https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 07 May 2026 14:16:21 +0000 https://db.gcve.eu/sighting/4b3a3ff5-f467-48c4-a5a7-4fe54fd54e13/export {"uuid": "4b3a3ff5-f467-48c4-a5a7-4fe54fd54e13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38505", "type": "seen", "source": "https://t.me/cibsecurity/67348", "content": "\u203c CVE-2023-38505 \u203c\n\nDietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T22:28:54.000000Z"} {"uuid": "4b3a3ff5-f467-48c4-a5a7-4fe54fd54e13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38505", "type": "seen", "source": "https://t.me/cibsecurity/67348", "content": "\u203c CVE-2023-38505 \u203c\n\nDietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T22:28:54.000000Z"} https://db.gcve.eu/sighting/4b3a3ff5-f467-48c4-a5a7-4fe54fd54e13/export Thu, 27 Jul 2023 22:28:54 +0000 https://db.gcve.eu/sighting/274d8e8d-019c-4667-83d8-c08091d8a679/export {"uuid": "274d8e8d-019c-4667-83d8-c08091d8a679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38504", "type": "seen", "source": "https://t.me/cibsecurity/67351", "content": "\u203c CVE-2023-38504 \u203c\n\nSails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T22:58:43.000000Z"} {"uuid": "274d8e8d-019c-4667-83d8-c08091d8a679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38504", "type": "seen", "source": "https://t.me/cibsecurity/67351", "content": "\u203c CVE-2023-38504 \u203c\n\nSails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T22:58:43.000000Z"} https://db.gcve.eu/sighting/274d8e8d-019c-4667-83d8-c08091d8a679/export Thu, 27 Jul 2023 22:58:43 +0000 https://db.gcve.eu/sighting/520d62f6-3d72-4c55-88e7-91c086205b76/export {"uuid": "520d62f6-3d72-4c55-88e7-91c086205b76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51635", "content": "", "creation_timestamp": "2023-07-28T00:00:00.000000Z"} {"uuid": "520d62f6-3d72-4c55-88e7-91c086205b76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51635", "content": "", "creation_timestamp": "2023-07-28T00:00:00.000000Z"} https://db.gcve.eu/sighting/520d62f6-3d72-4c55-88e7-91c086205b76/export Fri, 28 Jul 2023 00:00:00 +0000 https://db.gcve.eu/sighting/8d2c4b08-aa9f-4542-b5e7-977504f815c4/export {"uuid": "8d2c4b08-aa9f-4542-b5e7-977504f815c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38508", "type": "seen", "source": "https://t.me/cibsecurity/69170", "content": "\u203c CVE-2023-38508 \u203c\n\nTuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal). Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-25T02:13:42.000000Z"} {"uuid": "8d2c4b08-aa9f-4542-b5e7-977504f815c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38508", "type": "seen", "source": "https://t.me/cibsecurity/69170", "content": "\u203c CVE-2023-38508 \u203c\n\nTuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal). Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-25T02:13:42.000000Z"} https://db.gcve.eu/sighting/8d2c4b08-aa9f-4542-b5e7-977504f815c4/export Fri, 25 Aug 2023 02:13:42 +0000 https://db.gcve.eu/sighting/28c7ad14-c98e-4bb9-a013-232d2f939502/export {"uuid": "28c7ad14-c98e-4bb9-a013-232d2f939502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38507", "type": "seen", "source": "https://t.me/cibsecurity/70623", "content": "\u203c CVE-2023-38507 \u203c\n\nStrapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-16T00:26:01.000000Z"} {"uuid": "28c7ad14-c98e-4bb9-a013-232d2f939502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38507", "type": "seen", "source": "https://t.me/cibsecurity/70623", "content": "\u203c CVE-2023-38507 \u203c\n\nStrapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-16T00:26:01.000000Z"} https://db.gcve.eu/sighting/28c7ad14-c98e-4bb9-a013-232d2f939502/export Sat, 16 Sep 2023 00:26:01 +0000 https://db.gcve.eu/sighting/955b9022-669f-424a-9b8c-ee9a11dc0ab1/export {"uuid": "955b9022-669f-424a-9b8c-ee9a11dc0ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5296", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMass exploit - CVE-2023-38501 - Copyparty < Cross-Site Scripting [XSS]\nURL\uff1ahttps://github.com/codeb0ss/CVE-2023-38501-Exploit\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-06T02:59:19.000000Z"} {"uuid": "955b9022-669f-424a-9b8c-ee9a11dc0ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5296", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMass