<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Mon, 06 Jul 2026 22:09:22 +0000</lastBuildDate>
    <item>
      <title>a89343da-b09b-484d-afac-7f39408a26c9</title>
      <link>https://vulnerability.circl.lu/sighting/a89343da-b09b-484d-afac-7f39408a26c9/export</link>
      <description>{"uuid": "a89343da-b09b-484d-afac-7f39408a26c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34231", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m65cuot4ms2q", "content": "", "creation_timestamp": "2025-11-21T12:46:57.899258Z"}</description>
      <content:encoded>{"uuid": "a89343da-b09b-484d-afac-7f39408a26c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34231", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m65cuot4ms2q", "content": "", "creation_timestamp": "2025-11-21T12:46:57.899258Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a89343da-b09b-484d-afac-7f39408a26c9/export</guid>
      <pubDate>Fri, 21 Nov 2025 12:46:57 +0000</pubDate>
    </item>
    <item>
      <title>1805471c-4272-4c69-9d3d-be16d5a278b0</title>
      <link>https://vulnerability.circl.lu/sighting/1805471c-4272-4c69-9d3d-be16d5a278b0/export</link>
      <description>{"uuid": "1805471c-4272-4c69-9d3d-be16d5a278b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34230", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m65cuot4ms2q", "content": "", "creation_timestamp": "2025-11-21T12:46:57.820404Z"}</description>
      <content:encoded>{"uuid": "1805471c-4272-4c69-9d3d-be16d5a278b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34230", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m65cuot4ms2q", "content": "", "creation_timestamp": "2025-11-21T12:46:57.820404Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1805471c-4272-4c69-9d3d-be16d5a278b0/export</guid>
      <pubDate>Fri, 21 Nov 2025 12:46:57 +0000</pubDate>
    </item>
    <item>
      <title>85ef17a9-494e-4d9e-b123-1f133ce5b6db</title>
      <link>https://vulnerability.circl.lu/sighting/85ef17a9-494e-4d9e-b123-1f133ce5b6db/export</link>
      <description>{"uuid": "85ef17a9-494e-4d9e-b123-1f133ce5b6db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34233", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lztuw35igs2j", "content": "", "creation_timestamp": "2025-09-27T21:02:27.581953Z"}</description>
      <content:encoded>{"uuid": "85ef17a9-494e-4d9e-b123-1f133ce5b6db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34233", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lztuw35igs2j", "content": "", "creation_timestamp": "2025-09-27T21:02:27.581953Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/85ef17a9-494e-4d9e-b123-1f133ce5b6db/export</guid>
      <pubDate>Sat, 27 Sep 2025 21:02:27 +0000</pubDate>
    </item>
    <item>
      <title>1f93424b-68c0-4acf-8428-18dd4c0e3784</title>
      <link>https://vulnerability.circl.lu/sighting/1f93424b-68c0-4acf-8428-18dd4c0e3784/export</link>
      <description>{"uuid": "1f93424b-68c0-4acf-8428-18dd4c0e3784", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34232", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/10095", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34232\n\ud83d\udd39 Description: snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.\n\ud83d\udccf Published: 2023-06-08T20:17:49.734Z\n\ud83d\udccf Modified: 2025-01-06T20:19:54.764Z\n\ud83d\udd17 References:\n1. https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-h53w-7qw7-vh5c\n2. https://github.com/snowflakedb/snowflake-connector-nodejs/pull/465\n3. https://github.com/snowflakedb/snowflake-connector-nodejs/commit/0c9622ae12cd7d627df404b73a783b4a5f60728a\n4. https://community.snowflake.com/s/article/Node-js-Driver-Release-Notes", "creation_timestamp": "2025-01-06T21:50:12.000000Z"}</description>
