{"vulnerability": "CVE-2023-4710", "sightings": [{"uuid": "a037cb63-5c38-473e-8863-96c21c2e5331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47106", "type": "seen", "source": "https://t.me/ctinow/158780", "content": "https://ift.tt/107UD9c\nCVE-2023-47106 | Traefik up to 2.10.5/3.0.0-beta4 input validation (GHSA-fvhj-4qfh-q2hm)", "creation_timestamp": "2023-12-23T11:41:47.000000Z"}, {"uuid": "6b5127cf-3519-4283-8827-18cb14d000fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47100", "type": "seen", "source": "https://t.me/ctinow/158266", "content": "https://ift.tt/D4JrRaQ\nCVE-2023-47100 | Perl up to 5.38.1 Regular Expression regcomp.c S_parse_uniprop_string memory corruption", "creation_timestamp": "2023-12-22T09:22:19.000000Z"}, {"uuid": "a2f9ba3d-e587-41eb-bcce-b3b5c0a5c72d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4710", "type": "seen", "source": "https://t.me/cibsecurity/69695", "content": "\u203c CVE-2023-4710 \u203c\n\nA vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-02T00:14:11.000000Z"}, {"uuid": "70c6e434-c78b-46f3-a5d5-7b559e904579", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47105", "type": "seen", "source": "https://t.me/cvedetector/6002", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-47105 - Chaosblade Server Command Execution\", \n  \"Content\": \"CVE ID : CVE-2023-47105 \nPublished : Sept. 18, 2024, 5:15 p.m. | 40\u00a0minutes ago \nDescription : exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T20:05:50.000000Z"}, {"uuid": "4bcbaa7e-72ff-41e4-8b51-7c08f0404a46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47104", "type": "seen", "source": "https://t.me/cibsecurity/73167", "content": "\u203c CVE-2023-47104 \u203c\n\ntinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-30T21:19:46.000000Z"}, {"uuid": "8a17af63-933f-4a94-81f3-fb30052074ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47100", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "9c121143-b7fd-4d2c-a977-dd27b103d1ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47108", "type": "seen", "source": "https://gist.github.com/cwayne18/3da2b9bf101aefc5a7f783c55023b8af", "content": "", "creation_timestamp": "2025-01-28T13:36:28.000000Z"}, {"uuid": "1f413965-f383-47a4-bba5-7dd656a01c08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47108", "type": "seen", "source": "https://t.me/arpsyndicate/1686", "content": "#ExploitObserverAlert\n\nCVE-2023-47108\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47108. OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.\n\nFIRST-EPSS: 0.000880000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-11T01:48:07.000000Z"}, {"uuid": "90d41290-9ecc-4bd8-9333-b6877c7ecbfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47100", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19948", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-47100\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.\n\ud83d\udccf Published: 2023-12-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-30T16:17:21.753Z\n\ud83d\udd17 References:\n1. https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3\n2. https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6\n3. https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "creation_timestamp": "2025-06-30T17:07:34.000000Z"}, {"uuid": "126dc6d5-f611-4a1e-9ad0-d961caf07dcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47102", "type": "seen", "source": "https://t.me/arpsyndicate/276", "content": "#ExploitObserverAlert\n\nCVE-2023-47102\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-47102. UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.\n\nFIRST-EPSS: 0.000460000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-11-19T15:33:30.000000Z"}]}