{"vulnerability": "cve-2024-5415", "sightings": [{"uuid": "c3fad63b-ada5-4b6c-ab10-b9ff702d7276", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54154", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3664", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-54154\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-12-04T12:15:20.047\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.jetbrains.com/privacy-security/issues-fixed/", "creation_timestamp": "2025-01-31T15:25:05.000000Z"}, {"uuid": "905b13e0-2cdb-446b-99f5-c2a01d46b8d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54158", "type": "seen", "source": "https://t.me/cvedetector/11979", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54158 - In JetBrains YouTrack before 2024.3.52635 potentia\", \n  \"Content\": \"CVE ID : CVE-2024-54158 \nPublished : Dec. 4, 2024, 12:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T15:04:43.000000Z"}, {"uuid": "dff805fb-4417-4b2a-a97c-82e4429705ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54157", "type": "seen", "source": "https://t.me/cvedetector/11978", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54157 - In JetBrains YouTrack before 2024.3.52635 potentia\", \n  \"Content\": \"CVE ID : CVE-2024-54157 \nPublished : Dec. 4, 2024, 12:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T15:04:39.000000Z"}, {"uuid": "afa5c396-bd66-43b5-9d8b-c46cde4a4e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54156", "type": "seen", "source": "https://t.me/cvedetector/11977", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54156 - In JetBrains YouTrack before 2024.3.52635 multiple\", \n  \"Content\": \"CVE ID : CVE-2024-54156 \nPublished : Dec. 4, 2024, 12:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T15:04:38.000000Z"}, {"uuid": "7e4fb442-0bcf-4077-b641-4432ef1d37b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54154", "type": "seen", "source": "https://t.me/cvedetector/11976", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54154 - In JetBrains YouTrack before 2024.3.51866 system t\", \n  \"Content\": \"CVE ID : CVE-2024-54154 \nPublished : Dec. 4, 2024, 12:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T15:04:38.000000Z"}, {"uuid": "3071a361-bcfc-46b0-91a7-55d39d2fa299", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54153", "type": "seen", "source": "https://t.me/cvedetector/11984", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54153 - In JetBrains YouTrack before 2024.3.51866 unauthen\", \n  \"Content\": \"CVE ID : CVE-2024-54153 \nPublished : Dec. 4, 2024, 12:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T15:04:49.000000Z"}, {"uuid": "e9d9c9aa-780d-4f48-b90f-3a4c3308152c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54155", "type": "seen", "source": "https://t.me/cvedetector/11974", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54155 - In JetBrains YouTrack before 2024.3.51866 improper\", \n  \"Content\": \"CVE ID : CVE-2024-54155 \nPublished : Dec. 4, 2024, 12:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T15:04:36.000000Z"}, {"uuid": "1c707b0f-88bd-48f2-afa8-aedd7e8425b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54152", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1436", "content": "#GitHub #Tools\n\nOneScan \u662f\u4e00\u6b3e\u7528\u4e8e\u9012\u5f52\u76ee\u5f55\u626b\u63cf\u7684 BurpSuite \u63d2\u4ef6\n\nhttps://github.com/vaycore/OneScan\n\nSandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment\n\nhttps://github.com/BlackSnufkin/LitterBox\n\nAzureAD beacon object files\n\nhttps://github.com/kozmer/aad-bofs\n\nA Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs\n\nhttps://github.com/DualHorizon/blackpill\n\nhttps://github.com/math-x-io/CVE-2024-54152-poc\n\nmath-x-io/CVE-2024-54152-poc\n\n#HackersFactory", "creation_timestamp": "2025-01-12T07:41:03.000000Z"}, {"uuid": "a4898f96-2f7a-4c98-be61-8fe1cbe6b566", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54153", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113594283195716733", "content": "", "creation_timestamp": "2024-12-04T11:20:08.020589Z"}, {"uuid": "172d5a07-ddd5-46e9-90a5-af1463435321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54155", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113594342217696076", "content": "", "creation_timestamp": "2024-12-04T11:35:07.060325Z"}, {"uuid": "bfa47d6f-a9c2-42ae-adde-60111485b68d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54157", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113594342247785920", "content": "", "creation_timestamp": "2024-12-04T11:35:07.718723Z"}, {"uuid": "bbfedf63-6058-43fc-97d8-b0e3f9fafd04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54158", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113594342280885020", "content": "", "creation_timestamp": "2024-12-04T11:35:08.223332Z"}, {"uuid": "396509f7-7122-431d-ad12-e7e0f98e8dce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54154", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113594283210113502", "content": "", "creation_timestamp": "2024-12-04T11:20:08.138758Z"}, {"uuid": "e333b7ed-a8f1-4c82-9d0d-6d6bcdd3fe1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldolhjv6ye27", "content": "", "creation_timestamp": "2024-12-19T19:15:38.996143Z"}, {"uuid": "8a8413ec-1253-433a-a11c-ca3ed03b7aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3ldshz3ya5l2c", "content": "", "creation_timestamp": "2024-12-21T08:24:32.842524Z"}, {"uuid": "fe9889cf-fef5-4c54-80cd-ec42eac5d0ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3ldwgl7v6ma2n", "content": "", "creation_timestamp": "2024-12-22T22:09:32.339355Z"}, {"uuid": "3959a404-ccd4-404e-8071-d1e7372e892a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54155", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3663", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-54155\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-12-04T12:15:20.190\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.jetbrains.com/privacy-security/issues-fixed/", "creation_timestamp": "2025-01-31T15:25:04.000000Z"}, {"uuid": "ca79b598-2ac7-4b3e-969c-e2dfb246b188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "seen", "source": "https://t.me/cvedetector/13362", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54150 - \"Cjwt Algorithm Confusion Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-54150 \nPublished : Dec. 19, 2024, 7:15 p.m. | 22\u00a0minutes ago \nDescription : cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods.  If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS signed token during verification, it becomes vulnerable to this kind of attack. For instance, an attacker could craft a token with the alg field set to \"HS256\" while the server expects an asymmetric algorithm like \"RS256\". The server might mistakenly use the wrong verification method, such as using a public key as the HMAC secret, leading to unauthorised access. For RSA, the key can be computed from a few signatures. For Elliptic Curve (EC), two potential keys can be recovered from one signature. This can be used to bypass the signature mechanism if an application relies on asymmetrically signed tokens. This issue has been addressed in version 2.3.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T20:40:33.000000Z"}, {"uuid": "4fb5b028-a930-495c-8d60-de6dbbfd1a40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54151", "type": "seen", "source": "https://t.me/cvedetector/12450", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54151 - Directus Unauthenticated Administrative Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-54151 \nPublished : Dec. 9, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to \"public\", an unauthenticated user is able to do any of the supported operations (CRUD, subscriptions) with full admin privileges. This impacts any Directus instance that has either `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` set to `public` allowing unauthenticated users to subscribe for changes on any collection or do REST CRUD operations on user defined collections ignoring permissions. Version 11.3.0 fixes the issue. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T23:04:29.000000Z"}, {"uuid": "2c9388c2-0bd7-4c0f-b8fb-b0033b659337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "published-proof-of-concept", "source": "Telegram/adg0YxbfSLYSY0tkrmrRX-eDfpNqb3VHOacJOz0p4czDht7B", "content": "", "creation_timestamp": "2025-01-01T22:58:40.000000Z"}, {"uuid": "1d25d5f7-96bd-4d01-ae20-4a44a251316a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54155", "type": "seen", "source": "Telegram/_Qeie-YALBdt5uAQbTTwIvXqMMW9oy2UPPJbJt6FRM38R7Hl", "content": "", "creation_timestamp": "2025-02-01T17:28:10.000000Z"}, {"uuid": "46d08a34-af27-4917-85ce-2294d631f385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54154", "type": "seen", "source": "Telegram/qWWe6INHDKfXRHsgyeKa751oH6rZHIkTYvmVkeVsCVEtGbuq", "content": "", "creation_timestamp": "2025-02-01T17:28:10.000000Z"}, {"uuid": "b6e611bb-4527-4bd9-87aa-26cc73e73972", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54153", "type": "seen", "source": "Telegram/9f72zadmFu0BARq2FCGZpYc1VZr3oPE9RBkSyJgHdMgrruxb", "content": "", "creation_timestamp": "2025-02-01T17:28:10.000000Z"}, {"uuid": "c11230d0-426c-4f2f-847a-c2f00fa5b667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54152", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2461", "content": "CVE-2024-54152 \n*\nAngular Expressions \u044d\u0442\u043e \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0432\u0435\u0431-\u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Angular.JS \u0432 \u0432\u0438\u0434\u0435 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043c\u043e\u0434\u0443\u043b\u044f. \u0414\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.4.3 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0433 \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435, \u0432\u044b\u0445\u043e\u0434\u044f\u0449\u0435\u0435 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b\n*\nPOC", "creation_timestamp": "2024-12-31T10:22:58.000000Z"}, {"uuid": "52f2f383-9252-4b1a-8b80-3d30ac4aa9e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "seen", "source": "https://t.me/thebugbountyhunter/9476", "content": "PentesterLab