      <content:encoded>{"uuid": "1f93424b-68c0-4acf-8428-18dd4c0e3784", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34232", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/10095", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34232\n\ud83d\udd39 Description: snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.\n\ud83d\udccf Published: 2023-06-08T20:17:49.734Z\n\ud83d\udccf Modified: 2025-01-06T20:19:54.764Z\n\ud83d\udd17 References:\n1. https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-h53w-7qw7-vh5c\n2. https://github.com/snowflakedb/snowflake-connector-nodejs/pull/465\n3. https://github.com/snowflakedb/snowflake-connector-nodejs/commit/0c9622ae12cd7d627df404b73a783b4a5f60728a\n4. https://community.snowflake.com/s/article/Node-js-Driver-Release-Notes", "creation_timestamp": "2025-01-06T21:50:12.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1f93424b-68c0-4acf-8428-18dd4c0e3784/export</guid>
      <pubDate>Mon, 06 Jan 2025 21:50:12 +0000</pubDate>
    </item>
    <item>
      <title>c3fa81b2-926a-4092-a005-04c49ebb7311</title>
      <link>https://vulnerability.circl.lu/sighting/c3fa81b2-926a-4092-a005-04c49ebb7311/export</link>
      <description>{"uuid": "c3fa81b2-926a-4092-a005-04c49ebb7311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34232", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/226", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34232\n\ud83d\udd39 Description: snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.\n\ud83d\udccf Published: 2023-06-08T20:17:49.734Z\n\ud83d\udccf Modified: 2025-01-06T20:19:54.764Z\n\ud83d\udd17 References:\n1. https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-h53w-7qw7-vh5c\n2. https://github.com/snowflakedb/snowflake-connector-nodejs/pull/465\n3. https://github.com/snowflakedb/snowflake-connector-nodejs/commit/0c9622ae12cd7d627df404b73a783b4a5f60728a\n4. https://community.snowflake.com/s/article/Node-js-Driver-Release-Notes", "creation_timestamp": "2025-01-06T20:49:59.000000Z"}</description>
      <content:encoded>{"uuid": "c3fa81b2-926a-4092-a005-04c49ebb7311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34232", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/226", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34232\n\ud83d\udd39 Description: snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.\n\ud83d\udccf Published: 2023-06-08T20:17:49.734Z\n\ud83d\udccf Modified: 2025-01-06T20:19:54.764Z\n\ud83d\udd17 References:\n1. https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-h53w-7qw7-vh5c\n2. https://github.com/snowflakedb/snowflake-connector-nodejs/pull/465\n3. https://github.com/snowflakedb/snowflake-connector-nodejs/commit/0c9622ae12cd7d627df404b73a783b4a5f60728a\n4. https://community.snowflake.com/s/article/Node-js-Driver-Release-Notes", "creation_timestamp": "2025-01-06T20:49:59.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c3fa81b2-926a-4092-a005-04c49ebb7311/export</guid>
      <pubDate>Mon, 06 Jan 2025 20:49:59 +0000</pubDate>
    </item>
    <item>
      <title>9510d589-e292-4fc2-a8de-c3d136d238d4</title>
      <link>https://vulnerability.circl.lu/sighting/9510d589-e292-4fc2-a8de-c3d136d238d4/export</link>
      <description>{"uuid": "9510d589-e292-4fc2-a8de-c3d136d238d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34230", "type": "seen", "source": "https://t.me/arpsyndicate/2731", "content": "#ExploitObserverAlert\n\nCVE-2023-34230\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-34230. snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.\n\nFIRST-EPSS: 0.002700000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-09T08:10:15.000000Z"}</description>
      <content:encoded>{"uuid": "9510d589-e292-4fc2-a8de-c3d136d238d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34230", "type": "seen", "source": "https://t.me/arpsyndicate/2731", "content": "#ExploitObserverAlert\n\nCVE-2023-34230\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-34230. snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user\u2019s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.\n\nFIRST-EPSS: 0.002700000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-09T08:10:15.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9510d589-e292-4fc2-a8de-c3d136d238d4/export</guid>
      <pubDate>Tue, 09 Jan 2024 08:10:15 +0000</pubDate>
    </item>
    <item>
      <title>bc398a8c-a076-4f96-a3a3-50e84555e197</title>
      <link>https://vulnerability.circl.lu/sighting/bc398a8c-a076-4f96-a3a3-50e84555e197/export</link>
