{"vulnerability": "CVE-2024-2613", "sightings": [{"uuid": "868f87d9-909b-444d-a45e-c7b7b6f16f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://gist.github.com/Darkcrai86/f0bc59e87b0f256e3fe6bd76f97ae9a6", "content": "", "creation_timestamp": "2025-09-18T07:49:15.000000Z"}, {"uuid": "7b38a1ad-26df-49d9-96ce-35cde1c650d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://bsky.app/profile/swaroopsy.bsky.social/post/3m4htic4ylc2n", "content": "", "creation_timestamp": "2025-10-31T06:20:28.258788Z"}, {"uuid": "603dd0c8-5990-4f03-b8de-d4d0f9d82c0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://bsky.app/profile/swaroopsy.bsky.social/post/3m4htic55hk2n", "content": "", "creation_timestamp": "2025-10-31T06:20:28.851483Z"}, {"uuid": "cee088d0-fef9-4c60-93e7-074f2425ed46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://bsky.app/profile/swaroopsy.bsky.social/post/3m4htic56gs2n", "content": "", "creation_timestamp": "2025-10-31T06:20:29.422350Z"}, {"uuid": "f72d5a45-05e0-4d81-8607-0b9c5e1d0008", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://bsky.app/profile/swaroopsy.bsky.social/post/3m4htic57g22n", "content": "", "creation_timestamp": "2025-10-31T06:20:30.019507Z"}, {"uuid": "ddf0ca31-5c9b-47f2-b7d7-2cbce3a937e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://bsky.app/profile/swaroopsy.bsky.social/post/3m4htic5afc2n", "content": "", "creation_timestamp": "2025-10-31T06:20:30.599610Z"}, {"uuid": "4a3ca43d-bc75-4522-b6a3-f42ad75446d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://bsky.app/profile/swaroopsy.bsky.social/post/3m4htic5afd2n", "content": "", "creation_timestamp": "2025-10-31T06:20:31.223328Z"}, {"uuid": "1208f0ce-a803-46b0-8dd0-d3f3e2bb1914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://bsky.app/profile/swaroopsy.bsky.social/post/3m4htictzv32n", "content": "", "creation_timestamp": "2025-10-31T06:20:31.830896Z"}, {"uuid": "b990a5d6-f6f8-4b2a-a668-b55e1607cf1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "Telegram/vzEsgehzY21YT-7RllwqlJHNFG2qhXyvljWRpSJNdqEm9b6p", "content": "", "creation_timestamp": "2025-02-14T21:09:17.000000Z"}, {"uuid": "ee9ebbcd-fba8-447b-ab2d-4bea0f3ef961", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26138", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12906", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-26138\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that \"there's no way to find who's having a given UUID\" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated,  depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading.\n\ud83d\udccf Published: 2024-02-21T16:52:25.022Z\n\ud83d\udccf Modified: 2025-04-22T16:23:41.846Z\n\ud83d\udd17 References:\n1. https://github.com/xwikisas/application-licensing/security/advisories/GHSA-4hfp-m9gv-m753\n2. https://github.com/xwikisas/application-licensing/commit/d168fb88fc0d121bf95e769ea21c55c00bebe5a6\n3. https://extensions.xwiki.org/xwiki/bin/view/Extension/Active%20Installs%202%20API", "creation_timestamp": "2025-04-22T17:03:31.000000Z"}, {"uuid": "b0ac3935-05fd-4b23-bf59-53e7a8d7b8e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26135", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12897", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-26135\n\ud83d\udd25 CVSS Score: 8.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue.\n\ud83d\udccf Published: 2024-02-20T19:50:30.723Z\n\ud83d\udccf Modified: 2025-04-22T16:26:34.189Z\n\ud83d\udd17 References:\n1. https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8\n2. https://github.com/Ylianst/MeshCentral/commit/f2e43cc6da9f5447dbff0948e6c6024c8a315af3", "creation_timestamp": "2025-04-22T17:03:16.000000Z"}, {"uuid": "22c3b017-9b00-4ca8-8a35-8d4ea1b153c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "published-proof-of-concept", "source": "https://t.me/darkcommunityofficial/596", "content": "https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/\n\nCVE-2024-26131, CVE-2024-26132\n#\u5206\u6790", "creation_timestamp": "2024-05-02T16:09:53.000000Z"}, {"uuid": "a69e28c5-4a1b-4ab7-8cd8-f9839fa8add6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26132", "type": "published-proof-of-concept", "source": "https://t.me/darkcommunityofficial/596", "content": "https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/\n\nCVE-2024-26131, CVE-2024-26132\n#\u5206\u6790", "creation_timestamp": "2024-05-02T16:09:53.000000Z"}, {"uuid": "e884b1b8-d402-49d6-a2b3-789fdb6643ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26130", "type": "seen", "source": "https://t.me/arpsyndicate/4072", "content": "#ExploitObserverAlert\n\nCVE-2024-26130\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26130. