{"vulnerability": "CVE-2024-4765", "sightings": [{"uuid": "2cb158f8-614e-470e-967e-547471d4b150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47658", "type": "seen", "source": "https://t.me/cvedetector/7468", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47658 - Intel STM32 Crypto Spinlock Recursion\", \n  \"Content\": \"CVE ID : CVE-2024-47658 \nPublished : Oct. 9, 2024, 2:15 p.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ncrypto: stm32/cryp - call finalize with bh disabled  \n  \nThe finalize operation in interrupt mode produce a produces a spinlock  \nrecursion warning. The reason is the fact that BH must be disabled  \nduring this process. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T17:19:11.000000Z"}, {"uuid": "a5b53de5-c1fe-4d06-9d66-5fdeda475af9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47653", "type": "seen", "source": "https://t.me/cvedetector/6985", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47653 - Shilpi Client Dashboard Unauthenticated Request Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47653 \nPublished : Oct. 4, 2024, 1:15 p.m. | 36\u00a0minutes ago \nDescription : This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T16:02:24.000000Z"}, {"uuid": "b86f3413-052e-407d-b440-957ee12a2fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47652", "type": "seen", "source": "https://t.me/cvedetector/6984", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47652 - Shilpi Client Dashboard Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-47652 \nPublished : Oct. 4, 2024, 1:15 p.m. | 36\u00a0minutes ago \nDescription : This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile number of targeted user, to obtain complete access to the targeted user account. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T16:02:24.000000Z"}, {"uuid": "87333b89-2a9a-4168-9cab-7785afdb7a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47656", "type": "seen", "source": "https://t.me/cvedetector/6983", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47656 - Shilpi Client Dashboard Unauthenticated Password Brute Force Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47656 \nPublished : Oct. 4, 2024, 1:15 p.m. | 36\u00a0minutes ago \nDescription : This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user accounts. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T16:02:23.000000Z"}, {"uuid": "7aa75d6f-ac65-4f0f-8d5a-5a1aa33ff783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47655", "type": "seen", "source": "https://t.me/cvedetector/6982", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47655 - Shilpi Client Dashboard Remote File Upload RCE Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47655 \nPublished : Oct. 4, 2024, 1:15 p.m. | 36\u00a0minutes ago \nDescription : This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T16:02:22.000000Z"}, {"uuid": "bc21aa4d-8983-4f49-aa4a-c77c2700ea6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47654", "type": "seen", "source": "https://t.me/cvedetector/6981", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47654 - Shilpi Client Dashboard OTP Bombing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47654 \nPublished : Oct. 4, 2024, 1:15 p.m. | 36\u00a0minutes ago \nDescription : This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T16:02:18.000000Z"}, {"uuid": "5897686e-2257-4a1c-95d9-de37a0f4b71e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47651", "type": "seen", "source": "https://t.me/cvedetector/6970", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47651 - Shilpi Client Dashboard User ID Parameter Overwrite\", \n  \"Content\": \"CVE ID : CVE-2024-47651 \nPublished : Oct. 4, 2024, 12:15 p.m. | 36\u00a0minutes ago \nDescription : This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple \u201cuserid\u201d parameters in the API request body leading to unauthorized access of sensitive information belonging to other users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T15:11:59.000000Z"}, {"uuid": "125b23b0-3dd3-4e15-ba5c-701018e07857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47659", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "89bba50d-00d6-4d25-a54c-77f35c040e6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-47658", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "09186069-41f5-43dc-866d-798071b3500d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47659", "type": "seen", "source": "https://t.me/cvedetector/7469", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47659 - \"Linux Smack TCP IPv4 Labeling Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-47659 \nPublished : Oct. 9, 2024, 2:15 p.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nsmack: tcp: ipv4, fix incorrect labeling  \n  \nCurrently, Smack mirrors the label of incoming tcp/ipv4 connections:  \nwhen a label 'foo' connects to a label 'bar' with tcp/ipv4,  \n'foo' always gets 'foo' in returned ipv4 packets. So,  \n1) returned packets are incorrectly labeled ('foo' instead of 'bar')  \n2) 'bar' can write to 'foo' without being authorized to write.  \n  \nHere is a scenario how to see this:  \n  \n* Take two machines, let's call them C and S,  \n   with active Smack in the default state  \n   (no settings, no rules, no labeled hosts, only builtin labels)  \n  \n* At S, add Smack rule 'foo bar w'  \n   (labels 'foo' and 'bar' are instantiated at S at this moment)  \n  \n* At S, at label 'bar', launch a program  \n   that listens for incoming tcp/ipv4 connections  \n  \n* From C, at label 'foo', connect to the listener at S.  \n   (label 'foo' is instantiated at C at this moment)  \n   Connection succeedes and works.  \n  \n* Send some data in both directions.  \n* Collect network traffic of this connection.  \n  \nAll packets in both directions are labeled with the CIPSO  \nof the label 'foo'. Hence, label 'bar' writes to 'foo' without  \nbeing authorized, and even without ever being known at C.  \n  \nIf anybody cares: exactly the same happens with DCCP.  \n  \nThis behavior 1st manifested in release 2.6.29.4 (see Fixes below)  \nand it looks unintentional. At least, no explanation was provided.  \n  \nI changed returned packes label into the 'bar',  \nto bring it into line with the Smack documentation claims. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T17:19:14.000000Z"}, {"uuid": "3fbda8dd-9215-4d33-a0d4-7696995a4e09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47650", "type": "seen", "source": "https://t.me/cvedetector/7169", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47650 - Axton WP-WebAuthn Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-47650 \nPublished : Oct. 6, 2024, 1:15 p.m. | 18\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-06T15:43:13.000000Z"}, {"uuid": "9da539fd-da14-415a-aad4-7da020fc6587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47658", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "f1b718c3-a812-434e-93a5-7badef7cbca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47657", "type": "seen", "source": "https://t.me/cvedetector/6974", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47657 - Shilpi Net Back Office Unauthenticated Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47657 \nPublished : Oct. 4, 2024, 1:15 p.m. | 36\u00a0minutes ago \nDescription : This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs which could lead to unauthorized access to sensitive information belonging to other users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T16:02:12.000000Z"}]}