{"vulnerability": "CVE-2024-2562", "sightings": [{"uuid": "7594dcf5-6478-49ac-9452-90fdf58ac9a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25621", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3makv2j5u3c2g", "content": "", "creation_timestamp": "2025-12-22T09:07:33.350940Z"}, {"uuid": "44d10b72-4a10-4f62-83fb-c63fb5792140", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25622", "type": "seen", "source": "https://t.me/cvedetector/7690", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-25622 - h2o HTTP Server Header Inheritance Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-25622 \nPublished : Oct. 11, 2024, 3:15 p.m. | 31\u00a0minutes ago \nDescription : h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes (e.g., path level) are expected to inherit the configuration defined in outer scopes (e.g., global level). However, if a header directive is used in the inner scope, all the definition in outer scopes are ignored. This can lead to headers not being modified as expected. Depending on the headers being added or removed unexpectedly, this behavior could lead to unexpected client behavior. This vulnerability is fixed in commit 123f5e2b65dcdba8f7ef659a00d24bd1249141be. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-11T17:51:57.000000Z"}, {"uuid": "50ed9cf8-edbd-464b-945b-e2886ce0f5c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25625", "type": "seen", "source": "https://t.me/ctinow/203208", "content": "https://ift.tt/xYUlbZF\nCVE-2024-25625 | Pimcore admin-ui-classic-bundle up to 1.3.3 HTTP Header invitationLinkAction Host injection", "creation_timestamp": "2024-03-08T10:51:36.000000Z"}, {"uuid": "a325e58f-cab0-4709-9486-b5ae437de28d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2562", "type": "seen", "source": "https://t.me/ctinow/209913", "content": "https://ift.tt/houGLji\nCVE-2024-2562", "creation_timestamp": "2024-03-17T13:26:17.000000Z"}, {"uuid": "eff63462-6bd3-49d6-bdd5-3fa2d235672b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2562", "type": "seen", "source": "https://t.me/ctinow/209911", "content": "https://ift.tt/houGLji\nCVE-2024-2562", "creation_timestamp": "2024-03-17T13:21:52.000000Z"}, {"uuid": "2b649bd1-62df-455a-8594-beba95f6bb87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25629", "type": "seen", "source": "https://t.me/ctinow/192146", "content": "https://ift.tt/tJcTr6w\nCVE-2024-25629", "creation_timestamp": "2024-02-23T20:41:31.000000Z"}, {"uuid": "4f1adc23-d72c-4cf9-842d-c02d586ad7a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25620", "type": "seen", "source": "https://t.me/ctinow/185308", "content": "https://ift.tt/j6ZB5OD\nCVE-2024-25620", "creation_timestamp": "2024-02-15T08:11:20.000000Z"}, {"uuid": "9d227c91-3404-4942-93a8-da9eaa2dafcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25626", "type": "seen", "source": "Telegram/d8YNJ_IhzxAj-FCR4t25rOEGyCbvl13tNYDSAkUE9NYY0BBR", "content": "", "creation_timestamp": "2025-02-06T02:40:18.000000Z"}, {"uuid": "021babbf-a19b-43c1-92d9-ff196cc17af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25625", "type": "seen", "source": "https://t.me/arpsyndicate/3674", "content": "#ExploitObserverAlert\n\nCVE-2024-25625\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25625. Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input.  