{"vulnerability": "cve-2024-3790", "sightings": [{"uuid": "19162252-8c55-45f1-948b-4733e2c7b4e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37902", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/2886", "content": "\u200aCVE-2024-37902 (CVSS 10): Critical Flaw in Deep Java Library Opens Door to System Takeover\n\nhttps://securityonline.info/cve-2024-37902-cvss-10-critical-flaw-in-deep-java-library-opens-door-to-system-takeover/", "creation_timestamp": "2024-06-18T20:43:16.000000Z"}, {"uuid": "248ee1b9-e240-4c41-8ca9-7c1fb1b73481", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37903", "type": "seen", "source": "https://t.me/cvedetector/125", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37903 - Mastodon is a self-hosted, federated microblogging\", \n  \"Content\": \"CVE ID : CVE-2024-37903 \nPublished : July 5, 2024, 6:15 p.m. | 33\u00a0minutes ago \nDescription : Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them. Versions 4.1.18 and 4.2.10 contain a patch for this issue. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-05T20:51:40.000000Z"}, {"uuid": "6681805e-f803-44f6-a2e0-a87aa3452e20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37900", "type": "seen", "source": "https://t.me/cvedetector/2153", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37900 - XWiki Platform Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-37900 \nPublished : July 31, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user uploading the attachment. While this allows performing actions in the name of that user, it seems unlikely that a user wouldn't notice the malicious filename while uploading the attachment. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-31T19:20:48.000000Z"}, {"uuid": "3b3a0b0f-bc9a-4fc5-9b3a-237289e3b344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37901", "type": "seen", "source": "https://t.me/cvedetector/2151", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37901 - XWiki Platform Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37901 \nPublished : July 31, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-31T19:20:46.000000Z"}, {"uuid": "5ccd7e8c-6c79-4fb0-b564-182c538ee2fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37906", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/8670", "content": "\u200aCritical Admidio Vulnerabilities CVE-2024-37906 and CVE-2024-38529 Revealed\n\nhttps://securityonline.info/critical-admidio-vulnerabilities-cve-2024-37906-and-cve-2024-38529-revealed/", "creation_timestamp": "2024-08-05T11:10:43.000000Z"}]}