https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 14:33:52 +0000 https://vulnerability.circl.lu/sighting/8a1a07ea-cac2-4fd8-8e17-f7f3e4939767/export {"uuid": "8a1a07ea-cac2-4fd8-8e17-f7f3e4939767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27597", "type": "seen", "source": "https://t.me/cibsecurity/60088", "content": "\u203c CVE-2023-27597 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function `setport`. This issue has been fixed in version 3.1.8 and 3.2.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:06.000000Z"} {"uuid": "8a1a07ea-cac2-4fd8-8e17-f7f3e4939767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27597", "type": "seen", "source": "https://t.me/cibsecurity/60088", "content": "\u203c CVE-2023-27597 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function `setport`. This issue has been fixed in version 3.1.8 and 3.2.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:06.000000Z"} https://vulnerability.circl.lu/sighting/8a1a07ea-cac2-4fd8-8e17-f7f3e4939767/export Wed, 15 Mar 2023 23:30:06 +0000 https://vulnerability.circl.lu/sighting/51330d1f-d9a7-4928-bf08-3da37923a1f1/export {"uuid": "51330d1f-d9a7-4928-bf08-3da37923a1f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27596", "type": "seen", "source": "https://t.me/cibsecurity/60089", "content": "\u203c CVE-2023-27596 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the `stream_process` function. This issue was discovered during coverage guided fuzzing of the function `codec_delete_except_re`. By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. This issue has been fixed in version 3.1.8 and 3.2.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:07.000000Z"} {"uuid": "51330d1f-d9a7-4928-bf08-3da37923a1f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27596", "type": "seen", "source": "https://t.me/cibsecurity/60089", "content": "\u203c CVE-2023-27596 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the `stream_process` function. This issue was discovered during coverage guided fuzzing of the function `codec_delete_except_re`. By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. This issue has been fixed in version 3.1.8 and 3.2.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:07.000000Z"} https://vulnerability.circl.lu/sighting/51330d1f-d9a7-4928-bf08-3da37923a1f1/export Wed, 15 Mar 2023 23:30:07 +0000 https://vulnerability.circl.lu/sighting/4456c4fc-375b-415b-8a9e-35c389b5a0e8/export {"uuid": "4456c4fc-375b-415b-8a9e-35c389b5a0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27598", "type": "seen", "source": "https://t.me/cibsecurity/60091", "content": "\u203c CVE-2023-27598 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:09.000000Z"} {"uuid": "4456c4fc-375b-415b-8a9e-35c389b5a0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27598", "type": "seen", "source": "https://t.me/cibsecurity/60091", "content": "\u203c CVE-2023-27598 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:09.000000Z"} https://vulnerability.circl.lu/sighting/4456c4fc-375b-415b-8a9e-35c389b5a0e8/export Wed, 15 Mar 2023 23:30:09 +0000 https://vulnerability.circl.lu/sighting/9b61cbea-4449-4858-8835-3aa8efdb8975/export {"uuid": "9b61cbea-4449-4858-8835-3aa8efdb8975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27599", "type": "seen", "source": "https://t.me/cibsecurity/60098", "content": "\u203c CVE-2023-27599 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. This issue has been fixed in versions 3.1.7 and 3.2.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:22.000000Z"} {"uuid": "9b61cbea-4449-4858-8835-3aa8efdb8975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27599", "type": "seen", "source": "https://t.me/cibsecurity/60098", "content": "\u203c CVE-2023-27599 \u203c\n\nOpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. This issue has been fixed in versions 3.1.7 and 3.2.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:22.000000Z"} https://vulnerability.circl.lu/sighting/9b61cbea-4449-4858-8835-3aa8efdb8975/export Wed, 15 Mar 2023 23:30:22 +0000 https://vulnerability.circl.lu/sighting/924f687a-a01d-4b54-9729-acb5af644184/export {"uuid": "924f687a-a01d-4b54-9729-acb5af644184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27594", "type": "seen", "source": "https://t.me/cibsecurity/60269", "content": "\u203c CVE-2023-27594 \u203c\n\nCilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T23:31:44.000000Z"} {"uuid": "924f687a-a01d-4b54-9729-acb5af644184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27594", "type": "seen", "source": "https://t.me/cibsecurity/60269", "content": "\u203c CVE-2023-27594 \u203c\n\nCilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T23:31:44.000000Z"} https://vulnerability.circl.lu/sighting/924f687a-a01d-4b54-9729-acb5af644184/export Fri, 17 Mar 2023 23:31:44 +0000 https://vulnerability.circl.lu/sighting/16b01ec5-77b3-4824-9758-1cff2014e8cc/export {"uuid": "16b01ec5-77b3-4824-9758-1cff2014e8cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27593", "type": "seen", "source": "https://t.me/cibsecurity/60270", "content": "\u203c CVE-2023-27593 \u203c\n\nCilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T23:31:45.000000Z"} {"uuid": "16b01ec5-77b3-4824-9758-1cff2014e8cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27593", "type": "seen", "source": "https://t.me/cibsecurity/60270", "content": "\u203c CVE-2023-27593 \u203c\n\nCilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T23:31:45.000000Z"} https://vulnerability.circl.lu/sighting/16b01ec5-77b3-4824-9758-1cff2014e8cc/export