{"vulnerability": "CVE-2024-4559", "sightings": [{"uuid": "ff9943b7-93f8-4833-965b-7c0a6c9c829f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45598", "type": "seen", "source": "https://t.me/cvedetector/16465", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45598 - Cacti Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45598 \nPublished : Jan. 27, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29. \nSeverity: 6.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T17:40:18.000000Z"}, {"uuid": "b10a761e-3254-40c9-ac46-a4483ebe7df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45597", "type": "seen", "source": "https://t.me/cvedetector/5314", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45597 - Pluto Lua HTTP Request Header Injection\", \n  \"Content\": \"CVE ID : CVE-2024-45597 \nPublished : Sept. 10, 2024, 10:15 p.m. | 39\u00a0minutes ago \nDescription : Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T01:07:37.000000Z"}, {"uuid": "236476d9-9f64-4e23-8f5e-fa9492c06f04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45593", "type": "seen", "source": "https://t.me/cvedetector/5262", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45593 - Nix Arbitrary File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45593 \nPublished : Sept. 10, 2024, 4:15 p.m. | 43\u00a0minutes ago \nDescription : Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. This issue is fixed in Nix 2.24.6. \nSeverity: 9.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T19:15:40.000000Z"}, {"uuid": "4cafa6f3-483a-4a53-baa4-ac9536d813a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45592", "type": "seen", "source": "https://t.me/cvedetector/5261", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45592 - \"Symphony Auditor-Bundle Unescaped Entity Property JavaScript Injection\"\", \n  \"Content\": \"CVE ID : CVE-2024-45592 \nPublished : Sept. 10, 2024, 4:15 p.m. | 43\u00a0minutes ago \nDescription : auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to 6.0.0, there is an unescaped entity property enabling Javascript injection. This is possible because %source_label% in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in 6.0.0. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T19:15:39.000000Z"}, {"uuid": "18ab3b4b-6acf-4448-b250-cff3b281afe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45595", "type": "seen", "source": "https://t.me/cvedetector/5260", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45595 - D-Tale Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45595 \nPublished : Sept. 10, 2024, 4:15 p.m. | 43\u00a0minutes ago \nDescription : D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the \"Custom Filter\" input is turned off by default. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T19:15:38.000000Z"}, {"uuid": "6902077d-1f9c-4f16-b419-f7929fe09041", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45590", "type": "seen", "source": "https://t.me/cvedetector/5259", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45590 - \"body-parser Denial of Service (DoS) Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-45590 \nPublished : Sept. 10, 2024, 4:15 p.m. | 43\u00a0minutes ago \nDescription : body-parser is Node.js body parsing middleware. body-parser Severity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T19:15:37.000000Z"}, {"uuid": "5956ad5c-f07c-4ffd-a165-f037bb0f7432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45596", "type": "seen", "source": "https://t.me/cvedetector/5295", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45596 - Directus OpenID/OAuth2 Unauthenticated Access to Credentials\", \n  \"Content\": \"CVE ID : CVE-2024-45596 \nPublished : Sept. 10, 2024, 7:15 p.m. | 23\u00a0minutes ago \nDescription : Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T21:46:54.000000Z"}, {"uuid": "5b24700c-a68c-495e-8cc9-13d983daa5f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45591", "type": "seen", "source": "https://t.me/cvedetector/5263", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45591 - XWiki Platform Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45591 \nPublished : Sept. 10, 2024, 4:15 p.m. | 43\u00a0minutes ago \nDescription : XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T19:15:43.000000Z"}, {"uuid": "a47b42ac-e5ac-4a8e-ba38-a1153891090b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45593", "type": "seen", "source": "https://t.me/CyberBulletin/25559", "content": "\u26a1\ufe0fCritical Flaw in NixOS Package Manager: CVE-2024-45593 Allows Arbitrary File Write with Root Permissions.