{"vulnerability": "CVE-2024-1309", "sightings": [{"uuid": "0c63491f-5878-4a7e-806c-3a922b51f209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13092", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113757835892691661", "content": "", "creation_timestamp": "2025-01-02T08:33:42.599901Z"}, {"uuid": "446598ac-3d2e-401c-b801-c959f0114e4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13093", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113757976156855064", "content": "", "creation_timestamp": "2025-01-02T09:09:22.950523Z"}, {"uuid": "66ff1b13-c172-4cd5-9eab-824056dfac13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13092", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leqqhomdea2m", "content": "", "creation_timestamp": "2025-01-02T09:15:43.676476Z"}, {"uuid": "c4f939b7-ed01-4a1c-832b-458253147941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13093", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leqqhqzhtf2k", "content": "", "creation_timestamp": "2025-01-02T09:15:46.290421Z"}, {"uuid": "250096f6-7089-4403-a14b-cc9c6bcc3bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13092", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3leqrokmsn52u", "content": "", "creation_timestamp": "2025-01-02T09:37:28.213629Z"}, {"uuid": "9571c072-0c9d-4a7a-b190-3ba20eeb2376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13093", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3leqrokw4p42i", "content": "", "creation_timestamp": "2025-01-02T09:37:28.802909Z"}, {"uuid": "b2751ee7-560b-4702-9796-10dfd61b06be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13096", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3uft57mu2f", "content": "", "creation_timestamp": "2025-02-01T06:15:56.709196Z"}, {"uuid": "131e2d2a-c71d-4857-8391-20d6d6cb3f7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13097", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3ufvgjue2r", "content": "", "creation_timestamp": "2025-02-01T06:15:59.061859Z"}, {"uuid": "2e0fa75c-97d9-4c5d-bb65-e9c2f725b19f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13098", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3ufy3azn2w", "content": "", "creation_timestamp": "2025-02-01T06:16:02.312873Z"}, {"uuid": "dd98a775-585f-4c35-8fbd-655557b67ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13099", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3ug26yzj2i", "content": "", "creation_timestamp": "2025-02-01T06:16:04.111722Z"}, {"uuid": "74bc0a2c-5710-4975-84fc-75e609f37dae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13096", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z46ovme2e", "content": "", "creation_timestamp": "2025-02-01T07:40:02.417594Z"}, {"uuid": "9c71427c-68cb-439f-abc7-2ea855378edf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13091", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113869253453487309", "content": "", "creation_timestamp": "2025-01-22T00:48:40.000136Z"}, {"uuid": "cfe9e36b-0a4d-45b8-956b-85deaa15e5b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13091", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgc5ssvbqo2y", "content": "", "creation_timestamp": "2025-01-22T00:55:03.571811Z"}, {"uuid": "456241d1-14dd-48c7-9e68-89f88ff8c006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13091", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgc5ssyonh2i", "content": "", "creation_timestamp": "2025-01-22T00:55:04.094320Z"}, {"uuid": "abf508e6-fa41-495f-88a4-cdc90470057e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13098", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z4ayykz2r", "content": "", "creation_timestamp": "2025-02-01T07:40:06.408995Z"}, {"uuid": "616b6d36-fe0b-433f-8371-96aac38f692a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13097", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z4bpjk22k", "content": "", "creation_timestamp": "2025-02-01T07:40:09.946542Z"}, {"uuid": "3f0f3aa2-a665-4e6e-8227-15ddcc25b2b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13099", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z4blv6z2y", "content": "", "creation_timestamp": "2025-02-01T07:40:09.287774Z"}, {"uuid": "9c179445-e180-42dc-b80c-f748df550ed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13094", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpc3m6cxy2j", "content": "", "creation_timestamp": "2025-01-27T06:16:09.580768Z"}, {"uuid": "17dc209c-4ce4-4a07-9e58-56c0d01ab470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13095", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpc3opoio2w", "content": "", "creation_timestamp": "2025-01-27T06:16:12.546123Z"}, {"uuid": "e4358112-13ea-465d-b5aa-da8ea2f7bad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13094", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113898933819141319", "content": "", "creation_timestamp": "2025-01-27T06:36:46.179295Z"}, {"uuid": "3f9ecb7f-f32b-4a0c-8fac-7dc096f5abdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13095", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113898933833326773", "content": "", "creation_timestamp": "2025-01-27T06:36:46.310096Z"}, {"uuid": "ec9bcddb-e9f2-470b-9e45-3d641759159f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