{"vulnerability": "cve-2024-42009", "sightings": [{"uuid": "ee3f2a2c-1ad8-49ea-b231-ea51b73c02cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "MISP/63c40b67-7b13-49ce-96a8-4ee5a150fb7d", "content": "", "creation_timestamp": "2025-01-20T10:07:01.000000Z"}, {"uuid": "c7a85dca-7ef9-4b78-877f-3404a8c92ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3ltyq2aooo32a", "content": "", "creation_timestamp": "2025-07-15T10:47:25.454331Z"}, {"uuid": "7d9cfe83-1d3c-439c-8f2f-e027c032b738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3ltyq2d3nq342", "content": "", "creation_timestamp": "2025-07-15T10:48:19.886752Z"}, {"uuid": "3dd0fb39-9e2a-440b-8f75-87163131a7e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lrbk7enywh2z", "content": "", "creation_timestamp": "2025-06-10T18:41:18.159812Z"}, {"uuid": "3f5e39f8-16f7-4ceb-a182-fe2b40897f56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lrbs3rgr6a24", "content": "", "creation_timestamp": "2025-06-10T21:02:32.378871Z"}, {"uuid": "150ea78a-9dbb-407a-b2a4-bc1afa072d5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cyfragovpl.bsky.social/post/3lqwc2aivgs27", "content": "", "creation_timestamp": "2025-06-06T07:16:04.274119Z"}, {"uuid": "0e5a3d86-f031-4b8e-93cc-cc1ec8f86e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/greg-l.bsky.social/post/3lr6hayax2s2s", "content": "", "creation_timestamp": "2025-06-09T13:10:34.924443Z"}, {"uuid": "6ba389f8-c4c6-4f6e-9dd9-79353a2325e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3lqx47nfnu22w", "content": "", "creation_timestamp": "2025-06-06T15:04:20.219755Z"}, {"uuid": "6d3d6988-3847-4bbf-8303-f966803cfc55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lr6wm7cu2i23", "content": "", "creation_timestamp": "2025-06-09T17:45:14.124976Z"}, {"uuid": "8e2f78ad-b73e-4220-83be-999653612241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/4182564", "content": "", "creation_timestamp": "2025-06-09T19:13:18.742508Z"}, {"uuid": "25aec8d8-daea-4aa7-a2f3-19f54f42bcec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3lr76cdevq523", "content": "", "creation_timestamp": "2025-06-09T20:02:52.688204Z"}, {"uuid": "7fb33630-558c-4deb-b6db-e940c923b5f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3lr7fm4oojc26", "content": "", "creation_timestamp": "2025-06-09T22:13:37.387600Z"}, {"uuid": "94e1ce6b-8730-4f01-8da3-c29ed3bf9d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lqybvlqprw23", "content": "", "creation_timestamp": "2025-06-07T02:18:42.520773Z"}, {"uuid": "443e51e6-aa4b-4c80-8b48-3cc33a79e130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lr7thm2jbg2b", "content": "", "creation_timestamp": "2025-06-10T02:21:38.220653Z"}, {"uuid": "df94e9f4-333b-4656-8455-b08e6bb37e99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lre53nodcs2p", "content": "", "creation_timestamp": "2025-06-11T19:24:35.062964Z"}, {"uuid": "0c24f4ef-b8b6-4bb5-b309-dd54d8bc7340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lre5omwr7c2p", "content": "", "creation_timestamp": "2025-06-11T19:35:23.287957Z"}, {"uuid": "cc0684db-1458-4d9c-b768-15a7d237098a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lre5oosmak2p", "content": "", "creation_timestamp": "2025-06-11T19:35:24.931100Z"}, {"uuid": "088623e9-e74f-4970-a83e-c3b58ddf25b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lre5opuxu22p", "content": "", "creation_timestamp": "2025-06-11T19:35:26.627300Z"}, {"uuid": "c2e65b8f-c4c5-43ad-ad05-266d6d99a731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lre5or7bek2p", "content": "", "creation_timestamp": "2025-06-11T19:35:28.652968Z"}, {"uuid": "dfe4cfe9-b1d2-4a2b-814d-7c33bf7c657d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lre5ou6edk2p", "content": "", "creation_timestamp": "2025-06-11T19:35:30.305256Z"}, {"uuid": "ca5fc363-2474-4dbe-be15-2a8b38526d3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-09-28T08:23:31.000000Z"}, {"uuid": "7b807359-c417-429c-88c2-b86619cc375b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-09-29T03:12:15.000000Z"}, {"uuid": "f4f1bda0-3eb8-44fd-88af-4957b948c19b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-42009.yaml", "content": "", "creation_timestamp": "2025-10-14T05:38:18.000000Z"}, {"uuid": "f1def748-12a3-4ec7-95b7-564