https://vulnerability.circl.lu/sightings/feed 2026-06-04T03:05:24.211542+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/e09634ff-15b2-4054-838c-8015896c3a81/export 2026-06-04T03:05:24.519430+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "e09634ff-15b2-4054-838c-8015896c3a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35673", "type": "seen", "source": "https://t.me/malwaresupport/40", "content": "Android fixes 0-day vulnerability exploited by hackers\n\nSeptember updates for Android fixed 33 vulnerabilities in Google's operating system, including a zero-day issue that is currently being exploited by attackers.\n\nThe 0-day vulnerability is identified as CVE-2023-35674 and is a flaw in the Android Framework that allows attackers to escalate privileges. Exploiting the bug does not require user interaction or any additional privileges.\n\nThe company\u00a0says that the vulnerability has already been subject to \u201climited, targeted exploitation,\u201d but details about these attacks are not yet known.\n\nThree other privilege escalation issues have also been fixed as part of the Android Framework. The most severe of these \"can result in local escalation of privilege and do not require additional privileges to execute\" or any user interaction.\n\nAdditionally, the September updates fix three critical flaws in the Android System component (CVE-2023-35658, CVE-2023-35673, CVE-2023-35681) and one in closed-source Qualcomm components (CVE-2023-28581).\n\nVulnerabilities in the Android System can lead to remote code execution (RCE) and also do not require additional privileges or user interaction.\n\nIn turn, a bug in Qualcomm components is described as a violation of the integrity of information in the WLAN firmware memory. This vulnerability could allow remote attackers to execute arbitrary code, read sensitive information, or cause system crashes.\n\nAs usual, Google has divided the fixes into two levels: \u00a02023-09-01 and 2023-09-05. Level 2023-09-05 contains all the security fixes from the first set, as well as additional fixes for closed source and third-party kernel components that may not be relevant to all Android devices.\n\nThis month's updates cover versions of Android 11, 12, and 13, and may also affect older, unsupported versions of the OS.\n\nProject: @Redscriptandroidbotnet\n\nPrivate: @vpn809", "creation_timestamp": "2023-09-24T15:30:19.000000Z"} 2023-09-24T15:30:19+00:00 https://vulnerability.circl.lu/sighting/9495c425-4b7d-4f48-a6e1-31b8a3414b40/export 2026-06-04T03:05:24.519347+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "9495c425-4b7d-4f48-a6e1-31b8a3414b40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35671", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1113", "content": "https://github.com/MrTiz/CVE-2023-35671\nAndroid\u5e94\u7528\u7a0b\u5e8fPin\u5b89\u5168\u95ee\u9898\u5141\u8bb8\u901a\u8fc7\u8c37\u6b4c\u94b1\u5305\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u652f\u4ed8\n#github #poc", "creation_timestamp": "2023-10-09T18:27:39.000000Z"} 2023-10-09T18:27:39+00:00 https://vulnerability.circl.lu/sighting/9beb28f2-87d7-49f9-aaee-8c029d83c290/export 2026-06-04T03:05:24.519265+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "9beb28f2-87d7-49f9-aaee-8c029d83c290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35671", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/2012", "content": "Android App Pin Security Issue Allows Unauthorized Payments via Google Wallet even with enabled \"Require device unlock for NFC\" option (CVE-2023-35671)\nWhile in pinned mode, all other apps become temporarily inaccessible, except Google Wallet.\nPoC: https://github.com/MrTiz/CVE-2023-35671", "creation_timestamp": "2023-11-03T10:24:50.000000Z"} 2023-11-03T10:24:50+00:00 https://vulnerability.circl.lu/sighting/b7209d50-6265-4dc8-bfdb-9503da513b26/export 2026-06-04T03:05:24.519175+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "b7209d50-6265-4dc8-bfdb-9503da513b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35671", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3199", "content": "Hackers Factory \n\nNext Generation DorX. Built by Dorks, for Dorks.