{"vulnerability": "CVE-2024-2289", "sightings": [{"uuid": "7df862e9-1ae9-4623-98cb-71808620e4bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2289", "type": "seen", "source": "https://t.me/arpsyndicate/4476", "content": "#ExploitObserverAlert\n\nCVE-2024-2289\n\nDESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2289. The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-04-11T08:10:06.000000Z"}, {"uuid": "a7eeeb3f-5e08-40d8-875c-0de72e93eaf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22893", "type": "seen", "source": "https://t.me/cvedetector/6325", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-22893 - OpenSlides Timing Memory Password Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-22893 \nPublished : Sept. 25, 2024, 3:15 p.m. | 22\u00a0minutes ago \nDescription : OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-25T17:41:13.000000Z"}, {"uuid": "8968ccf0-d872-4f1d-aba1-7b5e3a2c516d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22892", "type": "seen", "source": "https://t.me/cvedetector/6324", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-22892 - OpenSlides Weak Password Hashing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-22892 \nPublished : Sept. 25, 2024, 3:15 p.m. | 22\u00a0minutes ago \nDescription : OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-25T17:41:11.000000Z"}, {"uuid": "5c8a38c4-27f5-4796-ae18-5d222ebf46b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22899", "type": "seen", "source": "https://t.me/ctinow/192586", "content": "https://ift.tt/bxaiLFc\nCVE-2024-22899 | Vinchin Backup &amp; Recovery 7.2 syncNtpTime Privilege Escalation", "creation_timestamp": "2024-02-24T13:46:25.000000Z"}, {"uuid": "ba41780e-5835-4f7e-aa12-44a7c0b1c8e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22891", "type": "seen", "source": "https://t.me/ctinow/197354", "content": "https://ift.tt/n9JBYfI\nCVE-2024-22891", "creation_timestamp": "2024-03-01T07:32:00.000000Z"}, {"uuid": "fcae769a-8127-40c4-b952-a9ec036a2b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22891", "type": "seen", "source": "https://t.me/ctinow/197351", "content": "https://ift.tt/n9JBYfI\nCVE-2024-22891", "creation_timestamp": "2024-03-01T07:26:53.000000Z"}, {"uuid": "d9f0e716-9a8c-45aa-9189-36aaba118e09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22899", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5374", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 LeakIX \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u0441 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u043c \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c Vinchin Backup &amp; Recovery, \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043f\u043e \u0438\u0442\u043e\u0433\u0430\u043c 2023 \u0432\u043e\u0448\u0435\u043b \u0432 \u0447\u0438\u0441\u043b\u043e\u00a0\u043b\u0438\u0434\u0435\u0440\u043e\u0432 \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u043c \u0440\u044b\u043d\u043a\u0435 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041d\u043e \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0440\u0430\u0441\u0442\u0443\u0449\u0443\u044e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c \u0438 \u043e\u0431\u0448\u0438\u0440\u043d\u044b\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b, \u0440\u0435\u0448\u0435\u043d\u0438\u044f Vinchin, \u043a\u0430\u043a \u0438 \u043f\u0440\u043e\u0447\u0438\u0435, \u043d\u0435 \u0437\u0430\u0441\u0442\u0440\u0430\u0445\u043e\u0432\u0430\u043d\u044b \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u043c\u0443 \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u0431\u044b\u043b \u0432\u044b\u044f\u0432\u043b\u0435\u043d \u0440\u044f\u0434 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043e\u0442 CVE-2024-22899 \u0434\u043e CVE-2024-22903, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u044b \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a.\n\n\u0414\u0432\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0434\u0435\u0444\u043e\u043b\u0442\u043d\u044b\u043c\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438: CVE-2024-22902 (\u043a\u043e\u0440\u043d\u0435\u0432\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 SSH \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e) \u0438 CVE-2024-22901 (\u0436\u0435\u0441\u0442\u043a\u043e \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043e\u0448\u0438\u0431\u043a\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445).