{"vulnerability": "CVE-2023-5025", "sightings": [{"uuid": "a2bd4751-2963-48a2-a438-8891112198d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50253", "type": "seen", "source": "https://t.me/cibsecurity/74333", "content": "\u203c\ufe0fCVE-2023-50253\u203c\ufe0f\n\nLaf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:36:58.000000Z"}, {"uuid": "0eb3913d-898d-483e-8d80-d3f93115b626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50253", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17744", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-50253\n\ud83d\udd25 CVSS Score: 9.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.\n\ud83d\udccf Published: 2024-01-03T16:45:11.778Z\n\ud83d\udccf Modified: 2025-06-09T18:48:18.796Z\n\ud83d\udd17 References:\n1. https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75f\n2. https://github.com/labring/laf/pull/1468", "creation_timestamp": "2025-06-09T19:48:04.000000Z"}, {"uuid": "678d81cf-0585-469c-8e64-67361eb9a486", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50256", "type": "seen", "source": "https://t.me/cibsecurity/74347", "content": "\u203c\ufe0fCVE-2023-50256\u203c\ufe0f\n\nFroxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements e.g. surname, company name established by the system. Version 2.1.2 fixes this issue. \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:38:08.000000Z"}, {"uuid": "bc1c24bd-fc52-4e45-b990-3ef66a55a322", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50256", "type": "seen", "source": "https://t.me/arpsyndicate/2470", "content": "#ExploitObserverAlert\n\nCVE-2023-50256\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-50256. Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.", "creation_timestamp": "2024-01-05T12:04:16.000000Z"}, {"uuid": "a56cc0b7-5962-4b3d-ada9-df4ee4222384", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50256", "type": "seen", "source": "https://t.me/arpsyndicate/3078", "content": "#ExploitObserverAlert\n\nCVE-2023-50256\n\nDESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-50256. Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.\n\nFIRST-EPSS: 0.000520000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2024-01-26T21:24:26.000000Z"}, {"uuid": "2e01895e-324c-49f0-bea1-85b980545b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50254", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3732", "content": "CVE-2023-50254 PoC Exploit for Deepin-reader RCE\n\nhttps://github.com/febinrev/deepin-linux_reader_RCE-exploit\n\nhttps://febin0x4e4a.wordpress.com/2023/12/22/cve-2023-50254-critical-rce-in-deepin-linux-desktop-oss-default-document-reader/", "creation_timestamp": "2023-12-26T13:18:41.000000Z"}, {"uuid": "1030610f-232c-40f7-9cce-1614bd5493b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50257", "type": "published-proof-of-concept", "source": "Telegram/ilYloj4OwYCEccF9UzeBtubYtnxshYkxXdYt2M-N7723mC8", "content": "", "creation_timestamp": "2025-04-20T21:00:05.000000Z"}, {"uuid": "75eecaee-03f7-4ffb-9d73-74fb27d76ba2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50257", "type": "published-proof-of-concept", "source": "Telegram/_2iZhze6jswijCm6NsMkH5GB7hxCAMET0bj118-njZt1foI", "content": "", "creation_timestamp": "2025-04-20T17:00:09.000000Z"}, {"uuid": "d2127da6-0ce7-446a-8ca0-0d91df850546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50253", "type": "seen", "source": "https://t.me/arpsyndicate/2476", "content": "#ExploitObserverAlert\n\nCVE-2023-50253\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50253. Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.", "creation_timestamp": "2024-01-05T13:35:54.000000Z"}, {"uuid": "96ada132-8c46-4b9b-afcf-a29b160ccd83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50257", "type": "seen", "source": "https://t.me/ctinow/187928", "content": "https://ift.tt/o9mp0ln\nCVE-2023-50257", "creation_timestamp": "2024-02-19T21:26:30.000000Z"}, {"uuid": "349f49d6-10bc-485f-8af3-802f8517484f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50253", "type": "seen", "source": "https://t.me/ctinow/162522", "content": "https://ift.tt/UVM0Xi7\nCVE-2023-50253", "creation_timestamp": "2024-01-03T18:31:51.000000Z"}, {"uuid": "6c20964e-d06d-4a49-b64a-f9b3a3ffa18e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50257", "type": "seen", "source": "https://t.me/ctinow/187921", "content": "https://ift.tt/o9mp0ln\nCVE-2023-50257", "creation_timestamp": "2024-02-19T21:21:23.000000Z"}, {"uuid": "0935d168-b250-4cf4-86f1-57744fab0f2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50254", "type": "seen", "source": "https://t.me/ctinow/169642", "content": "https://ift.tt/s7zYHZy\nCVE-2023-50254 | linuxdeepin developer-center up to 6.0.6 docx Document path traversal (GHSA-q9jr-726g-9495)", "creation_timestamp": "2024-01-18T10:11:30.000000Z"}, {"uuid": "3b8401cb-e9e7-47cd-97f1-ce7de092bdc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50250", "type": "seen", "source": "https://t.me/ctinow/169640", "content": "https://ift.tt/NtM3TZB\nCVE-2023-50250 | Cacti up to 1.2.25 XML Template templates_import.php cross site scripting (GHSA-xwqc-7jc4-xm73)", "creation_timestamp": "2024-01-18T10:11:27.000000Z"}, {"uuid": "999cf187-9d2c-49f0-a80c-5550e0df9854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50255", "type": "seen", "source": "https://t.me/ctinow/170232", "content": "https://ift.tt/glvqFV0\nCVE-2023-50255 | linuxdeepin developer-center up to 5.12.20 deepin-compressor path traversal", "creation_timestamp": "2024-01-19T15:16:34.000000Z"}, {"uuid": "031dab93-85fe-44c8-9923-83a094ea619a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50259", "type": "seen", "source": "https://t.me/ctinow/169657", "content": "https://ift.tt/qDEYXly\nCVE-2023-50259 | pymedusa Medusa up to 1.0.18 POST Request handler.py testslack slack_webhook server-side request forgery (GHSA-8mcr-vffr-jwxv)", "creation_timestamp": "2024-01-18T10:41:34.000000Z"}, {"uuid": "a46303fb-0b1d-4797-ac98-114bc58bda29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50250", "type": "seen", "source": "https://t.me/ctinow/160715", "content": "https://ift.tt/JSPqZ0m\nCVE-2023-50250 Exploit", "creation_timestamp": "2023-12-29T23:16:49.000000Z"}, {"uuid": "8722a0e2-b1da-449b-9bfb-d911bea02fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50253", "type": "seen", "source": "https://t.me/ctinow/172309", "content": "https://ift.tt/G18jv5P\nCVE-2023-50253 | labring laf up to 1.0.0-beta.13 information disclosure (GHSA-g9c8-wh35-g75f)", "creation_timestamp": "2024-01-23T21:26:17.000000Z"}, {"uuid": "0811eda4-afa5-4feb-a104-b72a694339a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50252", "type": "seen", "source": "https://t.me/ctinow/162852", "content": "https://ift.tt/uNWYpMI\nCVE-2023-50252 | dompdf php-svg-lib up to 0.5.0 SVG File unknown vulnerability", "creation_timestamp": "2024-01-04T09:07:07.000000Z"}, {"uuid": "6e8e881a-5d5d-4c1e-9911-3fcf134c3108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50251", "type": "seen", "source": "https://t.me/ctinow/162850", "content": "https://ift.tt/OqpLves\nCVE-2023-50251 | dompdf php-svg-lib up to 0.5.0 SVG File recursion", "creation_timestamp": "2024-01-04T09:07:04.000000Z"}, {"uuid": "76b0a834-f15d-4de9-8c02-f89b95077e6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50256", "type": "seen", "source": "https://t.me/ctinow/162698", "content": "https://ift.tt/gpo12RT\nCVE-2023-50256", "creation_timestamp": "2024-01-04T00:32:12.000000Z"}, {"uuid": "ffeee36c-6b65-4b5f-b654-b425184e7386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50254", "type": "seen", "source": "https://t.me/ctinow/162654", "content": "https://ift.tt/A5zKknE\nCVE-2023-50254 Exploit", "creation_timestamp": "2024-01-03T23:17:17.000000Z"}, {"uuid": "6ec07078-62aa-4add-a338-fac796edef0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50258", "type": "seen", "source": "https://t.me/ctinow/162653", "content": "https://ift.tt/9nHslZq\nCVE-2023-50258 Exploit", "creation_timestamp": "2024-01-03T23:17:16.000000Z"}, {"uuid": "2ea150d1-e379-4677-b88e-47586283523f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50259", "type": "seen", "source": "https://t.me/ctinow/162652", "content": "https://ift.tt/5tirYRu\nCVE-2023-50259 Exploit", "creation_timestamp": "2024-01-03T23:17:15.000000Z"}, {"uuid": "c130a694-c063-4814-9103-a3b75c1b3e13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50255", "type": "seen", "source": "https://t.me/ctinow/159723", "content": "https://ift.tt/st4x51R\nCVE-2023-50255", "creation_timestamp": "2023-12-27T18:26:13.000000Z"}, {"uuid": "6aecd5fd-a64e-4e74-88ac-4cbaf2e3be87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50259", "type": "seen", "source": "https://t.me/ctinow/158520", "content": "https://ift.tt/Y35fHEG\nCVE-2023-50259", "creation_timestamp": "2023-12-22T18:23:33.000000Z"}, {"uuid": "5e44af84-c7f6-4af2-9f82-486b6fc51fa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50256", "type": "seen", "source": "https://t.me/ctinow/166198", "content": "https://ift.tt/CbD8F5k\nCVE-2023-50256 Exploit", "creation_timestamp": "2024-01-10T23:16:42.000000Z"}, {"uuid": "8a876582-28ec-4792-a92e-9910147d7a1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50250", "type": "seen", "source": "https://t.me/ctinow/158517", "content": "https://ift.tt/KviDoem\nCVE-2023-50250", "creation_timestamp": "2023-12-22T18:23:30.000000Z"}, {"uuid": "c4aa80d9-44af-4c87-a5fb-e141d91bcd86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50258", "type": "seen", "source": "https://t.me/ctinow/158519", "content": "https://ift.tt/fGpbUXV\nCVE-2023-50258", "creation_timestamp": "2023-12-22T18:23:32.000000Z"}, {"uuid": "7a126949-6496-4cb8-a07d-220997dc113c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50254", "type": "seen", "source": "https://t.me/ctinow/158518", "content": "https://ift.tt/JyzUc0Y\nCVE-2023-50254", "creation_timestamp": "2023-12-22T18:23:31.000000Z"}, {"uuid": "4aa56ec5-20e9-406a-bb0a-ec40effd94da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-50254", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5802", "content": "CVE-2023-50254 PoC Exploit for Deepin-reader RCE\n\nPOC\n\nRead\n\n#CVE #POC #Exploit \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-12-23T11:53:32.000000Z"}]}