\u00a0\n\nhttps://github.com/ResearchandDestroy/DorXNGy\n\nA framework for assessing the security of L2s\n\nhttps://github.com/quantstamp/l2-security-framework\n\nMultiPlatform HTTP Reverse Shell\n\nhttps://github.com/JoelGMSec/HTTP-Shell\n\nBypassing UAC with SSPI Datagram Contexts\n\nhttps://github.com/antonioCoco/SspiUacBypass\n\nA comprehensive Python-based security tool for file scanning, malware detection, and analysis in an ever-evolving cyber landscape\n\nhttps://github.com/samhaxr/VTScanner\n\nAnother tool to perform minidump of LSASS process using few technics to avoid detection.\n\nhttps://github.com/YOLOP0wn/POSTDump\n\nExploitation of echo_driver.sys\n\nhttps://github.com/YOLOP0wn/EchoDrv\n\nEncrypted shellcode Injection to avoid Kernel triggered memory scans\n\nhttps://github.com/S3cur3Th1sSh1t/Caro-Kann\n\nProof-of-Concept for CVE-2023-38146 (\"ThemeBleed\")\n\nhttps://github.com/gabe-k/themebleed\n\nAndroid App Pin Security Issue Allowing Unauthorized Payments via Google Wallet\n\nhttps://github.com/MrTiz/CVE-2023-35671\n\n#infosec #cybersecurity #hackersfactory \n\nhttps://t.me/dilagrafie", "creation_timestamp": "2024-02-21T13:45:38.000000Z"} 2024-02-21T13:45:38+00:00 https://vulnerability.circl.lu/sighting/ec6f4572-8cdc-464f-8c4c-82de2c19b146/export 2026-06-04T03:05:24.519090+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "ec6f4572-8cdc-464f-8c4c-82de2c19b146", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35671", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/968", "content": "#exploit \n1. CVE-2023-3244:\nWordPress Missing Authorization\nhttps://github.com/drnull03/POC-CVE-2023-3244\n\n2. CVE-2023-35671:\nAndroid App Pin Security Issue\nhttps://github.com/MrTiz/CVE-2023-35671", "creation_timestamp": "2024-08-16T08:24:34.000000Z"} 2024-08-16T08:24:34+00:00 https://vulnerability.circl.lu/sighting/7729f390-4405-4604-85ab-d2a22f2a4465/export 2026-06-04T03:05:24.519003+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "7729f390-4405-4604-85ab-d2a22f2a4465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35674", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971881", "content": "", "creation_timestamp": "2024-12-24T20:35:11.620726Z"} 2024-12-24T20:35:11.620726+00:00 https://vulnerability.circl.lu/sighting/16c4c635-2146-4040-b0a6-66691dc4f707/export 2026-06-04T03:05:24.518922+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "16c4c635-2146-4040-b0a6-66691dc4f707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35674", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:46.000000Z"} 2025-02-23T02:10:46+00:00 https://vulnerability.circl.lu/sighting/03a72e18-074a-4a62-9eff-7911d78ebe9b/export 2026-06-04T03:05:24.518809+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "03a72e18-074a-4a62-9eff-7911d78ebe9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35670", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14529", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-35670\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\ud83d\udccf Published: 2023-09-11T20:09:52.999Z\n\ud83d\udccf Modified: 2025-05-02T16:53:52.496Z\n\ud83d\udd17 References:\n1. https://android.googlesource.com/platform/packages/providers/MediaProvider/+/db3c69afcb0a45c8aa2f333fcde36217889899fe\n2. https://source.android.com/security/bulletin/2023-09-01", "creation_timestamp": "2025-05-02T17:16:30.000000Z"} 2025-05-02T17:16:30+00:00 https://vulnerability.circl.lu/sighting/a8682c32-2e70-49d3-843c-c6c899b6273a/export 2026-06-04T03:05:24.517991+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "a8682c32-2e70-49d3-843c-c6c899b6273a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3567", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-15", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"} 2025-08-14T10:00:00+00:00 https://vulnerability.circl.lu/sighting/84efe22c-3b99-485f-baf1-afce2e43ed6a/export 2026-06-04T03:05:24.515831+00:00 Cédric Bonhomme https://cvepremium.circl.lu/user/cedric {"uuid": "84efe22c-3b99-485f-baf1-afce2e43ed6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-35674", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9c66c1c7-ea90-437f-bd9a-10282031fb74", "content": "", "creation_timestamp": "2026-02-02T12:26:50.848572Z"} 2026-02-02T12:26:50.848572+00:00