{"vulnerability": "cve-2024-5813", "sightings": [{"uuid": "b99318b1-427a-4b7b-8d16-df42f294378c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lmqq4wmtkq2h", "content": "", "creation_timestamp": "2025-04-14T04:31:16.418544Z"}, {"uuid": "75336beb-0b7d-4b1b-8094-7a1582a0635c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58132", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4og2kstc26", "content": "", "creation_timestamp": "2025-04-06T05:07:20.019653Z"}, {"uuid": "f113056d-8940-4723-947c-b83bb9417016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58131", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4og32bi32f", "content": "", "creation_timestamp": "2025-04-06T05:07:21.339857Z"}, {"uuid": "3a89a28f-49c4-4d46-9ea3-0f60e8e05920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58133", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4og35nln2r", "content": "", "creation_timestamp": "2025-04-06T05:07:21.916820Z"}, {"uuid": "47dd08c9-981d-4600-acd9-54e3d83efad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lmglg4gkjf2g", "content": "", "creation_timestamp": "2025-04-10T03:40:18.552374Z"}, {"uuid": "e9ad3af4-119b-4ddc-b307-1a45462dc733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmgn76pwco2q", "content": "", "creation_timestamp": "2025-04-10T04:12:13.036766Z"}, {"uuid": "12cf1064-fc5b-4b9e-8682-b5b0bb9207bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114312092760617304", "content": "", "creation_timestamp": "2025-04-10T05:48:31.404087Z"}, {"uuid": "8f3264dc-3604-4df3-a873-74019bed1fd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114314050654574442", "content": "", "creation_timestamp": "2025-04-10T14:06:26.927918Z"}, {"uuid": "231cb3e8-ca1f-49a6-8a84-b04d08aeddee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmkw4bzajq2a", "content": "", "creation_timestamp": "2025-04-11T21:02:22.584593Z"}, {"uuid": "dde46812-688e-4e93-b835-1c77fab9a526", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lmrbu7ismk27", "content": "", "creation_timestamp": "2025-04-14T09:48:32.136958Z"}, {"uuid": "0106d867-97c7-415e-b25f-e6f8311a8497", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/4135365", "content": "", "creation_timestamp": "2025-06-02T17:59:17.957059Z"}, {"uuid": "7e26ebcb-7c4a-47ad-90a5-f72131b40060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmwrjdo4xc2c", "content": "", "creation_timestamp": "2025-04-16T14:12:07.122378Z"}, {"uuid": "7747dafa-2e75-492f-9947-f3750fdfedaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmwrjdods22c", "content": "", "creation_timestamp": "2025-04-16T14:12:08.243031Z"}, {"uuid": "01c51c1a-bcd9-4326-a7cf-c78379d2a30b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/rajsamani.bsky.social/post/3lq5gp6ahvc2m", "content": "", "creation_timestamp": "2025-05-27T10:03:17.241007Z"}, {"uuid": "23190e29-0ad9-496c-b3bb-baa263e366af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lnuj7finrt2f", "content": "", "creation_timestamp": "2025-04-28T10:03:13.355824Z"}, {"uuid": "883455b6-4c49-403b-8425-a03e76cdfe16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/stephenfewer.bsky.social/post/3lq5ip2rw5k2n", "content": "", "creation_timestamp": "2025-05-27T10:38:27.733329Z"}, {"uuid": "2af63c93-49f3-4630-9821-c27b438b0834", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lnqektzfev2v", "content": "", "creation_timestamp": "2025-04-26T18:29:30.085385Z"}, {"uuid": "a8682f1c-2afc-4c83-90a4-d94acbba077c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnvrea65pc2y", "content": "", "creation_timestamp": "2025-04-28T22:01:51.044554Z"}, {"uuid": "4a4b11f1-230c-4528-992c-047c7a8d6bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lnw7k4t3fq24", "content": "", "creation_timestamp": "2025-04-29T02:15:35.632464Z"}, {"uuid": "3a7d2506-80e6-4278-b54e-c28be92ae2a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58135", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lob5yddgshq2", "content": "", "creation_timestamp": "2025-05-03T12:54:30.814032Z"}, {"uuid": "da893498-f01e-40cd-bd49-61943b81547a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lnumkjrsuu2e", "content": "", "creation_timestamp": "2025-04-28T11:03:08.942958Z"}, {"uuid": "cc2abec1-80c2-4899-99ae-41f647d81eff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://thehackernews.com/2025/04/hackers-exploit-critical-craft-cms.html", "content": "", "creation_timestamp": "2025-04-28T05:13:00.000000Z"}, {"uuid": "69b38605-d0e2-4175-9a31-9a550fc5c2e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lo7evf5bvw2t", "content": "", "creation_timestamp": "2025-05-02T17:45:19.717518Z"}, {"uuid": "a929cdd9-de09-454f-891a-52a55354d0f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/3929485", "content": "", "creation_timestamp": "2025-05-02T18:20:15.225766Z"}, {"uuid": "22d2df1d-95b0-4c72-8595-7bad44ebdf94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3loa5z5nwoc23", "content": "", "creation_timestamp": "2025-05-03T01:14:50.149086Z"}, {"uuid": "4276ab28-0f6c-4ec2-9210-dfee4ecdb0f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58135", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lobj437bxg24", "content": "", "creation_timestamp": "2025-05-03T14:05:59.137482Z"}, {"uuid": "2ef3f26d-2cd1-4cfe-8153-75af971899bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58134", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lobwjlvi2r2o", "content": "", "creation_timestamp": "2025-05-03T18:06:13.247688Z"}, {"uuid": "a60084b2-53e3-40da-8960-6424451aadef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58134", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lobutqr755t2", "content": "", "creation_timestamp": "2025-05-03T19:37:35.880861Z"}, {"uuid": "ab2f3f63-fbf6-4b65-aa65-2adf25b94d35