210a76b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/termsofsurrender.bsky.social/post/3mffhqkmepe2x", "content": "", "creation_timestamp": "2026-02-21T20:31:44.706519Z"}, {"uuid": "42ebd886-f520-416a-8783-28650c8eea14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-42009", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/b1a40009-a813-4366-a4fe-e84fcccc9dc7", "content": "", "creation_timestamp": "2026-02-02T12:25:59.193239Z"}, {"uuid": "697044bf-e2bc-4d92-b14c-6121f3e1e2a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/6638", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T06:00:18.000000Z"}, {"uuid": "c0e7cd1f-d792-41e5-8fbe-633cf2d7e709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://t.me/cvedetector/2482", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42009 - Roundcube Cross-Site Scripting Email Hijacking\", \n  \"Content\": \"CVE ID : CVE-2024-42009 \nPublished : Aug. 5, 2024, 7:15 p.m. | 37\u00a0minutes ago \nDescription : A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-05T22:16:34.000000Z"}, {"uuid": "42aa15fa-a4d7-4ea9-9f22-b9bbbf21da23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/2421", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T06:00:18.000000Z"}, {"uuid": "4a13bf62-ffe6-4550-ace3-3bbff23b735b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "published-proof-of-concept", "source": "Telegram/eklxMrjGJAqgDzMP0f-VCuJu9mo5iFKjiBjBnr28Qav0eE0", "content": "", "creation_timestamp": "2025-02-12T04:00:07.000000Z"}, {"uuid": "c2fdaaa9-ac62-48b1-b608-a46a6705c521", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "published-proof-of-concept", "source": "Telegram/_GFaz1X35pxMXpKQNkoVuia1y0aB-ecJ96SMHGZ5679nEQc", "content": "", "creation_timestamp": "2025-02-14T04:00:06.000000Z"}, {"uuid": "474311b7-ea2d-4fec-a673-33a76a8306ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6067", "content": "\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Mailcow \u0438 Roundcube \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0442\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u0448\u0438\u0440\u043e\u043a\u043e\u0439 \u0430\u0443\u0434\u0438\u0442\u043e\u0440\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041c\u044d\u0440 \u041f\u0430\u0442\u0440\u0438\u043a \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b PoC \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Mailcow, \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2024-41958 \u0438 \u0438\u043c\u0435\u044e\u0449\u0435\u0439 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 6.6.\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041e\u043d \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u0443 2FA, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0437\u0430\u043f\u0438\u0441\u044f\u043c, \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u043c 2FA.\n\n\u0427\u0442\u043e\u0431\u044b \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043e\u0431\u043b\u0430\u0434\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 2FA.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 2024-07. \u0412\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435. \u0418\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u0442.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Sonarsource \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0434\u0432\u0435 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-42009 \u0438 CVE-2024-42008 \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Roundcube.\n\n\u041e\u043d\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 JavaScript \u0432\u043d\u0443\u0442\u0440\u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u044f\u0449\u0438\u043a\u0430 Roundcube.