      <description>{"uuid": "bc398a8c-a076-4f96-a3a3-50e84555e197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-34235", "type": "published-proof-of-concept", "source": "https://github.com/strapi/strapi/security/advisories/GHSA-9xg4-3qfm-9w8f", "content": "", "creation_timestamp": "2023-07-25T13:10:12.000000Z"}</description>
      <content:encoded>{"uuid": "bc398a8c-a076-4f96-a3a3-50e84555e197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-34235", "type": "published-proof-of-concept", "source": "https://github.com/strapi/strapi/security/advisories/GHSA-9xg4-3qfm-9w8f", "content": "", "creation_timestamp": "2023-07-25T13:10:12.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bc398a8c-a076-4f96-a3a3-50e84555e197/export</guid>
      <pubDate>Tue, 25 Jul 2023 13:10:12 +0000</pubDate>
    </item>
    <item>
      <title>b8e48b3c-d1a4-48d5-8089-db959abb249a</title>
      <link>https://vulnerability.circl.lu/sighting/b8e48b3c-d1a4-48d5-8089-db959abb249a/export</link>
      <description>{"uuid": "b8e48b3c-d1a4-48d5-8089-db959abb249a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34236", "type": "seen", "source": "https://t.me/cibsecurity/66762", "content": "\u203c CVE-2023-34236 \u203c\n\nWeave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners (`tf-runner`), where sensitive data is inadvertently printed - potentially revealing sensitive user data in their pod logs. In particular, functions `tfexec.ShowPlan`, `tfexec.ShowPlanRaw`, and `tfexec.Output` are implicated when the `tfexec` object set its `Stdout` and `Stderr` to be `os.Stdout` and `os.Stderr`. An unauthorized remote attacker could exploit this vulnerability by accessing these prints of sensitive information, which may contain configurations or tokens that could be used to gain unauthorized control or access to resources managed by the Terraform controller. A successful exploit could allow the attacker to utilize this sensitive data, potentially leading to unauthorized access or control of the system. This vulnerability has been addressed in Weave GitOps Terraform Controller versions `v0.14.4` and `v0.15.0-rc.5`. Users are urged to upgrade to one of these versions to mitigate the vulnerability. As a temporary measure until the patch can be applied, users can add the environment variable `DISABLE_TF_LOGS` to the tf-runners via the runner pod template of the Terraform Custom Resource. This will prevent the logging of sensitive information and mitigate the risk of this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-15T02:22:40.000000Z"}</description>
      <content:encoded>{"uuid": "b8e48b3c-d1a4-48d5-8089-db959abb249a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34236", "type": "seen", "source": "https://t.me/cibsecurity/66762", "content": "\u203c CVE-2023-34236 \u203c\n\nWeave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners (`tf-runner`), where sensitive data is inadvertently printed - potentially revealing sensitive user data in their pod logs. In particular, functions `tfexec.ShowPlan`, `tfexec.ShowPlanRaw`, and `tfexec.Output` are implicated when the `tfexec` object set its `Stdout` and `Stderr` to be `os.Stdout` and `os.Stderr`. An unauthorized remote attacker could exploit this vulnerability by accessing these prints of sensitive information, which may contain configurations or tokens that could be used to gain unauthorized control or access to resources managed by the Terraform controller. A successful exploit could allow the attacker to utilize this sensitive data, potentially leading to unauthorized access or control of the system. This vulnerability has been addressed in Weave GitOps Terraform Controller versions `v0.14.4` and `v0.15.0-rc.5`. Users are urged to upgrade to one of these versions to mitigate the vulnerability. As a temporary measure until the patch can be applied, users can add the environment variable `DISABLE_TF_LOGS` to the tf-runners via the runner pod template of the Terraform Custom Resource. This will prevent the logging of sensitive information and mitigate the risk of this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-15T02:22:40.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b8e48b3c-d1a4-48d5-8089-db959abb249a/export</guid>