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3loc7ugnep22r", "content": "", "creation_timestamp": "2025-05-03T20:53:20.619420Z"}, {"uuid": "01c5470c-783d-42e8-82d1-f7044d58fe69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3locaehqeqx2x", "content": "", "creation_timestamp": "2025-05-03T21:02:17.484902Z"}, {"uuid": "9f08be8f-66e9-4aef-9551-15680d95a3df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3locsbg5znm2d", "content": "", "creation_timestamp": "2025-05-04T02:22:41.531767Z"}, {"uuid": "d4595034-c4af-49e9-871c-daff46fa05cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3lomj6q5fsd2z", "content": "", "creation_timestamp": "2025-05-07T23:06:44.652594Z"}, {"uuid": "b3ed19e1-93cd-4727-994b-562cea7cdc61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3lok5i2zgk32j", "content": "", "creation_timestamp": "2025-05-07T00:31:54.268965Z"}, {"uuid": "91920967-df67-4699-88d3-3cd08774e0d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-09-28T08:23:31.000000Z"}, {"uuid": "c7c10988-b2eb-4350-a821-9239d55c9d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-58136.yaml", "content": "", "creation_timestamp": "2025-07-22T08:47:42.000000Z"}, {"uuid": "f7cdfcff-44bc-46b2-ae09-5f54794011f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lunw55nfye24", "content": "", "creation_timestamp": "2025-07-23T21:02:27.442694Z"}, {"uuid": "1e2973d5-709f-4e3c-a7d2-c0d6969ab0fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-09-29T03:12:15.000000Z"}, {"uuid": "cf84e6cb-2001-4b53-be9d-f0fc04f4f0d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://gist.github.com/alon710/2a695b0dc07ec2537a058e23b8f57e2c", "content": "", "creation_timestamp": "2026-01-24T21:30:30.000000Z"}, {"uuid": "f32dee63-e728-453e-9ede-60c181c59d45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://gist.github.com/alon710/749642a4c5a52e36d0db3e64d2c75bca", "content": "", "creation_timestamp": "2026-01-24T21:30:28.000000Z"}, {"uuid": "a1c228f3-b3a1-4967-9574-b351deb545d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://gist.github.com/alon710/2aefa5a1cac1ffda8f17832de16092fe", "content": "", "creation_timestamp": "2026-01-24T21:30:32.000000Z"}, {"uuid": "1b473df5-48a3-41c9-83ea-82aa6157349c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://gist.github.com/alon710/7afee0101554e494a814c29b06fb7fa2", "content": "", "creation_timestamp": "2026-01-24T21:30:27.000000Z"}, {"uuid": "22fdcf3b-194a-4403-aa76-ce8d6c3d4c12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "exploited", "source": "https://t.me/DarkWebInformer_CVEAlerts/13711", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58136\n\ud83d\udd25 CVSS Score: 9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.\n\ud83d\udccf Published: 2025-04-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T16:21:37.070Z\n\ud83d\udd17 References:\n1. https://github.com/yiisoft/yii2/pull/20232\n2. https://github.com/yiisoft/yii2/pull/20232#issuecomment-2252459709\n3. https://github.com/yiisoft/yii2/commit/40fe496eda529fd1d933b56a1022ec32d3cd0b12\n4. https://github.com/yiisoft/yii2/compare/2.0.51...2.0.52\n5. https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52", "creation_timestamp": "2025-04-28T17:10:43.000000Z"}, {"uuid": "357ff593-bf83-4642-8827-6a8bfc30cecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://gist.github.com/alon710/944343f8cadc06029c6b4fd5ce3f1c93", "content": "", "creation_timestamp": "2026-01-24T22:42:32.000000Z"}, {"uuid": "aef49950-bffa-475c-ae98-b9e9c74bab49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "seen", "source": "https://gist.github.com/alon710/7454d103d091c945bfb61ddbbab92434", "content": "", "creation_timestamp": "2026-01-24T22:42:29.000000Z"}, {"uuid": "cc592a93-b2b3-47f6-8015-25ea2120776f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-58136", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e751d435-78f2-4182-8753-6b564a5f1dce", "content": "", "creation_timestamp": "2026-02-02T12:26:02.602521Z"}, {"uuid": "5fc88f5f-092b-4cd7-9925-c038b6dd3699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58132", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10623", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58132\n\ud83d\udd25 CVSS Score: 4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L)\n\ud83d\udd39 Description: In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a panic.\n\ud83d\udccf Published: 2025-04-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-06T03:00:12.229Z\n\ud83d\udd17 References:\n1. https://git.chainmaker.org.cn/chainmaker/issue/-/issues/1202", "creation_timestamp": "2025-04-06T03:38:16.000000Z"}, {"uuid": "29884072-6a6c-4b11-8df0-ca9e2b5a2b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58131", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10625", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58131\n\ud83d\udd25 CVSS Score: 4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L)\n\ud83d\udd39 Description: FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network.\n\ud83d\udccf Published: 2025-04-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-06T02:58:16.429Z\n\ud83d\udd17 References:\n1. https://github.com/FISCO-BCOS/FISCO-BCOS/issues/4656", "creation_timestamp": "2025-04-06T03:38:18.000000Z"}, {"uuid": "5f627e19-026b-43ab-bbd6-4d53b328eee9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58130", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9485", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58130\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.