{"vulnerability": "cve-2024-1009", "sightings": [{"uuid": "b9344f69-01bf-41b8-b204-2234afdcfc62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10096", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmgwdnbv2o", "content": "", "creation_timestamp": "2025-03-20T11:40:12.665094Z"}, {"uuid": "b91be615-c430-4a96-b097-dacb2b428fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10096", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "3911af06-3285-4740-b646-3352e7b0a9ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10099", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18383", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-6092\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-06-15T17:31:05.460Z\n\ud83d\udccf Modified: 2025-06-15T17:31:05.460Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.312559\n2. https://vuldb.com/?ctiid.312559\n3. https://vuldb.com/?submit.588224\n4. https://gist.github.com/superboy-zjc/96f0d56da584d840ba18355cbea96ac4", "creation_timestamp": "2025-06-15T17:36:01.000000Z"}, {"uuid": "aec6ee14-1085-410e-a71a-6a32434bfc33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10095", "type": "seen", "source": "https://t.me/CyberBulletin/10648", "content": "\u26a1\ufe0fCVE-2024-10095 | Unsafe Deserialization Enables RCE in Telerik UI.\n\n#CyberBulletin", "creation_timestamp": "2025-04-21T04:24:57.000000Z"}, {"uuid": "647ef2ad-3e1e-49b1-a944-4efc8ea8fa05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10095", "type": "seen", "source": "https://t.me/cvedetector/13024", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10095 - Telerik UI for WPF Deserialization Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10095 \nPublished : Dec. 16, 2024, 5:15 p.m. | 40\u00a0minutes ago \nDescription : In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-16T19:02:42.000000Z"}, {"uuid": "f95b4433-9328-43d6-a42d-b0be8760bd4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10094", "type": "seen", "source": "https://t.me/cvedetector/11614", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10094 - Pega Platform Code Generation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10094 \nPublished : Nov. 20, 2024, 3:15 p.m. | 43\u00a0minutes ago \nDescription : Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-20T17:05:27.000000Z"}, {"uuid": "0c5bb630-6494-4c15-9409-442de8778b11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10097", "type": "seen", "source": "https://t.me/cvedetector/9822", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10097 - \"WordPress Loginizer Authentication Bypass Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10097 \nPublished : Nov. 5, 2024, 7:15 a.m. | 27\u00a0minutes ago \nDescription : The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T08:50:32.000000Z"}, {"uuid": "8dcae0cc-c14f-43e9-88e6-2b5ae9de835a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10092", "type": "seen", "source": "https://t.me/cvedetector/9019", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10092 - WordPress Download Monitor Plugin API Key Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10092 \nPublished : Oct. 26, 2024, 8:15 a.m. | 22\u00a0minutes ago \nDescription : The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-26T10:38:28.000000Z"}, {"uuid": "4e65e249-3fe8-4598-bc5a-7c8578738e96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10091", "type": "seen", "source": "https://t.me/cvedetector/9012", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10091 - ElementsKit Elementor Addons Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10091 \nPublished : Oct. 26, 2024, 3:15 a.m. | 18\u00a0minutes ago \nDescription : The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-26T05:37:51.000000Z"}, {"uuid": "95cce83e-2eb6-46b5-9939-fc8f2bd89e5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10095", "type": "seen", "source": "https://t.me/CyberBulletin/3086", "content": "\u26a1\ufe0fCVE-2024-10095 | Unsafe Deserialization Enables RCE in Telerik UI.\n\n#CyberBulletin", "creation_timestamp": "2025-04-21T06:24:57.000000Z"}, {"uuid": "58c9719c-5011-4a80-8280-0ceb90e9dc04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1009", "type": "seen", "source": "https://t.me/ctinow/179428", "content": "https://ift.tt/Ggzy7Is\nCVE-2024-1009 Exploit", "creation_timestamp": "2024-02-05T19:16:51.000000Z"}, {"uuid": "f0287ffc-e33f-40ec-8524-aeac19ffec0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10090", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmrl33sbsz24", "content": "", "creation_timestamp": "2025-04-14T12:33:27.594600Z"}, {"uuid": "983cd775-5056-46b8-99ac-16fb49d9400b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10098", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17007", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10098\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The ApplyOnline  WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain\n\ud83d\udccf Published: 2025-05-15T20:06:40.631Z\n\ud83d\udccf Modified: 2025-05-20T16:05:10.105Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/", "creation_timestamp": "2025-05-20T16:40:54.000000Z"}, {"uuid": "e752bfe0-461b-4ef5-a8e4-c6254b74efed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10093", "type": "seen", "source": "https://t.me/cvedetector/8270", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10093 - VSO ConvertXtoDvd Uncontrolled Search Path Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10093 \nPublished : Oct. 17, 2024, 11:15 p.m. | 28\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T01:51:27.000000Z"}, {"uuid": "42536d01-2823-4035-b99e-35a8eb2b26ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1009", "type": "seen", "source": "https://t.me/ctinow/175441", "content": "https://ift.tt/AuY0PSX\nCVE-2024-1009", "creation_timestamp": "2024-01-29T18:22:23.000000Z"}, {"uuid": "a52492c5-84ed-463a-842b-5d1bd4a7502c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10094", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113515837036537938", "content": "", "creation_timestamp": "2024-11-20T14:50:13.213958Z"}, {"uuid": "9b66b010-88ea-4503-9a1f-02048b1804ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10099", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lro4l75cmot2", "content": "", "creation_timestamp": "2025-06-15T18:42:19.446111Z"}, {"uuid": "322538d7-4d41-42de-a5f1-62e571d8ce7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10095", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:56.000000Z"}, {"uuid": "780cae2d-31b3-4656-81fe-ec237ba25546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10095", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:37.000000Z"}, {"uuid": "a693101a-58c3-4809-8352-2021f5a7be3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10096", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8903", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10096\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-03-20T10:09:07.496Z\n\ud83d\udccf Modified: 2025-03-26T16:41:42.163Z\n\ud83d\udd17 References:\nNo references available.", "creation_timestamp": "2025-03-26T17:25:31.000000Z"}, {"uuid": "1f48083f-91f1-438c-85db-d8e5c62d0893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10090", "type": "seen", "source": "https://t.me/cvedetector/22855", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10090 - SoftCOM iKSORIS Internet Starter Reflected XSS\", \n  \"Content\": \"CVE ID : CVE-2024-10090 \nPublished : April 14, 2025, 12:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context.\u00a0  \nThis vulnerability has been patched in version 79.0 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-14T17:10:55.000000Z"}, {"uuid": "73d6cee0-81f3-42bc-a071-3c18b743fe30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10099", "type": "seen", "source": "https://t.me/cvedetector/8237", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10099 - ComfyUI Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10099 \nPublished : Oct. 17, 2024, 7:15 p.m. | 16\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T21:40:30.000000Z"}, {"uuid": "8a38213c-e2e9-4e44-ac8c-d48c5d2f573d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1009", "type": "seen", "source": "https://t.me/ctinow/189458", "content": "https://ift.tt/Bl3fOtv\nCVE-2024-1009 | SourceCodester Employee Management System 1.0 /Admin/login.php txtusername sql injection", "creation_timestamp": "2024-02-21T11:11:41.000000Z"}]}