{"vulnerability": "CVE-2023-3268", "sightings": [{"uuid": "db02dc29-a486-4d8d-be6f-ed5081898120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32681", "type": "seen", "source": "https://gist.github.com/mpathak4/eb802e9cd238428a7edb09e27a8c7e12", "content": "", "creation_timestamp": "2025-10-10T06:42:03.000000Z"}, {"uuid": "e7260dfb-cbe6-47ee-8116-5eccfc59a11b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-32681", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "c28707fa-c73e-49e6-81a7-e1ad67bcec95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32681", "type": "seen", "source": "https://gist.github.com/Darkcrai86/43cb7575459ddae3fd84494950558e5a", "content": "", "creation_timestamp": "2025-09-23T15:00:33.000000Z"}, {"uuid": "243a6c5c-a3c5-4e02-8870-77080e9a2e0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32681", "type": "seen", "source": "https://gist.github.com/gerardosenattore-cmd/225a969304d36aec70b04ed7e856e725", "content": "", "creation_timestamp": "2025-11-11T12:28:12.000000Z"}, {"uuid": "8313274a-f0d8-4242-9e38-d05c31396db7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32684", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1169", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32684\n\ud83d\udd39 Description: Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative path from the instance directory) in a malicious disk image, as the qcow2 (or vmdk) backing file path string. As Lima refuses to run as the root, it is practically impossible for the attacker to read the entire host disk via `/dev/rdiskN`. Also, practically, the attacker cannot read at least the first 512 bytes (MBR) of the target file. The issue has been patched in Lima in version 0.16.0 by prohibiting using a backing file path in the VM base image.\n\ud83d\udccf Published: 2023-05-30T17:19:17.148Z\n\ud83d\udccf Modified: 2025-01-10T16:52:10.831Z\n\ud83d\udd17 References:\n1. https://github.com/lima-vm/lima/security/advisories/GHSA-f7qw-jj9c-rpq9\n2. https://github.com/lima-vm/lima/commit/01dbd4d9cabe692afa4517be3995771f0ebb38a5\n3. https://github.com/lima-vm/lima/releases/tag/v0.16.0", "creation_timestamp": "2025-01-10T17:03:42.000000Z"}, {"uuid": "af9f413f-4abb-4b04-ae09-0ebb709d6dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-32681", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "69c28b59-134b-495a-850c-b664f80a8883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32683", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/452", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32683\n\ud83d\udd39 Description: Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.\n\ud83d\udccf Published: 2023-06-06T18:24:30.457Z\n\ud83d\udccf Modified: 2025-01-07T16:26:12.352Z\n\ud83d\udd17 References:\n1. https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc\n2. https://github.com/matrix-org/synapse/pull/15601\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/", "creation_timestamp": "2025-01-07T16:37:28.000000Z"}, {"uuid": "7c0d9bda-548f-490a-9100-f5e2c28b0d11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32681", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4792", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPOC for the CVE-2023-32681\nURL\uff1ahttps://github.com/hardikmodha/POC-CVE-2023-32681\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-22T06:52:58.000000Z"}, {"uuid": "7bcbf078-4925-4afd-b8f8-d793eb71a410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32688", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1588", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32688\n\ud83d\udd39 Description: parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.\n\n\ud83d\udccf Published: 2023-05-27T03:21:27.071Z\n\ud83d\udccf Modified: 2025-01-14T18:43:52.475Z\n\ud83d\udd17 References:\n1. https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993\n2. https://github.com/parse-community/parse-server-push-adapter/pull/217\n3. https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3", "creation_timestamp": "2025-01-14T19:11:17.000000Z"}, {"uuid": "349f4d04-9e8a-45e0-986b-1d3142c347b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32681", "type": "seen", "source": "https://t.me/true_secator/5358", "content": "\u0423 Splunk \u043d\u043e\u0432\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b: \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445.