{"vulnerability": "CVE-2024-1065", "sightings": [{"uuid": "4e589a27-ac54-40af-8528-aa3b153b0a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10654", "type": "seen", "source": "https://t.me/cvedetector/9577", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10654 - TOTOLINK LR350 Authentication Bypass Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-10654 \nPublished : Nov. 1, 2024, 12:15 p.m. | 33\u00a0minutes ago \nDescription : A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T13:50:29.000000Z"}, {"uuid": "65353402-1471-4ce3-bab1-cdcc40dc3fb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10654", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8918", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC CVE-2024-10654\nURL\uff1ahttps://github.com/c0nyy/IoT_vuln\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2025-04-15T07:45:33.000000Z"}, {"uuid": "785c9402-e5f8-4904-812c-42088785c0d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10650", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8197", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10650\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.\n\ud83d\udccf Published: 2025-03-20T10:11:29.258Z\n\ud83d\udccf Modified: 2025-03-20T10:11:29.258Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/f820371d-a878-44bf-b1fd-2d837dd58eb4", "creation_timestamp": "2025-03-20T10:19:41.000000Z"}, {"uuid": "14e31705-19b0-4339-a0b7-0956af9f1eb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10652", "type": "seen", "source": "https://t.me/cvedetector/9573", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10652 - IDExpert CHANGING Information Technology Reflected Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10652 \nPublished : Nov. 1, 2024, 10:15 a.m. | 42\u00a0minutes ago \nDescription : IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T12:10:17.000000Z"}, {"uuid": "82b05c5d-9349-428b-b95c-002b5d796f67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10659", "type": "seen", "source": "https://t.me/cvedetector/9613", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10659 - \"ESAfENET CDG SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10659 \nPublished : Nov. 1, 2024, 4:15 p.m. | 29\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T17:51:49.000000Z"}, {"uuid": "2e1c076f-68cd-4484-9572-329350fd3aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10655", "type": "seen", "source": "https://t.me/cvedetector/9581", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10655 - Tongda OA SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10655 \nPublished : Nov. 1, 2024, 2:15 p.m. | 40\u00a0minutes ago \nDescription : A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T16:10:50.000000Z"}, {"uuid": "1c7c0972-7cea-4d45-86e9-e12698692198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10651", "type": "seen", "source": "https://t.me/cvedetector/9572", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10651 - IDExpert CHANGING Information Technology File Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-10651 \nPublished : Nov. 1, 2024, 10:15 a.m. | 42\u00a0minutes ago \nDescription : IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T12:10:17.000000Z"}, {"uuid": "287ce7a0-941b-4d72-9a07-12ade46ceaf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10653", "type": "seen", "source": "https://t.me/cvedetector/9571", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10653 - IDExpert CHANGING Information Technology Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10653 \nPublished : Nov. 1, 2024, 10:15 a.m. | 42\u00a0minutes ago \nDescription : IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-01T12:10:16.000000Z"}]}