https://vulnerability.circl.lu/sightings/feed 2026-05-28T01:19:16.213087+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/4f4efd2a-4066-4790-84cb-82ffaf639a50/export 2026-05-28T01:19:16.464829+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "4f4efd2a-4066-4790-84cb-82ffaf639a50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36555", "type": "seen", "source": "https://t.me/cibsecurity/71973", "content": "\u203c CVE-2023-36555 \u203c\n\nAn improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T20:16:54.000000Z"} 2023-10-10T20:16:54+00:00 https://vulnerability.circl.lu/sighting/a8cb7566-b299-4d08-a0db-797023e7da73/export 2026-05-28T01:19:16.464768+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a8cb7566-b299-4d08-a0db-797023e7da73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36553", "type": "seen", "source": "https://t.me/CyberSecurityIL/32193", "content": "\u05de\u05e9\u05ea\u05de\u05e9\u05d9\u05dd \u05d1\u05de\u05d5\u05e6\u05e8 Forti Siem \u05e9\u05dc \u05d7\u05d1\u05e8\u05ea \u05e4\u05d5\u05e8\u05d8\u05d9\u05e0\u05d8? \u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05d7\u05d3\u05e9\u05d4 (9.8) - CVE-2023-36553\n\n\u05e4\u05e8\u05d8\u05d9\u05dd \u05e0\u05d5\u05e1\u05e4\u05d9\u05dd - \u05db\u05d0\u05df\n\n#\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea", "creation_timestamp": "2023-11-16T18:04:06.000000Z"} 2023-11-16T18:04:06+00:00 https://vulnerability.circl.lu/sighting/6385b373-d854-408b-ae37-4bf043dbdc73/export 2026-05-28T01:19:16.464678+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "6385b373-d854-408b-ae37-4bf043dbdc73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36553", "type": "seen", "source": "https://t.me/true_secator/5096", "content": "Fortinet \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0435 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 FortiSIEM, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u043f\u0440\u043e\u0441\u044b API.\n\nFortinet \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0430\u043a CVE-2023-36553 \u0438 \u043f\u0440\u043e\u0441\u0432\u043e\u0438\u043b\u0430 \u0435\u0439 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 9,3, \u043e\u0434\u043d\u0430\u043a\u043e NIST \u0440\u0430\u0441\u0441\u0447\u0438\u0442\u0430\u043b\u00a09,8.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e CVE-2023-36553 - \u044d\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u043d\u0430\u044f \u043e\u0442 \u0434\u0440\u0443\u0433\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b CVE-2023-34992, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043e\u043a\u0442\u044f\u0431\u0440\u044f.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441\u043f\u0435\u0446\u0441\u0438\u043c\u0432\u043e\u043b\u0430\u043c\u0438 \u0438\u043b\u0438 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u0437\u0430\u043f\u0440\u043e\u0441\u044b API \u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0435\u0442 \u0438\u0445 \u041e\u0421 \u043a\u0430\u043a \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 FortiSIEM \u0441 4.7 \u043f\u043e 5.4.\n\nFortinet \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e 6.4.3, 6.5.2, 6.6.4, 6.7.6, 7.0.1 \u0438\u043b\u0438 7.1.0 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439.\n\n\u0412\u0435\u0434\u044c \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f Fortinet \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u0445 \u0432 \u0437\u0434\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0438, \u0444\u0438\u043d\u0441\u0435\u043a\u0442\u043e\u0440\u0435, \u0442\u043e\u0440\u0433\u043e\u0432\u043b\u0435, \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u0433\u043e\u0441\u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f\u0445, \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u0447\u0430\u0441\u0442\u043e \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u043c \u0410\u0420\u0422-\u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0443\u0436\u0435 \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u043b\u043e\u0441\u044c.", "creation_timestamp": "2023-11-17T09:49:29.000000Z"} 2023-11-17T09:49:29+00:00 https://vulnerability.circl.lu/sighting/187df3c4-3dbb-4fc3-9ee1-af2414679460/export 2026-05-28T01:19:16.464609+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "187df3c4-3dbb-4fc3-9ee1-af2414679460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36553", "type": "seen", "source": "https://t.me/arpsyndicate/351", "content": "#ExploitObserverAlert\n\nCVE-2023-36553\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36553. A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.