{"vulnerability": "cve-2023-3765", "sightings": [{"uuid": "be73e7a1-b77c-4e76-a714-93658d2ebe5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37650", "type": "seen", "source": "https://t.me/cibsecurity/67058", "content": "\u203c CVE-2023-37650 \u203c\n\nA Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T00:33:03.000000Z"}, {"uuid": "b2bcf0c9-20e4-4657-8c53-4c9077953aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3765", "type": "seen", "source": "https://t.me/cibsecurity/66981", "content": "\u203c CVE-2023-3765 \u203c\n\nAbsolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T07:24:49.000000Z"}, {"uuid": "844d31d4-1f47-496d-80cd-ebbe92e803b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37657", "type": "seen", "source": "https://t.me/cibsecurity/66395", "content": "\u203c CVE-2023-37657 \u203c\n\nTwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T18:29:49.000000Z"}, {"uuid": "6b6de192-c6f5-4265-aa8b-b3ad41851e9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37659", "type": "seen", "source": "https://t.me/cibsecurity/66388", "content": "\u203c CVE-2023-37659 \u203c\n\nxalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T18:29:40.000000Z"}, {"uuid": "d14a347b-12bc-44b5-b7b3-3a06229f6321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37656", "type": "seen", "source": "https://t.me/cibsecurity/66398", "content": "\u203c CVE-2023-37656 \u203c\n\nWebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T18:29:52.000000Z"}, {"uuid": "66dce291-1c2e-4c54-b881-60b9874acb04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37658", "type": "seen", "source": "https://t.me/cibsecurity/66397", "content": "\u203c CVE-2023-37658 \u203c\n\nfast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File upload check binary of img, but without strictly check file suffix at /server/fast.py -&gt; ApiUploadHandler.post causes stored XSS\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T18:29:51.000000Z"}, {"uuid": "8a72ec2f-24bf-4b4f-846f-10ceaefd28fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3765", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8712", "content": "#exploit\n1. CVE-2023-3765:\nCritical flaw in open source machine learning development MLflow\nhttps://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76\n\n2. CVE-2023-38632:\nAsync-sockets-cpp &lt;0.3.1 TCP Packet tcpsocket.hpp Stack-based Overflow\nhttps://github.com/Halcy0nic/CVE-2023-38632", "creation_timestamp": "2023-07-22T12:17:01.000000Z"}]}