{"vulnerability": "cve-2024-1092", "sightings": [{"uuid": "368c0b57-2368-4b5d-a861-e9db3acf75fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10920", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113436856095594200", "content": "", "creation_timestamp": "2024-11-06T16:04:19.602383Z"}, {"uuid": "4c706a5f-85c3-4a30-aef9-98f87069b92a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10926", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113438061775935641", "content": "", "creation_timestamp": "2024-11-06T21:10:56.725398Z"}, {"uuid": "3f9f703f-b204-4f8c-8c03-9cf3df83fe07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10922", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113439226773997971", "content": "", "creation_timestamp": "2024-11-07T02:07:13.282876Z"}, {"uuid": "fe88512a-3c84-4bb5-afa3-9aaa11d4e0c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10928", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113438400716343179", "content": "", "creation_timestamp": "2024-11-06T22:37:08.807393Z"}, {"uuid": "ed7320fd-7115-4eda-9bfd-d31c74d5ae6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10927", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113438400701967806", "content": "", "creation_timestamp": "2024-11-06T22:37:08.906237Z"}, {"uuid": "4f111341-34b3-46e2-8584-f6250a9f4772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10923", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113471054035486373", "content": "", "creation_timestamp": "2024-11-12T17:01:18.711423Z"}, {"uuid": "a1e97ae9-2d4a-4030-a696-40704bf40c47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10921", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113482187027500502", "content": "", "creation_timestamp": "2024-11-14T16:12:34.783389Z"}, {"uuid": "041af737-d0ad-4532-bbf8-0517743f34e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113484817218664208", "content": "", "creation_timestamp": "2024-11-15T03:21:28.512318Z"}, {"uuid": "e1123286-419f-47cc-854b-dc027499d97e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/113506545044181662", "content": "", "creation_timestamp": "2024-11-18T23:27:13.463126Z"}, {"uuid": "a0478791-e514-4aad-b8b0-1076fd07ab53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html", "content": "", "creation_timestamp": "2024-11-18T04:52:00.000000Z"}, {"uuid": "87308364-771a-41a7-81c1-c6c9d7947e42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "c4b0f1b3-6b12-4dc3-acca-0078eb2d6658", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10929", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdrbnqmha2f", "content": "", "creation_timestamp": "2025-01-22T16:16:01.867425Z"}, {"uuid": "2a3ccbe5-1120-44d1-8a5e-c013d198a82e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10929", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgdsv4ytah2h", "content": "", "creation_timestamp": "2025-01-22T16:44:50.630571Z"}, {"uuid": "bd3cb716-9658-4397-b50c-650bdbcb519a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:59.000000Z"}, {"uuid": "ee9340df-c707-4f77-8daf-a81babd9c47e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "1dc024da-d5f9-4d75-84e7-635bb365ba05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmtfyg3de22b", "content": "", "creation_timestamp": "2025-04-15T06:07:47.569840Z"}, {"uuid": "0b79330b-4fff-4bf8-b22b-e38bbd8aedd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmxigykikj2e", "content": "", "creation_timestamp": "2025-04-16T21:02:23.572817Z"}, {"uuid": "6a16515d-d9dd-412a-b3e3-69ed7b8dc913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10925", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-19T02:47:47.000000Z"}, {"uuid": "b03ede8f-a16c-4c70-8c9a-7fc116ef00fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9075", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aWARNING: This is a vulnerable application to test the exploit for the Really Simple Security &lt; 9.1.2 authentication bypass (CVE-2024-10924). Run it at your own risk!\nURL\uff1ahttps://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-18T21:40:27.000000Z"}, {"uuid": "4a11c2b7-09cb-4ccd-b15b-3ddadc1f4eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10925", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-18T13:31:24.000000Z"}, {"uuid": "87582c0c-0e7e-4e72-9293-97c8d222a2e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_reallysimplessl_2fa_bypass_rce.rb", "content": "", "creation_timestamp": "2024-12-07T00:35:11.000000Z"}, {"uuid": "efee2fb9-be68-4b07-a7bc-d72374d6d8f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9087", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aExploits Really Simple Security &lt; 9.1.2 authentication bypass (CVE-2024-10924).