      <pubDate>Sat, 15 Jul 2023 02:22:40 +0000</pubDate>
    </item>
    <item>
      <title>ffaaa119-e95c-4bb8-b64b-2c23cf0ce779</title>
      <link>https://vulnerability.circl.lu/sighting/ffaaa119-e95c-4bb8-b64b-2c23cf0ce779/export</link>
      <description>{"uuid": "ffaaa119-e95c-4bb8-b64b-2c23cf0ce779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34231", "type": "seen", "source": "https://t.me/kasraone_com/352", "content": "\ud83d\udd34 CVE \n\n     CVE-2023-34231\n\n\u06af\u0648\u0633\u0646\u0648\u0641\u0644\u06cc\u06a9 \u06cc\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06af\u0648\u0644\u0627\u0646\u06af \u0628\u0631\u0627\u06cc \u0633\u0646\u0648\u0641\u0644\u06cc\u06a9 \u0627\u0633\u062a. \u0642\u0628\u0644 \u0627\u0632 \u0646\u0633\u062e\u0647 1.6.19\u060c \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062a\u0632\u0631\u06cc\u0642 \u062f\u0633\u062a\u0648\u0631 \u062f\u0631 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06af\u0648\u0644\u0627\u0646\u06af \u0633\u0646\u0648\u0641\u0644\u06cc\u06a9 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062a\u0623\u06cc\u06cc\u062f \u0647\u0648\u06cc\u062a \u062a\u06a9 \u0639\u0644\u0627\u0645\u062a (SSO) \u0627\u0632 \u0637\u0631\u06cc\u0642 URL \u0645\u0631\u0648\u0631\u06af\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f. \u0628\u0631\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0642\u0627\u0628\u0644\u06cc\u062a \u062a\u0632\u0631\u06cc\u0642 \u062f\u0633\u062a\u0648\u0631\u060c \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0628\u0627\u06cc\u062f \u0645\u0648\u0641\u0642 \u0634\u0648\u062f (1) \u0645\u0646\u0628\u0639 \u0645\u062e\u0631\u0628 \u0631\u0627 \u0628\u0631\u067e\u0627 \u06a9\u0646\u062f \u0648 (2) \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0631\u0627 \u0628\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0645\u0646\u0628\u0639 \u0647\u062f\u0627\u06cc\u062a \u06a9\u0646\u062f. \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u06cc\u06a9 \u0633\u0631\u0648\u0631 \u0645\u062e\u0631\u0628 \u0648 \u0642\u0627\u0628\u0644 \u062f\u0633\u062a\u0631\u0633 \u0639\u0645\u0648\u0645\u06cc \u0631\u0627 \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647 URL SSO \u0628\u0627 \u06cc\u06a9 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u062d\u0645\u0644\u0647 \u067e\u0627\u0633\u062e \u062f\u0647\u062f. \u0627\u06af\u0631 \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0633\u067e\u0633 \u06a9\u0627\u0631\u0628\u0631 \u0631\u0627 \u0628\u0647 \u0628\u0627\u0632\u062f\u06cc\u062f \u0627\u0632 URL \u0627\u062a\u0635\u0627\u0644 \u0645\u062e\u0635\u0648\u0635 \u062e\u0648\u062f \u0641\u0631\u0627\u0645\u0648\u0634 \u0646\u0634\u062f\u0647 \u0647\u062f\u0627\u06cc\u062a \u06a9\u0646\u062f\u060c \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u062d\u0644\u06cc \u06a9\u0627\u0631\u0628\u0631 \u067e\u0627\u0633\u062e \u0645\u062e\u0631\u0628 \u0631\u0627 \u0646\u0634\u0627\u0646 \u062e\u0648\u0627\u0647\u062f \u062f\u0627\u062f \u0648 \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u062e\u0648\u0627\u0647\u062f \u0634\u062f. \u0627\u06cc\u0646 \u0633\u0646\u0627\u0631\u06cc\u0648\u06cc \u062d\u0645\u0644\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0644\u06cc\u0633\u062a \u0633\u0641\u06cc\u062f \u06a9\u0631\u062f\u0646 URL \u0648 \u0645\u0646\u0627\u0628\u0639 \u0645\u062a\u062f\u0627\u0648\u0644 \u0636\u062f \u0641\u06cc\u0634\u06cc\u0646\u06af \u0645\u0647\u0627\u0631 \u0634\u0648\u062f. \u06cc\u06a9 \u067e\u0686 \u062f\u0631 \u0646\u0633\u062e\u0647 1.6.19 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0627\u0633\u062a.\n \n#kasraone #Bug_Bounty #Hunters", "creation_timestamp": "2023-07-06T05:18:10.000000Z"}</description>