\n\ud83d\udccf Published: 2025-03-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T22:16:15.136Z\n\ud83d\udd17 References:\n1. https://github.com/MISP/MISP/releases/tag/v2.4.193\n2. https://github.com/MISP/MISP/commit/f08a2eaec25f0212c22b225c0b654bd60d089ef9", "creation_timestamp": "2025-03-28T22:28:24.000000Z"}, {"uuid": "e4a68314-e673-47c3-8e9c-a271b48376cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58133", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10622", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58133\n\ud83d\udd25 CVSS Score: 4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L)\n\ud83d\udd39 Description: In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating other logs simultaneously can lead to a read-write conflict and panic.\n\ud83d\udccf Published: 2025-04-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-06T03:01:06.209Z\n\ud83d\udd17 References:\n1. https://git.chainmaker.org.cn/chainmaker/issue/-/issues/1228", "creation_timestamp": "2025-04-06T03:38:16.000000Z"}, {"uuid": "10c10597-0bce-4e40-a49c-a72a4f61ba5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58134", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14696", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58134\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.\n\nThese predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session.\n\ud83d\udccf Published: 2025-05-03T16:08:55.042Z\n\ud83d\udccf Modified: 2025-05-03T16:08:55.042Z\n\ud83d\udd17 References:\n1. https://github.com/mojolicious/mojo/pull/1791\n2. https://github.com/mojolicious/mojo/pull/2200\n3. https://www.synacktiv.com/publications/baking-mojolicious-cookies\n4. https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802\n5. https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51\n6. https://github.com/hashcat/hashcat/pull/4090", "creation_timestamp": "2025-05-03T16:19:07.000000Z"}, {"uuid": "bbff8ae9-475e-4315-87fc-c22def0d47e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58135", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14692", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-58135\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets.\n\nWhen creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.\n\ud83d\udccf Published: 2025-05-03T10:16:10.636Z\n\ud83d\udccf Modified: 2025-05-03T10:16:10.636Z\n\ud83d\udd17 References:\n1. https://perldoc.perl.org/functions/rand\n2. https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojo/Util.pm#L181\n3. https://metacpan.org/release/SRI/Mojolicious-9.38/source/lib/Mojolicious/Command/Author/generate/app.pm#L202\n4. https://github.com/mojolicious/mojo/pull/2200\n5. https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220\n6. https://security.metacpan.org/docs/guides/random-data-for-security.html\n7. https://github.com/hashcat/hashcat/pull/4090", "creation_timestamp": "2025-05-03T11:18:52.000000Z"}, {"uuid": "d25fd602-1b94-489e-aa40-b85c7c4ba96e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "exploited", "source": "https://t.me/uappsec/153", "content": "CISA KEV\n\n\u0412\u0430\u043c \u043a\u043e\u043b\u0438\u0441\u044c \u0434\u043e\u0432\u043e\u0434\u0438\u043b\u043e\u0441\u044c \u0441\u043f\u0435\u0440\u0435\u0447\u0430\u0442\u0438\u0447\u044c \u0456\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c\u0438 \u0441\u0442\u043e\u0441\u043e\u0432\u043d\u043e \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0437\u0430\u0446\u0456\u0457 \u0437\u0430\u0434\u0430\u0447 \u043f\u043e \u0432\u0438\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044e \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u0438\u0445 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0435\u0439? \u041e\u0441\u043e\u0431\u043b\u0438\u0432\u043e \u044f\u043a\u0449\u043e \u0446\u0435 CVE \u044f\u043a\u0430\u0441\u044c. \u0423 \u0432\u0430\u0441 \u043f\u043e\u0447\u0438\u043d\u0430\u044e\u0442\u044c \u0432\u0438\u043c\u0430\u0433\u0430\u0442\u0438 \u0434\u043e\u043a\u0430\u0437\u0438,  \u0449\u043e \u0446\u0435 \u0441\u043f\u0440\u0430\u0432\u0434\u0456 \u0440\u0438\u0437\u0438\u043a, \u0456 \u0440\u043e\u0431\u043e\u0447\u0435 \u041f\u043e\u0421, \u044f\u043a\u0435 \u0437\u0440\u043e\u0431\u0438\u0442\u044c \u043c\u0430\u0441\u0441\u043e\u0432\u0438\u0439 \u0432\u0438\u0442\u0456\u043a \u0432\u0441\u0456\u0445 \u0434\u0430\u043d\u0438\u0445 \u0456 \u0437\u0430\u0445\u043e\u043f\u0438\u0442\u044c \u0432\u0441\u0456 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0456 \u0430\u043a\u0430\u043d\u0443\u0442\u0438 \u0430\u0434\u043c\u0456\u043d\u0456\u0432. \u0417\u0432\u0456\u0441\u043d\u043e. \u0449\u043e \u0443 \u0432\u0430\u0441 \u043d\u0435\u043c\u0430 \u043d\u0435 \u0442\u0435 \u0430 \u043d\u0456 \u0447\u0430\u0441\u0443, \u0430 \u043d\u0456 \u0456\u043d\u0448\u0438\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u0456\u0432. \u0414\u043e\u0432\u0435\u0441\u0442\u0438, \u0449\u043e \u0440\u0438\u0437\u0438\u043a \u0440\u0435\u0430\u043b\u044c\u043d\u043e \u0454 - \u0441\u0442\u0430\u0454 \u0441\u043a\u043b\u0430\u0434\u043d\u0456\u0448\u0438\u043c. \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u043e \u0446\u0435 \u0432\u0438\u0440\u0456\u0448\u0443\u044e\u0454\u0442\u044c\u0441\u044f \u044f\u043a\u0456\u0441\u043d\u0438\u043c \u043f\u0456\u0434\u0440\u0430\u0445\u0443\u043d\u043a\u043e\u043c EPSS, \u0430\u043b\u0435 \u0446\u0435 \u043d\u0435 \u0437\u0430\u0432\u0436\u0434\u0438 \u043f\u0440\u043e\u0441\u0442\u043e \u0456 \u043d\u0435 \u0437\u0430\u0432\u0436\u0434\u0438 \u0440\u0435\u0430\u043b\u044c\u043d\u043e, \u0446\u0435 \u0456\u043d\u0448\u0438\u0439 \u0440\u0456\u0432\u0435\u043d\u044c \u0437\u0440\u0456\u043b\u043e\u0441\u0442\u0456. \u0410\u043b\u0435 \u0432\u0438 \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0441\u0438\u043b\u0438\u0442\u0438 \u0441\u0432\u043e\u044e \u043f\u043e\u0437\u0438\u0446\u0456\u044e \u0437\u0430 \u0434\u043e\u043f\u043e\u043c\u043e\u0433\u043e\u044e CISA KEV.