{"vulnerability": "cve-2023-2604", "sightings": [{"uuid": "aefc7b23-d2c5-4d01-a7c4-16fc3cb88664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26044", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2808", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26044\n\ud83d\udd39 Description: react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP.  Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the RequestBodyBufferMiddleware with very large settings. This might lead to consuming large amounts of CPU time for processing requests and significantly delay or slow down the processing of legitimate user requests. This issue has been addressed in release 1.9.0. Users are advised to upgrade. Users unable to upgrade may keep the request body limited using RequestBodyBufferMiddleware with a sensible value which should mitigate the issue. An infrastructure or DevOps workaround could be to place a reverse proxy in front of the ReactPHP HTTP server to filter out any excessive HTTP request bodies.\n\n\ud83d\udccf Published: 2023-05-17T17:24:25.855Z\n\ud83d\udccf Modified: 2025-01-23T19:52:01.375Z\n\ud83d\udd17 References:\n1. https://github.com/reactphp/http/security/advisories/GHSA-95x4-j7vc-h8mf\n2. https://github.com/reactphp/http/commit/9681f764b80c45ebfb5fe2ea7da5bd3babfcdcfd", "creation_timestamp": "2025-01-23T20:03:26.000000Z"}, {"uuid": "a191fb5e-da46-4537-b3d4-987cbcf3efba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26047", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5307", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26047\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\ud83d\udd39 Description: teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been patched in version 0.2.0.\n\ud83d\udccf Published: 2023-03-03T22:44:16.538Z\n\ud83d\udccf Modified: 2025-02-25T15:02:13.606Z\n\ud83d\udd17 References:\n1. https://github.com/kitabisa/teler-waf/security/advisories/GHSA-p2pf-g8cq-3gq5\n2. https://github.com/dwisiswant0/cwa-filter-rules/commit/d818d1645832d1a02cd210c7680e692d2bf4313b\n3. https://github.com/kitabisa/teler-waf/releases/tag/v0.2.0", "creation_timestamp": "2025-02-25T15:23:29.000000Z"}, {"uuid": "4e8e173b-17bf-4470-ac15-936aeb9a457f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26044", "type": "seen", "source": "https://t.me/cibsecurity/64343", "content": "\u203c CVE-2023-26044 \u203c\n\nreact/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the RequestBodyBufferMiddleware with very large settings. This might lead to consuming large amounts of CPU time for processing requests and significantly delay or slow down the processing of legitimate user requests. This issue has been addressed in release 1.9.0. Users are advised to upgrade. Users unable to upgrade may keep the request body limited using RequestBodyBufferMiddleware with a sensible value which should mitigate the issue. An infrastructure or DevOps workaround could be to place a reverse proxy in front of the ReactPHP HTTP server to filter out any excessive HTTP request bodies.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-17T22:33:01.000000Z"}, {"uuid": "bf265a4d-6d23-424b-9fff-f5259c88cb59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26046", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6615", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26046\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.\n\n\n\ud83d\udccf Published: 2023-03-02T00:14:57.196Z\n\ud83d\udccf Modified: 2025-03-05T21:30:47.218Z\n\ud83d\udd17 References:\n1. https://github.com/kitabisa/teler-waf/security/advisories/GHSA-9f95-hhg4-pg4f\n2. https://github.com/kitabisa/teler-waf/commit/d1d49cfddfa3ec2adad962870f14b85cd1aaf739\n3. https://github.com/kitabisa/teler-waf/releases/tag/v0.1.1", "creation_timestamp": "2025-03-05T21:34:49.000000Z"}, {"uuid": "1b1ab715-a946-4d5f-a953-5b1aa1f8859a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26049", "type": "seen", "source": "https://t.me/arpsyndicate/3162", "content": "#ExploitObserverAlert\n\nCVE-2023-26049\n\nDESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2023-26049. Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.\n\nFIRST-EPSS: 0.001720000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T02:15:54.000000Z"}, {"uuid": "43ea433e-8f93-40cc-8ddd-00da4a6287c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26048", "type": "seen", "source": "https://t.me/arpsyndicate/3141", "content": "#ExploitObserverAlert\n\nCVE-2023-26048\n\nDESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to CVE-2023-26048. Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\n\nFIRST-EPSS: 0.001310000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T00:58:14.000000Z"}, {"uuid": "f2a9f65c-240f-43dd-a62b-13bc2738299f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26045", "type": "seen", "source": "https://t.me/cibsecurity/67191", "content": "\u203c CVE-2023-26045 \u203c\n\nNodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk. This issue is patched in version 2.8.7. As a workaround, site maintainers can cherry pick the fix into their codebase to patch the exploit.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T02:38:44.000000Z"}, {"uuid": "f7b3b2e2-7f6d-4871-a482-44401c1c4178", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26041", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7045", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26041\n\ud83d\udd25 CVSS Score: 2.