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2024-42009 \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439, \u043a\u0440\u043e\u043c\u0435 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2024-42008 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043e\u0434\u043d\u043e\u0433\u043e \u0449\u0435\u043b\u0447\u043a\u0430 \u043c\u044b\u0448\u0438 \u0436\u0435\u0440\u0442\u0432\u044b, \u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u044d\u0442\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0435\u043e\u0447\u0435\u0432\u0438\u0434\u043d\u044b\u043c \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0410\u0442\u0430\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c \u0438 \u043a\u043e\u043d\u0442\u0430\u043a\u0442\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c \u0441 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c Roundcube \u0441\u043b\u0435\u0434\u0443\u0435\u0442\u00a0\u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 1.6.8 \u0438\u043b\u0438 1.5.8.", "creation_timestamp": "2024-08-07T15:40:04.000000Z"}, {"uuid": "7d700fab-b496-4334-860f-afaf90c4f6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11806", "content": "#exploit\n1. CVE-2025-0108:\nNginx/Apache Path Confusion to Auth Bypass in PAN-OS\nhttps://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os\n\n2. CVE-2024-42009:\nStored XSS in Roundcube Webmail\nhttps://github.com/0xbassiouny1337/CVE-2024-42009\n\n3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script:\nhttps://github.com/moften/CVE-2022-4174_CVE-2022-41742", "creation_timestamp": "2025-02-13T14:50:07.000000Z"}, {"uuid": "3d23bafa-1270-45de-92a6-d69716a16b1a", "vulnerability_lookup_origin": "cce329bf-df49-4c6e-a027-80be2e6483bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-42009", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e84af7cd-02da-4301-b8a0-57972586d980", "content": "", "creation_timestamp": "2026-05-21T09:12:39.459138Z"}, {"uuid": "0e651fd7-8ae5-4d7b-8385-aa14f799380c", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/23819a79-df7d-4016-8699-94ebfd8b9f4e", "content": "", "creation_timestamp": "2026-06-19T12:45:30.786127Z"}, {"uuid": "aa030b65-72af-409a-8eef-efa632551cab", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/068f9fcc-b1a4-4ad0-a306-915c76b03423", "content": "", "creation_timestamp": "2026-06-23T14:03:55.545525Z"}, {"uuid": "8e0ccc60-e04b-4d97-a40f-a605c7e617b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116878448734187190", "content": "The nation-state actor UNK_MassTraction is targeting university departments via Roundcube mailserver vulnerabilities to deploy malware and steal credentials. By chaining CVE-2024-42009 and CVE-2025-49113, the attackers gain unauthorized access and persistence within targeted networks.https://www.bankinfosecurity.com/chinese-cyberespionage-exploits-university-roundcube-servers-a-32165", "creation_timestamp": "2026-07-07T11:26:35.603315Z"}, {"uuid": "023bb919-c5e9-47c0-8938-6e44444fa9f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mq2jkdwjfb2p", "content": "\ud83e\udd16 CVE-2024-42009 (CVSS 9.3): China-aligned hackers exploit Roundcube webmail flaws targeting US/Canadian universities in credential theft campaign.\nhttps://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html", "creation_timestamp": "2026-07-07T11:41:54.328810Z"}, {"uuid": "b86066c9-bc59-481f-afd5-cfad52bb0657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mq2klh4h2v2j", "content": "Roundcube webmail: suspected China-aligned hackers exploit patched flaws like CVE-2024-42009 to steal credentials. Action: update Roundcube everywhere and review a\u2026 #Cybersecurity #Vulnerability #IdentitySecurity\n\nSource: https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html", "creation_timestamp": "2026-07-07T12:00:26.287562Z"}, {"uuid": "73a533eb-77ee-4389-8397-31bab21d2362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html", "content": "A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign.\n\nThe activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials,", "creation_timestamp": "2026-07-07T13:00:44.443541Z"}, {"uuid": "441c0da3-8aeb-4f37-bbfe-850f5ca1fbbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://threatintel.cc/2026/07/07/072643.html", "content": "Chinese Cyberespionage Exploits University Roundcube Servers\n\nThe nation-state actor UNK_MassTraction is targeting university departments via Roundcube mailserver vulnerabilities to deploy malware and steal credentials. By chaining CVE-2024-42009 and CVE-2025-49113, the attackers gain unauthorized access and persistence within targeted networks.", "creation_timestamp": "2026-07-07T16:00:45.759903Z"}, {"uuid": "c605565b-64ac-4ca2-97fc-8ab664f69dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/captechgroup.com/post/3mq37nvil4c2b", "content": "China-aligned group targeting university Roundcube servers via XSS phishing, then pivoting to in-memory backdoors for network access. CVE-2024-42009 and CVE-2025-49113 chain. Physics and engineering departments in scope. #infosec #cybersecurity", "creation_timestamp": "2026-07-07T18:17:36.407649Z"}, {"uuid": "ea7f0f45-c7ae-4287-b139-0d0436a4711d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html", "content": "A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign.\n\nThe activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials,", "creation_timestamp": "2026-07-08T01:00:53.421201Z"}, {"uuid": "17fc1ae0-93f4-402e-83ad-4fda5369fac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://threatintel.cc/2026/07/07/072643.html", "content": "Chinese Cyberespionage Exploits University Roundcube Servers\n\nThe nation-state actor UNK_MassTraction is targeting university departments via Roundcube mailserver vulnerabilities to deploy malware and steal credentials. By chaining CVE-2024-42009 and CVE-2025-49113, the attackers gain unauthorized access and persistence within targeted networks.", "creation_timestamp": "2026-07-08T01:01:06.423455Z"}, {"uuid": "a8ece762-49a9-415b-aca3-297372eeffb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mq4rf27sjl2v", "content": "China-aligned attackers exploited vulnerabilities in Roundcube to infiltrate U.S. and Canadian universities, targeting physics and engineering departments. The campaign, tracked as UNK_MassTraction, utilized CVE-2024-42009 and CVE-2025-49113 to gain access.", "creation_timestamp": "2026-07-08T09:07:26.102413Z"}, {"uuid": "f7ca59f5-c429-4cc4-b9a5-4a0f94b608de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mq5by6kpa32d", "content": "UNK_MassTraction Targets Universities with CVE-2024-42009 Exploits \u2014 A Policy Failure #CVE2024 #CyberSecurity #DataProtection", "creation_timestamp": "2026-07-08T14:04:28.707490Z"}, {"uuid": "ccb61be8-0d40-4b75-beed-e09bdd84bc96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mq5c4evsju2k", "content": "CVE-2024-42009: UNK_MassTraction Exploits in University Networks or Overstated Risk? #CyberSecurity #Vulnerability #UniversityNetworks", "creation_timestamp": "2026-07-08T14:06:49.406546Z"}, {"uuid": "8757b313-018d-494e-aaaa-04bff4359c51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mq5vqwr4le2h", "content": "CVE-2024-42009: Roundcube Exploit Shows How Academia Remains Targeted #CyberSecurity #Roundcube #CVE2024", "creation_timestamp": "2026-07-08T19:58:20.207506Z"}, {"uuid": "a420df65-30a0-49dc-8c96-da1161bdee92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mq5vsjmiy62s", "content": "CVE-2024-42009: Roundcube Flaw Fuels Espionage Against Academic Research #CVE2024 #Roundcube #Cybersecurity", "creation_timestamp": "2026-07-08T19:59:14.320302Z"}, {"uuid": "5562d41b-5276-44a2-bbfd-e2f00e260ce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mq5vsm6ftu2h", "content": "Roundcube Flaw CVE-2024-42009: Academic Espionage Raises Governance Concerns #CyberSecurity #DataPrivacy #AcademicEspionage", "creation_timestamp": "2026-07-08T19:59:16.305651Z"}, {"uuid": "458820c6-d627-47d1-9fd1-4a0f3fbec82b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mq5vsq4j5b2p", "content": "CVE-2024-42009: Academic Espionage Campaign Lacks Solid Evidence #CVE2024 #CyberSecurity #Espionage", "creation_timestamp": "2026-07-08T19:59:20.399787Z"}, {"uuid": "a8774b90-1f0b-4c41-911c-d34d54983da5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mq5vsshsqy2o", "content": "CVE-2024-42009: Is Roundcube's Flaw an Urgent Breach or Policy Oversight? #CVE202442009 #Roundcube #CyberSecurity", "creation_timestamp": "2026-07-08T19:59:23.002830Z"}, {"uuid": "6dd9172c-06d8-46c2-822c-1081f001bc1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-42009", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mq6okgtfd72w", "content": "\ud83d\udcf0 Hacker Diduga Berafiliasi dengan China Eksploitasi Celah Roundcube untuk Memata-matai Peneliti Akademik\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/07/09/hacker-eksploitasi-kerentanan-roundcube-peneliti-akademik/\n\n#backdoor #china #cve #cve-2024-42009 #cve-2025-49113 #cyberse", "creation_timestamp": "2026-07-09T03:22:05.177900Z"}, {"uuid": "e15483d6-19fa-4c5f-9089-240d48501294", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/cyfar.ca/post/3mqcx2g3z7z2q", "content": "~Cybergcca~\nRoundcube Webmail CVE-2025-49113 (Post-Auth RCE) now actively exploited; also update VMware, Edge, and Bitwarden Server.