\n\n\u041f\u0435\u0440\u0432\u0430\u044f CVE-2023-46230 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS \u00a08,2 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0444\u0430\u0439\u043b\u0430\u0445 \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0432 Splunk Add-on Builder.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043b\u0438\u0431\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432, \u043b\u0438\u0431\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440.\n\nCVE-2023-46231 \u0441 CVSS 8,8 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Splunk Add-on Builder \u043d\u0438\u0436\u0435 4.1.4 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0442\u043e\u043a\u0435\u043d\u044b \u0441\u0435\u0430\u043d\u0441\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u044b \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043b\u0438\u0431\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432, \u043b\u0438\u0431\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0440\u043e\u043b\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-32681 \u0438 CVE-2022-25883, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0432 Splunk Add-on Builder.\n\n\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c Splunk Add-on Builder \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.1.4 \u0438\u043b\u0438 \u0432\u044b\u0448\u0435, \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0432\u0441\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0438 \u0444\u0430\u0439\u043b\u044b \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0442\u043e\u043a\u0435\u043d\u044b \u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0445\u0440\u0430\u043d\u044f\u0449\u0443\u044e\u0441\u044f \u0432 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u0445 \u0432\u0432\u043e\u0434\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u0445 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043d\u0430\u0434\u0441\u0442\u0440\u043e\u0435\u043a \u0434\u043b\u044f \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0445 \u0432\u0445\u043e\u0434\u043e\u0432.\n\n\u0411\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430. \u041c\u0435\u0440\u044b \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442.", "creation_timestamp": "2024-01-31T14:50:05.000000Z"}, {"uuid": "3a874a33-3581-4f5c-a3c8-b3ecc67ba809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32681", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3127", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27 \ud83d\udd28  -  Hackers Factory\n\n\u200b\u200bFirefox Decrypt\n\nA tool to extract passwords from Mozilla (Firefox\u2122, Waterfox\u2122, Thunderbird\u00ae, SeaMonkey\u00ae) profiles.\n\nhttps://github.com/unode/firefox_decrypt\n\n#infosec #pentesting #redteam\n\n\u200b\u200bmutation fuzzer\n\nMutate a binary to identify potential #exploit candidates.\n\nhttps://github.com/demetriusford/mutation-fuzzer\n\n#cybersecurity #infosec\n\n\u200b\u200bmasm32-kernel-programming\n\nmasm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)\n\nhttps://github.com/therealdreg/masm32-kernel-programming\n\n#malware #cybersecurity #infosec\n\n\u200b\u200bXSS-Bypass-Filters\n\nhttps://github.com/Edr4/XSS-Bypass-Filters\n\n#infosec #bugbounty \n\n\u200b\u200bCVE-2023-3519\n\nThis #Nmap NSE script checks for the CVE-2023-3519 vulnerability in Citrix Gateway and Citrix AAA.\n\nhttps://github.com/dorkerdevil/CitrixFall\n\n#infosec \n\n\u200b\u200bCVE-2023-3519\n\nThe cve_2023_3519_inspector.py is a Python-based vulnerability scanner for detecting the CVE-2023-3519 vulnerability in Citrix Gateways. It performs a passive analysis and fingerprinting of target websites to assess their vulnerability based on a series of checks.\n\nhttps://github.com/securekomodo/citrixInspector\n\n#cve\n\n\u200b\u200bCVE-2023-28121\n\nWooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]\n\nhttps://github.com/im-hanzou/Mass-CVE-2023-28121\n\n#cve\n\n\u200b\u200bCVE-2023-32681\n\nVulnerability in python-requests affects IBM InfoSphere Information Server.\n\nhttps://github.com/hardikmodha/POC-CVE-2023-32681\n\n#cve #poc #cybersecurity #infosec\n\n\u200b\u200bCloudflare Origin ip\n\nThis Python tool compares the HTTP response of the given subdomain to HTTP responses of a list of IPs addresses. This list is based on:\n\n\u2022 subdomains supplied by the user\n\u2022 subdomains found on external sources\n\u2022 IPs found external sources\n\nhttps://github.com/gwen001/cloudflare-origin-ip\n\n\u200b\u200bBucketLoot\n\nBucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.