https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 14 Jun 2026 17:57:08 +0000 https://vulnerability.circl.lu/sighting/73f1804f-6666-421a-9423-9062c1b4069b/export {"uuid": "73f1804f-6666-421a-9423-9062c1b4069b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114024494206744752", "content": "", "creation_timestamp": "2025-02-18T10:48:25.670667Z"} {"uuid": "73f1804f-6666-421a-9423-9062c1b4069b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114024494206744752", "content": "", "creation_timestamp": "2025-02-18T10:48:25.670667Z"} https://vulnerability.circl.lu/sighting/73f1804f-6666-421a-9423-9062c1b4069b/export Tue, 18 Feb 2025 10:48:25 +0000 https://vulnerability.circl.lu/sighting/1b1761ca-0586-4086-9143-e6b9c7cd6e41/export {"uuid": "1b1761ca-0586-4086-9143-e6b9c7cd6e41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://t.me/cvedetector/18298", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12860 - CarSpot \u2013 Dealership Wordpress Classified Theme WordPress Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12860 \nPublished : Feb. 18, 2025, 9:15 a.m. | 17\u00a0minutes ago \nDescription : The CarSpot \u2013 Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T10:57:32.000000Z"} {"uuid": "1b1761ca-0586-4086-9143-e6b9c7cd6e41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://t.me/cvedetector/18298", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12860 - CarSpot \u2013 Dealership Wordpress Classified Theme WordPress Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12860 \nPublished : Feb. 18, 2025, 9:15 a.m. | 17\u00a0minutes ago \nDescription : The CarSpot \u2013 Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T10:57:32.000000Z"} https://vulnerability.circl.lu/sighting/1b1761ca-0586-4086-9143-e6b9c7cd6e41/export Tue, 18 Feb 2025 10:57:32 +0000 https://vulnerability.circl.lu/sighting/79a94768-6667-4cc2-8c7d-70b56565879d/export {"uuid": "79a94768-6667-4cc2-8c7d-70b56565879d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3liihtltglb2k", "content": "", "creation_timestamp": "2025-02-19T00:00:49.331179Z"} {"uuid": "79a94768-6667-4cc2-8c7d-70b56565879d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3liihtltglb2k", "content": "", "creation_timestamp": "2025-02-19T00:00:49.331179Z"} https://vulnerability.circl.lu/sighting/79a94768-6667-4cc2-8c7d-70b56565879d/export Wed, 19 Feb 2025 00:00:49 +0000 https://vulnerability.circl.lu/sighting/31659ea2-d156-400b-9380-9e8b57f45cbf/export {"uuid": "31659ea2-d156-400b-9380-9e8b57f45cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lijpzycmv42q", "content": "", "creation_timestamp": "2025-02-19T12:00:12.436778Z"} {"uuid": "31659ea2-d156-400b-9380-9e8b57f45cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lijpzycmv42q", "content": "", "creation_timestamp": "2025-02-19T12:00:12.436778Z"} https://vulnerability.circl.lu/sighting/31659ea2-d156-400b-9380-9e8b57f45cbf/export Wed, 19 Feb 2025 12:00:12 +0000 https://vulnerability.circl.lu/sighting/b58f187f-c093-4f10-a13a-07887cf5c1f9/export {"uuid": "b58f187f-c093-4f10-a13a-07887cf5c1f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12866", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8193", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12866\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration files.\n\ud83d\udccf Published: 2025-03-20T10:11:31.785Z\n\ud83d\udccf Modified: 2025-03-20T10:11:31.785Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64", "creation_timestamp": "2025-03-20T10:19:34.000000Z"} {"uuid": "b58f187f-c093-4f10-a13a-07887cf5c1f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12866", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8193", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12866\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration files.\n\ud83d\udccf Published: 2025-03-20T10:11:31.785Z\n\ud83d\udccf Modified: 2025-03-20T10:11:31.785Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64", "creation_timestamp": "2025-03-20T10:19:34.000000Z"} https://vulnerability.circl.lu/sighting/b58f187f-c093-4f10-a13a-07887cf5c1f9/export Thu, 20 Mar 2025 10:19:34 +0000 https://vulnerability.circl.lu/sighting/160ee0f8-9398-4da4-8fd2-989556a1d8ea/export {"uuid": "160ee0f8-9398-4da4-8fd2-989556a1d8ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12862", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12664", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12862\n\ud83d\udd25 CVSS Score: 5.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.