\nURL\uff1ahttps://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-19T12:30:56.000000Z"}, {"uuid": "ad136026-5b81-4adf-9b3d-ded733fd2997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9120", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aExploit for CVE-2024-10924 -&gt; Really Simple Security &lt; 9.1.2 authentication bypass\nURL\uff1ahttps://github.com/dua1337/Exploit-for-CVE-2024-10924\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-21T23:27:52.000000Z"}, {"uuid": "d640d2be-a62b-4b99-857e-d107f8139ada", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9068", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-10924 Authentication Bypass Using an Alternate Path or Channel (CWE-288)\nURL\uff1ahttps://github.com/ebrasha/abdal-anydesk-remote-ip-detector\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-18T15:16:28.000000Z"}, {"uuid": "a3b919a8-f3f1-4ece-9ced-1447173411d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9061", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-10924 Authentication Bypass Using an Alternate Path or Channel (CWE-288)\nURL\uff1ahttps://github.com/FoKiiin/CVE-2024-10924\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-17T21:32:48.000000Z"}, {"uuid": "f4d3dc38-efe4-4408-aee2-b1985275ce3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://t.me/habr_com_news/32127", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e \u0418\u0411 \u0438\u0437 Defiant \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Really Simple Security (Really Simple SSL) \u0434\u043b\u044f WordPress \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-10924 (9,8 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 4 \u043c\u043b\u043d \u0441\u0430\u0439\u0442\u043e\u0432.\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442", "creation_timestamp": "2024-11-19T07:34:48.000000Z"}, {"uuid": "82447157-3b58-45ac-81fb-baab1dd75087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10925", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6190", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10925\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML\n\ud83d\udccf Published: 2025-03-03T11:02:24.017Z\n\ud83d\udccf Modified: 2025-03-03T11:02:24.017Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/502857\n2. https://hackerone.com/reports/2818270", "creation_timestamp": "2025-03-03T11:30:20.000000Z"}, {"uuid": "43be54ad-d634-48c7-b73b-a9a7ca8e4517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10922", "type": "seen", "source": "https://t.me/cvedetector/10054", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10922 - WordPress Featured Posts Scroll CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10922 \nPublished : Nov. 7, 2024, 2:15 a.m. | 46\u00a0minutes ago \nDescription : The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T04:22:42.000000Z"}, {"uuid": "ab27c483-7e9a-4fb3-ad43-b272ad30b44d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10929", "type": "seen", "source": "https://t.me/cvedetector/16122", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10929 - Arm Cortex-A72/A73/A75 Branch History Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10929 \nPublished : Jan. 22, 2025, 4:15 p.m. | 44\u00a0minutes ago \nDescription : In certain circumstances, an issue in Arm Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T18:04:16.000000Z"}, {"uuid": "351effad-0edb-4587-aa95-ffa280008ddb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10921", "type": "seen", "source": "https://t.me/cvedetector/10969", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10921 - \"MongoDB Buffer Over-Read/Server Crash Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10921 \nPublished : Nov. 14, 2024, 4:15 p.m. | 38\u00a0minutes ago \nDescription : An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T18:20:02.000000Z"}, {"uuid": "762c7387-cdd2-40dc-a467-07439f172871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://t.me/kasperskylab_ru/5668", "content": "\u0412\u043e\u0441\u043a\u0440\u0435\u0441\u043d\u044b\u0439 \u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 \u043a\u0438\u0431\u0435\u0440\u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u27a1\ufe0f\n\n\u0412 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Kaspersky Password Manager \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f 10 \u043b\u0435\u0442! \u042e\u0431\u0438\u043b\u0435\u0439 \u043e\u043d\u0430 \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442 \u043f\u0440\u0438 \u043f\u0430\u0440\u0430\u0434\u0435: \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0451\u043d\u043d\u044b\u043c \u0434\u0438\u0437\u0430\u0439\u043d\u043e\u043c. \u0427\u0442\u043e \u0438\u043c\u0435\u043d\u043d\u043e \u043f\u043e\u043c\u0435\u043d\u044f\u043b\u043e\u0441\u044c \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u2014 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0432 \u0441\u0442\u0430\u0442\u044c\u0435.