{"vulnerability": "CVE-2024-2138", "sightings": [{"uuid": "0bd66dbf-ca32-473c-ae3d-60a206fecf62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21380", "type": "seen", "source": "https://t.me/itsec_news/4112", "content": "\u200b\u26a1\ufe0f\u0412 Windows \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0444\u0443\u043d\u0434\u0430\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u0430\u044f 24-\u043b\u0435\u0442\u043d\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\ud83d\udcac \u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 Patch Tuesday \u043e\u0442 Microsoft, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u043c \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 2024 \u0433\u043e\u0434\u0430, \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b 73 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0435 zero-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u0438 \u043e\u0434\u043d\u0430 \u043f\u043e-\u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0434\u0440\u0435\u0432\u043d\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 Windows \u0443\u0436\u0435 24 \u0433\u043e\u0434\u0430.\n\n\u0421\u0440\u0435\u0434\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 5 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0441\u0442\u0430\u0442\u0443\u0441 \u00ab\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435\u00bb, 65 \u043e\u0446\u0435\u043d\u0435\u043d\u044b \u043a\u0430\u043a \u00ab\u0432\u0430\u0436\u043d\u044b\u0435\u00bb, \u0430 \u0435\u0449\u0451 3 \u2014 \u043a\u0430\u043a \u00ab\u0443\u043c\u0435\u0440\u0435\u043d\u043d\u044b\u0435\u00bb. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b 24 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0432 \u0444\u0438\u0440\u043c\u0435\u043d\u043d\u043e\u043c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Microsoft \u043d\u0430 \u0431\u0430\u0437\u0435 Chromium \u2014 Edge.\n\n\u041e\u0441\u043e\u0431\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u0430\u044e\u0442 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c:\n\nCVE-2024-21351 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7.6), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u0437\u0430\u0449\u0438\u0442\u044b Windows SmartScreen;\nCVE-2024-21412 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8.1), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u0432 \u0444\u0430\u0439\u043b\u0430\u0445 \u044f\u0440\u043b\u044b\u043a\u043e\u0432 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430.\nMicrosoft \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u043b\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-21351, \u0443\u043a\u0430\u0437\u0430\u0432 \u043d\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0441 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u043b\u0438 \u0441\u0431\u043e\u044f\u043c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0410 CVE-2024-21412 \u0434\u0430\u0451\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0435 \u043c\u0435\u0440\u044b, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u0435.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 Known Exploited Vulnerabilities (KEV) \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e\u043c \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (CISA), \u0441 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0435\u0439 \u0444\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430\u043c \u0421\u0428\u0410 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a 5 \u043c\u0430\u0440\u0442\u0430 2024 \u0433\u043e\u0434\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u043f\u044f\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\nCVE-2024-20684 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 6.5) - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Windows Hyper-V, \u0432\u0435\u0434\u0443\u0449\u0430\u044f \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438;\nCVE-2024-21357 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7.5) - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 Windows Pragmatic General Multicast (PGM);\nCVE-2024-21380 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8.0) - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Microsoft Dynamics Business Central / NAV, \u0432\u0435\u0434\u0443\u0449\u0430\u044f \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438;\nCVE-2024-21410 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9.8) - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Microsoft Exchange Server;\nCVE-2024-21413 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9.8) - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 Microsoft Outlook.