{"vulnerability": "CVE-2024-2874", "sightings": [{"uuid": "e7b5a3a0-0a47-417c-8b2e-0e8622d4be90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "bbd58474-63ee-4a2d-9121-8436aeccd282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:01.000000Z"}, {"uuid": "cd008199-f7ea-4c75-afe7-65e79bdf41db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/northstar_c2_xss_to_agent_rce.rb", "content": "", "creation_timestamp": "2024-05-21T19:15:48.000000Z"}, {"uuid": "d860ba5f-5b45-4860-81ce-39681961dbb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "b01e0094-8d4d-49c0-b78f-260f02e75ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28740", "type": "seen", "source": "https://t.me/cvedetector/2632", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28740 - Koha ILS Stored Cross Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-28740 \nPublished : Aug. 6, 2024, 7:15 p.m. | 17\u00a0minutes ago \nDescription : Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-06T21:43:08.000000Z"}, {"uuid": "1a48c066-e444-4347-9862-d9e583661102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28746", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8268", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-28746\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.\u00a0\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability\n\ud83d\udccf Published: 2024-03-14T08:41:03.928Z\n\ud83d\udccf Modified: 2025-03-20T19:04:18.928Z\n\ud83d\udd17 References:\n1. https://github.com/apache/airflow/pull/37881\n2. https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7\n3. http://www.openwall.com/lists/oss-security/2024/03/13/5", "creation_timestamp": "2025-03-20T19:18:31.000000Z"}, {"uuid": "b80dfd21-e2ba-4dee-a59f-0ed40702061b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28748", "type": "seen", "source": "https://t.me/cvedetector/262", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28748 - A remote attacker with high privileges may use a r\", \n  \"Content\": \"CVE ID : CVE-2024-28748 \nPublished : July 9, 2024, 7:15 a.m. | 21\u00a0minutes ago \nDescription : A remote attacker with high privileges may use a reading file function to inject OS commands. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T09:44:08.000000Z"}, {"uuid": "7d6ef9b2-fe77-44d9-9466-ffa62d40c3f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28747", "type": "seen", "source": "https://t.me/cvedetector/261", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28747 - An unauthenticated remote attacker can use the har\", \n  \"Content\": \"CVE ID : CVE-2024-28747 \nPublished : July 9, 2024, 7:15 a.m. | 21\u00a0minutes ago \nDescription : An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T09:44:04.000000Z"}, {"uuid": "4874aed1-2dfe-49cd-aeac-db50283a2e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28749", "type": "seen", "source": "https://t.me/cvedetector/258", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28749 - A remote attacker with high privileges may use a w\", \n  \"Content\": \"CVE ID : CVE-2024-28749 \nPublished : July 9, 2024, 7:15 a.m. | 21\u00a0minutes ago \nDescription : A remote attacker with high privileges may use a writing file function to inject OS commands. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T09:44:01.000000Z"}, {"uuid": "6418fa97-671d-4242-9646-6963afba9232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28745", "type": "seen", "source": "https://t.me/ctinow/210176", "content": "https://ift.tt/omGfdcH\nCVE-2024-28745", "creation_timestamp": "2024-03-18T05:26:15.000000Z"}, {"uuid": "d3cb7a9c-c63a-4157-9014-dc35ace19f16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "https://t.me/arpsyndicate/4407", "content": "#ExploitObserverAlert\n\nCVE-2024-28741\n\nDESCRIPTION: Exploit Observer has 23 entries in 5 file formats related to CVE-2024-28741. Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.\n\nFIRST-EPSS: 0.000450000", "creation_timestamp": "2024-04-09T19:47:17.000000Z"}, {"uuid": "44b67eb0-7170-4953-b7bf-3746febf3382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "https://t.me/arpsyndicate/4389", "content": "#ExploitObserverAlert\n\nCVE-2024-28741\n\nDESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2024-28741. Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.\n\nFIRST-EPSS: 0.000450000", "creation_timestamp": "2024-04-08T07:45:52.000000Z"}, {"uuid": "036bf38d-c8d8-459b-a511-83abab3d19e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "seen", "source": "https://t.me/arpsyndicate/4960", "content": "#ExploitObserverAlert\n\nCVE-2024-28741\n\nDESCRIPTION: Exploit Observer has 16 entries in 6 file formats related to CVE-2024-28741. Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.\n\nFIRST-EPSS: 0.001630000\nARPS-PRIORITY: 0.8511741", "creation_timestamp": "2024-05-23T01:29:32.000000Z"}, {"uuid": "7ec3dc97-9d21-4d74-819d-379b8911c6eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28746", "type": "seen", "source": "https://t.me/ctinow/207608", "content": "https://ift.tt/1hfgxo4\nCVE-2024-28746", "creation_timestamp": "2024-03-14T10:27:09.000000Z"}, {"uuid": "7ce62a5a-28d2-497f-acff-5e533350ac42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28746", "type": "seen", "source": "https://t.me/ctinow/207601", "content": "https://ift.tt/1hfgxo4\nCVE-2024-28746", "creation_timestamp": "2024-03-14T10:26:59.000000Z"}, {"uuid": "13ae17b4-65d8-42c1-bf4c-6e5ac2b02440", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28745", "type": "seen", "source": "https://t.me/ctinow/210174", "content": "https://ift.tt/omGfdcH\nCVE-2024-28745", "creation_timestamp": "2024-03-18T05:26:14.000000Z"}, {"uuid": "76432b1f-6af9-4f9a-ad77-abacb2ca880b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28741", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10152", "content": "#Threat_Research\n1. Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities\nhttps://www.tenable.com/security/research/tra-2024-07\n2. Discovering CVE-2024-28741: RCE on NorthStar C2 agents via pre auth stored XSS\nhttps://blog.chebuya.com/posts/discovering-cve-2024-28741-remote-code-execution-on-northstar-c2-agents-via-pre-auth-stored-xss", "creation_timestamp": "2024-03-15T20:28:11.000000Z"}]}