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.", "creation_timestamp": "2024-02-22T22:14:08.000000Z"}, {"uuid": "0fca3e01-9fc4-4f8c-bb91-938421bcb084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26130", "type": "seen", "source": "https://t.me/arpsyndicate/4892", "content": "#ExploitObserverAlert\n\nCVE-2024-26130\n\nDESCRIPTION: Exploit Observer has 14 entries in 6 file formats related to CVE-2024-26130. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.\n\nFIRST-EPSS: 0.000450000\nARPS-PRIORITY: 0.7524834", "creation_timestamp": "2024-04-26T05:58:45.000000Z"}, {"uuid": "0ebf30af-00c0-4f57-b4df-bae77c77de3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26138", "type": "seen", "source": "https://t.me/arpsyndicate/4021", "content": "#ExploitObserverAlert\n\nCVE-2024-26138\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26138. The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that \"there's no way to find who's having a given UUID\" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated,  depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading.", "creation_timestamp": "2024-02-22T19:48:06.000000Z"}, {"uuid": "ee14a320-dbfb-4d48-a196-29862c99180a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2613", "type": "seen", "source": "https://t.me/ctinow/211474", "content": "https://ift.tt/sk4OyWj\nCVE-2024-2613", "creation_timestamp": "2024-03-19T13:31:35.000000Z"}, {"uuid": "ed4a05c6-70dd-4ab6-874c-a4881d9c38f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26135", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5477", "content": "\u041f\u043e\u0434\u043a\u0430\u0442\u0438\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0445 MeshCentral, Cisco \u0438 Zyxel, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0435\u0449\u0435 \u043d\u0435 \u043e\u0431\u0437\u0430\u0432\u0435\u043b\u0438\u0441\u044c \u043d\u0438 CVE, \u043d\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Praetorian \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-26135 \u0441 CVSS 8,3 \u0432 MeshCentral, \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c\u0438 \u0442\u043e\u0447\u043a\u0430\u043c\u0438.\u00a0\n\n\u00a0\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0432\u0435\u0431-\u0441\u043e\u043a\u0435\u0442\u043e\u0432 CSWSH \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 control.ashx \u0438 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e 1.1.20 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 1.1.21. \u0421\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0432\u044b\u0441\u043e\u043a\u0430\u044f, \u043d\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u0434\u0430\u0435\u0442\u0441\u044f \u0443\u0431\u0435\u0434\u0438\u0442\u044c \u0436\u0435\u0440\u0442\u0432\u0443 \u0449\u0435\u043b\u043a\u043d\u0443\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0441\u0441\u044b\u043b\u043a\u0443 \u043d\u0430 \u043f\u043e\u0434\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u044b\u0439 \u0441\u0430\u0439\u0442, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 \u0432\u0435\u0431-\u0441\u043e\u043a\u0435\u0442, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043a\u043e\u0434 JavaScript \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a control.ashx \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f-\u0436\u0435\u0440\u0442\u0432\u044b.\n\nCisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u043e\u043b\u0443\u0433\u043e\u0434\u043e\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 FXOS \u0438 NX-OS, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0438\u0437 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a, CVE-2024-20321, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 DoS, \u043f\u043e\u0441\u044b\u043b\u0430\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u0435 \u043e\u0431\u044a\u0435\u043c\u044b \u0442\u0440\u0430\u0444\u0438\u043a\u0430.\n\n\u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b \u0441\u0435\u0440\u0438\u0438 Nexus 3600 \u0438 \u043b\u0438\u043d\u0435\u0439\u043d\u044b\u0435 \u043a\u0430\u0440\u0442\u044b Nexus 9500 \u0441\u0435\u0440\u0438\u0438 R.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f CVE-2024-20267 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0438\u043d\u043a\u0430\u043f\u0441\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 IPv6 \u0432 \u043a\u0430\u0434\u0440 MPLS \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0435\u0433\u043e \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS-\u0443\u0441\u043b\u043e\u0432\u0438\u0435.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b \u0441\u0435\u0440\u0438\u0439 Nexus 3000, Nexus 5500, Nexus 5600, Nexus 6000, Nexus 7000 \u0438 Nexus 9000, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d MPLS.