{"vulnerability": "CVE-2024-4777", "sightings": [{"uuid": "234a6c28-2374-469c-b1bb-5f5127f4a2c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47773", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lthtj6c3yl2t", "content": "", "creation_timestamp": "2025-07-08T17:34:12.251116Z"}, {"uuid": "84edbc90-6be3-48ef-90ae-2f5e8348242f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47771", "type": "seen", "source": "https://t.me/cvedetector/7937", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47779 - Element Web Matrix Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47779 \nPublished : Oct. 15, 2024, 4:15 p.m. | 19\u00a0minutes ago \nDescription : Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T18:37:01.000000Z"}, {"uuid": "7390fb23-b7c6-4e6a-8cb0-03a2b40d2d60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47776", "type": "seen", "source": "https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/", "content": "", "creation_timestamp": "2024-12-17T12:51:51.000000Z"}, {"uuid": "39e6ab89-f069-4c66-8faf-11abe9dcdd13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47775", "type": "seen", "source": "https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/", "content": "", "creation_timestamp": "2024-12-17T12:51:51.000000Z"}, {"uuid": "0cf3456a-8561-4fe9-91f6-54a033d3693e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47774", "type": "seen", "source": "https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/", "content": "", "creation_timestamp": "2024-12-17T12:51:51.000000Z"}, {"uuid": "006ec1fa-5526-415f-8965-9e3872421f2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47778", "type": "seen", "source": "https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/", "content": "", "creation_timestamp": "2024-12-17T12:51:51.000000Z"}, {"uuid": "a5819679-b6fa-409f-89a4-f706e441d78e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47777", "type": "seen", "source": "https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/", "content": "", "creation_timestamp": "2024-12-17T12:51:51.000000Z"}, {"uuid": "ab1d0522-eeab-4910-8056-a9b1aafe8d29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47770", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113942353419505369", "content": "", "creation_timestamp": "2025-02-03T22:38:56.774965Z"}, {"uuid": "2cf9931d-fe4c-40dd-9c1f-6dba14698d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47770", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhcxybcipi2e", "content": "", "creation_timestamp": "2025-02-04T02:08:35.004772Z"}, {"uuid": "64093e93-4371-4f93-9742-ea0098aaa890", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47773", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ltkpmaz65o22", "content": "", "creation_timestamp": "2025-07-09T21:02:21.089780Z"}, {"uuid": "957dda8e-4e9f-42d4-9779-34d9b4054fa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-47778", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mhr63cyqys2q", "content": "", "creation_timestamp": "2026-03-23T23:01:08.531982Z"}, {"uuid": "e9909132-7026-48a0-a6b8-8d6b33ea3e17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47772", "type": "seen", "source": "https://t.me/cvedetector/7277", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47772 - Discourse Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-47772 \nPublished : Oct. 7, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T00:19:38.000000Z"}, {"uuid": "8a3a6256-fd4b-441f-b084-ec886e5c37b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47770", "type": "seen", "source": "Telegram/QUjVvhUeJmWIkRMgVDRen6i9vWmpRZKMojAQ8cq0WZw_kykY", "content": "", "creation_timestamp": "2025-02-06T02:40:20.000000Z"}, {"uuid": "993298bd-276f-4193-b1d2-abad750361a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47770", "type": "seen", "source": "https://t.me/cvedetector/17131", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47770 - \"Apache Wazuh Privilege Escalation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-47770 \nPublished : Feb. 3, 2025, 10:15 p.m. | 23\u00a0minutes ago \nDescription : Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-03T23:40:57.000000Z"}, {"uuid": "2610fba4-e9c2-4c57-b463-8ba4c7ed2ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47773", "type": "seen", "source": "https://t.me/cvedetector/7397", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47773 - Discourse Cache Poisoning Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-47773 \nPublished : Oct. 8, 2024, 6:15 p.m. | 41\u00a0minutes ago \nDescription : Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T21:14:19.000000Z"}, {"uuid": "794260ae-a31c-448e-9b2d-7b7f552e5ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47771", "type": "seen", "source": "https://t.me/cvedetector/7926", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47771 - Element Desktop Token Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47771 \nPublished : Oct. 15, 2024, 3:15 p.m. | 29\u00a0minutes ago \nDescription : Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T18:24:54.000000Z"}, {"uuid": "972a4a21-52a4-4e51-ae4d-6ba1c7beb1cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47779", "type": "seen", "source": "https://t.me/cvedetector/7937", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47779 - Element Web Matrix Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47779 \nPublished : Oct. 15, 2024, 4:15 p.m. | 19\u00a0minutes ago \nDescription : Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-15T18:37:01.000000Z"}]}