{"vulnerability": "cve-2024-4726", "sightings": [{"uuid": "23cb0a15-ce65-4c75-a26f-76e7576534e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47260", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114104471150686454", "content": "", "creation_timestamp": "2025-03-04T13:47:37.452887Z"}, {"uuid": "e4638878-bdb4-4fc9-8174-c694cfa208eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47264", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "7952a661-3ef7-4437-b1d6-09a8b791cd0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47265", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "13da345f-972e-4071-93f4-658c5df232fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47266", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "6ce7963e-0a01-490f-959e-93c798bab791", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47262", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mcaa2oeoq72z", "content": "", "creation_timestamp": "2026-01-12T14:15:20.515187Z"}, {"uuid": "1c0a8aad-15cd-4b1c-a450-c9dd214f0eaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47264", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4231", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47264\n\ud83d\udd25 CVSS Score: 4.8 (CVSS_V3)\n\ud83d\udd39 Description: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors.\n\ud83d\udccf Published: 2025-02-13T09:31:25Z\n\ud83d\udccf Modified: 2025-02-13T09:31:25Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-47264\n2. https://www.synology.com/en-global/security/advisory/Synology_SA_25_02", "creation_timestamp": "2025-02-13T10:09:29.000000Z"}, {"uuid": "23dcca26-10c5-4d32-a01c-cfdef2800c10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47266", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4229", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47266\n\ud83d\udd25 CVSS Score: 2.6 (CVSS_V3)\n\ud83d\udd39 Description: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors.\n\ud83d\udccf Published: 2025-02-13T09:31:25Z\n\ud83d\udccf Modified: 2025-02-13T09:31:25Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-47266\n2. https://www.synology.com/en-global/security/advisory/Synology_SA_25_02", "creation_timestamp": "2025-02-13T10:09:20.000000Z"}, {"uuid": "643e2afd-14ad-459e-96da-b0a1a47d8816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47265", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4228", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47265\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors.\n\ud83d\udccf Published: 2025-02-13T09:31:26Z\n\ud83d\udccf Modified: 2025-02-13T09:31:26Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-47265\n2. https://www.synology.com/en-global/security/advisory/Synology_SA_25_02", "creation_timestamp": "2025-02-13T10:09:14.000000Z"}, {"uuid": "224fbeb0-6788-445b-961a-2a172100909a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47266", "type": "seen", "source": "Telegram/8CtsKI1GsYQ4LLxk54lVQERghUEbveNUbshyieGhThHXpPbU", "content": "", "creation_timestamp": "2025-02-14T10:08:08.000000Z"}, {"uuid": "896d5735-7e03-452a-b433-9b873dcaec56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47265", "type": "seen", "source": "Telegram/UbaCCa1FReXSqxMd5_ol7kFpQlRbnOIOXFXpfuqxs1eHKmA7", "content": "", "creation_timestamp": "2025-02-14T10:08:08.000000Z"}, {"uuid": "3a7b5a44-f848-4b24-a81f-bf6d65559a0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47264", "type": "seen", "source": "Telegram/SWxUhZYU4bJYwJ2QVnVEaFrpA4FpHYbeHzPWV-KcoAiOfqIJ", "content": "", "creation_timestamp": "2025-02-14T10:08:08.000000Z"}, {"uuid": "cc99be00-ce61-411a-9229-1d22568fc81c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47266", "type": "seen", "source": "https://t.me/cvedetector/17981", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47266 - Synology Active Backup for Business Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47266 \nPublished : Feb. 13, 2025, 7:15 a.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T11:18:30.000000Z"}, {"uuid": "8aff3b5a-80b2-46d8-9547-0da626d2d33b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47260", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6338", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47260\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory.\u00a0\nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\ud83d\udccf Published: 2025-03-04T05:17:35.063Z\n\ud83d\udccf Modified: 2025-03-04T05:17:35.063Z\n\ud83d\udd17 References:\n1. https://www.axis.com/dam/public/1d/d3/ef/cve-2024-47260pdf-en-US-466883.pdf", "creation_timestamp": "2025-03-04T05:30:27.000000Z"}, {"uuid": "e0f9e9a2-5bf6-429f-9971-644ac2631820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47262", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6337", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47262\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\ud83d\udccf Published: 2025-03-04T05:19:09.007Z\n\ud83d\udccf Modified: 2025-03-04T05:19:09.007Z\n\ud83d\udd17 References:\n1. https://www.axis.com/dam/public/a3/18/6e/cve-2024-47262pdf-en-US-466884.pdf", "creation_timestamp": "2025-03-04T05:30:26.000000Z"}, {"uuid": "c145fac8-b206-4784-9efe-6b5d91eef0a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47261", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10849", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47261\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.\n\ud83d\udccf Published: 2025-04-08T05:33:58.782Z\n\ud83d\udccf Modified: 2025-04-08T05:33:58.782Z\n\ud83d\udd17 References:\n1. https://www.axis.com/dam/public/18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf", "creation_timestamp": "2025-04-08T05:47:24.000000Z"}, {"uuid": "fa1a587b-60de-4b84-be34-7cee8434fd73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47261", "type": "seen", "source": "https://t.me/cvedetector/22397", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47261 - Axis VAPIX API File Upload Vulnerability (Arbitrary File Upload)\", \n  \"Content\": \"CVE ID : CVE-2024-47261 \nPublished : April 8, 2025, 6:15 a.