{"vulnerability": "CVE-2023-2611", "sightings": [{"uuid": "6a87927a-2f2a-4caf-bd10-7220823cd918", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26117", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lypp7cejdbx2", "content": "", "creation_timestamp": "2025-09-13T11:44:30.326741Z"}, {"uuid": "fb9605ec-a60d-435f-bdae-d10eb86043dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-26112", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "3f6984fd-6410-49b6-907f-6ab3fc9e9190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26116", "type": "seen", "source": "https://gist.github.com/Darkcrai86/564815f485c70b429e11f0fe5033b511", "content": "", "creation_timestamp": "2026-01-14T18:54:12.000000Z"}, {"uuid": "f5f97041-c5aa-4f43-89cc-6fdc2a0cf40a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26118", "type": "seen", "source": "https://gist.github.com/Darkcrai86/564815f485c70b429e11f0fe5033b511", "content": "", "creation_timestamp": "2026-01-14T18:54:12.000000Z"}, {"uuid": "9882ef3f-6770-4a5e-aefd-0b198a9d9df5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26117", "type": "seen", "source": "https://gist.github.com/Darkcrai86/564815f485c70b429e11f0fe5033b511", "content": "", "creation_timestamp": "2026-01-14T18:54:12.000000Z"}, {"uuid": "2c0cc122-4024-4596-89ca-dd43ea2538ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26117", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4483", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26117\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.\n\ud83d\udccf Published: 2023-03-30T06:30:26Z\n\ud83d\udccf Modified: 2025-02-14T18:35:00Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-26117\n2. https://github.com/angular/angular.js\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ\n4. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K\n5. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323\n6. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325\n7. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324\n8. https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045\n9. https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos", "creation_timestamp": "2025-02-14T19:16:29.000000Z"}, {"uuid": "da25f682-28fb-434a-9c5c-dcda8393b717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26116", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4482", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26116\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.\n\ud83d\udccf Published: 2023-03-30T06:30:26Z\n\ud83d\udccf Modified: 2025-02-14T18:35:02Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-26116\n2. https://github.com/angular/angular.js\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ\n4. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K\n5. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320\n6. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322\n7. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321\n8. https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044\n9. https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos", "creation_timestamp": "2025-02-14T19:16:25.000000Z"}, {"uuid": "651a0160-b72f-4b07-8ac7-bb0d24348954", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26113", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5544", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26113\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P)\n\ud83d\udd39 Description: Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. \n\ud83d\udccf Published: 2023-03-18T05:00:01.243Z\n\ud83d\udccf Modified: 2025-02-26T17:12:06.093Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-COLLECTIONJS-3185148\n2. https://github.com/kobezzza/Collection/issues/27\n3. https://github.com/kobezzza/Collection/blob/be32c48e68f49d3be48a58e929d1ab8ff1d2d19c/dist/node/iterators/extend.js%23L324\n4. https://github.com/kobezzza/Collection/releases/tag/v6.8.1\n5. https://github.com/kobezzza/Collection/commit/d3d937645f62f37d3115d6aa90bb510fd856e6a2", "creation_timestamp": "2025-02-26T17:24:17.000000Z"}, {"uuid": "c21f9b37-04d0-4bd6-9004-c5419066f266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26111", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6607", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26111\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P)\n\ud83d\udd39 Description: All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.\n\ud83d\udccf Published: 2023-03-06T05:00:03.346Z\n\ud83d\udccf Modified: 2025-03-05T20:30:05.472Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-NUBOSOFTWARENODESTATIC-3149927\n2. https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-3149928\n3. https://gist.github.com/lirantal/c80b28e7bee148dc287339cb483e42bc\n4. https://github.com/cloudhead/node-static/blob/master/lib/node-static.js%23L160-L163", "creation_timestamp": "2025-03-05T20:36:42.000000Z"}, {"uuid": "37e8b9b8-1326-4950-85cc-da201073b41c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26119", "type": "seen", "source": "Telegram/GLXaOsgeMjnldJTNqZbtAZhCPA5V3wYJFtcC92aXIbmN1A", "content": "", "creation_timestamp": "2023-04-03T13:33:03.000000Z"}, {"uuid": "9b1550f4-1efb-4e0a-8613-51edc2b2a72a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2611", "type": "seen", "source": "https://t.me/cibsecurity/65425", "content": "\u203c CVE-2023-2611 \u203c\n\nAdvantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-22T20:27:13.000000Z"}, {"uuid": "bcc3f3d5-7135-4515-bb75-1c7a53dcb0d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26119", "type": "seen", "source": "https://t.me/cibsecurity/61315", "content": "\u203c CVE-2023-26119 \u203c\n\nVersions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u00e2\u20ac\u2122s webpage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-03T12:38:20.000000Z"}, {"uuid": "07a63114-5601-4c48-a7e9-a4c90b306390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26116", "type": "seen", "source": "https://t.me/cibsecurity/61160", "content": "\u203c CVE-2023-26116 \u203c\n\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-30T12:21:14.000000Z"}, {"uuid": "d1334ec3-6267-49dc-acf9-63ec20fdc5df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26118", "type": "seen", "source": "https://t.me/cibsecurity/61159", "content": "\u203c CVE-2023-26118 \u203c\n\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the  element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-30T12:21:13.000000Z"}, {"uuid": "186811d3-65b6-4701-910a-c383521dd4f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26117", "type": "seen", "source": "https://t.me/cibsecurity/61158", "content": "\u203c CVE-2023-26117 \u203c\n\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-30T12:21:12.000000Z"}, {"uuid": "e44ca335-35f2-4c2e-84aa-c3813c2bebb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26114", "type": "seen", "source": "https://t.me/cibsecurity/60545", "content": "\u203c CVE-2023-26114 \u203c\n\nVersions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T11:36:36.000000Z"}, {"uuid": "e36c39e5-27e2-46e5-ad3b-684597ad7e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26110", "type": "seen", "source": "https://t.me/cibsecurity/59717", "content": "\u203c CVE-2023-26110 \u203c\n\nAll versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-09T07:15:00.000000Z"}, {"uuid": "adbc43d6-cb14-4473-884b-992a208c5746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26111", "type": "seen", "source": "https://t.me/cibsecurity/59452", "content": "\u203c CVE-2023-26111 \u203c\n\nAll versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T07:12:37.000000Z"}]}