https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-18T02:34:02.003814+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/607bb397-3000-4a6d-b031-29d58aaa6cff/export607bb397-3000-4a6d-b031-29d58aaa6cff2026-06-18T02:34:02.993967+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "607bb397-3000-4a6d-b031-29d58aaa6cff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33965", "type": "seen", "source": "https://t.me/cibsecurity/64855", "content": "\u203c CVE-2023-33965 \u203c\n\nBrook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-01T18:25:19.000000Z"}2023-06-01T18:25:19+00:00https://vulnerability.circl.lu/sighting/54cbe547-1b18-4665-87cb-d0c571eead4f/export54cbe547-1b18-4665-87cb-d0c571eead4f2026-06-18T02:34:02.993869+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "54cbe547-1b18-4665-87cb-d0c571eead4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33968", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/709", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33968\n\ud83d\udd39 Description: Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2023-06-05T19:49:17.550Z\n\ud83d\udccf Modified: 2025-01-08T16:02:26.334Z\n\ud83d\udd17 References:\n1. https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr\n2. https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053", "creation_timestamp": "2025-01-08T16:14:19.000000Z"}2025-01-08T16:14:19+00:00https://vulnerability.circl.lu/sighting/a708a0db-479b-41b8-9b0a-a98a81e06f8a/exporta708a0db-479b-41b8-9b0a-a98a81e06f8a2026-06-18T02:34:02.993772+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "a708a0db-479b-41b8-9b0a-a98a81e06f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33969", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/713", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33969\n\ud83d\udd39 Description: Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.\n\n\n\ud83d\udccf Published: 2023-06-05T19:57:11.800Z\n\ud83d\udccf Modified: 2025-01-08T16:00:50.616Z\n\ud83d\udd17 References:\n1. https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9\n2. https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c", "creation_timestamp": "2025-01-08T16:15:48.000000Z"}2025-01-08T16:15:48+00:00https://vulnerability.circl.lu/sighting/ec1a5ebf-59e8-4ca6-9f2e-a5531c1710ff/exportec1a5ebf-59e8-4ca6-9f2e-a5531c1710ff2026-06-18T02:34:02.993674+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "ec1a5ebf-59e8-4ca6-9f2e-a5531c1710ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33965", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/984", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33965\n\ud83d\udd39 Description: Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.\n\ud83d\udccf Published: 2023-06-01T14:10:54.644Z\n\ud83d\udccf Modified: 2025-01-09T16:57:06.896Z\n\ud83d\udd17 References:\n1. https://github.com/txthinking/brook/security/advisories/GHSA-vfrj-fv6p-3cpf\n2. https://github.com/txthinking/brook/commit/314d7070c37babf6c38a0fe1eada872bb74bf03e", "creation_timestamp": "2025-01-09T17:18:49.000000Z"}2025-01-09T17:18:49+00:00https://vulnerability.circl.lu/sighting/f6c5688f-eeb2-4f2c-a147-620a42616dea/exportf6c5688f-eeb2-4f2c-a147-620a42616dea2026-06-18T02:34:02.993573+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "f6c5688f-eeb2-4f2c-a147-620a42616dea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33961", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1171", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33961\n\ud83d\udd39 Description: Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist.\n\ud83d\udccf Published: 2023-05-30T21:34:00.659Z\n\ud83d\udccf Modified: 2025-01-10T16:49:49.901Z\n\ud83d\udd17 References:\n1. https://github.com/Leantime/leantime/security/advisories/GHSA-359m-fp6q-65r7", "creation_timestamp": "2025-01-10T17:03:46.000000Z"}2025-01-10T17:03:46+00:00https://vulnerability.circl.lu/sighting/31e14df9-ad49-44d3-896b-1462a31c8ce5/export31e14df9-ad49-44d3-896b-1462a31c8ce52026-06-18T02:34:02.993450+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "31e14df9-ad49-44d3-896b-1462a31c8ce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33962", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1172", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33962\n\ud83d\udd39 Description: JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes `'` in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users visiting pages that use this template engine. This can lead to various consequences, including session hijacking, defacement of web pages, theft of sensitive information, or even the propagation of malware.\n\nVersion 1.0.1 contains a patch for this issue. To mitigate this vulnerability, the template engine should properly escape special characters, including single quotes. Common practice is to escape `'` as `'`. As a workaround, users can avoid this issue by using only double quotes `\"` for HTML attributes.\n\ud83d\udccf Published: 2023-05-30T21:42:45.681Z\n\ud83d\udccf Modified: 2025-01-10T16:49:18.789Z\n\ud83d\udd17 References:\n1. https://github.com/jstachio/jstachio/security/advisories/GHSA-gwxv-jv83-6qjr\n2. https://github.com/jstachio/jstachio/issues/157\n3. https://github.com/jstachio/jstachio/pull/158\n4. https://github.com/jstachio/jstachio/commit/7b2f78377d1284df14c580be762a25af5f8dcd66\n5. https://github.com/jstachio/jstachio/releases/tag/v1.0.1", "creation_timestamp": "2025-01-10T17:03:49.000000Z"}2025-01-10T17:03:49+00:00https://vulnerability.circl.lu/sighting/3e6a85dc-494f-4219-b3d2-3fe5c992ed95/export3e6a85dc-494f-4219-b3d2-3fe5c992ed952026-06-18T02:34:02.993347+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "3e6a85dc-494f-4219-b3d2-3fe5c992ed95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33962", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto3fbkp2u", "content": "", "creation_timestamp": "2025-08-21T21:02:38.569380Z"}2025-08-21T21:02:38.569380+00:00https://vulnerability.circl.lu/sighting/4988ec42-ec68-4012-b955-17febf43e342/export4988ec42-ec68-4012-b955-17febf43e3422026-06-18T02:34:02.993198+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "4988ec42-ec68-4012-b955-17febf43e342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33960", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-33960.yaml", "content": "", "creation_timestamp": "2026-01-12T23:40:11.000000Z"}2026-01-12T23:40:11+00:00https://vulnerability.circl.lu/sighting/fabec2d3-ef2d-4549-a0c3-72708923d678/exportfabec2d3-ef2d-4549-a0c3-72708923d6782026-06-18T02:34:02.993046+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "fabec2d3-ef2d-4549-a0c3-72708923d678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33960", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mciiaefs5v2g", "content": "", "creation_timestamp": "2026-01-15T21:03:02.727424Z"}2026-01-15T21:03:02.727424+00:00https://vulnerability.circl.lu/sighting/b07509a5-da7a-4b13-b972-b808101921ee/exportb07509a5-da7a-4b13-b972-b808101921ee2026-06-18T02:34:02.958490+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "b07509a5-da7a-4b13-b972-b808101921ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33960", "type": "seen", "source": "https://gist.github.com/nguyenvietphat-0302/105c79ab797c054b1bc4ec1b9beb4aaf", "content": "", "creation_timestamp": "2026-04-30T03:00:55.000000Z"}2026-04-30T03:00:55+00:00