\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f Vinchin \u0441 \u043a\u043e\u0440\u043d\u0435\u0432\u044b\u043c\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043e\u0431\u043b\u0435\u0433\u0447\u0430\u0435\u0442 root-\u0432\u0445\u043e\u0434 \u043f\u043e SSH, \u043f\u0440\u0438 \u0442\u043e\u043c, \u0447\u0442\u043e \u043f\u0430\u0440\u043e\u043b\u044c \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d.\n\n\u0420\u0438\u0441\u043a\u0438 \u0441 CVE-2024-22901 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c\u00a0\u043f\u043e\u0440\u0442\u0430 MySQL, \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0438\u043c\u0435\u043d\u0438 \u0445\u043e\u0441\u0442\u0430\u00a0\u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u0432 \u0431\u0430\u0437\u0443 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0431\u0430\u0437\u0443 \u0434\u0430\u043d\u043d\u044b\u0445, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u0445 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432\u00a0\u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0438\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 CVE-2024-22900 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u044e setNetworkCardInfo, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0443\u044e \u0434\u043b\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043a\u0430\u0440\u0442\u0435.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u0432\u043e\u0434\u0438\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0447\u0435\u0440\u0435\u0437\u00a0\u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 NAME \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 POST-\u0437\u0430\u043f\u0440\u043e\u0441.\n\nCVE-2024-22899 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 syncNtpTime (\u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c NTP \u0432 \u0444\u0430\u0439\u043b\u0435 SystemHandler.class.php \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\u0415\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c, \u0432\u043d\u0435\u0434\u0440\u0438\u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432\u00a0ntphost \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 POST, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442\u0441\u044f \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u0424\u0443\u043d\u043a\u0446\u0438\u044f\u00a0deleteUpdateAPK \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 CVE-2024-22903, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043f\u0440\u044f\u043c\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u00a0file_name \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u0431\u0435\u0437 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u0438\u043b\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u0432\u0435\u0441\u0442\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b.\n\n\u0412 \u043e\u0442\u0447\u0435\u0442\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043f\u0440\u0438\u043c\u0435\u0440\u044b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u043f\u043e \u043a\u0430\u0436\u0434\u043e\u0439 \u0438\u0437 \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 \u0443\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u0437\u0430\u0438\u043c\u043e\u0441\u0432\u044f\u0437\u044c \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2024-02-05T13:40:05.000000Z"}, {"uuid": "99194306-61c6-4797-90f3-035d7d2eb8fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22894", "type": "seen", "source": "https://t.me/ctinow/175843", "content": "https://ift.tt/3duG4Cg\nCVE-2024-22894", "creation_timestamp": "2024-01-30T11:21:30.000000Z"}, {"uuid": "dedb8344-290e-4c8c-97b4-0e3eba22e07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22895", "type": "seen", "source": "https://t.me/ctinow/186208", "content": "https://ift.tt/X5ohDOm\nCVE-2024-22895 | DedeCMS 5.7.112 module_upload.php unrestricted upload", "creation_timestamp": "2024-02-16T09:41:25.000000Z"}, {"uuid": "32855db1-9026-4691-8bcf-e8c121f94252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22899", "type": "seen", "source": "https://t.me/ctinow/180967", "content": "https://ift.tt/hyWw2K4\nCVE-2024-22899 Exploit", "creation_timestamp": "2024-02-07T21:17:11.000000Z"}, {"uuid": "c864e675-737b-40d9-94ed-579722e4ac17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22894", "type": "seen", "source": "https://t.me/ctinow/181567", "content": "https://ift.tt/9e6347f\nCVE-2024-22894 