Fri, 17 Mar 2023 23:31:45 +0000 https://vulnerability.circl.lu/sighting/a36a8c77-6106-49d8-9f28-02d217c1a0df/export {"uuid": "a36a8c77-6106-49d8-9f28-02d217c1a0df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27592", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/60272", "content": "\u203c CVE-2023-27592 \u203c\n\nMiniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the `html.ServerError` is returned unescaped without the expected Content Security Policy header added to valid responses. By creating an RSS feed item with the inline description containing an `` tag with a `srcset` attribute pointing to an invalid URL like `http:aalert(1)`, we can coerce the proxy handler into an error condition where the invalid URL is returned unescaped and in full. This results in JavaScript execution on the Miniflux instance as soon as the user is convinced (e.g. by a message in the alt text) to open the broken image. An attacker can execute arbitrary JavaScript in the context of a victim Miniflux user when they open a broken image in a crafted RSS feed. This can be used to perform actions on the Miniflux instance as that user and gain administrative access to the Miniflux instance if it is reachable and the victim is an administrator. A patch is available in version 2.0.43. As a workaround sisable image proxy; default value is `http-only`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T23:31:46.000000Z"} {"uuid": "a36a8c77-6106-49d8-9f28-02d217c1a0df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27592", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/60272", "content": "\u203c CVE-2023-27592 \u203c\n\nMiniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the `html.ServerError` is returned unescaped without the expected Content Security Policy header added to valid responses. By creating an RSS feed item with the inline description containing an `` tag with a `srcset` attribute pointing to an invalid URL like `http:aalert(1)`, we can coerce the proxy handler into an error condition where the invalid URL is returned unescaped and in full. This results in JavaScript execution on the Miniflux instance as soon as the user is convinced (e.g. by a message in the alt text) to open the broken image. An attacker can execute arbitrary JavaScript in the context of a victim Miniflux user when they open a broken image in a crafted RSS feed. This can be used to perform actions on the Miniflux instance as that user and gain administrative access to the Miniflux instance if it is reachable and the victim is an administrator. A patch is available in version 2.0.43. As a workaround sisable image proxy; default value is `http-only`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T23:31:46.000000Z"} https://vulnerability.circl.lu/sighting/a36a8c77-6106-49d8-9f28-02d217c1a0df/export Fri, 17 Mar 2023 23:31:46 +0000 https://vulnerability.circl.lu/sighting/b5fb3a77-e256-4808-8e09-ce7a1bae93ef/export {"uuid": "b5fb3a77-e256-4808-8e09-ce7a1bae93ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27591", "type": "seen", "source": "https://t.me/cibsecurity/60273", "content": "\u203c CVE-2023-27591 \u203c\n\nMiniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T23:31:47.000000Z"} {"uuid": "b5fb3a77-e256-4808-8e09-ce7a1bae93ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27591", "type": "seen", "source": "https://t.me/cibsecurity/60273", "content": "\u203c CVE-2023-27591 \u203c\n\nMiniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T23:31:47.000000Z"} https://vulnerability.circl.lu/sighting/b5fb3a77-e256-4808-8e09-ce7a1bae93ef/export Fri, 17 Mar 2023 23:31:47 +0000 https://vulnerability.circl.lu/sighting/4e4bc037-e21a-4bca-83d4-d3e77aeb9eda/export {"uuid": "4e4bc037-e21a-4bca-83d4-d3e77aeb9eda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27595", "type": "seen", "source": "https://t.me/cibsecurity/60278", "content": "\u203c CVE-2023-27595 \u203c\n\nCilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall). This vulnerability is fixed in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x, and earlier are not affected. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-18T01:31:51.000000Z"} {"uuid": "4e4bc037-e21a-4bca-83d4-d3e77aeb9eda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27595", "type": "seen", "source": "https://t.me/cibsecurity/60278", "content": "\u203c CVE-2023-27595 \u203c\n\nCilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall). This vulnerability is fixed in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x, and earlier are not affected. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-18T01:31:51.000000Z"} https://vulnerability.circl.lu/sighting/4e4bc037-e21a-4bca-83d4-d3e77aeb9eda/export Sat, 18 Mar 2023 01:31:51 +0000 https://vulnerability.circl.lu/sighting/2d39a8a4-3784-41bb-8882-0f39149dc405/export {"uuid": "2d39a8a4-3784-41bb-8882-0f39149dc405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2759", "type": "seen", "source": "https://t.me/cibsecurity/66800", "content": "\u203c CVE-2023-2759 \u203c\n\nA hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-17T12:34:59.000000Z"} {"uuid": "2d39a8a4-3784-41bb-8882-0f39149dc405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2759", "type": "seen", "source": "https://t.me/cibsecurity/66800", "content": "\u203c CVE-2023-2759 \u203c\n\nA hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-17T12:34:59.000000Z"} https://vulnerability.circl.lu/sighting/2d39a8a4-3784-41bb-8882-0f39149dc405/export Mon, 17 Jul 2023 12:34:59 +0000