{"vulnerability": "CVE-2024-4192", "sightings": [{"uuid": "cf2d37da-51ce-430a-adf2-5f1a4bd6b6c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41927", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/20090", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-41927\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.\n\ud83d\udccf Published: 2024-09-04T00:43:55.555Z\n\ud83d\udccf Modified: 2025-07-02T01:23:14.549Z\n\ud83d\udd17 References:\n1. https://us.idec.com/media/24-RD-0256-EN-b.pdf\n2. https://jvn.jp/en/vu/JVNVU96959731/", "creation_timestamp": "2025-07-02T02:13:12.000000Z"}, {"uuid": "fb43a18d-49b8-443d-b848-cfac438e88b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41921", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114870205065116436", "content": "", "creation_timestamp": "2025-07-17T19:23:50.093948Z"}, {"uuid": "881a11c0-48b3-45d9-96ef-dd038551194d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41927", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7501", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-41927\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.\n\ud83d\udccf Published: 2024-09-04T00:43:55.555Z\n\ud83d\udccf Modified: 2025-03-13T20:32:42.537Z\n\ud83d\udd17 References:\n1. https://us.idec.com/media/24-RD-0256-EN.pdf\n2. https://jvn.jp/en/vu/JVNVU96959731/", "creation_timestamp": "2025-03-13T20:43:11.000000Z"}, {"uuid": "4e6fc87a-0446-4f74-81ab-2397484a20cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41928", "type": "seen", "source": "https://t.me/cvedetector/4881", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41928 - Virtualization Software - Virtual Machine Escalation of Privilege Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-41928 \nPublished : Sept. 5, 2024, 4:15 a.m. | 34\u00a0minutes ago \nDescription : Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T07:09:15.000000Z"}, {"uuid": "22a8b65f-226c-46f4-9953-90861f853c55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41925", "type": "seen", "source": "https://t.me/cvedetector/6941", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41925 - \"ONS-S8 Spectra Aggregation Switch Remote Code Execution Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-41925 \nPublished : Oct. 3, 2024, 11:15 p.m. | 33\u00a0minutes ago \nDescription : The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T01:49:10.000000Z"}, {"uuid": "4deedace-a9bc-4238-9fac-1ea0ce5e6f8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41922", "type": "seen", "source": "https://t.me/cvedetector/6905", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41922 - Veertu Anka Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41922 \nPublished : Oct. 3, 2024, 4:15 p.m. | 41\u00a0minutes ago \nDescription : A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can result in a disclosure of arbitrary files. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T19:07:34.000000Z"}, {"uuid": "b25bcd8a-82dc-4dc0-9653-6fbb1aa22f0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41924", "type": "seen", "source": "https://t.me/cvedetector/2020", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41924 - EC-CUBE PHP Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41924 \nPublished : July 30, 2024, 9:15 a.m. | 43\u00a0minutes ago \nDescription : Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T12:23:51.000000Z"}, {"uuid": "345db5f9-353b-45bb-90c9-69d0a4037ad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41927", "type": "seen", "source": "https://t.me/cvedetector/4734", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41927 - IDEC PLC Cleartext Credential Transmission Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41927 \nPublished : Sept. 4, 2024, 1:15 a.m. | 40\u00a0minutes ago \nDescription : Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T04:21:31.000000Z"}, {"uuid": "7e1bce9d-1b6b-477b-8dd7-b67f1158ccae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41926", "type": "seen", "source": "https://t.me/cvedetector/2237", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41926 - Mattermost Recursive Remote ID Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41926 \nPublished : Aug. 1, 2024, 3:15 p.m. | 37\u00a0minutes ago \nDescription : Mattermost versions 9.9.x Severity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-01T17:55:51.000000Z"}]}