\n\nhttps://github.com/redhuntlabs/BucketLoot\n\n\u200b\u200bHtmlSmuggling\n\nit is malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page.\n\nhttps://github.com/De3vil/HtmlSmuggling\n\n\u200b\u200bTGSThief\n\nI think a lot of people have seen the project GIUDA. It is an interesting way to get the TGS of a user whose logon session is just present on the computer. The problem is that its code is written in Pascal (the last time I wrote in Pascal was at school), so I had to rewrite the project in C++.\n\nhttps://github.com/MzHmO/TGSThief\n\n\u200b\u200bCVE-2023-28467\n\nCross-site scripting (XSS) vulnerability in the User CP module allows remote authenticated users to inject HTML via the user email field, triggered on the User CP Home page.\n\nAfter registration, the e-mail address is changed and the XSS payload is placed. Then, when \"User CP\" is entered, the vulnerability is triggered.\n\nhttps://github.com/ahmetaltuntas/CVE-2023-28467\n\n\u200b\u200bRandomTSScripts\n\nRandom collection of scripts useful for engagements, which don't really need their own repo.\n\nhttps://github.com/xpn/RandomTSScripts\n\n\u200b\u200bCVE-2023-38408 \n\nRemote Code Execution in OpenSSH's forwarded ssh-agent\n\nhttps://github.com/snowcra5h/CVE-2023-38408\n\n\u200b\u200bcombine\n\nRust in-memory dumper. Check your windows local security authority credential's safety with this awesome tool.\n\nhttps://github.com/m3f157O/combine_harvester\n\n\u200b\u200bTokenTactics v2\n\nA fork of the great TokenTactics with support for CAE and token endpoint v2.\n\nhttps://github.com/f-bader/TokenTacticsV2\n\n\u200b\u200bDeepCamera\n\nOpen-Source #AI #Camera. Empower any camera/CCTV with state-of-the-art AI, including facial recognition, person recognition(RE-ID) car detection, fall detection and more...\n\nhttps://github.com/SharpAI/DeepCamera\n\n\u200b\u200bAnalytics & AdBlocker\n\nProtect your #privacy while browsing the web.\n\nhttps://github.com/con-schy1/Analytics_AdBlocker\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-07-25T11:56:20.000000Z"}, {"uuid": "1badb5d6-7c40-4d16-8bf9-5154c6b96bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32688", "type": "seen", "source": "https://t.me/cibsecurity/64737", "content": "\u203c CVE-2023-32688 \u203c\n\nparse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-27T07:29:04.000000Z"}, {"uuid": "22457ea9-81d6-4bba-a588-d326df316345", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32680", "type": "seen", "source": "https://t.me/cibsecurity/64439", "content": "\u203c CVE-2023-32680 \u203c\n\nMetabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database\u00e2\u20ac\u201cbut affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that: Anyone\u00e2\u20ac\u201cincluding people in sandboxed groups\u00e2\u20ac\u201ccould edit SQL snippets. They could edit snippets via the API or, in the application UI, when editing the metadata for a model based on a SQL question, and people in sandboxed groups could edit a SQL snippet used in a query that creates their sandbox. If the snippet contained logic that restricted which data that person could see, they could potentially edit that snippet and change their level of data access. The permissions model for SQL snippets has been fixed in Metabase versions 0.46.3, 0.45.4, 0.44.7, 1.46.3, 1.45.4, and 1.44.7. Users are advised to upgrade. Users unable to upgrade should ensure that SQL queries used to create sandboxes exclude SQL snippets.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-19T02:32:34.000000Z"}, {"uuid": "dbe8d014-24da-4b36-a90a-a38b5ff2d483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32681", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8720", "content": "#exploit\n1. CVE-2023-32681:\nVulnerability in python-requests affects IBM InfoSphere Information Server\nhttps://github.com/hardikmodha/POC-CVE-2023-32681\n\n2. CVE-2023-28467:\nMyBB 1.8.33 - User CP email persistent XSS\nhttps://github.com/ahmetaltuntas/CVE-2023-28467\n\n3. Google Chrome V8 ArrayShift Race Condition RCE\nhttps://blog.exodusintel.com/2023/05/16/google-chrome-v8-arrayshift-race-condition-remote-code-execution", "creation_timestamp": "2023-07-23T19:34:47.000000Z"}]}