{"vulnerability": "CVE-2024-4718", "sightings": [{"uuid": "6674d6b9-e31c-4114-a54b-fab8bd1c1865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47183", "type": "seen", "source": "https://t.me/cvedetector/6989", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47183 - Parse Server Custom ObjectId Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47183 \nPublished : Oct. 4, 2024, 3:15 p.m. | 18\u00a0minutes ago \nDescription : Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T17:42:41.000000Z"}, {"uuid": "c6591886-559c-428f-beae-35c97357a217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47186", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/14738", "content": "\u200aCritical XSS Flaw Discovered in Filament: CVE-2024-47186 Requires Urgent Update for Laravel Developers\n\nhttps://securityonline.info/critical-xss-flaw-discovered-in-filament-cve-2024-47186-requires-urgent-update-for-laravel-developers/", "creation_timestamp": "2024-09-30T18:09:40.000000Z"}, {"uuid": "f2f392aa-7c00-4500-b1ae-c15f5c77d6a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47186", "type": "seen", "source": "https://t.me/cvedetector/6583", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47186 - Filament Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47186 \nPublished : Sept. 27, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-28T00:16:13.000000Z"}, {"uuid": "3d831844-5343-4427-9826-63f4ee36e7ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47184", "type": "seen", "source": "https://t.me/cvedetector/6537", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47184 - Ampache Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2024-47184 \nPublished : Sept. 27, 2024, 2:15 p.m. | 28\u00a0minutes ago \nDescription : Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T16:43:53.000000Z"}, {"uuid": "36a5dfda-5fbc-49ee-b5ef-a0258596cf1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47182", "type": "seen", "source": "https://t.me/cvedetector/6536", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47182 - Dozzle Weak Password Storage\", \n  \"Content\": \"CVE ID : CVE-2024-47182 \nPublished : Sept. 27, 2024, 2:15 p.m. | 28\u00a0minutes ago \nDescription : Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T16:43:52.000000Z"}, {"uuid": "a0effdb5-644d-4891-8f49-44af932400eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47181", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113556358020733569", "content": "", "creation_timestamp": "2024-11-27T18:35:14.233656Z"}, {"uuid": "4356d39a-f943-4f25-860c-9711795faf72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-47183", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mfrjrrcv3m2w", "content": "", "creation_timestamp": "2026-02-26T15:40:10.069587Z"}, {"uuid": "9d6b2c0a-8f5c-4e82-8310-fd43f1797ad6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47188", "type": "seen", "source": "https://t.me/cvedetector/8117", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47188 - Suricata Predictable Hash Table Behavior Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47188 \nPublished : Oct. 16, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T22:14:55.000000Z"}, {"uuid": "fcf6499f-947f-482b-bfd4-d86456a79089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47187", "type": "seen", "source": "https://t.me/cvedetector/8116", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47187 - Suricata Predictable \"thash\" Hash Table Behavior\", \n  \"Content\": \"CVE ID : CVE-2024-47187 \nPublished : Oct. 16, 2024, 7:15 p.m. | 36\u00a0minutes ago \nDescription : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T22:14:54.000000Z"}, {"uuid": "c9a23034-5eff-42f1-a4bc-45b8391c08bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47180", "type": "seen", "source": "https://t.me/cvedetector/6458", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47180 - Shields.io Dynamic Badge JSONPath Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-47180 \nPublished : Sept. 26, 2024, 8:15 p.m. | 46\u00a0minutes ago \nDescription : Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. All users who self-host an instance are vulnerable. This problem was fixed in server-2024-09-25. Those who follow the tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub, `docker pull shieldsio/shields:next` to update to the latest version. As a workaround, blocking access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` (e.g: via a firewall or reverse proxy in front of your instance) would prevent the exploitable endpoints from being accessed. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-26T23:01:42.000000Z"}]}