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.\n\n\ud83d\udccf Published: 2023-02-27T20:16:09.191Z\n\ud83d\udccf Modified: 2025-03-10T18:48:46.855Z\n\ud83d\udd17 References:\n1. https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j53p-r755-v4jf\n2. https://github.com/nextcloud/spreed/pull/8515\n3. https://hackerone.com/reports/1784310", "creation_timestamp": "2025-03-10T19:38:40.000000Z"}, {"uuid": "671d946a-7e2b-4f68-be8f-c528bf6e392a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26043", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7044", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26043\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.\n\n\ud83d\udccf Published: 2023-02-27T20:37:28.684Z\n\ud83d\udccf Modified: 2025-03-10T18:53:48.331Z\n\ud83d\udd17 References:\n1. https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8\n2. https://github.com/GeoNode/geonode/commit/2fdfe919f299b21f1609bf898f9dcfde58770ac0", "creation_timestamp": "2025-03-10T19:38:39.000000Z"}, {"uuid": "9d2d1055-65e7-4390-aad9-fa1d51b7f3a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26048", "type": "seen", "source": "https://t.me/arpsyndicate/601", "content": "#ExploitObserverAlert\n\nCVE-2023-26048\n\nDESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-26048. Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\n\nFIRST-EPSS: 0.001310000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-11-27T22:29:21.000000Z"}, {"uuid": "fca52911-46b7-41b3-bf76-c93fc09a2faa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26047", "type": "seen", "source": "https://t.me/cibsecurity/59410", "content": "\u203c CVE-2023-26047 \u203c\n\nteler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been patched in version 0.2.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-04T02:35:33.000000Z"}, {"uuid": "3d4264c3-92cd-4356-ac24-08e0f5c6653b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26048", "type": "seen", "source": "https://t.me/cibsecurity/62391", "content": "\u203c CVE-2023-26048 \u203c\n\nJetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T00:29:32.000000Z"}, {"uuid": "3991f400-618f-4776-91b0-671216eb2a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26049", "type": "seen", "source": "https://t.me/cibsecurity/62395", "content": "\u203c CVE-2023-26049 \u203c\n\nJetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T00:29:39.000000Z"}, {"uuid": "93ba72d9-3b28-4842-8fb8-0bba705e28fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26046", "type": "seen", "source": "https://t.me/cibsecurity/59306", "content": "\u203c CVE-2023-26046 \u203c\n\nteler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-02T07:34:05.000000Z"}, {"uuid": "67ce7261-b6bf-422b-98f3-bd88c67d92d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26043", "type": "seen", "source": "https://t.me/cibsecurity/59074", "content": "\u203c CVE-2023-26043 \u203c\n\nGeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T00:28:06.000000Z"}, {"uuid": "ed9f9e6e-04ad-410b-9b02-26d4d99b2eef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26041", "type": "seen", "source": "https://t.me/cibsecurity/59073", "content": "\u203c CVE-2023-26041 \u203c\n\nNextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T00:28:04.000000Z"}, {"uuid": "02742c17-4e51-4c68-b3dd-075a295df02e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26042", "type": "seen", "source": "https://t.me/cibsecurity/58956", "content": "\u203c CVE-2023-26042 \u203c\n\nPart-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-27T18:28:00.000000Z"}, {"uuid": "24eea845-c09d-42fe-bff0-970c1e31e3a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26049", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/9503", "content": "#exploit\n1. CVE-2022-40635:\nGroovy Sandbox Bypass in CrafterCMS\nhttps://github.com/mbadanoiu/CVE-2022-40635\n\n2. CVE-2023-26049:\nCookie Bugs - Smuggling & Injection\nhttps://blog.ankursundara.com/cookie-bugs\n\n3. CVE-2023-47503:\nJfinal_ CMS V5.1.0 has login.jsp written to RCE\nhttps://github.com/jflyfox/jfinal_cms/issues/58", "creation_timestamp": "2024-03-20T05:07:42.000000Z"}, {"uuid": "eb61c7fd-fad5-40cb-a973-219ff9b750a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26049", "type": "seen", "source": "https://t.me/Rootsec_2/2174", "content": "#exploit\n1. CVE-2022-40635:\nGroovy Sandbox Bypass in CrafterCMS\nhttps://github.com/mbadanoiu/CVE-2022-40635\n\n2. CVE-2023-26049:\nCookie Bugs - Smuggling & Injection\nhttps://blog.ankursundara.com/cookie-bugs", "creation_timestamp": "2024-08-16T08:55:30.000000Z"}, {"uuid": "497c80aa-ca09-4538-8643-8ec26734502f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-26043", "type": "published-proof-of-concept", "source": "https://github.com/GeoNode/geonode/security/advisories/GHSA-mcmc-c59m-pqq8", "content": "", "creation_timestamp": "2023-02-27T15:09:43.000000Z"}, {"uuid": "8ae1859e-b08d-4331-8e70-4abaed8f7b42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26045", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8742", "content": "#exploit \n1. CVE-2021-40346:\nHAProxy HTTP Smuggling\nhttps://github.com/knqyf263/CVE-2021-40346\n\n2. CVE-2023-26045:\nNodeBB Forum Software RCE Flaw\nhttps://securityonline.info/cve-2023-26045-nodebb-forum-software-remote-code-execution-flaw", "creation_timestamp": "2023-07-27T13:26:17.000000Z"}]}