13095", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgpdxifkzn2e", "content": "", "creation_timestamp": "2025-01-27T06:49:40.129945Z"}, {"uuid": "22399edf-2a67-49e5-a18d-51ea8894e01b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13094", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgpdxipqhp2w", "content": "", "creation_timestamp": "2025-01-27T06:49:41.780710Z"}, {"uuid": "bcc28abb-1360-428f-93a8-33acb0570bd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13091", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lgdprywr6m23", "content": "", "creation_timestamp": "2025-01-22T15:49:25.119330Z"}, {"uuid": "8222a2ea-26fa-4525-b97c-b73723e73dcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13090", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-09", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "b504bace-7206-4402-8dd4-6ff3d4ab6f8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13099", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3memet7ejed2k", "content": "", "creation_timestamp": "2026-02-11T21:03:02.787432Z"}, {"uuid": "db527e5a-7c52-41ce-a362-6f27c9d5d325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13099", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-13099.yaml", "content": "", "creation_timestamp": "2026-02-06T16:23:36.000000Z"}, {"uuid": "382870e1-1764-4c0c-b074-02732ad2d41e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13098", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meetgdkwb72j", "content": "", "creation_timestamp": "2026-02-08T21:02:55.728273Z"}, {"uuid": "cf13ae6b-de2b-41c4-b1e5-fb87dbe847fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13091", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2611", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13091\n\ud83d\udd39 Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin.\n\ud83d\udccf Published: 2025-01-21T23:20:51.231Z\n\ud83d\udccf Modified: 2025-01-22T18:41:37.557Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9b6979-2662-4d2f-9656-b880dd80832c?source=cve\n2. https://www.wpbot.pro/", "creation_timestamp": "2025-01-22T19:02:46.000000Z"}, {"uuid": "5a6a1611-c6f8-48a9-93f8-0c8ad1a1c16e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13094", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovcdgwg324", "content": "", "creation_timestamp": "2026-02-12T21:03:18.616809Z"}, {"uuid": "9b795fc6-2d71-4714-8587-6f6b7d1e772b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13097", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovcdjj4w2v", "content": "", "creation_timestamp": "2026-02-12T21:03:19.211204Z"}, {"uuid": "05cc92d9-96ee-4aa3-9040-81febc2fe808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13092", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/219", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13092\n\ud83d\udd39 Description: A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. This vulnerability affects unknown code of the file /_parse/_call_job/search_ajax.php of the component Job Post Handler. The manipulation of the argument n leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-01-02T08:31:05.202Z\n\ud83d\udccf Modified: 2025-01-06T20:24:46.965Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.289900\n2. https://vuldb.com/?ctiid.289900\n3. https://vuldb.com/?submit.472441\n4. https://github.com/UnrealdDei/cve/blob/main/sql9.md\n5. https://code-projects.org/", "creation_timestamp": "2025-01-06T20:49:23.000000Z"}, {"uuid": "c47fc46a-d05c-4c45-a328-4c9a458b0b0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13098", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-13098.yaml", "content": "", "creation_timestamp": "2026-02-07T03:32:52.000000Z"}, {"uuid": "2d526d5d-5376-497f-9e29-9c05dcfe50fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13094", "type": "seen", "source": "https://t.me/cvedetector/16436", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13094 - WordPress Triggers Lite Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13094 \nPublished : Jan. 27, 2025, 6:15 a.m. | 2\u00a0hours, 12\u00a0minutes ago \nDescription : The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T10:08:16.000000Z"}, {"uuid": "ccece2ad-53c9-4ae8-a2bf-7a05372dd9ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13094", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3166", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-c75v-42g3-xvcr\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-01-27T06:30:26Z\n\ud83d\udccf Modified: 2025-01-27T06:30:26Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13094\n2. https://wpscan.com/vulnerability/7a75809e-824e-458e-bd01-50dadcea7713", "creation_timestamp": "2025-01-27T07:07:55.000000Z"}, {"uuid": "1b6bbc6f-93a8-4c38-a3c1-9aea02eb22ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13096", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3740", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13096\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T06:15:30.837\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/ca65c478-30bf-4109-93e0-3aedbf4a8264/", "creation_timestamp": "2025-02-01T07:25:45.000000Z"}, {"uuid": "60cc315d-1724-4ddf-b961-e5b7313405c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13098", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3738", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13098\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T06:15:31.010\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/eac71f70-993e-4353-8550-affb24c61c02/", "creation_timestamp": "2025-02-01T07:25:40.000000Z"}, {"uuid": "de5c3ef7-fcf9-4284-984c-c2131154c099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13096", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3719", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13096\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.