{"vulnerability": "cve-2024-5356", "sightings": [{"uuid": "5c25fd93-4f91-465f-966b-2740031a16ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53563", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpqvewnvs2p", "content": "", "creation_timestamp": "2025-01-14T17:15:55.336089Z"}, {"uuid": "872fe72a-b6ab-4ba3-9a21-ea57c31f7346", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53569", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lngln43dlt2c", "content": "", "creation_timestamp": "2025-04-22T21:09:32.368249Z"}, {"uuid": "5ea285ea-c811-4aac-b6ac-b96c72e87876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53568", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lngln4cggq2h", "content": "", "creation_timestamp": "2025-04-22T21:09:33.543806Z"}, {"uuid": "ce982510-42c6-42e5-8b8a-8cab5e4352cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53563", "type": "seen", "source": "https://t.me/cvedetector/15305", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53563 - Arcadyan Meteor 2 CPE Stored Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53563 \nPublished : Jan. 14, 2025, 5:15 p.m. | 36\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T19:01:17.000000Z"}, {"uuid": "66d5edfc-45f6-4916-a96a-a16fc2e26ae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53561", "type": "seen", "source": "https://t.me/cvedetector/15304", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53561 - Arcadyan Meteor 2 CPE FG360 Firmware Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-53561 \nPublished : Jan. 14, 2025, 5:15 p.m. | 36\u00a0minutes ago \nDescription : A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T19:01:17.000000Z"}, {"uuid": "3d7d597d-3ac8-4792-9614-d7ef8145bd92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53564", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/861", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-53564\n\ud83d\udd39 Description: A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences.\n\ud83d\udccf Published: 2024-12-02T00:00:00\n\ud83d\udccf Modified: 2025-01-08T23:58:28.406921Z\n\ud83d\udd17 References:\n1. https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903\n2. https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c", "creation_timestamp": "2025-01-09T00:13:15.000000Z"}, {"uuid": "750e1ff1-6275-4bbb-ab8e-f02498560714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53569", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12990", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-53569\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the description parameter.\n\ud83d\udccf Published: 2025-04-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T20:17:43.352Z\n\ud83d\udd17 References:\n1. https://medium.com/@rudranshsinghrajpurohit/cve-2024-53569-stored-cross-site-scripting-xss-in-volmarg-personal-management-system-6cb0b9d6fe88\n2. https://www.getastra.com/blog/vulnerability/cve-2024-53569stored-cross-site-scripting-xss-in-volmarg-personal-management-system/", "creation_timestamp": "2025-04-22T21:04:33.000000Z"}, {"uuid": "d3ad5fe3-6b9b-4d52-8d7f-45c208f2d70a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53566", "type": "seen", "source": "https://t.me/cvedetector/11810", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53566 - Sangoma Asterisk Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53566 \nPublished : Dec. 2, 2024, 6:15 p.m. | 58\u00a0minutes ago \nDescription : An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T20:26:01.000000Z"}, {"uuid": "1aeb118c-af28-4f36-819f-db6ba5c1415b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53561", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpqvcplkl2h", "content": "", "creation_timestamp": "2025-01-14T17:15:52.774621Z"}, {"uuid": "10fe35aa-4d83-45e6-8110-1bb59309892e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53568", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13027", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-53568\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter.\n\ud83d\udccf Published: 2025-04-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T13:56:44.111Z\n\ud83d\udd17 References:\n1. https://medium.com/@rudranshsinghrajpurohit/cve-2024-53568-stored-cross-site-scripting-xss-vulnerability-in-volmarg-personal-management-cfbaec55046f\n2. https://www.getastra.com/blog/vulnerability/cve-2024-53568stored-cross-site-scripting-xss-vulnerability-in-volmarg-personal-management-system/", "creation_timestamp": "2025-04-23T14:05:01.000000Z"}, {"uuid": "378064a4-dbb5-4fc6-b0e2-d187896c2c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53568", "type": "seen", "source": "https://bsky.app/profile/opsmatters.bsky.social/post/3lkpdixzwno2e", "content": "", "creation_timestamp": "2025-03-19T04:22:18.523040Z"}, {"uuid": "f92da611-a3a8-45a0-b8cd-774bd744a308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53569", "type": "seen", "source": "https://t.me/cvedetector/23543", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53569 - Volmarg Personal Management System Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2024-53569 \nPublished : April 22, 2025, 7:15 p.m. | 47\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the description parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T22:35:17.000000Z"}, {"uuid": "bc5bebb1-f3e0-4b07-a5a2-a99a050fe7f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53568", "type": "seen", "source": "https://t.me/cvedetector/23542", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53568 - Volmarg Personal Management System Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2024-53568 \nPublished : April 22, 2025, 7:15 p.m. | 47\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T22:35:17.000000Z"}, {"uuid": "2a58a148-47a9-4377-a137-3b5c4ec489c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-53564", "type": "seen", "source": "https://t.me/cvedetector/11809", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53564 - An authenticated arbitrary file upload vulnerabili\", \n  \"Content\": \"CVE ID : CVE-2024-53564 \nPublished : Dec. 2, 2024, 6:15 p.m. | 58\u00a0minutes ago \nDescription : An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute arbitrary code via uploading a crafted file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T20:26:00.000000Z"}]}