\n\nCVE-2024-49040: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u0430\u0441\u043a\u0438\u0440\u0443\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u043f\u043e\u0434 \u0432\u0430\u0448\u0438\u0445 \u043a\u043e\u043b\u043b\u0435\u0433. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u2014 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435.\n\n\u0421\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u043a\u0430\u0436\u0434\u044b\u043c \u0432\u0430\u0448\u0438\u043c \u0448\u0430\u0433\u043e\u043c \u043c\u043e\u0436\u0435\u0442 \u043a\u0430\u0436\u0434\u044b\u0439. \u0423\u0433\u043e\u043d\u0449\u0438\u043a\u0438 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439 \u00ab\u043f\u0430\u0441\u0443\u0442\u00bb \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b, \u043f\u043e\u0434\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u044f \u0437\u0430 \u043d\u043e\u043c\u0435\u0440\u043d\u043e\u0439 \u0437\u043d\u0430\u043a \u043c\u0430\u044f\u0447\u043e\u043a AirTag, \u0440\u0435\u0432\u043d\u0438\u0432\u044b\u0435 \u043c\u0443\u0436\u044c\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u044e\u0442 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u043d\u0430 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d \u0441\u0432\u043e\u0438\u043c \u0436\u0451\u043d\u0430\u043c, \u0438 \u0440\u0430\u0441\u0445\u043e\u0434\u044b \u043d\u0430 \u044d\u0442\u0443 \u0441\u043b\u0435\u0436\u043a\u0443 \u043f\u0440\u043e\u0441\u0442\u043e \u043a\u043e\u043f\u0435\u0435\u0447\u043d\u044b\u0435. \u0423\u0437\u043d\u0430\u0442\u044c \u043e \u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435 \u0438 \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f \u043e\u0442 \u043d\u0435\u0433\u043e.\n\n4 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u0441\u0430\u0439\u0442\u043e\u0432 \u043d\u0430 WordPress \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u043b\u044f \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d Really Simple Security. \u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0441\u0430\u0439\u0442 \u0441\u0432\u043e\u0435\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-10924 \u2014 \u0432 \u043d\u0430\u0448\u0435\u043c \u043d\u043e\u0432\u043e\u043c \u043f\u043e\u0441\u0442\u0435.\n\n\u0421\u0430\u043c\u043e\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 \u0438\u0437 \u043c\u0438\u0440\u0430 B2B:\n\n\u25b6\ufe0f APT-\u043f\u0440\u043e\u0433\u043d\u043e\u0437 \u043d\u0430 2025\n\u25b6\ufe0f \u0412\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u2014 \u0433\u043b\u0430\u0432\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 2025?\n\u25b6\ufe0f \u0414\u0430\u0439\u0434\u0436\u0435\u0441\u0442 \u043b\u0443\u0447\u0448\u0438\u0445 B2B-\u043f\u043e\u0441\u0442\u043e\u0432 \u043d\u043e\u044f\u0431\u0440\u044f \n\n\u0418 \u0435\u0449\u0451 \u043a\u043e\u0435-\u0447\u0442\u043e:\n\n\u25b6\ufe0f \u00ab\u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0430\u044f\u00bb \u0447\u0435\u0442\u0432\u0451\u0440\u043a\u0430 \u0432 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438 \u0438\u043b\u0438 \u0442\u043e\u043f-4 \u0418\u0411 \u0432\u0430\u043a\u0430\u043d\u0441\u0438\u0438 \n\u25b6\ufe0f \u041d\u0430\u0448 \u0431\u043e\u0441\u0441 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043e \u0441\u0432\u043e\u0451\u043c \u0432\u0438\u0437\u0438\u0442\u0435 \u0432 \u041c\u0413\u0423", "creation_timestamp": "2024-12-01T17:34:51.000000Z"}, {"uuid": "645d7545-283a-4523-92c3-e92210f69c0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://t.me/kasperskylab_ru/5658", "content": "\ud83d\udfe2 4 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u0441\u0430\u0439\u0442\u043e\u0432 \u043d\u0430 WordPress \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u043b\u044f \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d Really Simple Security. \u0422\u0435\u043f\u0435\u0440\u044c \u043e\u043d\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439: \u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0438 \u043d\u0430\u0448\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-10924.