\n\ud83d\udccf Published: 2025-02-01T06:31:01Z\n\ud83d\udccf Modified: 2025-02-01T06:31:01Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13096\n2. https://wpscan.com/vulnerability/ca65c478-30bf-4109-93e0-3aedbf4a8264", "creation_timestamp": "2025-02-01T07:16:11.000000Z"}, {"uuid": "a4e42527-e163-42a0-b360-838beb61f4e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13095", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3170", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-7jq5-8rmw-j9wh\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks\n\ud83d\udccf Published: 2025-01-27T06:30:26Z\n\ud83d\udccf Modified: 2025-01-27T06:30:26Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13095\n2. https://wpscan.com/vulnerability/74e95fb5-025b-4d4d-a279-844b6ee3e57d", "creation_timestamp": "2025-01-27T07:08:01.000000Z"}, {"uuid": "02a066f5-cbed-46b4-98f4-7d4123ff7bea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13098", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3717", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13098\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-01T06:31:01Z\n\ud83d\udccf Modified: 2025-02-01T06:31:01Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13098\n2. https://wpscan.com/vulnerability/eac71f70-993e-4353-8550-affb24c61c02", "creation_timestamp": "2025-02-01T07:16:10.000000Z"}, {"uuid": "a5879c99-4ff2-4368-b09f-75e9abacdeb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13097", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3725", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13097\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-01T06:31:01Z\n\ud83d\udccf Modified: 2025-02-01T06:31:01Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13097\n2. https://wpscan.com/vulnerability/d83d7274-55ae-4f35-b65e-6d6e19e36fac", "creation_timestamp": "2025-02-01T07:16:19.000000Z"}, {"uuid": "10baa1a7-c858-4fa9-a5df-b265dca66028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3737", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13099\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T06:15:31.100\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/a0cabf5c-7b01-4163-834b-a134db3a90b4/", "creation_timestamp": "2025-02-01T07:25:40.000000Z"}, {"uuid": "90969c8c-5559-4808-b5eb-099be1e2e669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3723", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13099\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-01T06:31:01Z\n\ud83d\udccf Modified: 2025-02-01T06:31:01Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13099\n2. https://wpscan.com/vulnerability/a0cabf5c-7b01-4163-834b-a134db3a90b4", "creation_timestamp": "2025-02-01T07:16:17.000000Z"}, {"uuid": "c9df6ac3-09fa-4866-af1a-8a200666d68a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13095", "type": "seen", "source": "https://t.me/cvedetector/16437", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13095 - WordPress Triggers Lite SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13095 \nPublished : Jan. 27, 2025, 6:15 a.m. | 2\u00a0hours, 12\u00a0minutes ago \nDescription : The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T10:08:17.000000Z"}, {"uuid": "b74c6c2e-7388-499b-9378-457cebcdc5ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13091", "type": "seen", "source": "https://t.me/cvedetector/16062", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13091 - \"Wordpress WPBot Pro Remote File Upload Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13091 \nPublished : Jan. 22, 2025, 12:15 a.m. | 41\u00a0minutes ago \nDescription : The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T02:11:13.000000Z"}, {"uuid": "71878a01-5857-410a-8aaf-7e5f7f2400dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13098", "type": "seen", "source": "https://t.me/cvedetector/16989", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13098 - WordPress Email Newsletter Plugin Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13098 \nPublished : Feb. 1, 2025, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:14.000000Z"}, {"uuid": "bf12d3b9-65d0-4df1-9cf6-1d1b9c28cfe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13097", "type": "seen", "source": "https://t.me/cvedetector/16995", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13097 - WordPress Finance Plugin Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13097 \nPublished : Feb. 1, 