https://vulnerability.circl.lu/sightings/feed 2026-05-04T10:34:17.250691+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/6e059458-e25d-4159-9772-30dd9432d095/export 2026-05-04T10:34:17.609176+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "6e059458-e25d-4159-9772-30dd9432d095", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35932", "type": "seen", "source": "https://t.me/cibsecurity/65489", "content": "\u203c CVE-2023-35932 \u203c\n\njcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-24T02:33:48.000000Z"} 2023-06-24T02:33:48+00:00 https://vulnerability.circl.lu/sighting/0b407bba-bf11-4d9b-95ee-b4bd697db81a/export 2026-05-04T10:34:17.609097+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "0b407bba-bf11-4d9b-95ee-b4bd697db81a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35938", "type": "seen", "source": "https://t.me/cibsecurity/65762", "content": "\u203c CVE-2023-35938 \u203c\n\nTuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T00:14:39.000000Z"} 2023-06-30T00:14:39+00:00 https://vulnerability.circl.lu/sighting/c3cd93cd-aa2d-4385-82c3-52772a61d7bb/export 2026-05-04T10:34:17.609013+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "c3cd93cd-aa2d-4385-82c3-52772a61d7bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35935", "type": "seen", "source": "https://t.me/cibsecurity/65869", "content": "\u203c CVE-2023-35935 \u203c\n\n@fastify/oauth2, a wrapper around the `simple-oauth2` library, is vulnerable to cross site request forgery (CSRF) prior to version 7.2.0.. All versions of @fastify/oauth2 used a statically generated `state` parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 `state` parameter is to prevent CSRF attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it. Version 7.2.0 changes the default behavior to store the `state` in a cookie with the `http-only` and `same-site=lax` attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the `checkStateFunction` function, which now accepts the full `Request` object. There are no known workarounds for the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-03T20:22:38.000000Z"} 2023-07-03T20:22:38+00:00 https://vulnerability.circl.lu/sighting/cdffd939-ffc7-4d90-a49e-72e2bd271ac0/export 2026-05-04T10:34:17.608930+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "cdffd939-ffc7-4d90-a49e-72e2bd271ac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35936", "type": "seen", "source": "https://t.me/cibsecurity/66012", "content": "\u203c CVE-2023-35936 \u203c\n\nPandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option.The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `--sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `--extract-media` option.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-06T00:27:08.000000Z"} 2023-07-06T00:27:08+00:00 https://vulnerability.circl.lu/sighting/57551f05-d53a-4a0e-b42c-fbcd4fb317e8/export 2026-05-04T10:34:17.608848+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "57551f05-d53a-4a0e-b42c-fbcd4fb317e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35939", "type": "seen", "source": "https://t.me/cibsecurity/66017", "content": "\u203c CVE-2023-35939 \u203c\n\nGLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-06T00:27:16.000000Z"} 2023-07-06T00:27:16+00:00 https://vulnerability.circl.lu/sighting/285397d5-c5ea-49a4-851c-852de94a680e/export 2026-05-04T10:34:17.608757+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "285397d5-c5ea-49a4-851c-852de94a680e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35934", "type": "seen", "source": "https://t.me/cibsecurity/66163", "content": "\u203c CVE-2023-35934 \u203c\n\nyt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later).At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp's info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped.yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scopingSome workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `--load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T00:20:37.000000Z"} 2023-07-07T00:20:37+00:00 https://vulnerability.circl.lu/sighting/02195a73-0d5b-414b-bdd1-f19a119c7ed7/export 2026-05-04T10:34:17.608678+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "02195a73-0d5b-414b-bdd1-f19a119c7ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3593", "type": "seen", "source": "https://t.me/cibsecurity/66851", "content": "\u203c CVE-2023-3593 \u203c\n\nMattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-17T20:40:36.000000Z"} 2023-07-17T20:40:36+00:00 https://vulnerability.circl.lu/sighting/f174a90a-0c74-4553-ae3a-5a59f5dc6cc8/export 2026-05-04T10:34:17.608590+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f174a90a-0c74-4553-ae3a-5a59f5dc6cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35936", "type": "seen", "source": "https://t.me/cibsecurity/67195", "content": "\u203c CVE-2023-38745 \u203c\n\nPandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T07:26:33.000000Z"} 2023-07-25T07:26:33+00:00 https://vulnerability.circl.lu/sighting/dcd3b0f0-d636-45e1-b4ab-e5e07b7cd0fb/export 2026-05-04T10:34:17.608465+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "dcd3b0f0-d636-45e1-b4ab-e5e07b7cd0fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35934", "type": "seen", "source": "https://t.me/arpsyndicate/172", "content": "#ExploitObserverAlert\n\nCVE-2023-35934\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-35934. yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later).\n\nAt the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp's info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped.\n\nyt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping\n\nSome workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `--load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM.\n\nFIRST-EPSS: 0.000900000\nNVD-IS: 4.7\nNVD-ES: 2.8", "creation_timestamp": "2023-11-13T20:27:24.000000Z"} 2023-11-13T20:27:24+00:00 https://vulnerability.circl.lu/sighting/75836a30-83a9-46ea-83da-31057111b56e/export 2026-05-04T10:34:17.605732+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "75836a30-83a9-46ea-83da-31057111b56e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35936", "type": "seen", "source": "https://t.me/ctinow/177686", "content": "https://ift.tt/iXDeCH4\nCVE-2023-35936 Exploit", "creation_timestamp": "2024-02-01T17:16:32.000000Z"} 2024-02-01T17:16:32+00:00