{"vulnerability": "CVE-2024-1236", "sightings": [{"uuid": "c68d798b-ea3d-49ba-b94f-0b2617d9962f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1463", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12365\n\ud83d\udd39 Description: The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications.\n\ud83d\udccf Published: 2025-01-14T07:05:40.307Z\n\ud83d\udccf Modified: 2025-01-14T07:05:40.307Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/196e629f-7c77-4bcb-8224-305a0108b630?source=cve\n2. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/w3-total-cache.php#L71\n3. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Root_Loader.php#L269\n4. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L55\n5. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L385\n6. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L516\n7. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Admin.php#L822\n8. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/top_nav_bar.php#L217\n9. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/footer.php#L49\n10. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L55\n11. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L246\n12. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extension_ImageService_Plugin_Admin.php#L200\n13. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L10\n14. https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L94", "creation_timestamp": "2025-01-14T08:08:18.000000Z"}, {"uuid": "92ba9539-ad54-4e89-8496-d15cd80c81ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3932", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12366\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI (2.4.3 and earlier) fail to distinguish between legitimate and malicious inputs, allowing the attackers to manipulate the system into executing untrusted code, leading to untrusted code execution (RCE), system compromise, or pivoting attacks on connected services.\n\ud83d\udccf Published: 2025-02-11T15:32:24Z\n\ud83d\udccf Modified: 2025-02-11T21:41:47Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12366\n2. https://docs.getpanda.ai/v3/privacy-security\n3. https://docs.pandas-ai.com/advanced-security-agent\n4. https://github.com/sinaptik-ai/pandas-ai\n5. https://www.kb.cert.org/vuls/id/148244", "creation_timestamp": "2025-02-11T22:06:55.000000Z"}, {"uuid": "b41c5ffb-ee7a-4ea3-b0ac-2ec6a49664f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12368", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5340", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12368\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users.\n\ud83d\udccf Published: 2025-02-25T18:10:12.109Z\n\ud83d\udccf Modified: 2025-02-25T18:10:12.109Z\n\ud83d\udd17 References:\n1. https://github.com/odoo/odoo/issues/193854", "creation_timestamp": "2025-02-25T18:22:34.000000Z"}, {"uuid": "a2405220-b967-4f58-a5ec-736da33538c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12369", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12325", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12369\n\ud83d\udd25 CVSS Score: 4.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.\n\ud83d\udccf Published: 2024-12-09T20:53:09.260Z\n\ud83d\udccf Modified: 2025-04-17T18:46:48.744Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:3989\n2. https://access.redhat.com/security/cve/CVE-2024-12369\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2331178", "creation_timestamp": "2025-04-17T18:58:08.000000Z"}, {"uuid": "72b24f6f-de22-4491-8817-386375b805e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12364", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19747", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12364\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Ye\u015fil Software Guest Tracking Software allows SQL Injection.This issue affects .\u00a0\u00a0NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.\n\ud83d\udccf Published: 2025-06-27T16:13:51.955Z\n\ud83d\udccf Modified: 2025-06-27T16:40:30.349Z\n\ud83d\udd17 References:\n1. https://www.usom.gov.tr/bildirim/tr-25-0140", "creation_timestamp": "2025-06-27T16:57:26.000000Z"}, {"uuid": "16d397c8-e6d8-40d0-9ab1-e983629bec96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lfxtu4ytkx2y", "content": "", "creation_timestamp": "2025-01-17T22:30:13.656722Z"}, {"uuid": "7ae0080e-903d-4b96-a6b3-cf474c1d3291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-19fd9414-f6e015e089aff22d", "content": "", "creation_timestamp": "2025-01-18T17:23:41.187341Z"}, {"uuid": "a60290fd-517e-43d1-89c2-a049ead8731f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/elhackernet.extwitter.link/post/3lg3kktvyms26", "content": "", "creation_timestamp": "2025-01-19T09:54:36.969897Z"}, {"uuid": "43902ec7-8b91-4ca3-be5b-374bcab