2025, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:22.000000Z"}, {"uuid": "973b42ae-21fd-41d3-904b-fc8eefd4d1c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13096", "type": "seen", "source": "https://t.me/cvedetector/16994", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13096 - WordPress Finance CSRF Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2024-13096 \nPublished : Feb. 1, 2025, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:21.000000Z"}, {"uuid": "ec972eb9-76b1-4e32-bf08-cf743664de58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13099", "type": "seen", "source": "https://t.me/cvedetector/16991", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13099 - Widget4Call WordPress Plugin Reflected Cross-Site Scripting Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-13099 \nPublished : Feb. 1, 2025, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:16.000000Z"}, {"uuid": "1a0246fb-d774-428c-ba4c-f098ac545171", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13092", "type": "seen", "source": "https://t.me/cvedetector/14098", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13092 - \"Code-Projects Job Recruitment SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13092 \nPublished : Jan. 2, 2025, 9:15 a.m. | 33\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. This vulnerability affects unknown code of the file /_parse/_call_job/search_ajax.php of the component Job Post Handler. The manipulation of the argument n leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-02T10:54:00.000000Z"}, {"uuid": "dc50190a-9898-4b31-8d9f-8e663588b30c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13093", "type": "seen", "source": "https://t.me/cvedetector/14097", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13093 - Code-projects Job Recruitment SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13093 \nPublished : Jan. 2, 2025, 9:15 a.m. | 33\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /_parse/_call_main_search_ajax.php of the component Seeker Profile Handler. The manipulation of the argument s1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-02T10:53:59.000000Z"}, {"uuid": "92e544da-fee2-4dcc-9c96-bc7e65fe4c3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1309", "type": "seen", "source": "https://t.me/true_secator/5542", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u0426\u0435\u043d\u0442\u0440\u0430 \u0418\u0411 \u0438\u043c\u0435\u043d\u0438 \u0413\u0435\u043b\u044c\u043c\u0433\u043e\u043b\u044c\u0446\u0430 CISPA \u0432 \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043d\u043e\u0432\u043e\u0439 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u043e\u0439 DoS-\u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 300 000 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u041d\u043e\u0432\u0430\u044f \u0441\u0430\u043c\u043e\u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u044f\u0449\u0435\u0439\u0441\u044f \u0430\u0442\u0430\u043a\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Loop DoS, \u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c \u0443\u044f\u0432\u0437\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u044b CVE CVE-2024-1309 \u0438 CVE-2024-2169.\n\n\u041c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u0437\u0430 \u0441\u0447\u0435\u0442 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043f\u043e\u0434\u043c\u0435\u043d\u0443 IP-\u0430\u0434\u0440\u0435\u0441\u0430, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0434\u0432\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0434\u0440\u0443\u0433 \u0441 \u0434\u0440\u0443\u0433\u043e\u043c \u043d\u0430 \u043d\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u0440\u043e\u043a, \u043e\u0431\u043c\u0435\u043d\u0438\u0432\u0430\u044f\u0441\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u043d\u0438 \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u044e\u0442 \u0431\u043e\u043b\u044c\u0448\u0438\u0435 \u043e\u0431\u044a\u0435\u043c\u044b \u0442\u0440\u0430\u0444\u0438\u043a\u0430, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0438\u043b\u0438 \u0441\u0435\u0442\u0435\u0439.\n\n\u0412 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 \u043f\u0435\u0442\u0435\u043b\u044c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c TTL, Loop DoS-\u0430\u0442\u0430\u043a\u0438 \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u043c\u0435\u0440 \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\u00a0\n\n\u041a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u0440\u0438\u0433\u0433\u0435\u0440 \u0432\u0432\u0435\u0434\u0435\u043d \u0438 \u0446\u0438\u043a\u043b \u0437\u0430\u043f\u0443\u0449\u0435\u043d, \u0434\u0430\u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u0443\u0436\u0435 \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443.\u00a0\u0420\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u043f\u0435\u0442\u043b\u0438 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u043b\u0438 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u043b\u0438\u0441\u044c \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0447\u0438\u0441\u043b\u043e\u043c \u0438\u0442\u0435\u0440\u0430\u0446\u0438\u0439 \u0446\u0438\u043a\u043b\u0430.