Exploit", "creation_timestamp": "2024-02-08T19:22:15.000000Z"}, {"uuid": "c7e77da2-1063-4c85-9077-384690e45618", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22894", "type": "seen", "source": "https://t.me/ctinow/190479", "content": "https://ift.tt/rNsG7xY\nCVE-2024-22894 | AIT-Deutschland Alpha Innotec Heatpump 3.88.0-9015 shadow File inadequate encryption", "creation_timestamp": "2024-02-22T07:08:07.000000Z"}, {"uuid": "bf4e3717-af79-401b-9777-87dbdaec6b97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22899", "type": "seen", "source": "https://t.me/ctinow/177897", "content": "https://ift.tt/2s7y3NM\nCVE-2024-22899", "creation_timestamp": "2024-02-02T03:22:00.000000Z"}, {"uuid": "00d70f23-44af-4643-9123-9fb510ddc4cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22895", "type": "seen", "source": "https://t.me/ctinow/171274", "content": "https://ift.tt/80XO34Z\nCVE-2024-22895", "creation_timestamp": "2024-01-22T16:24:16.000000Z"}, {"uuid": "fe6749a9-903b-43ba-a34f-43f330bf272e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22899", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9902", "content": "#exploit\n1. CVE-2023-42820,\nCVE-2023-42820,\nCVE-2023-42819:\nJumpserver Preauth RCE Exploit Chain\nhttps://sites.google.com/site/zhiniangpeng/blogs/Jumpserver\n\n2. CVE-2024-20931:\nA new attack surface for JNDI injection\nhttps://github.com/GlassyAmadeus/CVE-2024-20931\n\n3. CVE-2024-22899 - 22903:\nExploit Chain for Multiple Vulnerabilities in VinChin Backup &amp; Recovery\nhttps://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain", "creation_timestamp": "2024-02-07T20:22:24.000000Z"}, {"uuid": "3669ffc8-be4e-4409-954f-afe6ba52f143", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22895", "type": "seen", "source": "https://t.me/ctinow/174527", "content": "https://ift.tt/FZJtIPL\nCVE-2024-22895 Exploit", "creation_timestamp": "2024-01-26T23:16:28.000000Z"}, {"uuid": "4d1ed324-cb53-41ee-9b88-7b69480a0d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22894", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9870", "content": "#exploit\n1. CVE-2024-22894:\nWithin heatpump root user\u00a0psw decrypt/crack\nhttps://github.com/Jaarden/CVE-2024-22894\n\n2. CVE-2024-23746:\nMiro Desktop 0.8.18 on macOS allows Electron code injection\nhttps://github.com/louiselalanne/CVE-2024-23746\n\n3. CVE-2023-6112:\nChrome content::NavigationURLLoaderImpl::FallbackToNonInterceptedRequest Heap UaF\nhttps://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html", "creation_timestamp": "2024-01-29T11:38:00.000000Z"}, {"uuid": "9c9b267e-840a-4411-ae4d-ca49c73059c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22899", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2706", "content": "#exploit\n1. CVE-2023-42820,\nCVE-2023-42820,\nCVE-2023-42819:\nJumpserver Preauth RCE Exploit Chain\nhttps://sites.google.com/site/zhiniangpeng/blogs/Jumpserver\n\n2. CVE-2024-20931:\nA new attack surface for JNDI injection\nhttps://github.com/GlassyAmadeus/CVE-2024-20931\n\n3. CVE-2024-22899 - 22903:\nExploit Chain for Multiple Vulnerabilities in VinChin Backup &amp; Recovery\nhttps://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain", "creation_timestamp": "2024-08-16T09:13:13.000000Z"}, {"uuid": "6046f3fb-a9dc-477b-8bf7-15c96b3ded4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22894", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2665", "content": "#exploit\n1. CVE-2024-22894:\nWithin heatpump root user\u00a0psw decrypt/crack\nhttps://github.com/Jaarden/CVE-2024-22894\n\n2. CVE-2024-23746:\nMiro Desktop 0.8.18 on macOS allows Electron code injection\nhttps://github.com/louiselalanne/CVE-2024-23746\n\n3. CVE-2023-6112:\nChrome content::NavigationURLLoaderImpl::FallbackToNonInterceptedRequest Heap UaF\nhttps://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html", "creation_timestamp": "2024-08-16T09:12:55.000000Z"}, {"uuid": "f9e2b0c8-c409-48aa-af39-19ee4c9903c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22894", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2634", "content": "#exploit\n1. CVE-2024-22894:\nWithin heatpump root user\u00a0psw decrypt/crack\nhttps://github.com/Jaarden/CVE-2024-22894\n\n2. CVE-2024-23746:\nMiro Desktop 0.8.18 on macOS allows Electron code injection\nhttps://github.com/louiselalanne/CVE-2024-23746\n\n3. CVE-2023-6112:\nChrome content::NavigationURLLoaderImpl::FallbackToNonInterceptedRequest Heap UaF\nhttps://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html", "creation_timestamp": "2024-08-16T09:12:43.000000Z"}]}