\n-\nIOCs: CVE-2025-49113, CVE-2024-42009\n-\n#RCE #Roundcube #ThreatIntel", "creation_timestamp": "2026-07-10T20:04:50.092960Z"}, {"uuid": "997cee03-21e0-4ac0-a084-950843201ac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-roundcube-webmail-cve-2025-49113", "content": "", "creation_timestamp": "2026-07-10T20:15:05.014426Z"}, {"uuid": "8b4c630a-73a7-4453-a750-3ea1ec657b9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mqffl4vxf32o", "content": "A China-linked threat group is exploiting patched Roundcube flaws (like CVE-2024-42009) in U.S. and Canadian university webmail to steal credentials. Stay updated on security patches.", "creation_timestamp": "2026-07-11T19:30:02.898234Z"}, {"uuid": "42b9c5fc-3684-40ef-9f9f-70094d919eb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://t.me/securixy_kz/954", "content": "#Roundcube #CVE-2024-42009 \u0438 #CVE-2024-42008 - \u043e\u0431\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 XSS. \u041f\u0435\u0440\u0432\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u0443\u044e \u043f\u043e\u0447\u0442\u0443 \u0436\u0435\u0440\u0442\u0432\u044b \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435, \u0432\u0442\u043e\u0440\u0430\u044f - \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435.\n\nSeverity: \u0435\u0449\u0435 \u043d\u0435 \u0432\u044b\u0434\u0430\u043d\u0430 \u043e\u0446\u0435\u043d\u043a\u0430\n\n\u0422\u0440\u0435\u0442\u044f\u044f #CVE-2024-42010 - \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0442\u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u043c\u0430\u0440\u043a\u0435\u0440\u043e\u0432 Cascading Style Sheets (CSS) \u0432 \u043e\u0442\u0440\u0438\u0441\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u0445, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e.\n\nSeverity: High 7.5/ 10\n\nhttps://github.com/roundcube/roundcubemail/releases\n\n\u041a\u0442\u043e \u044e\u0437\u0430\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0439\u0442\u0435\u0441\u044c", "creation_timestamp": "2026-07-12T22:00:10.761847Z"}, {"uuid": "fd8db51a-4f4b-4fad-9178-b351f7a6b124", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://t.me/securixy_kz/954", "content": "#Roundcube #CVE-2024-42009 \u0438 #CVE-2024-42008 - \u043e\u0431\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 XSS. \u041f\u0435\u0440\u0432\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u0443\u044e \u043f\u043e\u0447\u0442\u0443 \u0436\u0435\u0440\u0442\u0432\u044b \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435, \u0432\u0442\u043e\u0440\u0430\u044f - \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435.\n\nSeverity: \u0435\u0449\u0435 \u043d\u0435 \u0432\u044b\u0434\u0430\u043d\u0430 \u043e\u0446\u0435\u043d\u043a\u0430\n\n\u0422\u0440\u0435\u0442\u044f\u044f #CVE-2024-42010 - \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0442\u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u043c\u0430\u0440\u043a\u0435\u0440\u043e\u0432 Cascading Style Sheets (CSS) \u0432 \u043e\u0442\u0440\u0438\u0441\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u0445, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e.\n\nSeverity: High 7.5/ 10\n\nhttps://github.com/roundcube/roundcubemail/releases\n\n\u041a\u0442\u043e \u044e\u0437\u0430\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0439\u0442\u0435\u0441\u044c", "creation_timestamp": "2026-07-13T00:00:35.028703Z"}, {"uuid": "270d8be0-fbd3-40b1-9c8a-b31891877daf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42009", "type": "seen", "source": "https://t.me/GithubRedTeam/89363", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #XSS #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2024-42009-roundcube-xss\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a segunakinsoyinu\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-17 21:00:58\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:24.047768Z"}]}