\n\ud83d\udccf Published: 2025-04-21T14:22:59.811Z\n\ud83d\udccf Modified: 2025-04-21T14:56:38.978Z\n\ud83d\udd17 References:\n1. https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839115", "creation_timestamp": "2025-04-21T15:02:43.000000Z"} {"uuid": "160ee0f8-9398-4da4-8fd2-989556a1d8ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12862", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12664", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12862\n\ud83d\udd25 CVSS Score: 5.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.\n\ud83d\udccf Published: 2025-04-21T14:22:59.811Z\n\ud83d\udccf Modified: 2025-04-21T14:56:38.978Z\n\ud83d\udd17 References:\n1. https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839115", "creation_timestamp": "2025-04-21T15:02:43.000000Z"} https://vulnerability.circl.lu/sighting/160ee0f8-9398-4da4-8fd2-989556a1d8ea/export Mon, 21 Apr 2025 15:02:43 +0000 https://vulnerability.circl.lu/sighting/82d3d95b-d071-4c06-b0a8-589fb4001f50/export {"uuid": "82d3d95b-d071-4c06-b0a8-589fb4001f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12863", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12696", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12863\n\ud83d\udd25 CVSS Score: 5.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.\n\ud83d\udccf Published: 2025-04-21T15:13:04.555Z\n\ud83d\udccf Modified: 2025-04-21T15:24:29.951Z\n\ud83d\udd17 References:\n1. https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839121", "creation_timestamp": "2025-04-21T16:03:04.000000Z"} {"uuid": "82d3d95b-d071-4c06-b0a8-589fb4001f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12863", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12696", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12863\n\ud83d\udd25 CVSS Score: 5.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.\n\ud83d\udccf Published: 2025-04-21T15:13:04.555Z\n\ud83d\udccf Modified: 2025-04-21T15:24:29.951Z\n\ud83d\udd17 References:\n1. https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839121", "creation_timestamp": "2025-04-21T16:03:04.000000Z"} https://vulnerability.circl.lu/sighting/82d3d95b-d071-4c06-b0a8-589fb4001f50/export Mon, 21 Apr 2025 16:03:04 +0000 https://vulnerability.circl.lu/sighting/b9498c0a-f77b-48bb-a87b-8756f76d0c13/export {"uuid": "b9498c0a-f77b-48bb-a87b-8756f76d0c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12863", "type": "seen", "source": "https://t.me/cvedetector/23443", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12863 - OpenText Content Management CE Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12863 \nPublished : April 21, 2025, 3:15 p.m. | 26\u00a0minutes ago \nDescription : Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T18:09:19.000000Z"} {"uuid": "b9498c0a-f77b-48bb-a87b-8756f76d0c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12863", "type": "seen", "source": "https://t.me/cvedetector/23443", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12863 - OpenText Content Management CE Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-12863 \nPublished : April 21, 2025, 3:15 p.m. | 26\u00a0minutes ago \nDescription : Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T18:09:19.000000Z"} https://vulnerability.circl.lu/sighting/b9498c0a-f77b-48bb-a87b-8756f76d0c13/export Mon, 21 Apr 2025 18:09:19 +0000 https://vulnerability.circl.lu/sighting/15b56c01-5c48-4065-8594-10342f62d416/export {"uuid": "15b56c01-5c48-4065-8594-10342f62d416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12862", "type": "seen", "source": "https://t.me/cvedetector/23445", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12862 - OpenText Content Server Unauthorized Deletion\", \n \"Content\": \"CVE ID : CVE-2024-12862 \nPublished : April 21, 2025, 3:15 p.m. | 26\u00a0minutes ago \nDescription : Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T18:09:21.000000Z"} {"uuid": "15b56c01-5c48-4065-8594-10342f62d416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12862", "type": "seen", "source": "https://t.me/cvedetector/23445", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-12862 - OpenText Content Server Unauthorized Deletion\", \n \"Content\": \"CVE ID : CVE-2024-12862 \nPublished : April 21, 2025, 3:15 p.m. | 26\u00a0minutes ago \nDescription : Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T18:09:21.000000Z"} https://vulnerability.circl.lu/sighting/15b56c01-5c48-4065-8594-10342f62d416/export Mon, 21 Apr 2025 18:09:21 +0000 https://vulnerability.circl.lu/sighting/851ea02c-d7fb-48e0-8b60-8cdb5f79cf57/export {"uuid": "851ea02c-d7fb-48e0-8b60-8cdb5f79cf57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"} {"uuid": "851ea02c-d7fb-48e0-8b60-8cdb5f79cf57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12860", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"} https://vulnerability.circl.lu/sighting/851ea02c-d7fb-48e0-8b60-8cdb5f79cf57/export Mon, 25 Aug 2025 18:31:43 +0000