5897d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lhxbhshixk24", "content": "", "creation_timestamp": "2025-02-12T03:51:39.515915Z"}, {"uuid": "68d367e3-00c6-4598-8560-2cccb390055a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lpa24buegp2a", "content": "", "creation_timestamp": "2025-05-15T17:30:11.713272Z"}, {"uuid": "cd3277ee-a949-4f3e-9a7c-86d7c32e01b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12368", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "e8521c8d-159f-40f3-8d8c-cca59513f2df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "Telegram/MDn3J-gZI7WnMy5prxbmMSmCuuwX13pC8UWTypDqOGxF42G_", "content": "", "creation_timestamp": "2025-02-14T10:01:40.000000Z"}, {"uuid": "4c4a7879-2fd2-44e5-8dab-b8b7f09c533b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12368", "type": "seen", "source": "https://t.me/cvedetector/18904", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12368 - Odoo OAuth Token Export Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12368 \nPublished : Feb. 25, 2025, 6:15 p.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T21:33:58.000000Z"}, {"uuid": "9d39356b-744a-4d6b-bd4b-48340848f42d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://t.me/cvedetector/17706", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12366 - PandasAI LLM Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12366 \nPublished : Feb. 11, 2025, 1:15 p.m. | 52\u00a0minutes ago \nDescription : PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T15:41:46.000000Z"}, {"uuid": "798f8c38-946a-466a-837b-e3ad98be4b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12363", "type": "seen", "source": "https://t.me/cvedetector/12624", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12363 - TeamViewer Remote Management Local File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12363 \nPublished : Dec. 11, 2024, 10:15 a.m. | 59\u00a0minutes ago \nDescription : Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files.\u00a0TeamViewer Patch & Asset Management is part of TeamViewer Remote Management. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T12:43:52.000000Z"}, {"uuid": "01e2dcd6-5814-4b33-a0e9-5a278695a42e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12360", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113621121483792762", "content": "", "creation_timestamp": "2024-12-09T05:05:26.596707Z"}, {"uuid": "a7fdf1fb-98eb-4d3e-a6f8-4c5e2d5e57bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113985351114543788", "content": "", "creation_timestamp": "2025-02-11T12:53:49.414504Z"}, {"uuid": "3fec8e1b-7cf8-4041-9fa0-d1be0af90170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvqjn3qkr23", "content": "", "creation_timestamp": "2025-02-11T13:15:43.144485Z"}, {"uuid": "e8689a18-fc63-48f3-8db1-419771af9acc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhvu4qgspo2y", "content": "", "creation_timestamp": "2025-02-11T14:20:11.512221Z"}, {"uuid": "c9fb2119-8503-4bc2-b9a9-bac9a3c41f37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12368", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114066255003294911", "content": "", "creation_timestamp": "2025-02-25T19:48:45.022045Z"}, {"uuid": "feac696e-8302-487b-b515-a187c400462b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12364", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsmfp62vqt2u", "content": "", "creation_timestamp": "2025-06-27T19:45:08.066695Z"}, {"uuid": "e0543a1d-38e9-4145-a102-d23907b53b8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12367", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lyx2rw5qwx2o", "content": "", "creation_timestamp": "2025-09-16T10:00:15.823587Z"}, {"uuid": "f5658378-e578-4847-b329-5722c8f5059b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "Telegram/eHEjQCiSTDqdk9YFMewvBbbqxj24kA_-fNM16rcTTHsyl0hG", "content": "", "creation_timestamp": "2025-02-14T10:04:00.000000Z"}, {"uuid": "c7642edf-1fb2-4a29-90f2-b488363c846b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://t.me/cvedetector/15232", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12365 - WordPress W3 Total Cache Unauthorized Data Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12365 \nPublished : Jan. 14, 2025, 7:15 a.m. | 38\u00a0minutes ago \nDescription : The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T08:58:24.000000Z"}, {"uuid": "305da1b8-6943-4bb6-954e-fea891c92031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12369", "type": "seen", "source": "https://t.me/cvedetector/12447", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12369 - OpenID Connect Client Authorization Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12369 \nPublished : Dec. 9, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T23:04:27.000000Z"}, {"uuid": "5376231b-5a53-489a-a356-b95f1d1472b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12360", "type": "seen", "source": "https://t.me/cvedetector/12362", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12360 - \"Code-projects Online Class and Exam Scheduling System SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12360 \nPublished : Dec. 9, 2024, 5:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T07:10:07.000000Z"}, {"uuid": "23c778ff-668c-4a1f-b9ab-89ece3276758", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12362", "type": "seen", "source": "https://t.me/cvedetector/12978", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12362 - InvoicePlane Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12362 \nPublished : Dec. 16, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-16T12:19:30.000000Z"}, {"uuid": "6e9e879c-4fbd-4fa6-bed5-e6ce0809d5f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "Telegram/03ProG_aSsOBxs0Iz_mqpSONf1h0Bjc41e6bDcTiczX4atpv", "content": "", "creation_timestamp": "2025-02-14T10:01:40.000000Z"}, {"uuid": "f0dc49d4-e8a3-4124-b59b-26f9a4925959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1236", "type": "seen", "source": "https://t.me/ctinow/203687", "content": "https://ift.tt/nRfeGjt\nCVE-2024-1236 | wpdevteam Essential Addons for Elementor Plugin up to 5.9.8 on WordPress cross site scripting (ID 3034127)", "creation_timestamp": "2024-03-09T00:31:59.000000Z"}, {"uuid": "1e147309-d395-41b0-b54e-15db494294f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://gist.github.com/Sagar2366/6b01a07e54bbccfeb747b6ee441b17f4", "content": "", "creation_timestamp": "2026-05-29T18:31:33.000000Z"}, {"uuid": "571a8d9a-b11d-4f99-8bc0-2d394ebc527e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12369", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113624852492732843", "content": "", "creation_timestamp": "2024-12-09T20:54:16.963597Z"}, {"uuid": "b8069731-d2d4-4ef8-a582-e3d14336ea6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12363", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113633523015812139", "content": "", "creation_timestamp": "2024-12-11T09:39:18.786946Z"}, {"uuid": "221da85d-7884-4cf1-bb58-a35c2d6a95db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113825455604962375", "content": "", "creation_timestamp": "2025-01-14T07:10:21.191153Z"}, {"uuid": "86148048-80c7-4832-902d-37e9339470ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lftcbcvgdh2m", "content": "", "creation_timestamp": "2025-01-16T03:04:48.760796Z"}, {"uuid": "20a18dfb-6829-4b82-bdf4-54dba20c6e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfopefu2gp2n", "content": "", "creation_timestamp": "2025-01-14T07:15:52.371762Z"}, {"uuid": "d6f23ea4-bf7e-4223-b0d9-68c56fca2eee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfoqukgdir2h", "content": "", "creation_timestamp": "2025-01-14T07:42:47.898567Z"}, {"uuid": "7afa1095-ecfb-40dd-a228-e6c3d907549e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfoquknkwz2h", "content": "", "creation_timestamp": "2025-01-14T07:42:48.907353Z"}, {"uuid": "dd97454c-5a03-4893-986c-8f9fb3ae458b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113825605649943834", "content": "", "creation_timestamp": "2025-01-14T07:48:27.127411Z"}, {"uuid": "40029511-7877-49b4-9ae2-df69480df092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lfv6rb3wys2y", "content": "", "creation_timestamp": "2025-01-16T21:07:28.053727Z"}, {"uuid": "72fff6b8-4a0d-408e-9bbc-e6a84aed0083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2024-12365", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lftvss2kp22q", "content": "", "creation_timestamp": "2025-01-16T08:54:36.610930Z"}, {"uuid": "21cf58da-2959-447b-9dd0-3d7c7bf7a321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/113844206824737894", "content": "", "creation_timestamp": "2025-01-17T14:38:58.391047Z"}, {"uuid": "294dfa66-b307-4ee5-aab5-dde0ee6f6548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3lfwzjtt6p22y", "content": "", "creation_timestamp": "2025-01-17T14:39:11.400998Z"}, {"uuid": "9b3b4c6b-c9ff-46bb-bb26-7536363c939b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2024-12365", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lg5ceaqux22b", "content": "", "creation_timestamp": "2025-01-20T02:33:04.666934Z"}, {"uuid": "5eb043b2-d82f-43fe-af8b-de5e07e08217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12365", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/113861697335696342", "content": "", "creation_timestamp": "2025-01-20T16:47:07.042848Z"}, {"uuid": "8e7d9587-373c-4e6f-9e57-5e5352cec1f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12366", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3li3i5vka7s26", "content": "", "creation_timestamp": "2025-02-13T20:01:58.784176Z"}]}