\n\nKnown Exploited Vulnerabilities Catalog - \u044f\u043a\u0449\u043e \u0434\u0443\u0436\u0435 \u0441\u0442\u0438\u0441\u043b\u043e, \u0442\u043e \u043e\u0440\u0433\u0430\u043d\u0456\u0437\u0430\u0446\u0456\u044f CISA \u0432\u0435\u0434\u0435 \u043e\u043a\u0440\u0435\u043c\u0438\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0456\u0437 CVE-\u0448\u0435\u043a, \u044f\u043a\u0456 \u043c\u0430\u044e\u0442\u044c \u0447\u0456\u0442\u043a\u0456 \u043a\u0440\u043e\u043a\u0438 \u0434\u043e \u0432\u0438\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044f \u0442\u0430, \u043d\u0430\u0439\u0433\u043e\u043b\u043e\u0432\u043d\u0456\u0448\u0435, \u0456\u0441\u043d\u0443\u044e\u0442\u044c \u0434\u043e\u043a\u0430\u0437\u0438 \u0435\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0456\u0457 \u0446\u0456\u0454\u0457 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 \u0432 \u0434\u0438\u043a\u0456\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0456. \u0422\u0430\u043a\u0438\u043c \u0447\u0438\u043d\u043e\u043c, \u0432\u0438 \u043c\u043e\u0436\u0435\u0442\u0435 \u0434\u043e\u0434\u0430\u0442\u0438 \u0432\u0430\u0433\u0438 \u0441\u0432\u043e\u0457\u043c \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430\u043c \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u043e\u043a\u0430\u0437\u0430\u0432\u0448\u0438, \u0449\u043e CVE-\u0448\u043a\u0430 \u043d\u0430\u044f\u0432\u043d\u0430 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0437\u0456 KEV. \u041d\u0430 \u0434\u0435\u0432\u0435\u043b\u043e\u043f\u0435\u0440\u0441\u044c\u043a\u043e-\u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0441\u044c\u043a\u0443 \u043c\u043e\u0432\u0443 \u0446\u0435 \u043f\u0435\u0440\u0435\u043a\u043b\u0430\u0434\u0430\u044d\u0442\u044c\u0441\u044f \u201c\u043a\u043e\u0433\u043e\u0441\u044c \u0432\u0436\u0435 \u0436\u0430\u0445\u043d\u0443\u043b\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0457, \u044b \u043d\u0430\u0441\u0442\u0443\u043f\u043d\u0438\u043c\u0438 \u043c\u043e\u0436\u0435\u043c \u0441\u0442\u0430\u0442\u0438 \u043c\u0438\u201d. \n\u0417\u043d\u0430\u0447\u0435\u043d\u043d\u044f KEV \u0432\u0445\u043e\u0434\u0438\u0442\u044c \u0434\u043e EPSS \u044f\u043a \u043e\u0434\u0438\u043d \u0456\u0437 \u0435\u043b\u0435\u043c\u0435\u043d\u0442\u0456\u0432.\n\n\u0421\u0430\u043c\u0430 \u043b\u0456\u043d\u043a\u0430 \u043d\u0430 \u043a\u0430\u0442\u0430\u043b\u043e\u0433: https://www.cisa.gov/known-exploited-vulnerabilities-catalog\n\n\u0411\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0437\u0430 \u0432\u0447\u043e\u0440\u0430 \u0442\u0443\u0434\u0438 \u043f\u043e\u0442\u0440\u0430\u043f\u0438\u043b\u0438 \u0434\u0432\u0456 CVE: \n \u2022 CVE-2024-58136 (Yiiframework Yii Improper Protection of Alternate Path Vulnerability, CVSS 3.1: 9.0, Critical)\n \u2022 CVE-2025-34028 (Commvault Command Center Path Traversal Vulnerability, CVSS 3.1: 10.0, Critical)", "creation_timestamp": "2025-05-05T07:04:33.000000Z"}, {"uuid": "852eb81a-44c6-4bc7-92d4-ea20ff54de03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "exploited", "source": "https://t.me/itsec_news/5879", "content": "\u200b\u26a1\ufe0f\u041e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0445\u043e\u0440\u043e\u0448\u043e, \u0430 \u0434\u0432\u0435 \u2014 \u043f\u0443\u0442\u044c \u043a \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u043c\u0443 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0443: \u043d\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u043d\u0430 Craft CMS\n\n\ud83d\udcac\n\u0413\u0440\u0443\u043f\u043f\u0430 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b CSIRT \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Orange Cyberdefense \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u0443\u044e \u0441\u0435\u0440\u0438\u044e \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043d\u0430 \u0431\u0430\u0437\u0435 Craft CMS \u2014 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043e\u043c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432. \u0420\u0430\u0441\u0441\u043b\u0435\u0434\u0443\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044e \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043f\u043b\u043e\u0449\u0430\u0434\u043e\u043a, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0432\u044b\u044f\u0432\u0438\u043b\u0438: \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044e \u0438\u0437 \u0434\u0432\u0443\u0445 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0431\u0440\u0435\u0448\u0435\u0439 \u0434\u043b\u044f \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0438 \u043a\u0440\u0430\u0436\u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439.\n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u0438\u0437\u044a\u044f\u043d \u0432 \u0437\u0430\u0449\u0438\u0442\u0435, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0439 \u0438\u043d\u0434\u0435\u043a\u0441 CVE-2025-32432, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430. \u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434 \u043d\u043e\u043c\u0435\u0440\u043e\u043c CVE-2024-58136 \u0442\u0430\u0438\u0442\u0441\u044f \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Yii, \u043b\u0435\u0436\u0430\u0449\u0435\u043c \u0432 \u043e\u0441\u043d\u043e\u0432\u0435 Craft CMS \u2014 \u043e\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u044d\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0445\u0430\u043a\u0438\u043d\u0433\u0430 SensePost, \u0432\u0445\u043e\u0434\u044f\u0449\u0430\u044f \u0432 \u0441\u043e\u0441\u0442\u0430\u0432 Orange Cyberdefense, \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0430 \u043f\u043e\u043b\u043d\u0443\u044e \u043a\u0430\u0440\u0442\u0438\u043d\u0443 \u043d\u0430\u043f\u0430\u0434\u0435\u043d\u0438\u044f. \u0410\u0432\u0442\u043e\u0440\u044b \u0432\u0437\u043b\u043e\u043c\u043e\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0431\u0430\u0433\u0438, \u0447\u0442\u043e\u0431\u044b \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u043d\u0430 \u0437\u0430\u0445\u0432\u0430\u0447\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 PHP-\u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438.