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0439\u0442\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442 \u043f\u043e\u0434 \u0432\u0438\u0434\u043e\u043c \u043b\u044e\u0431\u043e\u0433\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0435\u0433\u043e \u043f\u0440\u0430\u0432\u0430. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441\u0442\u0430\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u043c \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0432\u0435\u0431-\u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c.\n\n\u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0441\u0430\u0439\u0442 \u0441\u0432\u043e\u0435\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-10924 \u2014 \u0432 \u043d\u0430\u0448\u0435\u043c \u043d\u043e\u0432\u043e\u043c \u043f\u043e\u0441\u0442\u0435.\n\n#KD_\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438", "creation_timestamp": "2024-11-28T09:13:31.000000Z"}, {"uuid": "bd58520c-9e6f-4f2d-be07-174c22baf508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://t.me/cvedetector/11036", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10924 - Really Simple Security for WordPress Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-10924 \nPublished : Nov. 15, 2024, 4:15 a.m. | 43\u00a0minutes ago \nDescription : The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the \"Two-Factor Authentication\" setting is enabled (disabled by default). \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T06:03:04.000000Z"}, {"uuid": "36b0ca32-7b45-4d60-90b0-78e86504240a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "Telegram/BuXPN5McJCWO_vMltbVB1VeL09HPFFjcUaoHPpOKik6vkw", "content": "", "creation_timestamp": "2024-11-18T06:53:45.000000Z"}, {"uuid": "25a170b2-a219-4a4e-b228-ec6f33fdc71c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10920", "type": "seen", "source": "https://t.me/cvedetector/10014", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10920 - Mariazevedo88 Travels-Java-API JWT Secret Handler Cryptographic Key Hard-Coded Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10920 \nPublished : Nov. 6, 2024, 4:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\\src\\main\\java\\io\\github\\mariazevedo88\\travelsjavaapi\\filters\\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key  \n . The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T18:20:30.000000Z"}, {"uuid": "c0cd30f5-f09f-442f-abc0-80fcc391b2b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "https://t.me/bizone_channel/1593", "content": "\ud83e\udd65 \u0418\u0440\u043e\u043d\u0438\u044f \u0441\u0443\u0434\u044c\u0431\u044b: \u043f\u043b\u0430\u0433\u0438\u043d \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f WordPress \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 BI.ZONE WAF \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0441\u0430\u0439\u0442\u044b \u043d\u0430 WordPress \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Really Simple Security.\n\n\u0427\u0435\u043c \u043e\u043f\u0430\u0441\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\nCVE-2024-10924 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\u00a0\u0423\u0433\u0440\u043e\u0437\u0443 \u043e\u0446\u0435\u043d\u0438\u043b\u0438 \u0432 9,8 \u0431\u0430\u043b\u043b\u0430 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u0412 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u043f\u0440\u0438\u043c\u0435\u0440 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 (PoC).\n\n\u0415\u0441\u0442\u044c \u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u00a0\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c\u0438 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 9.1.2. \u0412\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u043e\u0442 9.0.0 \u0434\u043e 9.1.1.1 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0430\u0442\u0430\u043a\u0435. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u0443\u0433\u0440\u043e\u0437\u044b, \u043a\u043e\u043c\u0430\u043d\u0434\u0430 WordPress \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e Really Simple Security \u0441\u0440\u0435\u0434\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u041d\u043e \u044d\u0442\u043e \u043d\u0435 \u0437\u043d\u0430\u0447\u0438\u0442, \u0447\u0442\u043e \u0431\u0435\u0441\u043f\u043e\u043a\u043e\u0438\u0442\u044c\u0441\u044f \u043d\u0435 \u0441\u0442\u043e\u0438\u0442: \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0430\u0432\u0442\u043e\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u044b \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041d\u0430\u0448\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u0436\u0435 \u043f\u0440\u0438\u043d\u044f\u043b\u0438 \u043c\u0435\u0440\u044b \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u043e\u0442 CVE-2024-10924: \u043a\u043e\u043c\u0430\u043d\u0434\u0430 BI.ZONE WAF \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438, \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0435\u0435 \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044e\u0449\u0435\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0430 \u043a\u043e\u043b\u043b\u0435\u0433\u0438 \u0438\u0437 BI.ZONE CPT \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.", "creation_timestamp": "2024-11-27T08:01:16.000000Z"}, {"uuid": "d51bbf94-ced5-49b0-93b7-d2052c792a02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10926", "type": "seen", "source": "https://t.me/cvedetector/10048", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10926 - IBPhoenix ibWebAdmin Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10926 \nPublished : Nov. 6, 2024, 9:15 p.m. | 40\u00a0minutes ago \nDescription : A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T23:21:39.000000Z"}, {"uuid": "219a0950-4a6a-4964-b801-28230bbac411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10928", "type": "seen", "source": "https://t.me/cvedetector/10049", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10928 - MonoCMS Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10928 \nPublished : Nov. 6, 2024, 11:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T01:01:56.000000Z"}, {"uuid": "7c4fdfd6-79e0-4bdf-b6a7-77bfe0bfef16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10927", "type": "seen", "source": "https://t.me/cvedetector/10052", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10927 - MonoCMS Account Information Page Remote Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-10927 \nPublished : Nov. 6, 2024, 11:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T01:01:58.000000Z"}, {"uuid": "74491375-8774-4c39-995b-b1286a1d3080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "Telegram/uWQOe4LLqVgLvheR7wnwqmp1AKDal2o6vYjs3xZaL4amPno", "content": "", "creation_timestamp": "2024-11-18T19:32:30.000000Z"}, {"uuid": "ed96c81a-a990-4b6b-9412-a649c6703a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "Telegram/fSuv2KpyfIksaa8qqgqv5fCpt00UzRfooou1l9gqHjc-A0g", "content": "", "creation_timestamp": "2025-03-11T22:00:06.000000Z"}, {"uuid": "00d086e7-b3d2-4318-a8f0-3ff0f7a92df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://t.me/KomunitiSiber/2875", "content": "Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites\nhttps://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html\n\nA critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site.\nThe vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The", "creation_timestamp": "2024-11-18T11:26:45.000000Z"}, {"uuid": "39659d01-6eb7-49e3-a085-ba2b95f52eaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "Telegram/LvphiswzC3eHvaofn8NWuBB-f-MJ_XcZLFoLXvZ55-F8wIk", "content": "", "creation_timestamp": "2025-02-14T22:00:06.000000Z"}, {"uuid": "5a1a5610-416f-42f0-90f9-4866f5203da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "Telegram/wjgDtksWls9V1MNAoyuEJUSghGZx1yvMU0aJMIJaKbGDXvk", "content": "", "creation_timestamp": "2025-02-03T04:00:06.000000Z"}, {"uuid": "6a90d35f-5f4a-4454-a474-e7a940177a57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "Telegram/GhxUXbzdjuGbyGvtlMYXzPX5eK9hCG4lLIwQW-EP2DsvpC8", "content": "", "creation_timestamp": "2025-02-23T16:00:08.000000Z"}, {"uuid": "b242b60c-4f1a-4d02-b85a-934d9e8fe864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "https://t.me/Leak_DBMS/1517", "content": "\ud83d\udee1Really Simple Plugins WordPress plugin (versions between 9.0.0 and 9.1.1.1 included)CVE-2024-10924\n\ud83d\udca5https://github.com/julesbsz/CVE-2024-10924\n\u2b50\ufe0f@Leak_DBMS", "creation_timestamp": "2024-11-20T23:57:24.000000Z"}, {"uuid": "e8a16d13-6af0-43a9-a913-df7d4e990847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "seen", "source": "https://t.me/true_secator/6438", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u044b.\n\n\u041d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u0440\u0430\u0441\u043a\u043b\u0430\u0434 \u0442\u0430\u043a\u043e\u0439:\n\n1. \u041a\u0430\u043a \u043c\u044b \u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u0438, \u0434\u0430\u043d\u043d\u044b\u0435 \u0441 \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u0438 Shadowserver Foundation \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u044e\u0442 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u043c \u043d\u0430 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0445 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 D-Link NAS \u0438 Citrix Virtual Apps and Desktops.