exploit - CVE-2023-38501 - Copyparty < Cross-Site Scripting [XSS]\nURL\uff1ahttps://github.com/codeb0ss/CVE-2023-38501-Exploit\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-06T02:59:19.000000Z"} https://db.gcve.eu/sighting/955b9022-669f-424a-9b8c-ee9a11dc0ab1/export Fri, 06 Oct 2023 02:59:19 +0000 https://db.gcve.eu/sighting/1c08f937-df51-43d0-81c7-b41b0591735c/export {"uuid": "1c08f937-df51-43d0-81c7-b41b0591735c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1217", "content": "", "creation_timestamp": "2023-10-06T04:59:49.000000Z"} {"uuid": "1c08f937-df51-43d0-81c7-b41b0591735c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1217", "content": "", "creation_timestamp": "2023-10-06T04:59:49.000000Z"} https://db.gcve.eu/sighting/1c08f937-df51-43d0-81c7-b41b0591735c/export Fri, 06 Oct 2023 04:59:49 +0000 https://db.gcve.eu/sighting/f14b8bf1-1a17-42e8-95c5-1e4708286948/export {"uuid": "f14b8bf1-1a17-42e8-95c5-1e4708286948", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9167", "content": "#exploit\n1. CVE-2023-4427:\nChrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access\nhttps://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\n\n2. Unmasking Scudo's Defenses\nhttps://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses\n\n3. CVE-2023-38501:\nXSS in copyparty package <1.8.7\nhttps://github.com/codeb0ss/CVE-2023-38501-Exploit", "creation_timestamp": "2023-10-09T10:58:01.000000Z"} {"uuid": "f14b8bf1-1a17-42e8-95c5-1e4708286948", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9167", "content": "#exploit\n1. CVE-2023-4427:\nChrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access\nhttps://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\n\n2. Unmasking Scudo's Defenses\nhttps://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses\n\n3. CVE-2023-38501:\nXSS in copyparty package <1.8.7\nhttps://github.com/codeb0ss/CVE-2023-38501-Exploit", "creation_timestamp": "2023-10-09T10:58:01.000000Z"} https://db.gcve.eu/sighting/f14b8bf1-1a17-42e8-95c5-1e4708286948/export Mon, 09 Oct 2023 10:58:01 +0000 https://db.gcve.eu/sighting/66831cb4-e2b6-4ea0-993f-bf9a7b44350d/export {"uuid": "66831cb4-e2b6-4ea0-993f-bf9a7b44350d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38507", "type": "seen", "source": "https://t.me/arpsyndicate/2859", "content": "#ExploitObserverAlert\n\nCVE-2023-38507\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-38507. Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T14:55:36.000000Z"} {"uuid": "66831cb4-e2b6-4ea0-993f-bf9a7b44350d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38507", "type": "seen", "source": "https://t.me/arpsyndicate/2859", "content": "#ExploitObserverAlert\n\nCVE-2023-38507\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-38507. Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T14:55:36.000000Z"} https://db.gcve.eu/sighting/66831cb4-e2b6-4ea0-993f-bf9a7b44350d/export Tue, 16 Jan 2024 14:55:36 +0000 https://db.gcve.eu/sighting/cf4fa478-82a3-4673-a673-78b74635d1c1/export {"uuid": "cf4fa478-82a3-4673-a673-78b74635d1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1305", "content": "#exploit\n1. CVE-2023-4427:\nChrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access\nhttps://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\n\n2. Unmasking Scudo's Defenses\nhttps://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses\n\n3. CVE-2023-38501:\nXSS in copyparty package <1.8.7\nhttps://github.com/codeb0ss/CVE-2023-38501-Exploit", "creation_timestamp": "2024-08-16T08:32:35.000000Z"} {"uuid": "cf4fa478-82a3-4673-a673-78b74635d1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1305", "content": "#exploit\n1. CVE-2023-4427:\nChrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access\nhttps://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\n\n2. Unmasking Scudo's Defenses\nhttps://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses\n\n3. CVE-2023-38501:\nXSS in copyparty package <1.8.7\nhttps://github.com/codeb0ss/CVE-2023-38501-Exploit", "creation_timestamp": "2024-08-16T08:32:35.000000Z"} https://db.gcve.eu/sighting/cf4fa478-82a3-4673-a673-78b74635d1c1/export Fri, 16 Aug 2024 08:32:35 +0000