{"vulnerability": "cve-2024-2150", "sightings": [{"uuid": "bc6a0781-2c2d-4ab9-8915-796e611be1ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21503", "type": "seen", "source": "https://t.me/ctinow/211181", "content": "https://ift.tt/5bSV6GL\nCVE-2024-21503", "creation_timestamp": "2024-03-19T06:26:49.000000Z"}, {"uuid": "3dd5fce5-b0b9-47ee-b1ca-db0daf1c3e6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21503", "type": "seen", "source": "https://t.me/ctinow/211177", "content": "https://ift.tt/5bSV6GL\nCVE-2024-21503", "creation_timestamp": "2024-03-19T06:26:45.000000Z"}, {"uuid": "233781cc-907d-4f99-8c8e-46f730d711cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21504", "type": "seen", "source": "https://t.me/ctinow/211178", "content": "https://ift.tt/gFImS5A\nCVE-2024-21504", "creation_timestamp": "2024-03-19T06:26:46.000000Z"}, {"uuid": "4aed4f0b-528b-4299-93e1-c158fff69e94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21501", "type": "seen", "source": "https://t.me/ctinow/207387", "content": "https://ift.tt/P8Rf35q\nCVE-2024-21501 | sanitize-html up to 2.12.0 Style Attribute information disclosure", "creation_timestamp": "2024-03-14T03:06:24.000000Z"}, {"uuid": "d7b7f0ea-bd58-4273-a93d-779aae4bcb84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21503", "type": "seen", "source": "https://t.me/ctinow/211287", "content": "https://ift.tt/mDQlaeg\nCVE-2024-21503", "creation_timestamp": "2024-03-19T09:31:29.000000Z"}, {"uuid": "273abf46-304f-4635-a109-088f329f8cae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21504", "type": "seen", "source": "https://t.me/ctinow/211182", "content": "https://ift.tt/gFImS5A\nCVE-2024-21504", "creation_timestamp": "2024-03-19T06:26:53.000000Z"}, {"uuid": "6ffccbb3-8b15-43e2-8ab4-0b53c2bfc0b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2150", "type": "seen", "source": "https://t.me/ctinow/198880", "content": "https://ift.tt/dI9D1N6\nCVE-2024-2150", "creation_timestamp": "2024-03-03T19:27:00.000000Z"}, {"uuid": "11cb425f-179d-40be-9094-c49a887eecb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2150", "type": "seen", "source": "https://t.me/ctinow/198876", "content": "https://ift.tt/dI9D1N6\nCVE-2024-2150", "creation_timestamp": "2024-03-03T19:26:56.000000Z"}, {"uuid": "1d3f3508-ced6-4a0c-b812-70fce6b7bc0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21501", "type": "seen", "source": "https://t.me/ctinow/193692", "content": "https://ift.tt/LlENzO4\nCVE-2024-21501", "creation_timestamp": "2024-02-26T19:36:44.000000Z"}, {"uuid": "de814903-aa6e-45f2-bb7d-773e055a9e7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21502", "type": "seen", "source": "https://t.me/ctinow/192441", "content": "https://ift.tt/OTViGfC\nCVE-2024-21502", "creation_timestamp": "2024-02-24T06:26:32.000000Z"}, {"uuid": "da76500f-a65d-4da7-bad6-1a14e4186d91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21501", "type": "seen", "source": "https://t.me/ctinow/192440", "content": "https://ift.tt/sw9kjev\nCVE-2024-21501", "creation_timestamp": "2024-02-24T06:26:31.000000Z"}, {"uuid": "3a863000-4b6a-4d01-bcd4-f0d54882c14f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21502", "type": "seen", "source": "https://t.me/ctinow/192438", "content": "https://ift.tt/OTViGfC\nCVE-2024-21502", "creation_timestamp": "2024-02-24T06:26:26.000000Z"}, {"uuid": "f66bc57f-4aa5-49fc-834e-e50bae48a88b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21501", "type": "seen", "source": "https://t.me/ctinow/192437", "content": "https://ift.tt/sw9kjev\nCVE-2024-21501", "creation_timestamp": "2024-02-24T06:26:25.000000Z"}, {"uuid": "b9733f50-5385-40b1-b58b-39c782d88160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21500", "type": "seen", "source": "https://t.me/ctinow/186786", "content": "https://ift.tt/29his4N\nCVE-2024-21500", "creation_timestamp": "2024-02-17T06:21:55.000000Z"}, {"uuid": "233025ed-0d2c-436c-8568-ae329f3f02e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21502", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4131", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21502\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-02-24T05:15:44.643\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://gist.github.com/keltecc/49da037072276f21b005a8337c15db26\n2. https://github.com/AntonKueltz/fastecdsa/blob/v2.3.1/src/curveMath.c%23L210\n3. https://github.com/AntonKueltz/fastecdsa/commit/57fc5689c95d649dab7ef60cc99ac64589f01e36\n4. https://security.snyk.io/vuln/SNYK-PYTHON-FASTECDSA-6262045\n5. https://gist.github.com/keltecc/49da037072276f21b005a8337c15db26\n6. https://github.com/AntonKueltz/fastecdsa/blob/v2.3.1/src/curveMath.c%23L210\n7. https://github.com/AntonKueltz/fastecdsa/commit/57fc5689c95d649dab7ef60cc99ac64589f01e36\n8. https://security.snyk.io/vuln/SNYK-PYTHON-FASTECDSA-6262045", "creation_timestamp": "2025-02-12T19:10:19.000000Z"}, {"uuid": "668389f1-18b2-4b9f-bf25-4fd44b67b16d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21501", "type": "published-proof-of-concept", "source": "https://t.me/slonser_notes/852", "content": "CVE-2024-21501\n\u041d\u0435\u0434\u0430\u0432\u043d\u043e \u043d\u0430\u0448\u0435\u043b \u043f\u0440\u0438\u043a\u043e\u043b\u044c\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0430\u043a\u0435\u0442\u0435 sanitize-html\n\u0412 \u0447\u0435\u043c \u0441\u0443\u0442\u044c, \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0447\u0430\u0441\u0442\u043e \u0432\u0435\u043d\u0434\u043e\u0440\u0430 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0440\u0438\u0431\u0443\u0442 style\n\u0415\u0441\u043b\u0438 \u043e\u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u0431\u0435\u043a\u0435\u043d\u0434\u0435 - \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u044d\u043d\u0443\u043c\u0435\u0440\u0435\u0439\u0442\u0438\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b\n\u0414\u043b\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0438 \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 - \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u0440\u0430\u0437\u043d\u044b\u0435 \u0432\u044b\u0432\u043e\u0434\u044b ( \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435, \u0442\u044d\u0433 style \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c)\n\u0423\u0434\u043e\u0431\u043d\u043e \u0434\u043b\u044f \u044d\u043d\u0443\u043c\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0435\u0439 node \u043f\u0440\u043e\u0435\u043a\u0442\u0430.\nPoC \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435", "creation_timestamp": "2024-02-23T10:04:14.000000Z"}, {"uuid": "74fafe0a-6668-4d65-ab99-971d6fc8c2c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21507", "type": "seen", "source": "https://t.me/arpsyndicate/4664", "content": "#ExploitObserverAlert\n\nCVE-2024-21507\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21507. Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.\n\nFIRST-EPSS: 0.000450000\nARPS-EXPLOITABILITY: 0.775", "creation_timestamp": "2024-04-13T13:48:11.000000Z"}, {"uuid": "d94f7a70-fc5e-43bb-ae03-564bf8f30847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21507", "type": "seen", "source": "https://t.me/arpsyndicate/4543", "content": "#ExploitObserverAlert\n\nCVE-2024-21507\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21507. Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.\n\nFIRST-EPSS: 0.000450000\nARPS-EXPLOITABILITY: 0.5780347", "creation_timestamp": "2024-04-12T06:43:59.000000Z"}, {"uuid": "8ee95dbb-2ef5-4d04-9266-7fa4bee7dcb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21502", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4139", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21502\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: Versions of the package fastecdsa before 2.3.2 use an Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.\n\ud83d\udccf Published: 2024-02-24T06:30:17Z\n\ud83d\udccf Modified: 2025-02-12T21:59:29Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-21502\n2. https://github.com/AntonKueltz/fastecdsa/commit/57fc5689c95d649dab7ef60cc99ac64589f01e36\n3. https://gist.github.com/keltecc/49da037072276f21b005a8337c15db26\n4. https://github.com/AntonKueltz/fastecdsa\n5. https://github.com/AntonKueltz/fastecdsa/blob/v2.3.1/src/curveMath.c%23L210\n6. https://security.snyk.io/vuln/SNYK-PYTHON-FASTECDSA-6262045", "creation_timestamp": "2025-02-12T22:09:52.000000Z"}, {"uuid": "3d762664-4640-4e09-b2f6-e7ba9f5cb0c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21508", "type": "seen", "source": "https://t.me/arpsyndicate/4651", "content": "#ExploitObserverAlert\n\nCVE-2024-21508\n\nDESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2024-21508. Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.\n\nFIRST-EPSS: 0.000440000\nARPS-EXPLOITABILITY: 0.7512425", "creation_timestamp": "2024-04-13T12:40:50.000000Z"}, {"uuid": "160087a8-31d1-4f92-ac35-cdeb1a2fd646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21506", "type": "seen", "source": "https://t.me/arpsyndicate/4537", "content": "#ExploitObserverAlert\n\nCVE-2024-21506\n\nDESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-21506. Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.\n\nFIRST-EPSS: 0.000450000\nARPS-EXPLOITABILITY: 0.6581785", "creation_timestamp": "2024-04-12T06:18:00.000000Z"}, {"uuid": "8844fb1b-28d7-443c-b6c9-a61c54f05a99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21509", "type": "seen", "source": "https://t.me/arpsyndicate/4561", "content": "#ExploitObserverAlert\n\nCVE-2024-21509\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21509. Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.\n\nFIRST-EPSS: 0.000440000\nARPS-EXPLOITABILITY: 0.5780347", "creation_timestamp": "2024-04-12T08:13:58.000000Z"}, {"uuid": "2ddc00a6-bdcb-41f5-aeca-85f75505561a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21509", "type": "seen", "source": "https://t.me/arpsyndicate/4658", "content": "#ExploitObserverAlert\n\nCVE-2024-21509\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21509. Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.\n\nFIRST-EPSS: 0.000440000\nARPS-EXPLOITABILITY: 0.775", "creation_timestamp": "2024-04-13T13:13:39.000000Z"}, {"uuid": "01585bc2-e78c-43f4-86ae-731553593af1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21508", "type": "seen", "source": "https://t.me/arpsyndicate/4613", "content": "#ExploitObserverAlert\n\nCVE-2024-21508\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21508. Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.\n\nFIRST-EPSS: 0.000440000\nARPS-EXPLOITABILITY: 0.6373563", "creation_timestamp": "2024-04-13T00:42:42.000000Z"}]}