{"vulnerability": "CVE-2024-1182", "sightings": [{"uuid": "3b105b71-e4c0-406a-8510-e52b5680c18e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11820", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113552106272744903", "content": "", "creation_timestamp": "2024-11-27T00:33:57.722848Z"}, {"uuid": "f323b94f-9e81-4483-9920-89519a78dd99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11823", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605199789285742", "content": "", "creation_timestamp": "2024-12-06T09:36:20.603669Z"}, {"uuid": "faeb6fb0-75bf-4f71-942d-8c2e8fb3fa15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11827", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113645285931949683", "content": "", "creation_timestamp": "2024-12-13T11:30:46.487683Z"}, {"uuid": "d5aca3d8-1542-495c-b8b6-2ddeab3e6783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11826", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5mufygcb2l", "content": "", "creation_timestamp": "2025-01-07T12:15:52.461215Z"}, {"uuid": "e1c752c5-779b-490a-aa2f-63b1aecfec24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11826", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf5oxqcnjz2q", "content": "", "creation_timestamp": "2025-01-07T12:53:31.423659Z"}, {"uuid": "3fdbaf24-00ae-41ad-b0cf-abf76b2efb7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11825", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887813118531488", "content": "", "creation_timestamp": "2025-01-25T07:28:38.124958Z"}, {"uuid": "2fc045b5-d1f8-47e4-8348-8f5006bc8fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11829", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3xq36c4r2b", "content": "", "creation_timestamp": "2025-02-01T07:15:22.300923Z"}, {"uuid": "f8f8185e-abdc-4100-8d94-dba5eb482783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11829", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z4c32sp2q", "content": "", "creation_timestamp": "2025-02-01T07:40:11.041090Z"}, {"uuid": "841ab8b3-d31f-4725-bfa7-6ef6e4770680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1182", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/114143572706449983", "content": "", "creation_timestamp": "2025-03-11T11:31:39.250843Z"}, {"uuid": "40756b1a-ad70-4c81-8660-12fec928a23d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1182", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3lk3xrjiltk2x", "content": "", "creation_timestamp": "2025-03-11T11:31:46.673446Z"}, {"uuid": "44ce1987-07d9-4798-8576-7f74c3d4840a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1182", "type": "seen", "source": "https://t.me/itsec_news/5466", "content": "\u200b\u26a1\ufe0f\u0421\u0440\u0430\u0437\u0443 \u043f\u044f\u0442\u044c \u0431\u0440\u0435\u0448\u0435\u0439 \u0432 ICONICS \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0442 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0435, \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442\u0443 \u0438 \u0433\u0430\u0437\u043e\u0432\u043e\u0439 \u043e\u0442\u0440\u0430\u0441\u043b\u0438\n\n\ud83d\udcac \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 ICONICS, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0435 \u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 SCADA-\u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u043f\u0435\u0440\u0435\u0434 \u0430\u0442\u0430\u043a\u0430\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u043c\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c DLL Hij\u0430cking \u0438 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b. \u0412\u0441\u0435\u0433\u043e \u0431\u044b\u043b\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e \u043f\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0432\u0435\u0434\u0443\u0449\u0438\u0445 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b Palo Alto Networks \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 10.97.2 \u0438 10.97.3, \u0430 \u0442\u0430\u043a\u0436\u0435, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0432 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0445. \u0425\u043e\u0442\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0443\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u044b\u044f\u0432\u0438\u043b\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u0435\u0441\u044f\u0442\u043a\u043e\u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 ICONICS, \u043e\u0441\u0442\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0451\u043d\u043d\u044b\u043c\u0438 \u043a \u0441\u0435\u0442\u0438.