{"vulnerability": "cve-2024-2563", "sightings": [{"uuid": "eef974ca-0569-462c-bc09-a01e4677f224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25632", "type": "seen", "source": "https://t.me/cvedetector/6758", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-25632 - eLabFTW Regular User Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-25632 \nPublished : Oct. 1, 2024, 3:15 p.m. | 21\u00a0minutes ago \nDescription : eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The vulnerability allows a regular user to become administrator of a team where they are a member, under a reasonable configuration. Additionally, in eLabFTW versions subsequent to v5.0.0, the vulnerability may allow an initially unauthenticated user to gain administrative privileges over an arbitrary team. The vulnerability does not affect system administrator status. Users should upgrade to version 5.1.0. System administrators are advised to turn off local user registration, saml_team_create and not allow administrators to import users into teams, unless strictly required. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-01T17:45:47.000000Z"}, {"uuid": "dbed8767-de51-4e0c-ab5d-f2627015fe68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25633", "type": "seen", "source": "https://t.me/cvedetector/3282", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-25633 - eLabFTW privilege escalation user creation vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-25633 \nPublished : Aug. 15, 2024, 7:15 p.m. | 25\u00a0minutes ago \nDescription : eLabFTW is an open source electronic lab notebook for research labs.  In an eLabFTW system, one might disallow user creation except for by system administrators, administrators and trusted services. If administrators are allowed to create new users (which is the default), the vulnerability allows any user to create new users in teams where they are members. The new users are automatically validated and administrators are not notified. This can allow a user with permanent or temporary access to a user account or API key to maintain persistence in an eLabFTW system. Additionally, it allows the user to create separate account under a different name, and produce misleading revision histories. No additional privileges are granted to the new user. Users should upgrade to version 5.0.0 to receive a patch. As a workaround, disabling both options that allow *administrators* to create users will provide a mitigation. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-15T21:49:43.000000Z"}, {"uuid": "649fa060-1734-4753-84f7-bd89e62a2622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25638", "type": "seen", "source": "https://t.me/cvedetector/1448", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-25638 - \"Dnsjava DNS Response Manufacture\"\", \n  \"Content\": \"CVE ID : CVE-2024-25638 \nPublished : July 22, 2024, 2:15 p.m. | 33\u00a0minutes ago \nDescription : dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0. \nSeverity: 8.9 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-22T16:59:41.000000Z"}, {"uuid": "e66cbda1-c027-4c09-a355-e9173c41e1e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25639", "type": "seen", "source": "https://t.me/cvedetector/185", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-25639 - Khoj is an application that creates personal AI ag\", \n  \"Content\": \"CVE ID : CVE-2024-25639 \nPublished : July 8, 2024, 3:15 p.m. | 32\u00a0minutes ago \nDescription : Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-08T17:50:21.000000Z"}, {"uuid": "d4057b55-e62f-4c16-b64f-164c9a88d60a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25631", "type": "seen", "source": "https://t.me/arpsyndicate/3836", "content": "#ExploitObserverAlert\n\nCVE-2024-25631\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25631. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.", "creation_timestamp": "2024-02-21T15:15:49.000000Z"}, {"uuid": "ceb486a3-8733-4e21-92f3-744b61802437", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25630", "type": "seen", "source": "https://t.me/arpsyndicate/3775", "content": "#ExploitObserverAlert\n\nCVE-2024-25630\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25630. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.", "creation_timestamp": "2024-02-21T13:41:23.000000Z"}, {"uuid": "da963b10-734d-4785-9943-e50001539c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25634", "type": "seen", "source": "https://t.me/ctinow/187930", "content": "https://ift.tt/XjymHfC\nCVE-2024-25634", "creation_timestamp": "2024-02-19T21:26:33.000000Z"}, {"uuid": "5dfdb7a8-bfa6-4c76-b8f0-aa19f40fdabc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25636", "type": "seen", "source": "https://t.me/ctinow/187925", "content": "https://ift.tt/Yn1ftoc\nCVE-2024-25636", "creation_timestamp": "2024-02-19T21:21:28.000000Z"}, {"uuid": "e4447625-1e76-46fd-8e70-e674b27c40c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25635", "type": "seen", "source": "https://t.me/ctinow/187924", "content": "https://ift.tt/V6s0NKO\nCVE-2024-25635", "creation_timestamp": "2024-02-19T21:21:26.000000Z"}, {"uuid": "ba0ef7ba-2a93-4bf6-99ab-cc1d488af551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25636", "type": "seen", "source": "https://t.me/ctinow/187932", "content": "https://ift.tt/Yn1ftoc\nCVE-2024-25636", "creation_timestamp": "2024-02-19T21:26:35.000000Z"}, {"uuid": "b8a6cdfc-7055-472a-94a0-fe8133624772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25635", "type": "seen", "source": "https://t.me/ctinow/187931", "content": "https://ift.tt/V6s0NKO\nCVE-2024-25635", "creation_timestamp": "2024-02-19T21:26:34.000000Z"}, {"uuid": "46f239b7-2cd0-4973-8bb6-21d49856db2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25634", "type": "seen", "source": "https://t.me/ctinow/187923", "content": "https://ift.tt/XjymHfC\nCVE-2024-25634", "creation_timestamp": "2024-02-19T21:21:25.000000Z"}, {"uuid": "26dcecc2-eaeb-436a-be61-98c0036e3709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25636", "type": "seen", "source": "Telegram/cBEUe-82YuwHAs9EQNf4ADHLEFtOazZtVK5RsRsoVkm7MGFs", "content": "", "creation_timestamp": "2025-02-06T02:44:21.000000Z"}, {"uuid": "43a05307-f4ed-4c10-bfb2-14c58b3e7c10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2563", "type": "seen", "source": "https://t.me/ctinow/209912", "content": "https://ift.tt/pseSj2c\nCVE-2024-2563", "creation_timestamp": "2024-03-17T13:21:54.000000Z"}, {"uuid": "c8fac8f6-8e8f-4600-9242-95f3aef49c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2563", "type": "seen", "source": "https://t.me/ctinow/209914", "content": "https://ift.tt/pseSj2c\nCVE-2024-2563", "creation_timestamp": "2024-03-17T13:26:18.000000Z"}, {"uuid": "7fbb3187-2cc2-4503-afda-f2155d2cca80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25631", "type": "seen", "source": "https://t.me/ctinow/188853", "content": "https://ift.tt/hPqce5Y\nCVE-2024-25631", "creation_timestamp": "2024-02-20T19:27:26.000000Z"}, {"uuid": "8d39d0da-3a38-4dab-8db9-7d84db6c6503", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25630", "type": "seen", "source": "https://t.me/ctinow/188852", "content": "https://ift.tt/oMv106O\nCVE-2024-25630", "creation_timestamp": "2024-02-20T19:27:25.000000Z"}, {"uuid": "350c361c-25de-4ade-a1c4-c82f81a7d2e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25631", "type": "seen", "source": "https://t.me/ctinow/188869", "content": "https://ift.tt/hPqce5Y\nCVE-2024-25631", "creation_timestamp": "2024-02-20T19:32:17.000000Z"}]}