\n\n#CyberBulletin", "creation_timestamp": "2024-09-16T09:16:16.000000Z"}, {"uuid": "2ce61622-da70-416d-b674-5c513993ad48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45598", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqdms73z22e", "content": "", "creation_timestamp": "2025-01-27T16:16:19.927782Z"}, {"uuid": "325c8c8d-2fbc-4f76-a34f-f49fea80c255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45591", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-45591.yaml", "content": "", "creation_timestamp": "2025-02-11T16:54:25.000000Z"}, {"uuid": "b8b2be77-87f0-4ede-bea8-2f17a5904f0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45591", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lhz32dhsmn2v", "content": "", "creation_timestamp": "2025-02-12T21:02:03.445967Z"}, {"uuid": "839110a1-89bf-4b72-8004-e75ff0bc25ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45590", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ly226rfbkx24", "content": "", "creation_timestamp": "2025-09-04T21:02:27.909195Z"}, {"uuid": "37d884a6-ceb9-407e-8d46-0681dc53fb7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-45590", "type": "seen", "source": "https://gist.github.com/jrvssingh-cpu/5ca4be6b05f749c6962d84fae197cdc9", "content": "", "creation_timestamp": "2026-02-25T10:55:46.000000Z"}, {"uuid": "98c797af-adae-4751-9b80-a2ec4ec5c6f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45590", "type": "published-proof-of-concept", "source": "Telegram/5Fo67vEzNv56ioLJ8OlgTOKKgKXTZTDGIuUIa4ooWyEqWlA", "content": "", "creation_timestamp": "2025-09-04T10:10:14.000000Z"}, {"uuid": "0db2755e-c07a-4ae4-9f74-f331cacc7a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45594", "type": "seen", "source": "https://t.me/cvedetector/10851", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45594 - Decidim Meeting XSS\", \n  \"Content\": \"CVE ID : CVE-2024-45594 \nPublished : Nov. 13, 2024, 5:15 p.m. | 38\u00a0minutes ago \nDescription : Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T18:54:27.000000Z"}, {"uuid": "67bdd96b-8844-4b02-b52e-c3e630116001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45593", "type": "seen", "source": "https://t.me/CyberBulletin/720", "content": "\u26a1\ufe0fCritical Flaw in NixOS Package Manager: CVE-2024-45593 Allows Arbitrary File Write with Root Permissions.\n\n#CyberBulletin", "creation_timestamp": "2024-09-16T09:16:16.000000Z"}, {"uuid": "d88a44fc-ed58-4961-b9eb-519d91646d02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45598", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113901113279203094", "content": "", "creation_timestamp": "2025-01-27T15:51:01.957466Z"}, {"uuid": "709f65aa-fb6f-4296-a5a5-53d56c1a5b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45593", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/13184", "content": "\u200aCritical Flaw in NixOS Package Manager: CVE-2024-45593 Allows Arbitrary File Write with Root Permissions\n\nhttps://securityonline.info/critical-flaw-in-nixos-package-manager-cve-2024-45593-allows-arbitrary-file-write-with-root-permissions/", "creation_timestamp": "2024-09-16T14:39:44.000000Z"}, {"uuid": "9f471a3a-41f1-4e93-92bd-ea35b9e35b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45593", "type": "seen", "source": "https://t.me/codeby_sec/8388", "content": "\u2753 \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0434\u0432\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Performance Co-Pilot (PCP). \u041f\u0435\u0440\u0432\u0430\u044f, CVE-2024-45770, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0443\u0442\u0438\u043b\u0438\u0442\u043e\u0439 pmpost \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root, \u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0435\u0441\u043b\u0438 \u0443 \u043d\u0438\u0445 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0412\u0442\u043e\u0440\u0430\u044f, CVE-2024-45769, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 pcmd \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 PCP 6.3.1 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043e\u0431\u0430 \u0440\u0438\u0441\u043a\u0430.\n\n\u23fa\ufe0f\u0422\u0430\u043a\u0436\u0435 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Nix (CVE-2024-45593), \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0430\u0440\u0445\u0438\u0432\u044b NAR \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 Nix 2.24.6.\n\n\ud83c\udf1a \u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0439\u0442\u0435\u0441\u044c, \u0447\u0442\u043e\u0431\u044b \u043e\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2024-09-26T10:10:56.000000Z"}]}