https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 07 May 2026 03:08:34 +0000 https://vulnerability.circl.lu/sighting/bc12863a-2f06-4ffe-aeec-59e417a17cee/export {"uuid": "bc12863a-2f06-4ffe-aeec-59e417a17cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/56141", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-11T17:10:54.000000Z"} {"uuid": "bc12863a-2f06-4ffe-aeec-59e417a17cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/56141", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-11T17:10:54.000000Z"} https://vulnerability.circl.lu/sighting/bc12863a-2f06-4ffe-aeec-59e417a17cee/export Mon, 11 Aug 2025 17:10:54 +0000 https://vulnerability.circl.lu/sighting/a20d031c-1682-4994-9845-9a4077e94f70/export {"uuid": "a20d031c-1682-4994-9845-9a4077e94f70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/423426", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-11T17:10:59.000000Z"} {"uuid": "a20d031c-1682-4994-9845-9a4077e94f70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/423426", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-11T17:10:59.000000Z"} https://vulnerability.circl.lu/sighting/a20d031c-1682-4994-9845-9a4077e94f70/export Mon, 11 Aug 2025 17:10:59 +0000 https://vulnerability.circl.lu/sighting/7c37e3a2-1710-43c4-9971-dbfd6ef0a045/export {"uuid": "7c37e3a2-1710-43c4-9971-dbfd6ef0a045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/56197", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-11T17:11:51.000000Z"} {"uuid": "7c37e3a2-1710-43c4-9971-dbfd6ef0a045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/56197", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-11T17:11:51.000000Z"} https://vulnerability.circl.lu/sighting/7c37e3a2-1710-43c4-9971-dbfd6ef0a045/export Mon, 11 Aug 2025 17:11:51 +0000 https://vulnerability.circl.lu/sighting/2391e11b-046a-43bc-b04d-378dee943967/export {"uuid": "2391e11b-046a-43bc-b04d-378dee943967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/423482", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-11T17:12:00.000000Z"} {"uuid": "2391e11b-046a-43bc-b04d-378dee943967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/423482", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-11T17:12:00.000000Z"} https://vulnerability.circl.lu/sighting/2391e11b-046a-43bc-b04d-378dee943967/export Mon, 11 Aug 2025 17:12:00 +0000 https://vulnerability.circl.lu/sighting/db55965f-6bc5-47fb-955c-2a93c82e51ef/export {"uuid": "db55965f-6bc5-47fb-955c-2a93c82e51ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/56634", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE\u00a0 TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE\u00a0 \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE\u00a0 TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation\u00a0 TBD\nIceWarp Mail Server Pre-auth RCE\u00a0 TBD\nLinux 6.1.0, 6.8.0 LPE\u00a0 TBD\nFortinet FortiSIEM RCE\u00a0 TBD\nFortinet FortiWeb Authentication Bypass\u00a0 TBD\nWindows 10/11/2016/2019/2022 Logic LPE\u00a0 \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE\u00a0 \nLinux LPE 0day (up to 6.1.81)\u00a0 \n\nChrome RCE 1day (Feb 6, 2024)\u00a0 \nFirefox Chain 1day (up to 126)\u00a0 \nSamsung S22/23 1day LPE (CVE-2023-33106)\u00a0 \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE\u00a0 \nChrome Android/Windows RCE\u00a0 \nChrome Android RCE\u00a0 \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX\u00a0 \nWindows Low to Medium LPE\u00a0 \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-14T11:19:49.000000Z"} {"uuid": "db55965f-6bc5-47fb-955c-2a93c82e51ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/56634", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE\u00a0 TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE\u00a0 \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE\u00a0 TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation\u00a0 TBD\nIceWarp Mail Server Pre-auth RCE\u00a0 TBD\nLinux 6.1.0, 6.8.0 LPE\u00a0 TBD\nFortinet FortiSIEM RCE\u00a0 TBD\nFortinet FortiWeb Authentication Bypass\u00a0 TBD\nWindows 10/11/2016/2019/2022 Logic LPE\u00a0 \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE\u00a0 \nLinux LPE 0day (up to 6.1.81)\u00a0 \n\nChrome RCE 1day (Feb 6, 2024)\u00a0 \nFirefox Chain 1day (up to 126)\u00a0 \nSamsung S22/23 1day LPE (CVE-2023-33106)\u00a0 \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE\u00a0 \nChrome Android/Windows RCE\u00a0 \nChrome Android RCE\u00a0 \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX\u00a0 \nWindows Low to Medium LPE\u00a0 \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-14T11:19:49.000000Z"} https://vulnerability.circl.lu/sighting/db55965f-6bc5-47fb-955c-2a93c82e51ef/export Thu, 14 Aug 2025 11:19:49 +0000 https://vulnerability.circl.lu/sighting/0ba96f8a-6d9c-4d5d-b6af-e89da5744f37/export {"uuid": "0ba96f8a-6d9c-4d5d-b6af-e89da5744f37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/423914", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE\u00a0 TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE\u00a0 \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE\u00a0 TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation\u00a0 