00.000000Z"}, {"uuid": "289c44e0-4faa-44bf-b685-609681fe9a0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1084", "type": "seen", "source": "https://t.me/ctinow/184135", "content": "https://ift.tt/d8tObPL\nCVE-2024-1084", "creation_timestamp": "2024-02-13T20:22:09.000000Z"}, {"uuid": "93a4c82d-85a2-46fb-9b54-019d14d16d18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10848", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113599533079955717", "content": "", "creation_timestamp": "2024-12-05T09:35:13.307691Z"}, {"uuid": "0d7f98cc-255b-4cf7-b67b-83fb2a8c44c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10846", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggbqgn3ig2t", "content": "", "creation_timestamp": "2025-01-23T16:15:57.257217Z"}, {"uuid": "a78fb027-6b57-4e7a-8a4e-f3aeb2926bf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1084", "type": "seen", "source": "https://t.me/ctinow/201054", "content": "https://ift.tt/YKtqcSE\nCVE-2024-1084 | GitHub Enterprise Server up to 3.8.14/3.9.9/3.10.6/3.11.4 Tag Protections UI tag name pattern cross site scripting", "creation_timestamp": "2024-03-06T07:07:23.000000Z"}, {"uuid": "49871594-2dc5-4347-9181-66e48a637366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10847", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917612286403707", "content": "", "creation_timestamp": "2025-01-30T13:46:57.034629Z"}, {"uuid": "00e423b5-1a8a-4b08-b303-be353c4c7ebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10847", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxocxm7732w", "content": "", "creation_timestamp": "2025-01-30T14:16:19.255694Z"}]}