\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u0434\u0430\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 CVE-2023-50387 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7.5) \u0432 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 DNSSEC, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u0432\u0448\u0435\u0439 \u0432 Windows \u0446\u0435\u043b\u044b\u0445 24 \u0433\u043e\u0434\u0430 . \u041e\u043d\u0430 \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0438\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 CPU \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 DNS-\u0440\u0435\u0437\u043e\u043b\u0432\u0435\u0440\u043e\u0432, \u0432\u044b\u0437\u044b\u0432\u0430\u044f \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 Microsoft, \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u0439 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445 \u2014 Adobe, AMD, ASUS, Cisco, Intel, Ivanti, Lenovo \u0438 \u043c\u043d\u043e\u0433\u0438\u0435 \u0434\u0440\u0443\u0433\u0438\u0435, \u0447\u0442\u043e \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u0443\u044e \u0440\u0430\u0431\u043e\u0442\u0443 \u043f\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u043c \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0435.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-02-14T16:13:10.000000Z"}, {"uuid": "a1246241-5051-4d57-8f20-5b8ec9ce07aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/cKure/12939", "content": "\ud83d\udfe5 Zero-Day: \u201cCVE-2024-21388\u201d - Microsoft Edge\u2019s Marketing API Exploited for Covert Extension Installation.\n\nhttps://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca", "creation_timestamp": "2024-05-19T01:36:25.000000Z"}, {"uuid": "88ec1a0d-9452-4c2f-846c-7a25471d6a77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21387", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14688", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21387\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Microsoft Edge for Android Spoofing Vulnerability\n\ud83d\udccf Published: 2024-01-26T00:29:32.072Z\n\ud83d\udccf Modified: 2025-05-03T01:46:39.923Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387", "creation_timestamp": "2025-05-03T02:17:01.000000Z"}, {"uuid": "603bf2bf-be85-4a76-91b3-248a385ee68a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6866", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis Python script exploits a vulnerability (CVE-2024-21388) in Microsoft Edge, allowing silent installation of browser extensions with elevated privileges via a private API.\nURL\uff1ahttps://github.com/d0rb/CVE-2024-21388\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-28T21:46:55.000000Z"}, {"uuid": "9cb95782-38f3-4da3-9c39-37e4ff22c849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/758", "content": "#exploit\n1. CVE-2022-0944:\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388", "creation_timestamp": "2024-09-13T16:19:32.000000Z"}, {"uuid": "e0e42418-d135-4106-8845-edb07c850bf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14687", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21388\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability\n\ud83d\udccf Published: 2024-01-30T17:23:24.876Z\n\ud83d\udccf Modified: 2025-05-03T01:46:40.456Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388", "creation_timestamp": "2025-05-03T02:17:00.000000Z"}, {"uuid": "d13817de-8acb-4cd5-8fdf-4f0a9da74a2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "seen", "source": "Telegram/XHlf7Goy5r7bSibczSqSGt48tk8WhX0UeuA8dmncsxpQP2s", "content": "", "creation_timestamp": "2024-01-31T04:36:42.000000Z"}, {"uuid": "a4005066-1817-4cbd-b216-85718c8681d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/337", "content": "#exploit\n1. CVE-2022-0944:\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388", "creation_timestamp": "2024-09-11T16:13:00.000000Z"}, {"uuid": "91345d23-d484-430a-bbbc-fc6b7e885c55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/3638", "content": "#exploit\n1. CVE-2022-0944:\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388", "creation_timestamp": "2024-09-13T16:19:31.000000Z"}, {"uuid": "1d8a1f2b-c29d-4d38-9802-78c66c80abec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2138", "type": "seen", "source": "https://t.me/arpsyndicate/4444", "content": "#ExploitObserverAlert\n\nCVE-2024-2138\n\nDESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2138. The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-04-11T05:40:03.000000Z"}, {"uuid": "55252645-611a-4a58-b7b5-d01b7b4193e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/871", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =<6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:19:51.000000Z"}, {"uuid": "5ae85a35-9195-4de9-a5c9-4f114815cf5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21385", "type": "seen", "source": "https://t.me/arpsyndicate/3276", "content": "#ExploitObserverAlert\n\nCVE-2024-21385\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-21385. Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability\n\nNVD-IS: 6.0\nNVD-ES: 1.6", "creation_timestamp": "2024-01-28T10:59:59.000000Z"}, {"uuid": "1b54c262-2469-4700-bcb6-84722f11adc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7409", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =<6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:19:56.000000Z"}, {"uuid": "d2bef544-b001-42f9-b80e-20d3d519e6bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/23768", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =<6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:20:59.000000Z"}, {"uuid": "649c3944-5562-43d1-8fa9-cf53a5937e2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3721", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =<6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:20:05.000000Z"}, {"uuid": "3ae5b315-3c0c-4b04-98f5-aeb0c2c67fcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "seen", "source": "https://t.me/thehackernews/4740", "content": "\ud83d\udee1\ufe0f