\n\n2. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Palo Alto Networks \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e 0-day \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043f\u043e\u0441\u043b\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0432\u0448\u0438\u0445\u0441\u044f \u0441\u043b\u0443\u0445\u043e\u0432 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435\u044f\u0441\u043d\u043e, \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430, \u043a\u0442\u043e \u0435\u044e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0438 \u043a\u0442\u043e \u0441\u0442\u0430\u043b \u0446\u0435\u043b\u044c\u044e \u0430\u0442\u0430\u043a. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE, \u043d\u043e \u0435\u0435 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 CVSS \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3. \u041f\u043e\u043a\u0430 \u0436\u0435 Palo Alto \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430\u0434 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0438 \u0441\u0438\u0433\u043d\u0430\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u0434\u0435\u0442\u0435\u043a\u0446\u0438\u0438.\n\n3. \u041f\u043e\u0437\u0438\u0442\u0438\u0432\u044b \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u044c \u0441 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u043e\u0439 \u043f\u043e \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0437\u043d\u0430\u0447\u0438\u043c\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043b\u0438\u0431\u043e \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432\u0436\u0438\u0432\u0443\u044e, \u043b\u0438\u0431\u043e \u0431\u0443\u0434\u0443\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\n\n\u0412 \u0422\u041e\u041f\u0435 \u0437\u0430 \u043e\u043a\u0442\u044f\u0431\u0440\u044c: EoP \u0432 Windows Kernel Streaming (CVE-2024-30090), EoP \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 \u044f\u0434\u0440\u0430 Windows (CVE-2024-35250), \u043e\u0448\u0438\u0431\u043a\u0430 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows MSHTML (CVE-2024-43573), \u0430 \u0442\u0430\u043a\u0436\u0435 RCE \u0432 XWiki (CVE-2024-31982).\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0435 \u043c\u043e\u0436\u0435\u043c \u043d\u0435 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c CVE-2024-43629 \u0441 CVSS 7,8, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a EoP, \u043a\u043e\u0442\u043e\u0440\u0443\u044e Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0432 \u0442\u0435\u043a\u0443\u0449\u0435\u043c PatchTuesday \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 Positive Technologies.\n\n4. watchTowr Labs \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c EoP, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e Fortinet FortiManager FortiJump, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0443\u044e \u043f\u043e \u0438\u0442\u043e\u0433\u0443 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 FortiJump Higher.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Varonis \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0438 \u044f\u0437\u044b\u043a\u0430 Perl \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL.\n\n\u041e\u043d\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-10979 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0430\u043a\u0442\u043e\u0440\u0430\u043c \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u044b.\n\nVaronis \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 \u0431\u0430\u0437\u043e\u0432\u0443\u044e \u041e\u0421 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n6. \u0411\u0430\u0437\u0430 KEV\u00a0CISA \u043f\u043e\u043f\u043e\u043b\u043d\u0438\u043b\u0430\u0441\u044c \u0441\u0435\u043c\u044c\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0430 \u043d\u0443\u043b\u044f \u0432 Windows \u0438\u0437 \u043f\u0430\u0442\u0447\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0438, \u0434\u0432\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 PAN \u0438 Metabase GeoJSON, Cisco ASA \u0438 Atlassian Jira.