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Eclypsium \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043b\u0438\u043d\u0435\u0439\u043a\u0435 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432 \u0438 VPN-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Zyxel USG \u0441 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 5.36 \u0438 \u043d\u0438\u0436\u0435.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0438\u043c\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445, Zyxel \u043e\u0442\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0434\u0430\u0432\u0430\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438.\u00a0\n\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u043d\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u044b CVE, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043c\u043e\u0433\u0443\u0442 \u043d\u0435 \u0437\u043d\u0430\u0442\u044c \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.", "creation_timestamp": "2024-03-01T14:30:05.000000Z"}, {"uuid": "ca098f32-e2c6-49e2-ac5b-69e4dad1f181", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26133", "type": "seen", "source": "https://t.me/ctinow/206501", "content": "https://ift.tt/abLmti5\nCVE-2024-26133 | EventStore EventStoreDB credentials storage", "creation_timestamp": "2024-03-13T09:41:30.000000Z"}, {"uuid": "f9bce3a2-2b02-4a7f-8fdf-eb96f0778386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26138", "type": "seen", "source": "https://t.me/ctinow/206500", "content": "https://ift.tt/wgSmUkZ\nCVE-2024-26138 | xwikisas application-licensing up to 1.24.1 authorization", "creation_timestamp": "2024-03-13T09:41:29.000000Z"}, {"uuid": "c97cb7b2-0fc2-4a52-ab71-367ddc49b27a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26130", "type": "seen", "source": "https://t.me/ctinow/206502", "content": "https://ift.tt/WyL0VRj\nCVE-2024-26130 | pyca cryptography up to 42.0.3 PrivateFormat.PKCS12.encryption_builder.hmac_hash null pointer dereference", "creation_timestamp": "2024-03-13T09:41:31.000000Z"}, {"uuid": "3d0978c6-72c8-48a9-9112-81bf02816b2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2613", "type": "seen", "source": "https://t.me/ctinow/211455", "content": "https://ift.tt/sk4OyWj\nCVE-2024-2613", "creation_timestamp": "2024-03-19T13:26:58.000000Z"}, {"uuid": "312635ea-91e1-4e4c-8682-fd93a87ca1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26132", "type": "seen", "source": "https://t.me/ctinow/203662", "content": "https://ift.tt/y14nz3R\nCVE-2024-26132 | Element up to 1.6.11 on Android information disclosure (GHSA-8wj9-cx7h-pvm4)", "creation_timestamp": "2024-03-08T23:56:19.000000Z"}, {"uuid": "22f2f8e2-9781-43bd-8727-d260a0e80223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://t.me/ctinow/203496", "content": "https://ift.tt/owkrIJ5\nCVE-2024-26131 | element-android up to 1.6.10 unknown vulnerability", "creation_timestamp": "2024-03-08T18:27:04.000000Z"}, {"uuid": "993e60c1-4460-4218-9315-327d1e574359", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26138", "type": "seen", "source": "https://t.me/ctinow/189903", "content": "https://ift.tt/7KuCRzZ\nCVE-2024-26138", "creation_timestamp": "2024-02-21T18:31:34.000000Z"}, {"uuid": "82c0c316-cfa0-4ef0-a026-6fa88d8db36b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26133", "type": "seen", "source": "https://t.me/ctinow/189902", "content": "https://ift.tt/oGCkzi8\nCVE-2024-26133", "creation_timestamp": "2024-02-21T18:31:33.000000Z"}, {"uuid": "5f054ce9-1d55-4411-b58a-c18351538171", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26130", "type": "seen", "source": "https://t.me/ctinow/189901", "content": "https://ift.tt/5TUHG2t\nCVE-2024-26130", "creation_timestamp": "2024-02-21T18:31:28.000000Z"}, {"uuid": "c5b65c22-0511-4220-9692-ecc898b20924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26136", "type": "seen", "source": "https://t.me/ctinow/189002", "content": "https://ift.tt/Dicsuxk\nCVE-2024-26136", "creation_timestamp": "2024-02-20T23:26:58.000000Z"}, {"uuid": "50c20de6-c49f-4cb8-bdd1-027046431be6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26135", "type": "seen", "source": "https://t.me/ctinow/188927", "content": "https://ift.tt/tUOLp8Q\nCVE-2024-26135", "creation_timestamp": "2024-02-20T21:23:11.000000Z"}, {"uuid": "2dc5937c-0a80-43c8-8b1f-2b92f19feb5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26135", "type": "seen", "source": "https://t.me/ctinow/188925", "content": "https://ift.tt/tUOLp8Q\nCVE-2024-26135", "creation_timestamp": "2024-02-20T21:23:09.000000Z"}, {"uuid": "ca968db2-a3ee-495c-ab94-0624bf8da71f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