{"vulnerability": "CVE-2023-4276", "sightings": [{"uuid": "3d495254-c1c6-4291-b9d7-30409ac9e275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42765", "type": "seen", "source": "https://t.me/ctinow/180397", "content": "https://ift.tt/wbVoxjP\nCVE-2023-42765", "creation_timestamp": "2024-02-06T23:31:25.000000Z"}, {"uuid": "d9052df3-e4c6-4b20-8ab1-94b4f8404e13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42765", "type": "seen", "source": "https://t.me/ctinow/186916", "content": "https://ift.tt/FlJPU4X\nCVE-2023-42765 | Westermo Lynx 206-F2G 4.24 SNMP Configuration username cross site scripting (icsa-24-023-04)", "creation_timestamp": "2024-02-17T13:12:03.000000Z"}, {"uuid": "535e91ea-7737-4a47-974a-ffe417625e8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42766", "type": "seen", "source": "https://t.me/ctinow/185863", "content": "https://ift.tt/0MutWj8\nCVE-2023-42766 | Intel NUC 8 Compute Element BIOS input validation (intel-sa-01028)", "creation_timestamp": "2024-02-15T20:56:58.000000Z"}, {"uuid": "faea5d4f-2a46-48ed-a99b-edbaa3a21290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42768", "type": "seen", "source": "https://t.me/cibsecurity/71934", "content": "\u203c CVE-2023-42768 \u203c\n\nWhen a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource.\u00c2\u00a0\u00c2\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T16:16:57.000000Z"}, {"uuid": "aec2bf6f-14de-43a7-8647-042ccf647db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42769", "type": "seen", "source": "https://t.me/cibsecurity/72987", "content": "\u203c CVE-2023-42769 \u203c\n\nThe cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-26T20:16:08.000000Z"}, {"uuid": "aa13415b-acea-4d7b-8bb7-0dee2e236248", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42766", "type": "seen", "source": "https://t.me/ctinow/170415", "content": "https://ift.tt/uLImT5e\nCVE-2023-42766", "creation_timestamp": "2024-01-19T21:27:24.000000Z"}, {"uuid": "b9351647-b04a-424e-86ee-1be577eca25b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4276", "type": "seen", "source": "https://t.me/cibsecurity/68176", "content": "\u203c CVE-2023-4276 \u203c\n\nThe Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T12:15:37.000000Z"}]}