\n\n\u0410 \u0432 NIST \u0441\u043c\u043e\u0433\u043b\u0438 \u043b\u0438\u0448\u044c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c NVD, \u0432\u043a\u043b\u044e\u0447\u0438\u0432 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431\u043e \u0432\u0441\u0435\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0437\u0430 \u044d\u0442\u043e\u0442 \u0433\u043e\u0434, \u043d\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044f \u043f\u0440\u043e\u0431\u0443\u043a\u0441\u043e\u0432\u044b\u0432\u0430\u0442\u044c \u0441 \u043e\u0433\u0440\u043e\u043c\u043d\u044b\u043c \u0431\u044d\u043a\u043b\u043e\u0433\u043e\u043c CVE, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041c\u0430\u0439\u0441\u043a\u0438\u0435 \u043e\u0431\u0435\u0449\u0430\u043d\u0438\u044f \u0432\u0441\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043a \u043a\u043e\u043d\u0446\u0443 \u0433\u043e\u0434\u0430 \u0432\u0440\u044f\u0434 \u043b\u0438 \u0431\u0443\u0434\u0443\u0442 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u044b.\n\n7. Defiant \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e CVE-2024-10924 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9,8) \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Really Simple Security \u0434\u043b\u044f WordPress, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043d\u0443\u0442\u044c 4 \u043c\u043b\u043d. \u0441\u0430\u0439\u0442\u043e\u0432 \u0440\u0438\u0441\u043a\u0443 \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0432 2FA.", "creation_timestamp": "2024-11-15T18:00:06.000000Z"}, {"uuid": "474506be-d92f-43d8-9e56-11f7f0f2980a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6442", "content": "\u041a\u0441\u0442\u0430\u0442\u0438, \u043e \u0434\u0440\u0443\u0433\u043e\u0439 \u043d\u0430\u0437\u0440\u0435\u0432\u0430\u044e\u0449\u0435\u0439 \u0430\u0442\u0430\u043a\u0435, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 CVE-2024-10924 (9.8 CVSS), \u0431\u0443\u0434\u0443\u0449\u0438\u043c\u0438 \u0436\u0435\u0440\u0442\u0432\u0430\u043c\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u043e\u0433\u0443\u0442 \u0441\u0442\u0430\u0442\u044c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u0431\u043e\u043b\u0435\u0435 4 \u043c\u043b\u043d. \u0441\u0430\u0439\u0442\u043e\u0432 \u043d\u0430 WordPress, \u043c\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u043b\u0438 \u0435\u0449\u0435 \u0432 \u043f\u044f\u0442\u043d\u0438\u0446\u0443.\n\n\u0414\u043e\u0431\u0430\u0432\u0438\u043c, \u0447\u0442\u043e Wordfence, \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u0432\u0448\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043d\u0430\u0437\u0432\u0430\u043b\u0430 \u0435\u0435 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0437\u0430 \u0432\u0441\u044e 12-\u043b\u0435\u0442\u043d\u044e\u044e \u0438\u0441\u0442\u043e\u0440\u0438\u044e.\n\n\u0412 \u0443\u043c\u0435\u043b\u044b\u0445 \u0440\u0443\u043a\u0430\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0441\u0430\u0439\u0442\u0430\u043c.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e \u0442\u043e\u043c, \u043f\u043e\u0447\u0435\u043c\u0443 \u0436\u0435 CVE-2024-10924 \u043c\u043e\u0436\u0435\u0442 \u0441\u0442\u0430\u0442\u044c \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u043c \u043a\u043e\u0448\u043c\u0430\u0440\u043e\u043c \u043d\u0430 \u0443\u043b\u0438\u0446\u0435 WordPress, \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b Russian_OSINT. \n\n\u041f\u043e\u0432\u0442\u043e\u0440\u044f\u0442\u044c\u0441\u044f \u043d\u0435 \u0431\u0443\u0434\u0435\u043c.", "creation_timestamp": "2024-11-18T17:30:05.000000Z"}, {"uuid": "107de8c0-306d-41bc-b0ee-9a390fcbcef0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "exploited", "source": "https://t.me/Russian_OSINT/4860", "content": "\ud83e\uddff\u041a\u043e\u0448\u043c\u0430\u0440 \u043d\u0430 \u0443\u043b\u0438\u0446\u0435 WordPress: 4 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u0441\u0430\u0439\u0442\u043e\u0432 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0438\u0437-\u0437\u0430 CVE-2024-10924 (9.8 CVSS)\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Wordfence \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043e\u0434\u043d\u0443 \u0438\u0437 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \ud83d\ude33 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 WordPress, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 4 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0441\u0430\u0439\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d \ud83d\udc5d Really Simple Security (\u0440\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a Really Simple SSL). \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-10924, \u0438\u043c\u0435\u0435\u0442 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u043f\u043e \u0448\u043a\u0430\u043b\u0435\ud83d\udd3b CVSS \u2014 9.8 \u0438\u0437 10.