\n\n\u0412\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0435 \u0441\u0442\u0430\u0440\u0442\u0443\u0435\u0442 \u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2025-32432: \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c \u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 \u043e\u0441\u043e\u0431\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \"return URL\". \u041f\u0435\u0440\u0435\u0434\u0430\u043d\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 PHP-\u0444\u0430\u0439\u043b \u0441\u0435\u0441\u0441\u0438\u0438, \u0430 \u0435\u0451 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 \u043e\u0442\u0432\u0435\u0442\u0430 \u043d\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441.\n\n\u041d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c \u044d\u0442\u0430\u043f\u0435, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0443\u0436\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0430 CVE-2024-58136, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f JSON-\u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430, \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0443\u044e\u0449\u0430\u044f PHP-\u043a\u043e\u0434 \u0438\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u043d\u0435\u0435 \u0441\u0435\u0441\u0441\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430. \u0422\u0430\u043a\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0439 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0438 \u0440\u0430\u0437\u0432\u0438\u0442\u044c \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0435 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n\u041f\u043e\u043b\u0443\u0447\u0438\u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c, \u0432\u0437\u043b\u043e\u043c\u0449\u0438\u043a\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u044e\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u044b \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0443\u044e\u0442 \u043a\u0430\u043d\u0430\u043b\u044b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0430 \u043f\u043e\u0445\u0438\u0449\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u041f\u043e\u043b\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0441\u0445\u0435\u043c\u044b \u043f\u043e\u044f\u0432\u0438\u0442\u0441\u044f \u0447\u0443\u0442\u044c \u043f\u043e\u0437\u0436\u0435 \u0432 \u0433\u043e\u0442\u043e\u0432\u044f\u0449\u0435\u0439\u0441\u044f \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u0421\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u0430\u0442\u0447\u0438. \u041a\u043e\u043c\u0430\u043d\u0434\u0430 Yii \u0437\u0430\u043a\u0440\u044b\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-58136 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.0.52 \u043e\u0442 9 \u0430\u043f\u0440\u0435\u043b\u044f. \u041d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Craft CMS \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f 3.9.15, 4.14.15 \u0438 5.6.17, \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0443\u044e\u0449\u0438\u0435 CVE-2025-32432.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432 Craft CMS \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f Yii 2.0.51, \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 Orange \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442: \u043f\u043e\u0441\u043b\u0435 \u0430\u043f\u0434\u0435\u0439\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0430\u0442\u0430\u043a \u0442\u0435\u0440\u044f\u0435\u0442 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0438\u0437\u044a\u044f\u043d \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 \u043f\u043e\u043f\u0440\u043e\u0441\u0442\u0443 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0441\u043e\u0432\u0435\u0442\u0443\u044e\u0442 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0445 \u043c\u0435\u0440\u043e\u043f\u0440\u0438\u044f\u0442\u0438\u0439. \u041f\u0435\u0440\u0432\u043e\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u0430\u044f \u0437\u0430\u0434\u0430\u0447\u0430 \u2014 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u043b\u044e\u0447\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 php craft setup/security-key \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 CRAFT_SECURITY_KEY \u0432\u043e \u0432\u0441\u0435\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f\u0445.\n\n\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043c\u0435\u043d\u0430 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0445 \u043a\u043b\u044e\u0447\u0435\u0439 \u0432 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438 S3, Stripe \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438) \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u043a\u0432\u0438\u0437\u0438\u0442\u043e\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0431\u0430\u0437\u0430\u043c \u0434\u0430\u043d\u043d\u044b\u0445. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043c\u0435\u0440\u044b \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0441\u0431\u0440\u043e\u0441 \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0432\u0441\u0435\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u044b php craft resave/users --set passwordResetRequired --to \"fn() => true\".