TBD\nIceWarp Mail Server Pre-auth RCE\u00a0 TBD\nLinux 6.1.0, 6.8.0 LPE\u00a0 TBD\nFortinet FortiSIEM RCE\u00a0 TBD\nFortinet FortiWeb Authentication Bypass\u00a0 TBD\nWindows 10/11/2016/2019/2022 Logic LPE\u00a0 \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE\u00a0 \nLinux LPE 0day (up to 6.1.81)\u00a0 \n\nChrome RCE 1day (Feb 6, 2024)\u00a0 \nFirefox Chain 1day (up to 126)\u00a0 \nSamsung S22/23 1day LPE (CVE-2023-33106)\u00a0 \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE\u00a0 \nChrome Android/Windows RCE\u00a0 \nChrome Android RCE\u00a0 \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX\u00a0 \nWindows Low to Medium LPE\u00a0 \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-14T11:20:49.000000Z"} {"uuid": "0ba96f8a-6d9c-4d5d-b6af-e89da5744f37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/423914", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE\u00a0 TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE\u00a0 \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE\u00a0 TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation\u00a0 TBD\nIceWarp Mail Server Pre-auth RCE\u00a0 TBD\nLinux 6.1.0, 6.8.0 LPE\u00a0 TBD\nFortinet FortiSIEM RCE\u00a0 TBD\nFortinet FortiWeb Authentication Bypass\u00a0 TBD\nWindows 10/11/2016/2019/2022 Logic LPE\u00a0 \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE\u00a0 \nLinux LPE 0day (up to 6.1.81)\u00a0 \n\nChrome RCE 1day (Feb 6, 2024)\u00a0 \nFirefox Chain 1day (up to 126)\u00a0 \nSamsung S22/23 1day LPE (CVE-2023-33106)\u00a0 \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE\u00a0 \nChrome Android/Windows RCE\u00a0 \nChrome Android RCE\u00a0 \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX\u00a0 \nWindows Low to Medium LPE\u00a0 \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-14T11:20:49.000000Z"} https://vulnerability.circl.lu/sighting/0ba96f8a-6d9c-4d5d-b6af-e89da5744f37/export Thu, 14 Aug 2025 11:20:49 +0000 https://vulnerability.circl.lu/sighting/50199c63-85c2-449e-825c-e54dd7953733/export {"uuid": "50199c63-85c2-449e-825c-e54dd7953733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/424974", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-22T19:42:39.000000Z"} {"uuid": "50199c63-85c2-449e-825c-e54dd7953733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/424974", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-22T19:42:39.000000Z"} https://vulnerability.circl.lu/sighting/50199c63-85c2-449e-825c-e54dd7953733/export Fri, 22 Aug 2025 19:42:39 +0000 https://vulnerability.circl.lu/sighting/bbbfb095-9003-49da-a258-14c388b2711a/export {"uuid": "bbbfb095-9003-49da-a258-14c388b2711a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/57682", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-22T19:43:07.000000Z"} {"uuid": "bbbfb095-9003-49da-a258-14c388b2711a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/57682", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation TBD\nIceWarp Mail Server Pre-auth RCE TBD\nLinux 6.1.0, 6.8.0 LPE TBD\nFortinet FortiSIEM RCE TBD\nFortinet FortiWeb Authentication Bypass TBD\nWindows 10/11/2016/2019/2022 Logic LPE \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE \nLinux LPE 0day (up to 6.1.81) \n\nChrome RCE 1day (Feb 6, 2024) \nFirefox Chain 1day (up to 126) \nSamsung S22/23 1day LPE (CVE-2023-33106) \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE \nChrome Android/Windows RCE \nChrome Android RCE \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX \nWindows Low to Medium LPE \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-22T19:43:07.000000Z"} https://vulnerability.circl.lu/sighting/bbbfb095-9003-49da-a258-14c388b2711a/export Fri, 22 Aug 2025 19:43:07 +0000 https://vulnerability.circl.lu/sighting/669ece27-448d-4b00-bc0b-f85177918a3b/export {"uuid": "669ece27-448d-4b00-bc0b-f85177918a3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-33107", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7f50f113-4836-41dc-9d8f-009110a0f08c", "content": "", "creation_timestamp": "2026-02-02T12:26:44.802231Z"} {"uuid": "669ece27-448d-4b00-bc0b-f85177918a3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-33107", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7f50f113-4836-41dc-9d8f-009110a0f08c", "content": "", "creation_timestamp": "2026-02-02T12:26:44.802231Z"} https://vulnerability.circl.lu/sighting/669ece27-448d-4b00-bc0b-f85177918a3b/export Mon, 02 Feb 2026 12:26:44 +0000 https://vulnerability.circl.lu/sighting/af016dc9-326b-4692-a1cb-0074b8075ff6/export {"uuid": "af016dc9-326b-4692-a1cb-0074b8075ff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-33106", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a3cfb216-1cbc-4369-81a8-b02bcdd2e83b", "content": "", "creation_timestamp": "2026-02-02T12:26:44.908368Z"} {"uuid": "af016dc9-326b-4692-a1cb-0074b8075ff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-33106", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a3cfb216-1cbc-4369-81a8-b02bcdd2e83b", "content": "", "creation_timestamp": "2026-02-02T12:26:44.908368Z"} https://vulnerability.circl.lu/sighting/af016dc9-326b-4692-a1cb-0074b8075ff6/export Mon, 02 Feb 2026 12:26:44 +0000