      <content:encoded>{"uuid": "ffaaa119-e95c-4bb8-b64b-2c23cf0ce779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34231", "type": "seen", "source": "https://t.me/kasraone_com/352", "content": "\ud83d\udd34 CVE \n\n     CVE-2023-34231\n\n\u06af\u0648\u0633\u0646\u0648\u0641\u0644\u06cc\u06a9 \u06cc\u06a9 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06af\u0648\u0644\u0627\u0646\u06af \u0628\u0631\u0627\u06cc \u0633\u0646\u0648\u0641\u0644\u06cc\u06a9 \u0627\u0633\u062a. \u0642\u0628\u0644 \u0627\u0632 \u0646\u0633\u062e\u0647 1.6.19\u060c \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062a\u0632\u0631\u06cc\u0642 \u062f\u0633\u062a\u0648\u0631 \u062f\u0631 \u062f\u0631\u0627\u06cc\u0648\u0631 \u06af\u0648\u0644\u0627\u0646\u06af \u0633\u0646\u0648\u0641\u0644\u06cc\u06a9 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062a\u0623\u06cc\u06cc\u062f \u0647\u0648\u06cc\u062a \u062a\u06a9 \u0639\u0644\u0627\u0645\u062a (SSO) \u0627\u0632 \u0637\u0631\u06cc\u0642 URL \u0645\u0631\u0648\u0631\u06af\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f. \u0628\u0631\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0642\u0627\u0628\u0644\u06cc\u062a \u062a\u0632\u0631\u06cc\u0642 \u062f\u0633\u062a\u0648\u0631\u060c \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0628\u0627\u06cc\u062f \u0645\u0648\u0641\u0642 \u0634\u0648\u062f (1) \u0645\u0646\u0628\u0639 \u0645\u062e\u0631\u0628 \u0631\u0627 \u0628\u0631\u067e\u0627 \u06a9\u0646\u062f \u0648 (2) \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0631\u0627 \u0628\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0645\u0646\u0628\u0639 \u0647\u062f\u0627\u06cc\u062a \u06a9\u0646\u062f. \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u06cc\u06a9 \u0633\u0631\u0648\u0631 \u0645\u062e\u0631\u0628 \u0648 \u0642\u0627\u0628\u0644 \u062f\u0633\u062a\u0631\u0633 \u0639\u0645\u0648\u0645\u06cc \u0631\u0627 \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647 URL SSO \u0628\u0627 \u06cc\u06a9 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u062d\u0645\u0644\u0647 \u067e\u0627\u0633\u062e \u062f\u0647\u062f. \u0627\u06af\u0631 \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0633\u067e\u0633 \u06a9\u0627\u0631\u0628\u0631 \u0631\u0627 \u0628\u0647 \u0628\u0627\u0632\u062f\u06cc\u062f \u0627\u0632 URL \u0627\u062a\u0635\u0627\u0644 \u0645\u062e\u0635\u0648\u0635 \u062e\u0648\u062f \u0641\u0631\u0627\u0645\u0648\u0634 \u0646\u0634\u062f\u0647 \u0647\u062f\u0627\u06cc\u062a \u06a9\u0646\u062f\u060c \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u062d\u0644\u06cc \u06a9\u0627\u0631\u0628\u0631 \u067e\u0627\u0633\u062e \u0645\u062e\u0631\u0628 \u0631\u0627 \u0646\u0634\u0627\u0646 \u062e\u0648\u0627\u0647\u062f \u062f\u0627\u062f \u0648 \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u062e\u0648\u0627\u0647\u062f \u0634\u062f. \u0627\u06cc\u0646 \u0633\u0646\u0627\u0631\u06cc\u0648\u06cc \u062d\u0645\u0644\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0644\u06cc\u0633\u062a \u0633\u0641\u06cc\u062f \u06a9\u0631\u062f\u0646 URL \u0648 \u0645\u0646\u0627\u0628\u0639 \u0645\u062a\u062f\u0627\u0648\u0644 \u0636\u062f \u0641\u06cc\u0634\u06cc\u0646\u06af \u0645\u0647\u0627\u0631 \u0634\u0648\u062f. \u06cc\u06a9 \u067e\u0686 \u062f\u0631 \u0646\u0633\u062e\u0647 1.6.19 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0627\u0633\u062a.\n \n#kasraone #Bug_Bounty #Hunters", "creation_timestamp": "2023-07-06T05:18:10.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ffaaa119-e95c-4bb8-b64b-2c23cf0ce779/export</guid>
      <pubDate>Thu, 06 Jul 2023 05:18:10 +0000</pubDate>
    </item>
    <item>
      <title>aa66c72d-cf01-4dfb-8498-fab976f0a5d8</title>
      <link>https://vulnerability.circl.lu/sighting/aa66c72d-cf01-4dfb-8498-fab976f0a5d8/export</link>
      <description>{"uuid": "aa66c72d-cf01-4dfb-8498-fab976f0a5d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3423", "type": "seen", "source": "https://t.me/cibsecurity/65567", "content": "\u203c CVE-2023-3423 \u203c\n\nWeak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T08:08:59.000000Z"}</description>
      <content:encoded>{"uuid": "aa66c72d-cf01-4dfb-8498-fab976f0a5d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3423", "type": "seen", "source": "https://t.me/cibsecurity/65567", "content": "\u203c CVE-2023-3423 \u203c\n\nWeak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T08:08:59.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/aa66c72d-cf01-4dfb-8498-fab976f0a5d8/export</guid>
      <pubDate>Tue, 27 Jun 2023 08:08:59 +0000</pubDate>
    </item>
  </channel>
</rss>