\n\n\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0431\u0435\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438, \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0412\u0441\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043e\u0446\u0435\u043d\u043a\u0438 \u043e\u0442 7 \u0434\u043e 7.8 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u0447\u0442\u043e \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\nSCADA-\u0441\u0438\u0441\u0442\u0435\u043c\u044b ICONICS \u0448\u0438\u0440\u043e\u043a\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u0432 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0445 \u043e\u0442\u0440\u0430\u0441\u043b\u044f\u0445: \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u043a\u0442\u043e\u0440\u0435, \u043e\u0431\u043e\u0440\u043e\u043d\u0435, \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u043e\u0434\u043e\u0441\u043d\u0430\u0431\u0436\u0435\u043d\u0438\u0438 \u0438 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0435. \u0421\u0440\u0435\u0434\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 \u0437\u043d\u0430\u0447\u0430\u0442\u0441\u044f \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f \u043f\u043e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0443 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u044d\u043d\u0435\u0440\u0433\u0438\u0438, \u0430\u044d\u0440\u043e\u043f\u043e\u0440\u0442\u044b, \u0433\u0430\u0437\u043e\u0432\u044b\u0435 \u0437\u0430\u0432\u043e\u0434\u044b \u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0446\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Amazon, IBM \u0438 Hewlett-Packard.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, CVE-2024-7587 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u043c\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 GenBroker, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0435\u043c \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0441 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438. \u0423\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 32-\u0431\u0438\u0442\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 GenBroker \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u043d\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u0442\u044c \u0438\u0445 \u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0434\u0430\u0436\u0435 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0431\u043e\u043b\u0435\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0433\u043e 64-\u0431\u0438\u0442\u043d\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u043e\u0433\u0430.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c ( CVE-2024-1182 ) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u043c SDK \u0434\u043b\u044f SMS-\u043e\u043f\u043e\u0432\u0435\u0449\u0435\u043d\u0438\u0439 Derdack\u2019s Message Master, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 15 \u043b\u0435\u0442, \u043d\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 ICONICS AlarmWorX MMX. \u042d\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0449\u0438\u0435\u0441\u044f \u043d\u0430 SMS-\u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u043f\u0435\u0440\u0435\u0434 \u0430\u0442\u0430\u043a\u0430\u043c\u0438.\n\n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Genesis64 \u0438 GenBroker64, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c DLL Hijacking, \u043f\u0440\u043e\u0434\u0432\u0438\u0433\u0430\u0442\u044c\u0441\u044f \u0432 \u0441\u0435\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0441\u0432\u044f\u0437\u0438 \u0438 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b.\n\nICONICS \u043f\u043e\u043a\u0430 \u043d\u0435 \u0434\u0430\u043b\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0435\u0432 \u043f\u043e \u043f\u043e\u0432\u043e\u0434\u0443 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u0438\u0445 \u0432\u043b\u0438\u044f\u043d\u0438\u044f \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e \u0438 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0443\u0434\u0438\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0447\u0442\u043e\u0431\u044b \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u0440\u0438\u0441\u043a\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-03-12T14:53:54.000000Z"}, {"uuid": "d7565162-3013-4d39-b4a7-d1044b9182ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11824", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "2426afad-d795-4cfe-a44d-4a2b6f3c94a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11829", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3752", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11829\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T07:15:06.940\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3207945/the-plus-addons-for-elementor-page-builder/tags/6.1.2/modules/widgets/tp_table.php?old=3207456&amp;old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.1%2Fmodules%2Fwidgets%2Ftp_table.php\n2. https://plugins.trac.wordpress.org/changeset/3218225/the-plus-addons-for-elementor-page-builder/tags/6.1.4/modules/widgets/tp_table.php?old=3212455&amp;old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.3%2Fmodules%2Fwidgets%2Ftp_table.php\n3. https://plugins.trac.wordpress.org/changeset?old_path=/the-plus-addons-for-elementor-page-builder/tags/6.1.8&amp;new_path=/the-plus-addons-for-elementor-page-builder/tags/6.2.0&amp;sfp_email=&amp;sfph_mail=\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/edf62f82-448a-4ed8-8d4b-7215223494cb?source=cve", "creation_timestamp": "2025-02-01T09:26:11.000000Z"}, {"uuid": "dbac31b9-933e-49b9-a001-27398ceb29a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11826", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/390", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11826\n\ud83d\udd39 