https://vulnerability.circl.lu/sightings/feed 2026-06-14T17:57:08.367748+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/73f1804f-6666-421a-9423-9062c1b4069b/export 2026-06-14T17:57:08.558109+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "73f1804f-6666-421a-9423-9062c1b4069b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114024494206744752", "content": "", "creation_timestamp": "2025-02-18T10:48:25.670667Z"} 2025-02-18T10:48:25.670667+00:00 https://vulnerability.circl.lu/sighting/1b1761ca-0586-4086-9143-e6b9c7cd6e41/export 2026-06-14T17:57:08.558027+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "1b1761ca-0586-4086-9143-e6b9c7cd6e41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://t.me/cvedetector/18298", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12860 - CarSpot \u2013 Dealership Wordpress Classified Theme WordPress Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12860 \nPublished : Feb. 18, 2025, 9:15 a.m. | 17\u00a0minutes ago \nDescription : The CarSpot \u2013 Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T10:57:32.000000Z"} 2025-02-18T10:57:32+00:00 https://vulnerability.circl.lu/sighting/79a94768-6667-4cc2-8c7d-70b56565879d/export 2026-06-14T17:57:08.557958+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "79a94768-6667-4cc2-8c7d-70b56565879d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3liihtltglb2k", "content": "", "creation_timestamp": "2025-02-19T00:00:49.331179Z"} 2025-02-19T00:00:49.331179+00:00 https://vulnerability.circl.lu/sighting/31659ea2-d156-400b-9380-9e8b57f45cbf/export 2026-06-14T17:57:08.557890+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "31659ea2-d156-400b-9380-9e8b57f45cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lijpzycmv42q", "content": "", "creation_timestamp": "2025-02-19T12:00:12.436778Z"} 2025-02-19T12:00:12.436778+00:00 https://vulnerability.circl.lu/sighting/b58f187f-c093-4f10-a13a-07887cf5c1f9/export 2026-06-14T17:57:08.557814+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "b58f187f-c093-4f10-a13a-07887cf5c1f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12866", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8193", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12866\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration files.\n\ud83d\udccf Published: 2025-03-20T10:11:31.785Z\n\ud83d\udccf Modified: 2025-03-20T10:11:31.785Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64", "creation_timestamp": "2025-03-20T10:19:34.000000Z"} 2025-03-20T10:19:34+00:00 https://vulnerability.circl.lu/sighting/160ee0f8-9398-4da4-8fd2-989556a1d8ea/export 2026-06-14T17:57:08.557738+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "160ee0f8-9398-4da4-8fd2-989556a1d8ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12862", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12664", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12862\n\ud83d\udd25 CVSS Score: 5.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.\n\ud83d\udccf Published: 2025-04-21T14:22:59.811Z\n\ud83d\udccf Modified: 2025-04-21T14:56:38.978Z\n\ud83d\udd17 References:\n1. https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839115", "creation_timestamp": "2025-04-21T15:02:43.000000Z"} 2025-04-21T15:02:43+00:00 https://vulnerability.circl.lu/sighting/82d3d95b-d071-4c06-b0a8-589fb4001f50/export 2026-06-14T17:57:08.557660+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "82d3d95b-d071-4c06-b0a8-589fb4001f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12863", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12696", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12863\n\ud83d\udd25 CVSS Score: 5.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.\n\ud83d\udccf Published: 2025-04-21T15:13:04.555Z\n\ud83d\udccf Modified: 2025-04-21T15:24:29.951Z\n\ud83d\udd17 References:\n1. https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839121", "creation_timestamp": "2025-04-21T16:03:04.000000Z"} 2025-04-21T16:03:04+00:00 https://vulnerability.circl.lu/sighting/b9498c0a-f77b-48bb-a87b-8756f76d0c13/export 2026-06-14T17:57:08.557578+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "b9498c0a-f77b-48bb-a87b-8756f76d0c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12863", "type": "seen", "source": "https://t.me/cvedetector/23443", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12863 - OpenText Content Management CE Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12863 \nPublished : April 21, 2025, 3:15 p.m. | 26\u00a0minutes ago \nDescription : Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T18:09:19.000000Z"} 2025-04-21T18:09:19+00:00 https://vulnerability.circl.lu/sighting/15b56c01-5c48-4065-8594-10342f62d416/export 2026-06-14T17:57:08.557465+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "15b56c01-5c48-4065-8594-10342f62d416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12862", "type": "seen", "source": "https://t.me/cvedetector/23445", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12862 - OpenText Content Server Unauthorized Deletion\", \n \"Content\": \"CVE ID : CVE-2024-12862 \nPublished : April 21, 2025, 3:15 p.m. | 26\u00a0minutes ago \nDescription : Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T18:09:21.000000Z"} 2025-04-21T18:09:21+00:00 https://vulnerability.circl.lu/sighting/851ea02c-d7fb-48e0-8b60-8cdb5f79cf57/export 2026-06-14T17:57:08.555969+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "851ea02c-d7fb-48e0-8b60-8cdb5f79cf57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"} 2025-08-25T18:31:43+00:00