{"vulnerability": "CVE-2023-2610", "sightings": [{"uuid": "3462913b-8bcd-4529-a504-a3fd1d63f1b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26107", "type": "seen", "source": "Telegram/ddKWfdHF28yYV_f4gQx3ZMOCPKAfOVAFbbWyxfeD5ng3QnSK", "content": "", "creation_timestamp": "2025-03-06T02:17:23.000000Z"}, {"uuid": "5d851828-304c-4bf0-ae08-a6e8de0e7639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26106", "type": "seen", "source": "Telegram/5Q0HEEAQoygmy2aBWQ7LqLr2Q0BLuxxMdvMkq82_vFBobaRu", "content": "", "creation_timestamp": "2025-03-06T02:17:23.000000Z"}, {"uuid": "3d4ccaa7-a7a6-4ad8-8b51-94756c5d1b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26101", "type": "seen", "source": "https://t.me/cibsecurity/62593", "content": "\u203c CVE-2023-26101 \u203c\n\nIn Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-21T16:31:38.000000Z"}, {"uuid": "27e0f1cf-f093-42fe-a2e3-a413672b8ed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2610", "type": "seen", "source": "https://t.me/cibsecurity/63710", "content": "\u203c CVE-2023-2610 \u203c\n\nInteger Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T02:13:54.000000Z"}, {"uuid": "1f430f74-d5f4-4b7f-a8e4-5f58783668c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26105", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7154", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26105\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P)\n\ud83d\udd39 Description: All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function.\n\ud83d\udccf Published: 2023-02-28T05:00:01.938Z\n\ud83d\udccf Modified: 2025-03-11T14:13:06.468Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-UTILITIES-3184491\n2. https://github.com/mde/utilities/issues/29", "creation_timestamp": "2025-03-11T14:39:52.000000Z"}, {"uuid": "92cd70e2-9a36-4dad-9c77-1d1560ba396f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26100", "type": "seen", "source": "https://t.me/cibsecurity/62596", "content": "\u203c CVE-2023-26100 \u203c\n\nIn Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-21T16:31:41.000000Z"}, {"uuid": "d67f95d4-eac4-43ef-812d-d16ce4074c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26107", "type": "seen", "source": "https://t.me/cibsecurity/59453", "content": "\u203c CVE-2023-26107 \u203c\n\nAll versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T07:17:22.000000Z"}, {"uuid": "1717fe2d-0262-46da-a0c6-4d50e15fb8a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26105", "type": "seen", "source": "https://t.me/cibsecurity/59086", "content": "\u203c CVE-2023-26105 \u203c\n\nAll versions of the package utilities are vulnerable to Prototype Pollution via the _mix function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T08:37:57.000000Z"}, {"uuid": "b4511e84-4e16-4927-a880-95b36d00615b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26109", "type": "seen", "source": "https://t.me/cibsecurity/59718", "content": "\u203c CVE-2023-26109 \u203c\n\nAll versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-09T07:15:00.000000Z"}, {"uuid": "149f5cba-14d7-49e2-8e85-af01aaf2fb0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26108", "type": "seen", "source": "https://t.me/cibsecurity/59450", "content": "\u203c CVE-2023-26108 \u203c\n\nVersions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T07:12:32.000000Z"}, {"uuid": "5350247a-5be8-439c-9fa5-4a6325969a3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26106", "type": "seen", "source": "https://t.me/cibsecurity/59446", "content": "\u203c CVE-2023-26106 \u203c\n\nAll versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T07:12:28.000000Z"}, {"uuid": "a2f692fc-4d6e-4911-bfdb-bb219b392d7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26102", "type": "seen", "source": "https://t.me/cibsecurity/58842", "content": "\u203c CVE-2023-26102 \u203c\n\nAll versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-24T07:18:52.000000Z"}]}