Description: The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T11:11:12.325Z\n\ud83d\udccf Modified: 2025-01-07T11:11:12.325Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/d59a4d69-cf51-44c1-90bf-19be04774c27?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3214019/quillforms/trunk/includes/class-shortcode.php", "creation_timestamp": "2025-01-07T11:37:01.000000Z"}, {"uuid": "9ac76839-2cee-4cb0-a2c1-0318220eda08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11825", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3059", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11825\n\ud83d\udd39 Description: The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018zone\u2019 parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-25T07:24:17.043Z\n\ud83d\udccf Modified: 2025-01-25T07:24:17.043Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/aeda43bc-eeee-463d-80b7-dec7975b4d19?source=cve\n2. https://plugins.trac.wordpress.org/browser/broadstreet/tags/1.50.1/Broadstreet/Utility.php#L199\n3. https://wordpress.org/plugins/broadstreet/#developers", "creation_timestamp": "2025-01-25T08:05:36.000000Z"}, {"uuid": "9da7d12a-aa9a-48f1-9fda-de9d444bdf52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11825", "type": "seen", "source": "https://t.me/cvedetector/16377", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11825 - Broadstreet WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11825 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018zone\u2019 parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:28:54.000000Z"}, {"uuid": "d00ced84-035a-4eb6-a25d-c5d4721dc537", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1182", "type": "seen", "source": "https://t.me/ics_cert/1092", "content": "\u0645\u062d\u0642\u0642\u0627\u0646 \u062c\u0632\u0626\u06cc\u0627\u062a \u067e\u0646\u062c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u0631\u0627 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u06af\u0630\u0627\u0634\u062a\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u0628\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a Iconics \u0648 Mitsubishi Electric \u0646\u0638\u0627\u0631\u062a\u06cc \u0648 \u062c\u0645\u0639\u200c\u0622\u0648\u0631\u06cc \u062f\u0627\u062f\u0647\u200c\u0647\u0627 (SCADA) \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc\u200c\u06af\u0630\u0627\u0631\u0646\u062f.\n\n\u0631\u0627\u0647 \u062d\u0644 \u0647\u0627\u06cc \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0639\u0628\u0627\u0631\u062a\u0646\u062f \u0627\u0632 Genesis64 \u0648 MC Works64. \u0647\u0645\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0628\u0631 \u0631\u0648\u06cc Iconics \u0648 Mitsubishi Electric \u0646\u06cc\u0632 \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc\u200c\u06af\u0630\u0627\u0631\u0646\u062f\u060c \u0632\u06cc\u0631\u0627 \u0627\u0648\u0644\u06cc \u0628\u062e\u0634\u06cc \u0627\u0632 \u062f\u0648\u0645\u06cc \u0627\u0633\u062a.\n\n\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc SCADA \u06cc\u0627\u0641\u062a \u0634\u062f\u0647 \u0639\u0628\u0627\u0631\u062a\u0646\u062f \u0627\u0632: \u0631\u0628\u0648\u062f\u0646 DLL (CVE-2024-1182)\u060c \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u067e\u06cc\u0634 \u0641\u0631\u0636 \u0646\u0627\u062f\u0631\u0633\u062a (CVE-2024-7587)\u060c \u0639\u0646\u0635\u0631 \u0645\u0633\u06cc\u0631 \u062c\u0633\u062a\u062c\u0648\u06cc \u06a9\u0646\u062a\u0631\u0644 \u0646\u0634\u062f\u0647 (CVE-2024-8299 \u0648 CVE-2024-9852)\u060c \u0648 \u06a9\u062f \u0645\u0631\u062f\u0647 (CVE-2024-8320).\n\n\u0647\u0645\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u062f\u0627\u0631\u0646\u062f\u060c \u0627\u0645\u0627 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646\u06cc \u06a9\u0647 \u0642\u0628\u0644\u0627\u064b \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0633\u0627\u0632\u0645\u0627\u0646 \u0647\u062f\u0641 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f\u060c \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u0627 \u0627\u0641\u0632\u0627\u06cc\u0634 \u062f\u0647\u0646\u062f \u0648 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u062d\u06cc\u0627\u062a\u06cc \u0631\u0627 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u06a9\u0646\u0646\u062f.