The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application's domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent.", "creation_timestamp": "2024-02-20T18:54:30.000000Z"}, {"uuid": "8bd34662-fc9e-4e8f-b328-ead06136e4d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25629", "type": "seen", "source": "https://t.me/ctinow/207333", "content": "https://ift.tt/TYeQiwF\nCVE-2024-25629 | c-ares up to 1.26.x Null Character ares__read_line memory corruption", "creation_timestamp": "2024-03-14T00:46:26.000000Z"}, {"uuid": "03c83468-1c1f-4be4-9d25-09ea38994ac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25623", "type": "seen", "source": "https://t.me/ctinow/203207", "content": "https://ift.tt/TJX75zk\nCVE-2024-25623 | Mastodon up to 3.5.18/4.0.14/4.1.14/4.2.6 HTTP Header Content-Type unrestricted upload", "creation_timestamp": "2024-03-08T10:51:35.000000Z"}, {"uuid": "87848366-cbf1-45bc-8fa6-9ff93b60dcf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25625", "type": "seen", "source": "https://t.me/ctinow/187832", "content": "https://ift.tt/I0bVQN5\nCVE-2024-25625", "creation_timestamp": "2024-02-19T17:26:27.000000Z"}, {"uuid": "eeefab9d-bded-4a87-9d06-6ad41b2948dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25626", "type": "seen", "source": "https://t.me/ctinow/187929", "content": "https://ift.tt/HC2wgqt\nCVE-2024-25626", "creation_timestamp": "2024-02-19T21:26:31.000000Z"}, {"uuid": "8af561a0-4ecc-43a4-b7f3-a316c9d3ecaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25629", "type": "seen", "source": "https://t.me/ctinow/191907", "content": "https://ift.tt/C5uRzbQ\nCVE-2024-25629", "creation_timestamp": "2024-02-23T16:41:49.000000Z"}, {"uuid": "bf30d889-e62e-4c37-b916-991f73117b5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25629", "type": "seen", "source": "https://t.me/ctinow/191883", "content": "https://ift.tt/C5uRzbQ\nCVE-2024-25629", "creation_timestamp": "2024-02-23T16:32:07.000000Z"}, {"uuid": "16acd5d2-022e-4192-8be0-dbd318c75523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25628", "type": "seen", "source": "https://t.me/ctinow/186662", "content": "https://ift.tt/2VpXFed\nCVE-2024-25628", "creation_timestamp": "2024-02-16T22:22:02.000000Z"}, {"uuid": "b4e3f224-66fa-4259-8262-776bb4f9e6fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25627", "type": "seen", "source": "https://t.me/ctinow/186661", "content": "https://ift.tt/O6lheic\nCVE-2024-25627", "creation_timestamp": "2024-02-16T22:21:58.000000Z"}, {"uuid": "3303f317-4379-4699-9d29-48306ef43277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25625", "type": "seen", "source": "https://t.me/ctinow/187827", "content": "https://ift.tt/I0bVQN5\nCVE-2024-25625", "creation_timestamp": "2024-02-19T17:21:59.000000Z"}, {"uuid": "0944c6a6-4f10-4208-bfd1-0e07a91c442f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25623", "type": "seen", "source": "https://t.me/ctinow/187826", "content": "https://ift.tt/n1uQg9f\nCVE-2024-25623", "creation_timestamp": "2024-02-19T17:21:58.000000Z"}, {"uuid": "0b2294ce-e1ef-4abd-9f25-e736730912fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25623", "type": "seen", "source": "https://t.me/ctinow/187831", "content": "https://ift.tt/n1uQg9f\nCVE-2024-25623", "creation_timestamp": "2024-02-19T17:26:26.000000Z"}, {"uuid": "975b1864-ee3b-476c-b12a-3cc8ecb968b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25626", "type": "seen", "source": "https://t.me/ctinow/187922", "content": "https://ift.tt/HC2wgqt\nCVE-2024-25626", "creation_timestamp": "2024-02-19T21:21:24.000000Z"}, {"uuid": "53cb49be-6667-4a4a-a807-3bc5542da400", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25620", "type": "seen", "source": "https://t.me/ctinow/185168", "content": "https://ift.tt/pX6GAT8\nCVE-2024-25620", "creation_timestamp": "2024-02-15T01:26:45.000000Z"}, {"uuid": "7e72e134-2ed1-4336-b50a-b09c304a73aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-25624", "type": "seen", "source": "https://gist.github.com/khoindq/bded28fd1242788522ce29d279b9d883", "content": "", "creation_timestamp": "2026-05-10T02:48:32.000000Z"}, {"uuid": "54c9e443-aa64-4189-9657-305ac59044fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-25624", "type": "seen", "source": "https://gist.github.com/khoindq/f145db4952e1aa3644b83c964afbf97a", "content": "", "creation_timestamp": "2026-05-10T03:58:34.000000Z"}]}