26138", "type": "seen", "source": "https://t.me/ctinow/189917", "content": "https://ift.tt/7KuCRzZ\nCVE-2024-26138", "creation_timestamp": "2024-02-21T18:36:26.000000Z"}, {"uuid": "6285ec92-f601-4da5-a04e-8b194e8658b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26133", "type": "seen", "source": "https://t.me/ctinow/189916", "content": "https://ift.tt/oGCkzi8\nCVE-2024-26133", "creation_timestamp": "2024-02-21T18:36:22.000000Z"}, {"uuid": "3f2443e9-cfa6-42f4-9487-2e45d0b0dce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26130", "type": "seen", "source": "https://t.me/ctinow/189915", "content": "https://ift.tt/5TUHG2t\nCVE-2024-26130", "creation_timestamp": "2024-02-21T18:36:21.000000Z"}, {"uuid": "17922491-d959-4e7b-85cb-cc150f27049b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26136", "type": "seen", "source": "https://t.me/ctinow/189010", "content": "https://ift.tt/Dicsuxk\nCVE-2024-26136", "creation_timestamp": "2024-02-20T23:27:09.000000Z"}, {"uuid": "330b2a9c-db2f-409d-8672-d8a3231acbe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26134", "type": "seen", "source": "https://t.me/ctinow/187992", "content": "https://ift.tt/hmZi4vl\nCVE-2024-26134", "creation_timestamp": "2024-02-20T00:26:41.000000Z"}, {"uuid": "218ba65d-6172-47d8-9927-3d345ce19491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26134", "type": "seen", "source": "https://t.me/ctinow/187991", "content": "https://ift.tt/hmZi4vl\nCVE-2024-26134", "creation_timestamp": "2024-02-20T00:26:40.000000Z"}, {"uuid": "ab2c0f03-4b45-4c3c-a37b-d94e8f0e6528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26132", "type": "seen", "source": "https://t.me/androidMalware/2209", "content": "Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers\nhttps://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/", "creation_timestamp": "2024-05-18T07:18:05.000000Z"}, {"uuid": "517bd23d-1ed0-4878-a51e-3959a6445197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://t.me/androidMalware/2209", "content": "Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers\nhttps://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/", "creation_timestamp": "2024-05-18T07:18:05.000000Z"}, {"uuid": "78cbb962-bff2-422a-9efe-1e978d1f67b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "seen", "source": "https://t.me/CNArsenal/2414", "content": "https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/\n\nCVE-2024-26131, CVE-2024-26132\n#\u5206\u6790", "creation_timestamp": "2024-05-02T14:59:01.000000Z"}, {"uuid": "55aa1f87-5dd0-4fe8-9c23-58f1e5deb0b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26132", "type": "seen", "source": "https://t.me/CNArsenal/2414", "content": "https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/\n\nCVE-2024-26131, CVE-2024-26132\n#\u5206\u6790", "creation_timestamp": "2024-05-02T14:59:01.000000Z"}, {"uuid": "74b77e2a-21c3-4cda-b3dc-5d489d86717c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26135", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10119", "content": "#exploit\n1. CVE-2024-26135:\nMeshCentral Cross-Site Websocket Hijacking\nhttps://www.praetorian.com/blog/meshcentral-cross-site-websocket-hijacking-vulnerability\n\n2. Brew LPE exploit on Intel macOS\nhttps://github.com/gergelykalman/brew-lpe-via-periodic\n\n3. CVE-2019-18370, CVE-2019-18371:\nXiaomi series router RCE\nhttps://ultramangaia.github.io/blog/2019/Xiaomi-Series-Router-Command-Execution-Vulnerability.html", "creation_timestamp": "2024-03-10T00:23:58.000000Z"}, {"uuid": "b45ea457-761b-4df8-97c2-006611af8cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26131", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10433", "content": "#exploit\n1. CVE-2024-27322:\nVulnerability in R'S Deserialization\n(R-Bitrary Code Execution)\nhttps://hiddenlayer.com/research/r-bitrary-code-execution\n\n2. Minecraft \"Randar\" exploit\nhttps://github.com/spawnmason/randar-explanation\n\n3. CVE-2024-26131, CVE-2024-26132:\nElement Android Exploit\nhttps://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers", "creation_timestamp": "2024-05-02T20:34:02.000000Z"}, {"uuid": "59807e59-4c73-4765-a801-82e696625b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26132", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10433", "content": "#exploit\n1. CVE-2024-27322:\nVulnerability in R'S Deserialization\n(R-Bitrary Code Execution)\nhttps://hiddenlayer.com/research/r-bitrary-code-execution\n\n2. Minecraft \"Randar\" exploit\nhttps://github.com/spawnmason/randar-explanation\n\n3. CVE-2024-26131, CVE-2024-26132:\nElement Android Exploit\nhttps://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers", "creation_timestamp": "2024-05-02T20:34:02.000000Z"}]}