\n\n\u062f\u0631 \u06cc\u06a9 \u062d\u0645\u0644\u0647 \u0648\u0627\u0642\u0639\u06cc \u06a9\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0635\u0646\u0639\u062a\u06cc \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc SCADA \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u062e\u0631\u0627\u0628\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f \u0648 \u062f\u0631 \u0628\u0631\u062e\u06cc \u0645\u0648\u0627\u0631\u062f \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f.\n\n\u0631\u0648\u06cc \u0647\u0645 \u0631\u0641\u062a\u0647\u060c \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u062e\u0637\u0631\u06cc \u062c\u062f\u06cc \u0628\u0631\u0627\u06cc \u0645\u062d\u0631\u0645\u0627\u0646\u06af\u06cc\u060c \u06cc\u06a9\u067e\u0627\u0631\u0686\u06af\u06cc \u0648 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0628\u0648\u062f\u0646 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.\n\n \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u0631\u0632\u0634\u0645\u0646\u062f \u0628\u0627\u0634\u062f\u060c \u0632\u06cc\u0631\u0627 \u0645\u062d\u0635\u0648\u0644\u0627\u062a Iconics \u0648 Mitsubishi Electric \u0635\u062f\u0647\u0627 \u0647\u0632\u0627\u0631 \u0628\u0627\u0631 \u062f\u0631 \u0633\u0631\u0627\u0633\u0631 \u062c\u0647\u0627\u0646 \u0627\u0632 \u062c\u0645\u0644\u0647 \u062f\u0631 \u0628\u062e\u0634 \u0639\u0645\u0648\u0645\u06cc\u060c \u062f\u0641\u0627\u0639\u060c \u062a\u0627\u0645\u06cc\u0646 \u0622\u0628\u060c \u062a\u0648\u0644\u06cc\u062f \u0648 \u0627\u0646\u0631\u0698\u06cc \u0646\u0635\u0628 \u0634\u062f\u0647\u200c\u0627\u0646\u062f.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u062f\u0631 \u0627\u0648\u0627\u06cc\u0644 \u0633\u0627\u0644 2024 \u062a\u0648\u0633\u0637 \u0634\u0631\u06a9\u062a Iconics Suite \u0648 Mitsubishi Electric MC Works \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc 10.97.2 \u0648 10.97.3 \u0628\u0631\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u06a9\u0634\u0641 \u0634\u062f. \u0627\u0635\u0644\u0627\u062d\u0627\u062a \u0648 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u06a9\u0627\u0647\u0634\u06cc \u062f\u0631 \u0633\u0627\u0644 \u06af\u0630\u0634\u062a\u0647 \u0645\u0646\u062a\u0634\u0631 \u0634\u062f.\n\ud83c\udfed \u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33\n\u06af\u0631\u0648\u0647 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ICSCERT_IR", "creation_timestamp": "2025-04-08T20:02:09.000000Z"}, {"uuid": "b2bae56a-c202-4f4b-9554-923a8f0302ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11829", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3760", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11829\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-01T09:30:28Z\n\ud83d\udccf Modified: 2025-02-01T09:30:28Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-11829\n2. https://plugins.trac.wordpress.org/changeset/3207945/the-plus-addons-for-elementor-page-builder/tags/6.1.2/modules/widgets/tp_table.php?old=3207456&amp;old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.1%2Fmodules%2Fwidgets%2Ftp_table.php\n3. https://plugins.trac.wordpress.org/changeset/3218225/the-plus-addons-for-elementor-page-builder/tags/6.1.4/modules/widgets/tp_table.php?old=3212455&amp;old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.3%2Fmodules%2Fwidgets%2Ftp_table.php\n4. https://plugins.trac.wordpress.org/changeset?old_path=/the-plus-addons-for-elementor-page-builder/tags/6.1.8&amp;new_path=/the-plus-addons-for-elementor-page-builder/tags/6.2.0&amp;sfp_email=&amp;sfph_mail=\n5. https://www.wordfence.com/threat-intel/vulnerabilities/id/edf62f82-448a-4ed8-8d4b-7215223494cb?source=cve", "creation_timestamp": "2025-02-01T10:15:53.000000Z"}, {"uuid": "35527ff7-0bcb-411f-a722-cb00c770b748", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11829", "type": "seen", "source": "https://t.me/cvedetector/17016", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11829 - Elementor Addons Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11829 \nPublished : Feb. 1, 2025, 7:15 a.m. | 1\u00a0hour, 23\u00a0minutes ago \nDescription : The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T09:48:00.000000Z"}, {"uuid": "6cd70b4c-88b0-4815-94cb-d3de55af7484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11826", "type": "seen", "source": "https://t.me/cvedetector/14536", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11826 - Quill Forms Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11826 \nPublished : Jan. 7, 2025, 12:15 p.m. | 29\u00a0minutes ago \nDescription : The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T13:52:39.000000Z"}, {"uuid": "4968cd54-d4d2-4bff-93d7-630ab016faca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11827", "type": "seen", "source": "https://t.me/cvedetector/12866", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11827 - OpenStreetMap for WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11827 \nPublished : Dec. 13, 2024, 12:15 p.m. | 44\u00a0minutes ago \nDescription : The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T14:06:05.000000Z"}, {"uuid": "7131e9d4-f529-486a-b724-8427b568ebde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11823", "type": "seen", "source": "https://t.me/cvedetector/12183", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11823 - The Folder Gallery plugin for WordPress is vulnera\", \n  \"Content\": \"CVE ID : CVE-2024-11823 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:35:57.000000Z"}, {"uuid": "5584a37c-f462-4417-8c64-491798b2ea81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11829", "type": "seen", "source": "Telegram/YJy_1CWczLTb7G6e8Fg7T9GZ0k2zuFdwPYAo1pXY1xTurYvM", "content": "", "creation_timestamp": "2025-02-06T02:42:28.000000Z"}, {"uuid": "d3930b91-8e8c-4dbc-9152-3ce2bc29ce2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11829", "type": "seen", "source": "Telegram/yzhzrirjFE2ZUexprZ89SIEWoeCvQTzmhubhKsimUZgoFMfc", "content": "", "creation_timestamp": "2025-02-06T02:41:38.000000Z"}, {"uuid": "c7d832ab-e418-41c9-b7ae-7c1c5767360c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1182", "type": "seen", "source": "https://t.me/true_secator/6826", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Palo Alto Networks \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u043e \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Iconics \u0438 Mitsubishi Electric \u0434\u043b\u044f \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0441\u0431\u043e\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 (SCADA).\n\n\u0421\u0440\u0435\u0434\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 - Genesis64 \u0438 MC Works64. \u0422\u0435 \u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0442\u0430\u043a\u0436\u0435 \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 Iconics \u0438 Mitsubishi Electric, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0435\u0440\u0432\u044b\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0447\u0430\u0441\u0442\u044c\u044e \u0432\u0442\u043e\u0440\u043e\u0433\u043e.\n\n\u041a \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c SCADA \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f: \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442 DLL (CVE-2024-1182), \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e (CVE-2024-7587), \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u044d\u043b\u0435\u043c\u0435\u043d\u0442 \u043f\u0443\u0442\u0438 \u043f\u043e\u0438\u0441\u043a\u0430 (CVE-2024-8299 \u0438 CVE-2024-9852) \u0438 \u043c\u0435\u0440\u0442\u0432\u044b\u0439 \u043a\u043e\u0434 (CVE-2024-8300).\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0432\u0441\u0435\u0445 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u043e \u043e\u043d\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u0443\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u043c\u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438.\n\n\u0412 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0435, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 SCADA, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u0431\u043e\u0438 \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0430 \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 - \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u043d\u0435\u0439.\u00a0\n\n\u0412 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0439 \u0440\u0438\u0441\u043a \u0434\u043b\u044f \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u0412 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Palo Alto \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u0446\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0446\u0438\u044f Iconics \u0438 Mitsubishi Electric \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u0441\u043e\u0442\u043d\u0438 \u0442\u044b\u0441\u044f\u0447 \u0440\u0430\u0437 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0432 \u0433\u043e\u0441\u0441\u0435\u043a\u0442\u043e\u0440\u0435, \u043e\u0431\u043e\u0440\u043e\u043d\u043a\u0435, \u0432\u043e\u0434\u043e\u0441\u043d\u0430\u0431\u0436\u0435\u043d\u0438\u0438, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435 \u0438 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 2024 \u0433\u043e\u0434\u0430 \u0432 Iconics Suite \u0438 Mitsubishi Electric MC Works \u0432\u0435\u0440\u0441\u0438\u0439 10.97.2 \u0438 10.97.3 \u0434\u043b\u044f Windows. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443.", "creation_timestamp": "2025-03-11T11:30:05.000000Z"}]}