{"vulnerability": "cve-2024-4698", "sightings": [{"uuid": "9952bf50-540b-4a57-815f-26fc0db37251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46987", "type": "published-proof-of-concept", "source": "Telegram/XKmDxZOMvrUD-_NSGAnB8A_hjkfWi1lu0xhYRKJFu8oupFE", "content": "", "creation_timestamp": "2026-04-17T23:00:19.000000Z"}, {"uuid": "24d44b81-cb31-48d6-8481-32e01847a737", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46988", "type": "seen", "source": "https://t.me/cvedetector/7851", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46988 - Tuleap Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46988 \nPublished : Oct. 14, 2024, 6:15 p.m. | 30\u00a0minutes ago \nDescription : Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-14T20:51:50.000000Z"}, {"uuid": "377c17c9-c8a1-4670-b4f5-c196220f3213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46985", "type": "seen", "source": "https://t.me/cvedetector/6189", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46985 - DataEase XML External Entity Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46985 \nPublished : Sept. 23, 2024, 4:15 p.m. | 27\u00a0minutes ago \nDescription : DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerability has been fixed in v2.10.1. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-23T18:49:35.000000Z"}, {"uuid": "a4920948-dff2-418c-81f4-b773ed5d1c97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46989", "type": "seen", "source": "https://t.me/cvedetector/6007", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46989 - Spicedb Permission Denial of Service (DoS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46989 \nPublished : Sept. 18, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be \"no permission\" when permission is expected. Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API. This issue has been addressed in release version 1.35.3. Users are advised to upgrade. Users unable to upgrade should not use caveats or avoid the use of caveats on an indirect subject type with multiple entries. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T20:55:57.000000Z"}, {"uuid": "fdd22fba-3f39-465d-8f35-2d36b03c92d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46986", "type": "seen", "source": "https://t.me/cvedetector/6006", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46986 - Camaleon CMS Ruby on Rails File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46986 \nPublished : Sept. 18, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T20:55:56.000000Z"}, {"uuid": "2aa27d2d-c2f1-40c2-9c4f-e32405318141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46987", "type": "seen", "source": "https://t.me/cvedetector/6005", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46987 - Camaleon CMS MediaController Path Traversal Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-46987 \nPublished : Sept. 18, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T20:55:55.000000Z"}, {"uuid": "2bbd76c7-69ac-4aee-9bdb-88df16f3c095", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46983", "type": "seen", "source": "https://t.me/cvedetector/6088", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46983 - SOFA Hessian Deserialize Gadget Chain RCE\", \n  \"Content\": \"CVE ID : CVE-2024-46983 \nPublished : Sept. 19, 2024, 11:15 p.m. | 41\u00a0minutes ago \nDescription : sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. This issue is fixed by an update to the blacklist, users can upgrade to sofahessian version 3.5.5 to avoid this issue. Users unable to upgrade may maintain a blacklist themselves in the directory `external/serialize.blacklist`. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T02:11:48.000000Z"}, {"uuid": "2d05cb7a-ebb8-4652-83cc-cee2462dc1e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46984", "type": "seen", "source": "https://t.me/cvedetector/6081", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46984 - Woodstox WstxInputFactory XML External Entity Server-Side Request Forgery in Referencevalidator\", \n  \"Content\": \"CVE ID : CVE-2024-46984 \nPublished : Sept. 19, 2024, 11:15 p.m. | 41\u00a0minutes ago \nDescription : The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to `XML External Entities` attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a `Server Side Request Forgery` attack. The vulnerability impacts applications which use referencevalidator to process XML resources from untrusted sources. The problem has been patched with the 2.5.1 version of the referencevalidator. Users are strongly recommended to update to this version or a more recent one. A pre-processing or manual analysis of input XML resources on existence of DTD definitions or external entities can mitigate the problem. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T02:11:40.000000Z"}, {"uuid": "9d85b9e8-7db2-4d20-a6fa-8bf7f8d5cad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "published-proof-of-concept", "source": "Telegram/82a2CCv2PPefBAywwzeR-yS_ueYglGvjGZeFL5Nia0p4qd8", "content": "", "creation_timestamp": "2025-03-22T08:00:11.000000Z"}, {"uuid": "da046da8-ff28-45b5-aa45-35d25651a098", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "published-proof-of-concept", "source": "Telegram/wxPlXSOJmOg_5y5nJfJJE99NGjR3EJoFxQ8BUywaYHAl5Iw", "content": "", "creation_timestamp": "2025-03-21T20:00:10.000000Z"}, {"uuid": "a58181a4-e326-446e-9759-4e83f4c045bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-46987", "type": "seen", "source": "https://bsky.app/profile/exploitdb-bot.bsky.social/post/3mkp3tisqgq2z", "content": "", "creation_timestamp": "2026-04-30T07:31:14.158061Z"}, {"uuid": "07bb9b69-4c03-48de-a53f-284a96bc4d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46986", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/53596", "content": "CVE-2024-46986 \u2013 Arbitrary File Write in Camaleon CMS Leading to RCE\nhttps://www.offsec.com/blog/cve-2024-46986/\n\nA vulnerability was discovered in Camaleon CMS authenticating attackers to write files on the file system which enabled them to execut remote code under certain conditions.\nThe post CVE-2024-46986 \u2013 Arbitrary File Write in Camaleon CMS Leading to RCE (https://www.offsec.com/blog/cve-2024-46986/) appeared first on OffSec (https://www.offsec.com/).", "creation_timestamp": "2025-05-22T22:16:05.000000Z"}, {"uuid": "f99ea125-d484-4e21-a5ad-c7e0c732dcf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lf4spabgz22y", "content": "", "creation_timestamp": "2025-01-07T04:27:43.981997Z"}, {"uuid": "1ea4b129-c79c-472e-88bd-fd413d46b1bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-010/", "content": "", "creation_timestamp": "2025-01-09T05:00:00.000000Z"}, {"uuid": "6f7dd879-7d73-47af-9d81-16654bbb7c48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113783511523717971", "content": "", "creation_timestamp": "2025-01-06T21:23:21.632229Z"}, {"uuid": "e354421a-f8cc-4755-8aef-2b00c2a48786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf45vpwpoy2m", "content": "", "creation_timestamp": "2025-01-06T22:15:30.554485Z"}, {"uuid": "2747be5b-e61c-4c6b-9679-c97a811d43d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://bsky.app/profile/clayton256.bsky.social/post/3lksxmoixsn2c", "content": "", "creation_timestamp": "2025-03-20T15:00:17.036706Z"}, {"uuid": "c040bccc-565e-407f-bb47-5f61ee64ef73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "published-proof-of-concept", "source": "Telegram/XlzyYYX-S5J04Xs76II1K9HeJ90V4bA4CbZQpSodqnTvgPs", "content": "", "creation_timestamp": "2025-06-15T20:52:39.000000Z"}, {"uuid": "1cd8fe2a-e587-4233-b778-f49c63866120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9417", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1a The CVE-2024-46982 is cache poisoning of next_js some site have API to load their image\nURL\uff1ahttps://github.com/CodePontiff/next_js_poisoning\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-14T09:18:02.000000Z"}, {"uuid": "d34b2a2a-3ff9-4ba3-b9bd-13e97ceaa70d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://t.me/CyberBulletin/1991", "content": "\u26a1\ufe0fCVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks.\n\n#CyberBulletin", "creation_timestamp": "2025-01-07T08:15:41.000000Z"}, {"uuid": "13759f3d-d007-4e27-8dd1-847bca65a87e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "seen", "source": "https://t.me/cvedetector/5863", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46982 - Next.js Pages Server-Side Rendered Cache Poisoning Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46982 \nPublished : Sept. 17, 2024, 10:15 p.m. | 25\u00a0minutes ago \nDescription : Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T00:49:08.000000Z"}, {"uuid": "3939c49e-b7a4-4a9e-9c82-06180a854896", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/13535", "content": "\u200aNext.js Vulnerability CVE-2024-46982: Cache Poisoning Exploit Threatens Deployments\n\nhttps://securityonline.info/next-js-vulnerability-cve-2024-46982-cache-poisoning-exploit-threatens-deployments/", "creation_timestamp": "2024-09-19T13:17:00.000000Z"}, {"uuid": "17bbc96a-9100-4b18-96a0-c71386de811c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "published-proof-of-concept", "source": "Telegram/cacBQ5bN-vmwnt3DR7dLi1PlBkYQLfgr4qnQira8PDCN7qo", "content": "", "creation_timestamp": "2025-01-23T20:00:07.000000Z"}, {"uuid": "29da78dc-7daf-4a21-b047-716f709b17f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "seen", "source": "https://t.me/CyberBulletin/25649", "content": "\u26a1\ufe0fNext.js Vulnerability CVE-2024-46982: Cache Poisoning Exploit Threatens Deployments.\n\n#CyberBulletin", "creation_timestamp": "2024-09-21T02:15:41.000000Z"}, {"uuid": "1bc3b3fe-598d-400f-8071-9eabb8ed0553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lf5kdzznb72a", "content": "", "creation_timestamp": "2025-01-07T11:30:56.431600Z"}, {"uuid": "e6c3e992-b752-413d-a162-e58fe2dd9a13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-46987", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mjsdlax7e62i", "content": "", "creation_timestamp": "2026-04-18T21:02:34.809706Z"}, {"uuid": "463efa24-f25e-40e6-b950-28b2814f600f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/243", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-46981\n\ud83d\udd39 Description: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.\n\ud83d\udccf Published: 2025-01-06T21:11:51.687Z\n\ud83d\udccf Modified: 2025-01-06T21:11:51.687Z\n\ud83d\udd17 References:\n1. https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c\n2. https://github.com/redis/redis/releases/tag/6.2.17\n3. https://github.com/redis/redis/releases/tag/7.2.7\n4. https://github.com/redis/redis/releases/tag/7.4.2", "creation_timestamp": "2025-01-06T21:37:03.000000Z"}, {"uuid": "822ccdab-757c-4dea-9bc8-bc547b468b9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/231", "content": "\ud83d\udea8 Next.js + WAF Bypass + SXSS via Cookie Reordering \ud83d\udea8\n\n\ud83e\udde0 Attack Summary:\nYou\u2019re dealing with:\n\n\ud83d\udd0d A Next.js app\n\n\u26a0\ufe0f Two reflected cookies in pageProps\n\u26a0\ufe0f A WAF blocking your initial attempts\n\n\ud83e\uddea Observations:\n\ud83e\udde8 Single payload \u2192 403 Forbidden\n\n\ud83e\udde8 Split payload across two cookies \u2192 Still 403\n\n\ud83e\udde8 Reorder the cookie fragments \u2192 200 OK \u2705\n\n\ud83d\udc40 That\u2019s your in! Reversing the order bypasses the WAF inspection logic \ud83d\udd04\n\n\u26a0\ufe0f Now chain it with:\n\n\ud83e\uddeb CVE-2024-46982 (Elixir Stale SSR template injection)\n\ud83d\udd17 https://github.com/masch1/CVE-2024-46982\n\n\u27a1\ufe0f This allows CP (Client-side Prototype Pollution) \u2192 Stored XSS (SXSS) in Next.js apps.\n\n\ud83d\udca3 Exploit Flow:\n    \ud83d\udc8e Bypass WAF via cookie reordering\n    \ud83d\udc8e Inject CP payload using stale Elixir template vuln\n    \ud83d\udc8e Achieve SXSS across all visiting users!