\n\n\u0418\u0441\u0447\u0435\u0440\u043f\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u0438 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u043a \u043e\u0442\u0447\u0435\u0442\u0443 SensePost . \u0415\u0449\u0435 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (CISA) \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u043b\u043e \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0440\u0443\u0433\u043e\u0439 \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0432 Craft CMS \u0432\u0435\u0440\u0441\u0438\u0439 4 \u0438 5 \u2014 CVE-2025-23209, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434. \u0427\u0435\u0440\u0435\u0434\u0430 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0440\u0430\u0441\u0442\u0443\u0449\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432 \u043a \u044d\u0442\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435, \u0447\u0442\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043e\u0441\u043e\u0431\u043e\u0439 \u0431\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u0442\u0440\u043e\u0433\u043e\u0433\u043e \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-04-28T04:49:19.000000Z"}, {"uuid": "71ab9544-bda8-420b-be81-0fca9e0f22ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58130", "type": "seen", "source": "https://t.me/cvedetector/21475", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58130 - MISP Unsanitized Non-JSON Response Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-58130 \nPublished : March 28, 2025, 10:15 p.m. | 31\u00a0minutes ago \nDescription : In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T00:26:50.000000Z"}, {"uuid": "a29bf4e2-bdec-4484-a7c4-d789f76e5ca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "exploited", "source": "https://t.me/cvedetector/22621", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58136 - Yii 2 Behavior Array Key Attachment Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-58136 \nPublished : April 10, 2025, 3:15 a.m. | 1\u00a0hour, 41\u00a0minutes ago \nDescription : Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. \nSeverity: 9.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T06:59:54.000000Z"}, {"uuid": "756b0938-f398-4fe1-a74b-fb50d15b9ead", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58131", "type": "seen", "source": "https://t.me/cvedetector/22212", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58131 - FISCO BCOS Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2024-58131 \nPublished : April 6, 2025, 3:15 a.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T07:37:37.000000Z"}, {"uuid": "61f5dc5e-302e-4177-8dad-749dad0ed391", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58133", "type": "seen", "source": "https://t.me/cvedetector/22211", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58133 - ChainMaker Go Concurrency Panic\", \n  \"Content\": \"CVE ID : CVE-2024-58133 \nPublished : April 6, 2025, 3:15 a.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating other logs simultaneously can lead to a read-write conflict and panic. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T07:37:37.000000Z"}, {"uuid": "2faa2c40-841c-4e9f-a8a2-61f697682923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58132", "type": "seen", "source": "https://t.me/cvedetector/22210", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58132 - ChainMaker Concurrent Map Panic\", \n  \"Content\": \"CVE ID : CVE-2024-58132 \nPublished : April 6, 2025, 3:15 a.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a panic. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T07:37:36.000000Z"}, {"uuid": "281c03ef-7344-4ce4-b668-3a6e38078a08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "exploited", "source": "Telegram/ZTpnWEPbUH_AQXIkURmNaKrwFn3PQUMSDp9HVnPC-XpahQ", "content": "", "creation_timestamp": "2025-04-28T10:47:03.000000Z"}, {"uuid": "4cbceef3-010a-46ad-8eba-63ff45fe3605", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "exploited", "source": "https://t.me/S_E_Reborn/5584", "content": "\u041a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u0437\u044f\u043b\u043e\u0441\u044c \u0437\u0430 Craft CMS, \u0443\u0441\u043f\u0435\u0432, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u0442\u043d\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0434\u0432\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 0-day \u0430\u0442\u0430\u043a \u0441 \u0446\u0435\u043b\u044c\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0410\u0442\u0430\u043a\u0438, \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 Orange Cyberdefense SensePost 14 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2025 \u0433\u043e\u0434\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\n- CVE-2024-58136\u00a0(CVSS: 9,0): \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 \u043e\u0448\u0438\u0431\u043a\u0438 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Yii PHP, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c Craft CMS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c \u0438\u043b\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c (\u0440\u0435\u0433\u0440\u0435\u0441\u0441 CVE-2024-4990).\n\n- CVE-2025-32432\u00a0(CVSS: 10,0): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 Craft CMS (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 3.9.15, 4.14.15 \u0438 5.6.17).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, CVE-2025-32432 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u0430\u0439\u0442\u043e\u0432 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0442\u044c \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c \u0444\u043e\u0440\u043c\u0430\u0442\u0435.