A now-patched vulnerability (CVE-2024-21388) in Microsoft Edge could have allowed attackers to covertly install browser extensions without user consent. \n \nFind details here: https://thehackernews.com/2024/03/microsoft-edge-bug-could-have-allowed.html \n \nIf you use Edge, make sure you've updated to the latest version.", "creation_timestamp": "2024-03-27T13:56:14.000000Z"}, {"uuid": "c6c96aae-24ff-4827-95f4-b14c2134226f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21389", "type": "seen", "source": "https://t.me/ctinow/184155", "content": "https://ift.tt/yQsPZlN\nCVE-2024-21389 | Microsoft Dynamics 365 9.1 cross site scripting", "creation_timestamp": "2024-02-13T20:36:47.000000Z"}, {"uuid": "e6681abb-fc2d-4e1d-9e6d-e6d29fb8ac6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21386", "type": "seen", "source": "https://t.me/ctinow/184154", "content": "https://ift.tt/fs1wSnZ\nCVE-2024-21386 | Microsoft Visual Studio/ASP.NET Core denial of service", "creation_timestamp": "2024-02-13T20:36:46.000000Z"}, {"uuid": "cad39432-7780-49cb-a759-628f93552141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21384", "type": "seen", "source": "https://t.me/ctinow/184153", "content": "https://ift.tt/2URnzfD\nCVE-2024-21384 | Microsoft Office 365 Apps/LTSC 2021 OneNote Remote Code Execution", "creation_timestamp": "2024-02-13T20:36:45.000000Z"}, {"uuid": "958afb6f-d667-46f2-bd3f-0b78567ff97f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21381", "type": "seen", "source": "https://t.me/ctinow/184152", "content": "https://ift.tt/ixds9OR\nCVE-2024-21381 | Microsoft Azure Active Directory B2C Privilege Escalation", "creation_timestamp": "2024-02-13T20:36:44.000000Z"}, {"uuid": "9931ba0b-9a97-49f8-8015-5f104137be64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21380", "type": "seen", "source": "https://t.me/ctinow/184151", "content": "https://ift.tt/lIUwOjY\nCVE-2024-21380 | Microsoft Dynamics 365 Business Central information disclosure", "creation_timestamp": "2024-02-13T20:36:42.000000Z"}, {"uuid": "c494946c-9946-49f4-96f8-3db0561bbc40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "seen", "source": "https://t.me/ctinow/176192", "content": "https://ift.tt/5tRJxaB\nCVE-2024-21388", "creation_timestamp": "2024-01-30T19:26:16.000000Z"}, {"uuid": "3b535ba2-be89-4986-add1-82e2184b0da5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21386", "type": "seen", "source": "https://t.me/ctinow/184183", "content": "https://ift.tt/ncSCUgm\n[GHSA-g74q-5xw3-j7q9] Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability", "creation_timestamp": "2024-02-13T20:56:50.000000Z"}, {"uuid": "3fda0e2c-86df-486f-8129-c83d447007b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21386", "type": "seen", "source": "https://t.me/ctinow/184182", "content": "https://ift.tt/hrVD38H\n[GHSA-32q7-gv7f-4cg5] Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability", "creation_timestamp": "2024-02-13T20:56:49.000000Z"}, {"uuid": "84bb5592-6ce0-4511-abf0-bb1792375aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21387", "type": "seen", "source": "https://t.me/ctinow/173959", "content": "https://ift.tt/6q5zeSi\nCVE-2024-21387", "creation_timestamp": "2024-01-26T02:26:41.000000Z"}, {"uuid": "3ff583ba-3e14-4ec4-96b3-3b567a746c8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21385", "type": "seen", "source": "https://t.me/ctinow/173958", "content": "https://ift.tt/CFZLhgQ\nCVE-2024-21385", "creation_timestamp": "2024-01-26T02:26:40.000000Z"}, {"uuid": "2c84b9af-cef6-4e47-b3a9-b5d2ef1e12af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21383", "type": "seen", "source": "https://t.me/ctinow/173957", "content": "https://ift.tt/YBpaOiT\nCVE-2024-21383", "creation_timestamp": "2024-01-26T02:26:39.000000Z"}, {"uuid": "999c9acb-bfd4-4bb1-98ad-1fb5859f9d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21382", "type": "seen", "source": "https://t.me/ctinow/173956", "content": "https://ift.tt/qpN8IzV\nCVE-2024-21382", "creation_timestamp": "2024-01-26T02:26:38.000000Z"}, {"uuid": "1adaa9e2-719c-40d0-91cd-fb1701004353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/8516", "content": "\u201cCVE-2024-21388\u201d- Microsoft Edge\u2019s Marketing API Exploited for Covert Extension Installation\n\nhttps://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca", "creation_timestamp": "2024-03-27T22:35:22.000000Z"}, {"uuid": "b337aa8f-9186-4a79-8a29-101f46680c49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11112", "content": "#exploit\n1. CVE-2022-0944:\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388", "creation_timestamp": "2024-09-11T11:01:09.000000Z"}, {"uuid": "76f7fb80-ef50-4d41-94a9-33b9530b6913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/280", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =<6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:21:00.000000Z"}, {"uuid": "680a2090-189e-4583-a23c-00f0e3c982e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21388", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/4399", "content": "#exploit\n1. CVE-2022-0944:\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388", "creation_timestamp": "2024-09-11T06:40:55.000000Z"}]}