{"vulnerability": "cve-2024-1034", "sightings": [{"uuid": "8b0f01f0-d1a5-40c3-a3eb-d6f2809b80ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1034", "type": "seen", "source": "https://t.me/ctinow/189653", "content": "https://ift.tt/nJwMqe3\nCVE-2024-1034 | openBI up to 1.0.8 File.php uploadFile unrestricted upload", "creation_timestamp": "2024-02-21T15:11:57.000000Z"}, {"uuid": "6e2e886d-2aac-4e57-92f7-5977f3effc0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10347", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhulqt3olq27", "content": "", "creation_timestamp": "2025-02-11T02:17:35.463920Z"}, {"uuid": "27f90b75-de92-43f4-900d-7f5e156e741a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10342", "type": "seen", "source": "https://t.me/cvedetector/8911", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10342 - League of Legends WordPress Shortcodes Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10342 \nPublished : Oct. 25, 2024, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T11:13:51.000000Z"}, {"uuid": "121a1cf0-5e4c-4918-923f-f076e6b7b851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10341", "type": "seen", "source": "https://t.me/cvedetector/8910", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10341 - League of Legends WordPress Shortcodes Plugin SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10341 \nPublished : Oct. 25, 2024, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T11:13:50.000000Z"}, {"uuid": "4b2735d9-99f1-4da8-9bb9-52e237c61f54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10343", "type": "seen", "source": "https://t.me/cvedetector/8914", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10343 - Beek Widget Extention Stored Cross-Site Scripting Vulnerability in WordPress\", \n  \"Content\": \"CVE ID : CVE-2024-10343 \nPublished : Oct. 25, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T12:04:01.000000Z"}, {"uuid": "2059224d-26da-4cc6-88e0-7f2fd6071e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10349", "type": "seen", "source": "https://t.me/cvedetector/8876", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10349 - SourceCodester Best House Rental Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10349 \nPublished : Oct. 24, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T01:12:04.000000Z"}, {"uuid": "89476197-6e22-4d4b-91c2-d12d6a646445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10348", "type": "seen", "source": "https://t.me/cvedetector/8875", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10348 - SourceCodester Best House Rental Management System Tenant Details Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10348 \nPublished : Oct. 24, 2024, 10:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field \"Last Name\" to be affected. Other fields might be affected as well. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T01:12:03.000000Z"}, {"uuid": "bf8e3be8-9ac7-4ffb-8d54-0c12d2540a8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1034", "type": "seen", "source": "https://t.me/ctinow/176037", "content": "https://ift.tt/z0xfgie\nCVE-2024-1034", "creation_timestamp": "2024-01-30T16:22:03.000000Z"}, {"uuid": "b7c741f3-c9ad-4d15-b60b-1091b1636a7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10345", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113464562732481444", "content": "", "creation_timestamp": "2024-11-11T13:30:29.478639Z"}, {"uuid": "4e0f725e-a4d8-435f-b775-408fb4b52044", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10344", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113464733346616250", "content": "", "creation_timestamp": "2024-11-11T14:13:52.678939Z"}, {"uuid": "52093d7e-5690-4da4-b921-97982d60ea43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10345", "type": "seen", "source": "https://t.me/cvedetector/10500", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10345 - Helix Core Unauthenticated Remote Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10345 \nPublished : Nov. 11, 2024, 2:15 p.m. | 35\u00a0minutes ago \nDescription : In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified.  Reported by Karol Wi\u0119sek. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T16:06:15.000000Z"}, {"uuid": "f4bdc47f-f8fa-4984-882a-abfa527ac2be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10344", "type": "seen", "source": "https://t.me/cvedetector/10499", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10344 - Helix Core Unauthenticated Remote Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-10344 \nPublished : Nov. 11, 2024, 2:15 p.m. | 35\u00a0minutes ago \nDescription : In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified.  Reported by Karol Wi\u0119sek. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T16:06:14.000000Z"}, {"uuid": "c014d9e6-862d-45cb-a169-0e02d39f2b8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10340", "type": "seen", "source": "https://t.me/cvedetector/9813", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10340 - WordPress - Shortcodes Blocks Creator Ultimate Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10340 \nPublished : Nov. 5, 2024, 2:15 a.m. | 29\u00a0minutes ago \nDescription : The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T03:49:42.000000Z"}]}