\n\nCVE-2025-32432 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 POST \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443, \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u0443\u044e \u0437\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 POST \u0431\u0443\u0434\u0443\u0442 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.\n\n\u0412 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 3.x Craft CMS \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u0434\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u0442\u043e\u0433\u0434\u0430 \u043a\u0430\u043a \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 4.x \u0438 5.x \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440  \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435.\n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043b \u0441 \u043a\u0430\u0436\u0434\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 Craft CMS, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0439\u0442\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430.\n\n\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 Craft CMS \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0441\u043f\u043e\u0441\u043e\u0431\u0443 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u043c\u0435\u0434\u0438\u0430\u0444\u0430\u0439\u043b\u0430\u043c\u0438, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u0430\u0436\u0434\u043e\u043c\u0443 \u0430\u043a\u0442\u0438\u0432\u0443 \u043f\u0440\u0438\u0441\u0432\u0430\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0441\u0442\u043e\u044f\u0449\u0438\u0435 \u0437\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0435\u0439, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442 Python, \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044f PHP-\u0444\u0430\u0439\u043b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438\u0437 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f GitHub.\n\n\u0412 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 10 \u043f\u043e 11 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u0430\u043c\u0435\u0442\u043d\u043e \u043e\u0442\u0442\u043e\u0447\u0438\u043b\u0438 \u0441\u0432\u043e\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u043c\u043d\u043e\u0433\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 filemanager.php \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 Python. \n\n\u0424\u0430\u0439\u043b filemanager.php \u0431\u044b\u043b \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d \u0432 autoload_classmap.php 12 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0438 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0431\u044b\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d 14 \u0444\u0435\u0432\u0440\u0430\u043b\u044f.\n\n\u041f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 18 \u0430\u043f\u0440\u0435\u043b\u044f 2025 \u0433\u043e\u0434\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e \u043e\u043a\u043e\u043b\u043e 13\u00a0000 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Craft CMS, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u043a\u043e\u043b\u043e 300 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0431\u044b\u043b\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u044b.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Craft CMS, \u0435\u0441\u043b\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0438\u043b\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0430\u0442\u0441\u044f \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b POST \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 Craft actions/assets/generate-transform, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0441\u043e \u0441\u0442\u0440\u043e\u043a\u043e\u0439 __class \u0432 \u0442\u0435\u043b\u0435, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0430\u0433\u0430\u0442\u044c, \u0447\u0442\u043e \u0441\u0430\u0439\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b\u0441\u044f \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043a\u043b\u044e\u0447\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u0431\u0440\u043e\u0441\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u0446\u0435\u043b\u044f\u0445 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430.", "creation_timestamp": "2025-04-28T18:02:47.000000Z"}, {"uuid": "522049ba-b651-4b18-a6f0-d58063bb5c45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58136", "type": "exploited", "source": "https://t.me/true_secator/6991", "content": "\u041a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u0437\u044f\u043b\u043e\u0441\u044c \u0437\u0430 Craft CMS, \u0443\u0441\u043f\u0435\u0432, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u0442\u043d\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0434\u0432\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 0-day \u0430\u0442\u0430\u043a \u0441 \u0446\u0435\u043b\u044c\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0410\u0442\u0430\u043a\u0438, \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 Orange Cyberdefense SensePost 14 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2025 \u0433\u043e\u0434\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\n- CVE-2024-58136\u00a0(CVSS: 9,0): \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 \u043e\u0448\u0438\u0431\u043a\u0438 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Yii PHP, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c Craft CMS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c \u0438\u043b\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c (\u0440\u0435\u0433\u0440\u0435\u0441\u0441 CVE-2024-4990).\n\n- CVE-2025-32432\u00a0(CVSS: 10,0): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 Craft CMS (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 3.9.15, 4.14.15 \u0438 5.6.17).