Blog: Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150\n\nhttps://pentesterlab.com/blog/another-jwt-algorithm-confusion-cve-2024-54150", "creation_timestamp": "2024-12-22T12:09:29.000000Z"}, {"uuid": "9bf0d920-3d97-4e34-b473-f243bbc457d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54156", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113594342233259915", "content": "", "creation_timestamp": "2024-12-04T11:35:07.326610Z"}, {"uuid": "f6f37374-a4f5-4878-aca3-327d62f30253", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3ldvrcvdgmd2n", "content": "", "creation_timestamp": "2024-12-22T15:49:04.586631Z"}, {"uuid": "8ba7a6af-e138-48ac-9c0f-bd3682008048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3ldsotb67wk2r", "content": "", "creation_timestamp": "2024-12-21T10:26:33.214338Z"}, {"uuid": "080049cc-1568-4841-8869-f11a6d941b51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "seen", "source": "https://t.me/CyberBulletin/1801", "content": "\u26a1\ufe0fAnother JWT Algorithm Confusion Vulnerability: CVE-2024-54150.\n\n#CyberBulletin", "creation_timestamp": "2024-12-22T13:59:12.000000Z"}, {"uuid": "9960df68-799b-4032-956e-9a440aa1e585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54152", "type": "seen", "source": "https://t.me/cvedetector/12517", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54152 - Angular Expressions Sandbox Escape Arbitrary Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-54152 \nPublished : Dec. 10, 2024, 4:15 p.m. | 44\u00a0minutes ago \nDescription : Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. The problem has been patched in version 1.4.3 of Angular Expressions. Two possible workarounds are available. One may either disable access to `__proto__` globally or make sure that one uses the function with just one argument. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T18:18:38.000000Z"}, {"uuid": "fcb751f3-fbf5-4b5f-98aa-ae5b870f7ed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54159", "type": "seen", "source": "https://t.me/cvedetector/11683", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-54159 - stalld through 1.19.7 allows local users to cause\", \n  \"Content\": \"CVE ID : CVE-2024-54159 \nPublished : Nov. 29, 2024, 10:15 p.m. | 14\u00a0hours, 20\u00a0minutes ago \nDescription : stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-30T14:04:25.000000Z"}, {"uuid": "da1af790-9687-44c4-8db2-4e8ce6e83ea6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54152", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/4081", "content": "#GitHub #Tools\n\nOneScan \u662f\u4e00\u6b3e\u7528\u4e8e\u9012\u5f52\u76ee\u5f55\u626b\u63cf\u7684 BurpSuite \u63d2\u4ef6\n\nhttps://github.com/vaycore/OneScan\n\nSandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment\n\nhttps://github.com/BlackSnufkin/LitterBox\n\nAzureAD beacon object files\n\nhttps://github.com/kozmer/aad-bofs\n\nA Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs\n\nhttps://github.com/DualHorizon/blackpill\n\nhttps://github.com/math-x-io/CVE-2024-54152-poc\n\nmath-x-io/CVE-2024-54152-poc\n\n#HackersFactory", "creation_timestamp": "2025-01-12T05:38:48.000000Z"}, {"uuid": "19956bba-ab5e-48e0-89d1-7eb43856e98a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54152", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7904", "content": "#GitHub #Tools\n\nOneScan \u662f\u4e00\u6b3e\u7528\u4e8e\u9012\u5f52\u76ee\u5f55\u626b\u63cf\u7684 BurpSuite \u63d2\u4ef6\n\nhttps://github.com/vaycore/OneScan\n\nSandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment\n\nhttps://github.com/BlackSnufkin/LitterBox\n\nAzureAD beacon object files\n\nhttps://github.com/kozmer/aad-bofs\n\nA Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs\n\nhttps://github.com/DualHorizon/blackpill\n\nhttps://github.com/math-x-io/CVE-2024-54152-poc\n\nmath-x-io/CVE-2024-54152-poc\n\n#HackersFactory", "creation_timestamp": "2025-01-12T07:41:05.000000Z"}, {"uuid": "d4aea72c-9d57-499e-8ae0-22c79fb35abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54150", "type": "seen", "source": "https://t.me/CyberBulletin/26886", "content": "\u26a1\ufe0fAnother JWT Algorithm Confusion Vulnerability: CVE-2024-54150.\n\n#CyberBulletin", "creation_timestamp": "2024-12-22T13:59:12.000000Z"}, {"uuid": "dc01c696-6c43-4053-bd1d-6d7af5d356b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54159", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113568480813861399", "content": "", "creation_timestamp": "2024-11-29T21:58:13.623382Z"}, {"uuid": "0f06c39a-a3f8-4864-9fb9-2c18d731505e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54154", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113624105624570013", "content": "", "creation_timestamp": "2024-12-09T17:44:20.954256Z"}, {"uuid": "55b549f3-63f3-4156-b5c3-eb59042e8646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54151", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113624874055932705", "content": "", "creation_timestamp": "2024-12-09T20:59:45.968405Z"}, {"uuid": "a2edc92b-4a56-4d1d-877d-8b726492818b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-54152", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113629284744748531", "content": "", "creation_timestamp": "2024-12-10T15:41:27.886060Z"}]}