{"vulnerability": "cve-2024-1186", "sightings": [{"uuid": "50a2848f-e672-438b-b925-ef48afc2821f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11861", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15731", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11861\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access.\n\ud83d\udccf Published: 2025-05-09T13:51:37.212Z\n\ud83d\udccf Modified: 2025-05-09T13:51:37.212Z\n\ud83d\udd17 References:\n1. https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0001.md\n2. https://www.enersys.com/4996bf/globalassets/documents/corporate/cve/enersys_cve-2024-11861-final.pdf", "creation_timestamp": "2025-05-09T14:26:15.000000Z"}, {"uuid": "63aa1e9e-3872-4d19-a8f1-dd43904df01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1186", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17930", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1186\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2024-02-02T17:00:07.334Z\n\ud83d\udccf Modified: 2025-06-10T16:16:39.890Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.252676\n2. https://vuldb.com/?ctiid.252676\n3. https://fitoxs.com/vuldb/12-exploit-perl.txt\n4. https://www.exploit-db.com/exploits/45884", "creation_timestamp": "2025-06-10T16:31:58.000000Z"}, {"uuid": "86bb6e6a-e6cb-4c5b-95c3-0fccc069834a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11861", "type": "seen", "source": "https://t.me/cvedetector/24951", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11861 - EnerSys AMPA Remote Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11861 \nPublished : May 9, 2025, 2:15 p.m. | 1\u00a0hour, 58\u00a0minutes ago \nDescription : EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T18:43:05.000000Z"}, {"uuid": "c0b4c1a9-a2b6-4339-a14f-519bbb7ae473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1186", "type": "seen", "source": "https://t.me/ctinow/178207", "content": "https://ift.tt/8VNKPHB\nCVE-2024-1186", "creation_timestamp": "2024-02-02T18:22:16.000000Z"}, {"uuid": "caf63d66-efb1-42e6-af4a-cec00a17a02c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11860", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113555901392126782", "content": "", "creation_timestamp": "2024-11-27T16:39:06.788626Z"}, {"uuid": "dfd7afae-b742-46d7-a1ab-c6686226a7b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11865", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649426013840828", "content": "", "creation_timestamp": "2024-12-14T05:03:39.179912Z"}, {"uuid": "c88d4498-13c7-4c58-aa70-07c6a6b886c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11867", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649426027670778", "content": "", "creation_timestamp": "2024-12-14T05:03:39.433855Z"}, {"uuid": "5f9834ad-ed84-4111-92d2-1610bdd57e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11869", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649426041281230", "content": "", "creation_timestamp": "2024-12-14T05:03:39.689825Z"}, {"uuid": "fdd9ede8-1879-4e21-98ca-51ac85f8cdc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11868", "type": "seen", "source": "https://t.me/cvedetector/12497", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11868 - LearnPress - WordPress LMS Plugin Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-11868 \nPublished : Dec. 10, 2024, 1:15 p.m. | 33\u00a0minutes ago \nDescription : The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T14:57:46.000000Z"}, {"uuid": "9422210c-503d-4975-baa4-53600302c47d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11869", "type": "seen", "source": "https://t.me/cvedetector/12927", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11869 - \"Buk for WordPress Stored Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-11869 \nPublished : Dec. 14, 2024, 5:15 a.m. | 27\u00a0minutes ago \nDescription : The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T06:49:53.000000Z"}, {"uuid": "6953f4b2-6695-4061-8989-e5be74c8592c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11867", "type": "seen", "source": "https://t.me/cvedetector/12926", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11867 - WordPress Companion Portfolio Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11867 \nPublished : Dec. 14, 2024, 5:15 a.m. | 27\u00a0minutes ago \nDescription : The Companion Portfolio \u2013 Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T06:49:53.000000Z"}, {"uuid": "4a5f99a5-7430-4162-a4eb-098eef9017c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11865", "type": "seen", "source": "https://t.me/cvedetector/12925", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11865 - WordPress Tabs Maker Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11865 \nPublished : Dec. 14, 2024, 5:15 a.m. | 27\u00a0minutes ago \nDescription : The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on tab descriptions. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T06:49:52.000000Z"}, {"uuid": "5d2a98e7-41c7-4cb4-9b5b-111ffb8329e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11866", "type": "seen", "source": "https://t.me/cvedetector/11873", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11866 - WordPress BMLT Tabbed Map Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11866 \nPublished : Dec. 3, 2024, 9:15 a.m. | 18\u00a0minutes ago \nDescription : The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_tabbed_map' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T10:39:01.000000Z"}, {"uuid": "526fda8b-bd03-482c-947d-be06e38eeb7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11866", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113587982303897166", "content": "", "creation_timestamp": "2024-12-03T08:37:42.603969Z"}, {"uuid": "2d3a9919-59b6-42af-9d74-c40a6de10b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11863", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113827035656023381", "content": "", "creation_timestamp": "2025-01-14T13:52:07.241505Z"}, {"uuid": "fd403eb7-3997-4929-b18d-ce047fc70319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11864", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113827035670982015", "content": "", "creation_timestamp": "2025-01-14T13:52:07.610284Z"}, {"uuid": "2a711f3a-8c37-4748-ab5b-839578879908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11861", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114478234561896799", "content": "", "creation_timestamp": "2025-05-09T14:00:34.069846Z"}, {"uuid": "446bf9b6-1c99-41a8-a71f-4ce7cad29884", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11861", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loqmlwbl6pg2", "content": "", "creation_timestamp": "2025-05-09T15:07:36.640889Z"}, {"uuid": "def0b13f-56c8-48c2-9812-9bdb9e9789ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11868", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-11868.yaml", "content": "", "creation_timestamp": "2026-02-07T19:23:10.000000Z"}, {"uuid": "89a64ff0-2460-4a22-87b2-9732d7ac1669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-11868", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mimmlfgyge2g", "content": "", "creation_timestamp": "2026-04-03T21:02:34.871645Z"}, {"uuid": "ea2d9ace-a7b5-463e-ad57-82622c30062f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1186", "type": "seen", "source": "https://t.me/ctinow/192663", "content": "https://ift.tt/tp3vlJT\nCVE-2024-1186 | Munsoft Easy Archive Recovery 2.0 Registration Key denial of service (EDB-45884)", "creation_timestamp": "2024-02-24T17:46:19.000000Z"}, {"uuid": "508aca3e-5e7d-4484-9d70-0ff708adbaed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11862", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113555421995502917", "content": "", "creation_timestamp": "2024-11-27T14:37:11.740365Z"}, {"uuid": "acfe6c83-19f7-4ccf-83f9-0af8c8d580e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11868", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113628528402466199", "content": "", "creation_timestamp": "2024-12-10T12:29:07.777581Z"}, {"uuid": "cd8c341c-c01b-4e20-994b-e97c696109dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11863", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpgugf2wo2t", "content": "", "creation_timestamp": "2025-01-14T14:16:25.744754Z"}, {"uuid": "3b18b090-579f-4fbc-a849-db9e61aa3cb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11868", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3memet7bzwm27", "content": "", "creation_timestamp": "2026-02-11T21:03:02.134236Z"}, {"uuid": "a1376c87-438c-416c-a950-74112fa3af43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11864", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1514", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11864\n\ud83d\udd39 Description: Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP\n\ud83d\udccf Published: 2025-01-14T13:46:22.071Z\n\ud83d\udccf Modified: 2025-01-14T15:50:42.542Z\n\ud83d\udd17 References:\n1. https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864", "creation_timestamp": "2025-01-14T16:18:52.000000Z"}, {"uuid": "bd5087cb-24a8-40e0-bf86-56751481c06b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11863", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1514", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11864\n\ud83d\udd39 Description: Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP\n\ud83d\udccf Published: 2025-01-14T13:46:22.071Z\n\ud83d\udccf Modified: 2025-01-14T15:50:42.542Z\n\ud83d\udd17 References:\n1. https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864", "creation_timestamp": "2025-01-14T16:18:52.000000Z"}]}