{"vulnerability": "cve-2024-4506", "sightings": [{"uuid": "90dc67a5-4981-4d1a-9820-784dd2e35383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45067", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp6bjexzbq2h", "content": "", "creation_timestamp": "2025-05-15T00:37:27.389554Z"}, {"uuid": "8b547e20-7d98-4bb4-bcf5-26c004d64ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45067", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114513197315569856", "content": "", "creation_timestamp": "2025-05-15T18:12:03.180370Z"}, {"uuid": "4e8ff8e3-fd97-4669-8c78-efd765282641", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45061", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1764", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45061\n\ud83d\udd39 Description: A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.\n\ud83d\udccf Published: 2025-01-15T14:59:27.116Z\n\ud83d\udccf Modified: 2025-01-15T14:59:27.116Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2024-2092", "creation_timestamp": "2025-01-15T15:10:36.000000Z"}, {"uuid": "d489f59a-5ef9-4cea-8e21-f9809febf93d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45067", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16431", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45067\n\ud83d\udd25 CVSS Score: 5.4 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\ud83d\udccf Published: 2025-05-14T22:16:43.735Z\n\ud83d\udccf Modified: 2025-05-14T22:16:43.735Z\n\ud83d\udd17 References:\n1. https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01271.html", "creation_timestamp": "2025-05-14T22:32:15.000000Z"}, {"uuid": "d3005158-5c1b-4efc-8a6e-3f84fe821e40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45063", "type": "seen", "source": "https://t.me/cvedetector/4883", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45063 - \"bhyve Virtio-SCSI Use-After-Free Code Execution Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-45063 \nPublished : Sept. 5, 2024, 5:15 a.m. | 35\u00a0minutes ago \nDescription : The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.  \n  \nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.  Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.  A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T07:59:20.000000Z"}, {"uuid": "ee004661-a7b7-4864-9e26-d8620d97bfdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45068", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113586622677353032", "content": "", "creation_timestamp": "2024-12-03T02:51:56.283957Z"}, {"uuid": "332ebdef-c672-4675-80ba-653edaafeb79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45061", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfs2njemts2b", "content": "", "creation_timestamp": "2025-01-15T15:15:48.454936Z"}, {"uuid": "196868d9-7200-426d-8dfb-6c2bdd082a70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45064", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lltr4xbcek2x", "content": "", "creation_timestamp": "2025-04-02T16:01:58.077276Z"}, {"uuid": "3982df81-708a-4738-8e97-34f8e6f29988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45062", "type": "seen", "source": "https://infosec.place/objects/d55e8fc5-68ed-4fa3-8cac-3aa62665b522", "content": "", "creation_timestamp": "2025-08-19T14:00:05.931203Z"}, {"uuid": "74f65367-195a-4dfc-9295-27274e920e16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45064", "type": "seen", "source": "https://t.me/cvedetector/21889", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45064 - STMicroelectronics X-CUBE-AZRTOS-WL Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45064 \nPublished : April 2, 2025, 2:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T19:10:08.000000Z"}, {"uuid": "ed6e9b2e-49f3-4351-ac9d-a45735a7af08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45060", "type": "seen", "source": "https://t.me/cvedetector/7280", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45060 - PHPSpreadsheet Formula Injection XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45060 \nPublished : Oct. 7, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting (XSS) vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in `45_Quadratic_equation_solver.php` concatenates the user supplied parameters directly into spreadsheet formulas. This allows an attacker to take control over the formula and output unsanitized data into the page, resulting in JavaScript execution. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T00:19:43.000000Z"}, {"uuid": "d27daee1-5e57-4729-b841-cade6757f95a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45061", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113833155280444716", "content": "", "creation_timestamp": "2025-01-15T15:48:28.290710Z"}, {"uuid": "dfed29ed-e28b-4658-82e9-59914e46e622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45061", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfs4pvjrxz2g", "content": "", "creation_timestamp": "2025-01-15T15:52:55.705853Z"}, {"uuid": "c884f297-f72e-4f63-8263-ed3544453605", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45061", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfs4pwcqko2k", "content": "", "creation_timestamp": "2025-01-15T15:52:57.349414Z"}, {"uuid": "bd86e9c1-c2a8-439c-84bc-c0e53e892315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45064", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10152", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45064\n\ud83d\udd25 CVSS Score: 8.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.\n\ud83d\udccf Published: 2025-04-02T13:41:58.080Z\n\ud83d\udccf Modified: 2025-04-02T22:03:12.067Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2024-2096", "creation_timestamp": "2025-04-02T22:34:40.000000Z"}, {"uuid": "0d78716a-fbff-4f61-b283-04bd3279f8bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45061", "type": "seen", "source": "https://t.me/cvedetector/15465", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45061 - Observium CE - Authenticated XSS in Weather Map Editor\", \n  \"Content\": \"CVE ID : CVE-2024-45061 \nPublished : Jan. 15, 2025, 3:15 p.m. | 28\u00a0minutes ago \nDescription : A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. \nSeverity: 8.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T16:47:58.000000Z"}, {"uuid": "6e2336f0-8144-4b83-9fb1-e475e80599d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45068", "type": "seen", "source": "https://t.me/cvedetector/11850", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45068 - \"Hitachi Ops Center Common Services Credentials Exposure\"\", \n  \"Content\": \"CVE ID : CVE-2024-45068 \nPublished : Dec. 3, 2024, 3:15 a.m. | 55\u00a0minutes ago \nDescription : Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.  \n  \n  \nThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T05:37:51.000000Z"}, {"uuid": "33e8edea-e6c8-4945-a6d8-a5ae88803b45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45061", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113832984056947564", "content": "", "creation_timestamp": "2025-01-15T15:04:52.698499Z"}, {"uuid": "e86eb75c-bff5-4cab-ac85-5439d0103d72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45064", "type": "seen", "source": "https://infosec.place/objects/f5fd88e3-5f3c-4adc-aab0-6b566d96b1f5", "content": "", "creation_timestamp": "2025-04-02T14:00:07.076769Z"}, {"uuid": "6592fc7e-06a3-4a3e-820e-ad1452ca8b4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45064", "type": "seen", "source": "https://infosec.place/objects/f5fd88e3-5f3c-4adc-aab0-6b566d96b1f5", "content": "", "creation_timestamp": "2025-04-02T14:00:07.078372Z"}, {"uuid": "0b198ab7-1306-49c4-8932-fe16ae2bd75d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45064", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114269153613763381", "content": "", "creation_timestamp": "2025-04-02T15:48:32.254681Z"}, {"uuid": "f051034c-03b3-4e65-9398-c26fc0d894d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45064", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114269153613763381", "content": "", "creation_timestamp": "2025-04-02T15:48:32.258822Z"}]}