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, CVE-2025-32432 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u0430\u0439\u0442\u043e\u0432 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0442\u044c \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c \u0444\u043e\u0440\u043c\u0430\u0442\u0435.\n\nCVE-2025-32432 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 POST \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443, \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u0443\u044e \u0437\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 POST \u0431\u0443\u0434\u0443\u0442 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.\n\n\u0412 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 3.x Craft CMS \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u0434\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u0442\u043e\u0433\u0434\u0430 \u043a\u0430\u043a \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 4.x \u0438 5.x \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440  \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435.\n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043b \u0441 \u043a\u0430\u0436\u0434\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 Craft CMS, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0439\u0442\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430.\n\n\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 Craft CMS \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0441\u043f\u043e\u0441\u043e\u0431\u0443 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u043c\u0435\u0434\u0438\u0430\u0444\u0430\u0439\u043b\u0430\u043c\u0438, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u0430\u0436\u0434\u043e\u043c\u0443 \u0430\u043a\u0442\u0438\u0432\u0443 \u043f\u0440\u0438\u0441\u0432\u0430\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0441\u0442\u043e\u044f\u0449\u0438\u0435 \u0437\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0435\u0439, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442 Python, \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044f PHP-\u0444\u0430\u0439\u043b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438\u0437 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f GitHub.\n\n\u0412 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 10 \u043f\u043e 11 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u0430\u043c\u0435\u0442\u043d\u043e \u043e\u0442\u0442\u043e\u0447\u0438\u043b\u0438 \u0441\u0432\u043e\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u043c\u043d\u043e\u0433\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 filemanager.php \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 Python. \n\n\u0424\u0430\u0439\u043b filemanager.php \u0431\u044b\u043b \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d \u0432 autoload_classmap.php 12 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0438 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0431\u044b\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d 14 \u0444\u0435\u0432\u0440\u0430\u043b\u044f.\n\n\u041f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 18 \u0430\u043f\u0440\u0435\u043b\u044f 2025 \u0433\u043e\u0434\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e \u043e\u043a\u043e\u043b\u043e 13\u00a0000 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Craft CMS, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u043a\u043e\u043b\u043e 300 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0431\u044b\u043b\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u044b.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Craft CMS, \u0435\u0441\u043b\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0438\u043b\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0430\u0442\u0441\u044f \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b POST \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 Craft actions/assets/generate-transform, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0441\u043e \u0441\u0442\u0440\u043e\u043a\u043e\u0439 __class \u0432 \u0442\u0435\u043b\u0435, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0430\u0433\u0430\u0442\u044c, \u0447\u0442\u043e \u0441\u0430\u0439\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b\u0441\u044f \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043a\u043b\u044e\u0447\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u0431\u0440\u043e\u0441\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u0446\u0435\u043b\u044f\u0445 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430.", "creation_timestamp": "2025-04-28T15:10:37.000000Z"}, {"uuid": "46aca284-7692-4f51-98bb-817e53b60783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58135", "type": "seen", "source": "https://t.me/cvedetector/24397", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58135 - Mojolicious Weak HMAC Session Secret Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-58135 \nPublished : May 3, 2025, 11:15 a.m. | 35\u00a0minutes ago \nDescription : Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets.  \n  \nWhen creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-03T14:32:05.000000Z"}, {"uuid": "9987c6f3-0c46-4e47-9170-63738bbbb4dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-58134", "type": "seen", "source": "https://t.me/cvedetector/24405", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-58134 - Mojolicious Default HMAC Session Secret Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-58134 \nPublished : May 3, 2025, 4:15 p.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.  \n  \nThese predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-03T20:23:19.000000Z"}]}