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0446\u0435\u043b\u0435\u0432\u0443\u044e \u0441\u043b\u0443\u0436\u0431\u0443 \u043d\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0439 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u0431\u043e\u0439 \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441\u0435\u0442\u0438, \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u043c\u0430\u0433\u0438\u0441\u0442\u0440\u0430\u043b\u044c \u0441\u0435\u0442\u0438, \u044d\u0442\u043e\u0442 \u043c\u0435\u0442\u043e\u0434 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0443\u0441\u0438\u043b\u0435\u043d\u0438\u044f DoS \u0438\u043b\u0438 DDoS-\u0430\u0442\u0430\u043a.\u00a0\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u043e \u0432\u043b\u0438\u044f\u043d\u0438\u0435, - NTP, DNS \u0438 TFTP, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 Echo, Chargen \u0438 QOTD.\u00a0\u041e\u0434\u043d\u0430\u043a\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u0440\u0443\u0433\u0438\u0435, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b\u043e\u043c.\u00a0\n\n\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0443\u044f\u0437\u0432\u0438\u043c\u043e \u043e\u043a\u043e\u043b\u043e 300 000 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u0445\u043e\u0441\u0442\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u043e\u0447\u0442\u0438 90 000 \u0441 NTP, 63 000 \u0441 DNS, 56 000 \u0441 Echo \u0438 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u043f\u043e 20 000 \u0441 TFTP, Chargen \u0438 QOTD.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 NTP \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u044e\u00a0ntpd, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u0443\u044e \u0434\u043e 2010 \u0433\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f, \u043a\u0430\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u0430 DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2009-3563.\n\n\u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0435\u0442 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u044d\u0442\u043e\u0442 \u043c\u0435\u0442\u043e\u0434 \u0430\u0442\u0430\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0432 \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445, \u043d\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043d\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u0438 \u043f\u0440\u0438\u0437\u0432\u0430\u043b\u0438 \u0441\u0440\u043e\u0447\u043d\u043e \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u043c\u0435\u0440\u044b.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 CERT \u0423\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u041a\u0430\u0440\u043d\u0435\u0433\u0438-\u041c\u0435\u043b\u043b\u043e\u043d, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u043e \u0432\u043b\u0438\u044f\u043d\u0438\u0435 CVE-2024-2169 \u043d\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Broadcom, Honeywell, Microsoft \u0438 MikroTik.\u00a0\n\n\u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0438 \u0431\u044b\u043b\u0438 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u044b \u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2023 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e Broadcom \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0442\u0430\u0440\u044b\u0435 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\u00a0Microsoft \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u0435\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b \u043d\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0441\u0431\u043e\u044e \u0445\u043e\u0441\u0442\u0430, \u043d\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0435\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432 Windows.\n\nMikroTik \u0442\u0430\u043a\u0436\u0435 \u0441\u043a\u043e\u0440\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442 \u043f\u0430\u0442\u0447. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Cisco \u0438 Zyxel \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u0432\u043b\u0438\u044f\u043d\u0438\u0435 CVE-2009-3563, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u043d\u0435 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 EOL.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438, \u0441\u043e\u0432\u0435\u0442\u0443\u044f \u0440\u044f\u0434 \u043f\u0440\u043e\u0444\u0438\u043b\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043c\u0435\u0440, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0440\u0430\u0437\u0440\u044b\u0432\u043e\u043c \u0446\u0438\u043a\u043b\u0430 DoS \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0430\u0442\u0430\u043a\u0438.", "creation_timestamp": "2024-03-20T11:53:17.000000Z"}, {"uuid": "4c43279b-dc1c-4711-af05-de7dded81f96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1309", "type": "seen", "source": "https://t.me/ctinow/183870", "content": "https://ift.tt/tSVU0Oz\nCVE-2024-1309", "creation_timestamp": "2024-02-13T15:22:06.000000Z"}, {"uuid": "cba96f2c-a728-4a31-b539-6fec057650ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1309", "type": "seen", "source": "https://t.me/ctinow/199058", "content": "https://ift.tt/JiWjEke\nCVE-2024-1309 | Honeywell Niagara Framework AX up to 3.8.0/4.0 resource consumption", "creation_timestamp": "2024-03-04T08:11:41.000000Z"}]}