{"vulnerability": "CVE-2023-3663", "sightings": [{"uuid": "2bc90a14-ecc7-4533-b56b-017b2df8f0f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36636", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrf7bgohjo2k", "content": "", "creation_timestamp": "2025-06-12T05:36:14.556231Z"}, {"uuid": "933a5ddf-fac6-4c6e-ad3e-9b0582d94239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3663", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5792", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-3663\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.\n\ud83d\udccf Published: 2023-08-03T10:55:08.945Z\n\ud83d\udccf Modified: 2025-02-27T21:11:34.700Z\n\ud83d\udd17 References:\n1. https://cert.vde.com/en/advisories/VDE-2023-022/", "creation_timestamp": "2025-02-27T21:25:54.000000Z"}, {"uuid": "e702bea0-1e55-48ca-a48e-e17add16cab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-3663", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}, {"uuid": "2aec2e1f-44e9-4cfb-88c7-e8598104ef97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36632", "type": "seen", "source": "Telegram/e1o90iHJT-k2JGh5790ahxiLQIt4T9bVzKO5ZsUBjDuYtSU", "content": "", "creation_timestamp": "2025-07-18T13:11:47.000000Z"}, {"uuid": "7d13ebd8-dae7-4b77-bbf3-fa75dbe61ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36638", "type": "seen", "source": "https://t.me/cibsecurity/70380", "content": "\u203c CVE-2023-36638 \u203c\n\nAn improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T16:23:47.000000Z"}, {"uuid": "83204df0-9cb5-4f06-aeaa-4b9fae4d2572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36631", "type": "seen", "source": "https://t.me/cibsecurity/65507", "content": "\u203c CVE-2023-36631 \u203c\n\n** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is \"this is intended behavior as the application can be locked using a password.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T16:41:01.000000Z"}, {"uuid": "2dd0f573-9387-461c-b86a-05f1f6cef9dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36639", "type": "seen", "source": "https://t.me/ctinow/161833", "content": "https://ift.tt/D9UzlQn\nCVE-2023-36639 | Fortinet FortiOS/FortiProxy/FortiPAM HTTPSd Daemon format string (FG-IR-23-138)", "creation_timestamp": "2024-01-02T15:36:23.000000Z"}, {"uuid": "0eedbfe4-6bad-44c5-86d9-cf09415294fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36635", "type": "seen", "source": "https://t.me/cibsecurity/70068", "content": "\u203c CVE-2023-36635 \u203c\n\nAn improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.27.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-07T16:18:54.000000Z"}, {"uuid": "36714b18-ddb1-442a-b787-c9aaa0bbed8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3663", "type": "seen", "source": "https://t.me/cibsecurity/67654", "content": "\u203c CVE-2023-3663 \u203c\n\nIn CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T14:39:54.000000Z"}, {"uuid": "cfafc7c0-d458-4387-88d5-4c1210a557c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36634", "type": "seen", "source": "https://t.me/cibsecurity/70384", "content": "\u203c CVE-2023-36634 \u203c\n\nAn incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T16:23:52.000000Z"}, {"uuid": "6eb55054-d253-440e-b38d-c6389293629d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36632", "type": "seen", "source": "https://t.me/cibsecurity/65495", "content": "\u203c CVE-2023-36632 \u203c\n\nThe legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T00:10:04.000000Z"}, {"uuid": "f2bfa150-31f9-4616-9770-45eea69d6d6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36630", "type": "seen", "source": "https://t.me/cibsecurity/65493", "content": "\u203c CVE-2023-36630 \u203c\n\nIn CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-25T20:35:18.000000Z"}]}