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T09:48:30.000000Z"}, {"uuid": "b98ed44d-32dd-4e70-8435-938a688c9ae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47266", "type": "seen", "source": "Telegram/G6QQMvUW2ZkBQaBDb738ormVGSjy6Ae2oyjdsi7vijMTgFbD", "content": "", "creation_timestamp": "2025-02-14T10:06:09.000000Z"}, {"uuid": "b4af0f4c-45db-4e9a-95e4-14c40f42b7d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47265", "type": "seen", "source": "Telegram/mMB_Dqtm9jZpysZrmi48mPx7Cv2NPBeMqfLeHJnLaqaNjwRE", "content": "", "creation_timestamp": "2025-02-14T10:06:09.000000Z"}, {"uuid": "d04d1270-acd3-4715-8e94-c9db6f8cd596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47264", "type": "seen", "source": "Telegram/LiHuEx314vo-XC6PfSXgFhUxBgKczQ9Nm5BnwpQVS9rggf8n", "content": "", "creation_timestamp": "2025-02-14T10:06:09.000000Z"}, {"uuid": "2470e446-fb24-4f4f-b23c-c64f6446ccab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47264", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113995183819751639", "content": "", "creation_timestamp": "2025-02-13T06:34:24.567252Z"}, {"uuid": "1cef27ba-7af8-4091-be16-4bfd157b9028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47265", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113995183835162222", "content": "", "creation_timestamp": "2025-02-13T06:34:24.883174Z"}, {"uuid": "062eb971-0e6d-4f9b-ade4-2baba4bd50c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47266", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113995183849315810", "content": "", "creation_timestamp": "2025-02-13T06:34:25.028064Z"}, {"uuid": "ee303696-c990-450c-affa-938e541f9b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47265", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li2i7x2xfi2y", "content": "", "creation_timestamp": "2025-02-13T10:30:26.359176Z"}, {"uuid": "5628b6c8-cf5d-429a-830b-9c3b3718169e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47266", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li2i7xdza62h", "content": "", "creation_timestamp": "2025-02-13T10:30:26.977108Z"}, {"uuid": "d7b5128f-3cd0-4f05-ba4b-c856b26b8b02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47264", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li2i7xrnu426", "content": "", "creation_timestamp": "2025-02-13T10:30:29.199604Z"}, {"uuid": "b20543a2-f05b-4da1-a9db-11f482b1e24c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47262", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114104471150686454", "content": "", "creation_timestamp": "2025-03-04T13:47:37.386197Z"}, {"uuid": "1b79b6e9-9f9d-4e7e-853c-9f4c72ba63a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47262", "type": "seen", "source": "https://t.me/cvedetector/19468", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47262 - Axis VAPIX API Param.cgi Race Condition Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47262 \nPublished : March 4, 2025, 6:15 a.m. | 23\u00a0minutes ago \nDescription : Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected.   \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T08:18:27.000000Z"}, {"uuid": "ed5b8aae-dd3a-4990-9eb2-408ec36ced34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47260", "type": "seen", "source": "https://t.me/cvedetector/19467", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47260 - Axis VAPIX API Mediaclip CGI Memory Exhaustion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47260 \nPublished : March 4, 2025, 6:15 a.m. | 23\u00a0minutes ago \nDescription : 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory.\u00a0  \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T08:18:26.000000Z"}, {"uuid": "53e53768-d8e7-49e4-935d-1feb3b7766ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47260", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9274", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47260\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory.\u00a0\nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\ud83d\udccf Published: 2025-03-04T05:17:35.063Z\n\ud83d\udccf Modified: 2025-03-28T07:13:48.640Z\n\ud83d\udd17 References:\n1. https://www.axis.com/dam/public/1d/d3/ef/cve-2024-47260pdf-en-US-466883.pdf", "creation_timestamp": "2025-03-28T07:27:19.000000Z"}, {"uuid": "57aa3d04-4022-4558-8fbb-6eeb6fd53d68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47262", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9275", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47262\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\ud83d\udccf Published: 2025-03-04T05:19:09.007Z\n\ud83d\udccf Modified: 2025-03-28T07:11:08.168Z\n\ud83d\udd17 References:\n1. https://www.axis.com/dam/public/a3/18/6e/cve-2024-47262pdf-en-US-466884.pdf", "creation_timestamp": "2025-03-28T07:27:19.000000Z"}, {"uuid": "0b27315e-c89b-4301-a58a-e1b18596271c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47264", "type": "seen", "source": "https://t.me/cvedetector/17986", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47264 - Synology Active Backup for Business Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47264 \nPublished : Feb. 13, 2025, 7:15 a.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T11:18:36.000000Z"}, {"uuid": "24f9f64c-fe62-444a-8a73-17871ff127e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47265", "type": "seen", "source": "https://t.me/cvedetector/17980", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47265 - Synology Active Backup for Business Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47265 \nPublished : Feb. 13, 2025, 7:15 a.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T11:18:29.000000Z"}]}