\n\n\ud83d\udee1 Mitigation Tips:\n    \u2705 Sanitize cookie inputs server-side\n    \u2705 Audit template engines for unsafe parsing\n    \u2705 Patch Elixir if in stack (see CVE-2024-46982)\n\n\ud83d\udd0d Keep hunting clever chains like this. WAFs aren\u2019t invincible!\n\ud83d\udce2 Follow @cybersecplayground for more wild bug chains, PoCs, and bypass tricks\n\ud83d\udc4d Like & \ud83d\udd01 Share to help others learn!\n\n#bugbounty #nextjs #xss #sxss #wafbypass #infosec #cybersecurity #cve2024_46982", "creation_timestamp": "2025-06-15T20:52:28.000000Z"}, {"uuid": "abe3787f-7b8c-4833-adeb-4918a48a1e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://t.me/cvedetector/14421", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46981 - Redis Lua Scripting Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46981 \nPublished : Jan. 6, 2025, 10:15 p.m. | 42\u00a0minutes ago \nDescription : Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T00:28:37.000000Z"}, {"uuid": "a5d46411-d16d-47b8-90a8-794eecf067be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46980", "type": "seen", "source": "https://t.me/cvedetector/7855", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46980 - Tuleap Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46980 \nPublished : Oct. 14, 2024, 6:15 p.m. | 30\u00a0minutes ago \nDescription : Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-14T20:51:57.000000Z"}, {"uuid": "abb3ddef-ee39-407a-afa1-60197db11718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "published-proof-of-concept", "source": "Telegram/Gemw3RrJFIPDqFzRq7yj6f3Kyuq6tzqcwwbjCA9pS3gUpTc", "content": "", "creation_timestamp": "2025-01-23T10:00:06.000000Z"}, {"uuid": "294ad6f8-b4ec-4c77-8ac2-051966fd5a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/55013", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aComprehensive demonstration of CVE-2025-32421 Eclipse technique - a sophisticated race condition attack against Next.js 15.0.4 that bypasses the original CVE-2024-46982 patch.\nURL\uff1ahttps://github.com/hidesec/CVE-2025-32421\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-10-11T07:26:50.000000Z"}, {"uuid": "6f3a21f3-fe31-4148-9718-fc817e81fdaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lf4ro72pqy2t", "content": "", "creation_timestamp": "2025-01-07T04:09:13.326242Z"}, {"uuid": "0a971b10-89d3-4436-af02-e944774d39e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://bsky.app/profile/elhackernet.extwitter.link/post/3lfdmhuxyyc26", "content": "", "creation_timestamp": "2025-01-09T21:24:50.910306Z"}, {"uuid": "9bc94a2c-3aa9-49cd-8b0f-bcfa290ae63e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lf5zeycli62x", "content": "", "creation_timestamp": "2025-01-07T15:59:53.576860Z"}, {"uuid": "ac3df80c-fc38-4806-8e2d-ff140484e3db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lf5nk5t7xb27", "content": "", "creation_timestamp": "2025-01-07T12:28:02.514877Z"}, {"uuid": "19cf9e8a-0912-4207-a9d1-edfd45430252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lf5nk5t7xb27", "content": "", "creation_timestamp": "2025-01-07T12:28:02.520823Z"}, {"uuid": "194d7d0f-219e-40e6-a748-4e4af7ed5fd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2024-46981", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lf4yaiur4226", "content": "", "creation_timestamp": "2025-01-07T06:06:50.232859Z"}, {"uuid": "72144bcd-9c19-4331-ab29-5e872c76e406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46981", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "ccd59f9a-d5ce-4ee8-a33f-e9b8e4723546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "seen", "source": "MISP/f7787455-9994-4047-b6f7-77347597c104", "content": "", "creation_timestamp": "2025-08-26T18:36:19.000000Z"}, {"uuid": "2f246b22-3f1d-4cd9-a8e2-9c33862cdd57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46982", "type": "published-proof-of-concept", "source": "Telegram/YnrXjW7DDI_WEWlhao3IfxIXMJoRX7WZclhhkalIebmTXIk", "content": "", "creation_timestamp": "2025-10-11T15:00:06.000000Z"}]}