\n\n\u041f\u043e \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Really Simple Security \u0438 \u0435\u0433\u043e \u043f\u0440\u0435\u043c\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Really Simple Security Pro \u0438 Pro Multisite. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0430\u0439\u0442\u0430\u043c\u0438, \u0433\u0434\u0435 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 check_login_and_get_user() \u0432\u043d\u0443\u0442\u0440\u0438 WordPress-\u043f\u043b\u0430\u0433\u0438\u043d\u0430. \u042d\u0442\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0434\u043e\u043b\u0436\u043d\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 user_id \u0438 login_nonce. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0435\u0441\u043b\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0435 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442, \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u043e\u0431\u044a\u0435\u043a\u0442 \u043e\u0448\u0438\u0431\u043a\u0438 WP_REST_Response, \u043d\u043e \u044d\u0442\u043e\u0442 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u043d\u0435 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0432\u043d\u0443\u0442\u0440\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438.\n\n\u0418\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043e\u0448\u0438\u0431\u043e\u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f \u0438 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u043c\u0435\u0442\u043e\u0434 authenticate_and_redirect(). \u042d\u0442\u043e\u0442 \u043c\u0435\u0442\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432 \u0437\u0430\u043f\u0440\u043e\u0441\u0435 user_id, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0435 \u0431\u044b\u043b\u0430 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0437\u0430\u043f\u0438\u0441\u044f\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0441 \u0432\u044b\u0441\u043e\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0430\u0439\u0442\u0430 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\ud83e\udd77\u2757\ufe0f \u041e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u044b\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u043e\u0442 \u0444\u0430\u043a\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0434\u0430\u0451\u0442\u0441\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\u044b \u0434\u043b\u044f \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 \u0442\u044b\u0441\u044f\u0447\u0438 \u0441\u0430\u0439\u0442\u043e\u0432 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e. \n\n\u2b07\ufe0f \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430: 9.0.0 \u0434\u043e 9 .1.1.1. \n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u0412\u0435\u0440\u0441\u0438\u044f 9.1.2 \u0441\u0442\u0430\u043b\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 12 \u043d\u043e\u044f\u0431\u0440\u044f \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Pro \u0438 14 \u043d\u043e\u044f\u0431\u0440\u044f \u0434\u043b\u044f \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e \u0447\u0442\u043e WordPress. org \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043b \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0434\u043e\u043b\u0436\u043d\u044b \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u0438\u0445 \u0441\u0430\u0439\u0442\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043d\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430.\n\n\u270b @Russian_OSINT", "creation_timestamp": "2024-11-18T14:38:21.000000Z"}, {"uuid": "a49fbd0d-c233-4631-ba32-b758ef81511c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1092", "type": "seen", "source": "https://t.me/ctinow/192904", "content": "https://ift.tt/wIDEnRa\nCVE-2024-1092 | Feedzy RSS Aggregator Plugin up to 4.4.1 on WordPress authorization", "creation_timestamp": "2024-02-25T15:16:20.000000Z"}, {"uuid": "82de9df4-c078-4ed9-b62a-bf3bf651b399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10924", "type": "exploited", "source": "https://t.me/thehackernews/5900", "content": "A critical vulnerability (CVE-2024-10924) in the Really Simple SSL plugin affects 4 Million+ WordPress sites, allowing attackers to bypass 2FA and gain admin access remotely. \n \nDetails here: https://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html \n \nPatch available\u2014update now!", "creation_timestamp": "2024-11-18T05:56:14.000000Z"}]}