\n\nFIRST-EPSS: 0.000430000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-22T15:19:30.000000Z"} 2023-11-22T15:19:30+00:00 https://vulnerability.circl.lu/sighting/517eacf8-7679-4f08-b0fb-2ab9f03a9deb/export 2026-05-28T01:19:16.464540+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "517eacf8-7679-4f08-b0fb-2ab9f03a9deb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36553", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5919", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-36553 unauthenticated RCE PoC for Fortinet Fortisiem\nURL\uff1ahttps://github.com/kenit7s/CVE-2023-36553-RCE\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-11-23T05:07:09.000000Z"} 2023-11-23T05:07:09+00:00 https://vulnerability.circl.lu/sighting/eeb2ff1f-c7eb-43b8-bc1f-9e6260e90829/export 2026-05-28T01:19:16.464478+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "eeb2ff1f-c7eb-43b8-bc1f-9e6260e90829", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36554", "type": "seen", "source": "https://t.me/ctinow/205800", "content": "https://ift.tt/MJIrzlo\nCVE-2023-36554", "creation_timestamp": "2024-03-12T16:26:33.000000Z"} 2024-03-12T16:26:33+00:00 https://vulnerability.circl.lu/sighting/698922b4-defe-442e-80c5-a51747bbeafb/export 2026-05-28T01:19:16.464405+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "698922b4-defe-442e-80c5-a51747bbeafb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36554", "type": "seen", "source": "https://t.me/ctinow/205816", "content": "https://ift.tt/MJIrzlo\nCVE-2023-36554", "creation_timestamp": "2024-03-12T16:32:01.000000Z"} 2024-03-12T16:32:01+00:00 https://vulnerability.circl.lu/sighting/724946b1-a4cd-40b4-aef1-f3e2b5abf0c0/export 2026-05-28T01:19:16.464337+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "724946b1-a4cd-40b4-aef1-f3e2b5abf0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36554", "type": "seen", "source": "https://t.me/arpsyndicate/4189", "content": "#ExploitObserverAlert\n\nCVE-2023-36554\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-36554. A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.", "creation_timestamp": "2024-03-13T21:42:37.000000Z"} 2024-03-13T21:42:37+00:00 https://vulnerability.circl.lu/sighting/16930d82-487c-471f-b4e3-96a6a4b5b6dc/export 2026-05-28T01:19:16.464243+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "16930d82-487c-471f-b4e3-96a6a4b5b6dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36559", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11727", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-36559\n\ud83d\udd25 CVSS Score: 4.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability\n\ud83d\udccf Published: 2023-10-13T20:36:10.925Z\n\ud83d\udccf Modified: 2025-04-14T22:46:41.145Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36559", "creation_timestamp": "2025-04-14T22:53:57.000000Z"} 2025-04-14T22:53:57+00:00 https://vulnerability.circl.lu/sighting/fc9df4ca-cc05-474c-b4e3-071dc0529935/export 2026-05-28T01:19:16.462056+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "fc9df4ca-cc05-474c-b4e3-071dc0529935", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36558", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13945", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-36558\n\ud83d\udd25 CVSS Score: 6.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)\n\ud83d\udd39 Description: ASP.NET Core Security Feature Bypass Vulnerability\n\ud83d\udccf Published: 2023-11-14T21:35:31.499Z\n\ud83d\udccf Modified: 2025-04-29T23:34:51.569Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558", "creation_timestamp": "2025-04-30T00:12:26.000000Z"} 2025-04-30T00:12:26+00:00