{"vulnerability": "cve-2023-2681", "sightings": [{"uuid": "cc9520b4-92b4-4195-b607-bbf7b13bda66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "published-proof-of-concept", "source": "Telegram/2z7cIAzK_voKeTZhFLfjQgiTkLBoUgw0bFPWcd2G3pBKZ7k", "content": "", "creation_timestamp": "2023-07-07T11:13:58.000000Z"}, {"uuid": "e9ebdb55-1c95-471c-a464-a5d7fc0ef66b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/4383", "content": "\ud83d\udcf2 \u041c\u044d\u0442\u0442 \u0419\u043e\u0445\u0430\u043d\u0441\u0435\u043d: \u0412 Telegram \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u0430\u0451\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u0430\u043c\u0435\u0440\u0435 \u0438 \u043c\u0438\u043a\u0440\u043e\u0444\u043e\u043d\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\ud83d\udd0dhttps://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram\n\n\ud83d\udc46\"\u042f \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043d\u0438\u043a\u0430\u043a\u043e\u0433\u043e \u043e\u0442\u0432\u0435\u0442\u0430 \u043e\u0442 Telegram \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u043c\u0435\u0441\u044f\u0446\u0430, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0431\u044b\u043b\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0437\u0433\u043e\u0432\u043e\u0440\u043e\u0432 \u0441 \u043d\u0438\u043c\u0438 \u0438 \u0434\u0430\u0436\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u043b\u0441\u044f \u0442\u0438\u043a\u0435\u0442 \u0447\u0435\u0440\u0435\u0437 VINCE. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u0448\u043b\u043e \u0442\u0440\u0438 \u043c\u0435\u0441\u044f\u0446\u0430, \u044f \u0440\u0435\u0448\u0438\u043b \u043f\u0440\u0438\u0434\u0430\u0442\u044c \u043e\u0433\u043b\u0430\u0441\u043a\u0435 \u044d\u0442\u0443 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e\", - \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440.\n\n\u270b @Russian_OSINT", "creation_timestamp": "2023-05-16T12:07:17.000000Z"}, {"uuid": "2ff539c6-af7b-4b35-9792-7362ed8e3344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "seen", "source": "https://t.me/cibsecurity/64460", "content": "\u203c CVE-2023-26818 \u203c\n\nTelegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-19T16:33:00.000000Z"}, {"uuid": "5dae3a7d-d6d0-47ea-854d-2f2d6c3e9ab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26813", "type": "seen", "source": "https://t.me/cibsecurity/63099", "content": "\u203c CVE-2023-26813 \u203c\n\nSQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-29T00:27:41.000000Z"}, {"uuid": "8a0f4d6e-065d-47e8-af35-2c359491c592", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26812", "type": "seen", "source": "https://t.me/cibsecurity/63096", "content": "\u203c CVE-2023-26812 \u203c\n\nCommand execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-29T00:27:36.000000Z"}, {"uuid": "42d6d728-0a49-4c31-b664-2a3d274964c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8944", "content": "#exploit\n1. CVE-2023-39141:\nAria2 WebUI - Path traversal\nhttps://github.com/codeb0ss/CVE-2023-39141-PoC\n\n2. CVE-2023-34040:\nSpring Kafka Deserialization Vulnerability\nhttps://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040\n\n3. CVE-2023-26818:\nExploit MacOS TCC Bypass W/ Telegram\nhttps://github.com/Zeyad-Azima/CVE-2023-26818", "creation_timestamp": "2023-08-31T10:59:01.000000Z"}, {"uuid": "695777d5-51ea-406a-86f2-aa3b30b909d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26819", "type": "seen", "source": "https://t.me/cvedetector/23396", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-26819 - cJSON Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2023-26819 \nPublished : April 19, 2025, 10:15 p.m. | 48\u00a0minutes ago \nDescription : cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {\"a\": true, \"b\": [ null,9999999999999999999999999999999999999999999999912345678901234567]}. \nSeverity: 2.9 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-20T01:10:35.000000Z"}, {"uuid": "167b2b59-dec2-47fd-aad6-d1fe99c6a03e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/176", "content": "\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc\u062f\u06cc \u062f\u0631 \u0646\u0633\u062e\u0647 \u0645\u06a9 \u062a\u0644\u06af\u0631\u0627\u0645 \u067e\u06cc\u062f\u0627 \u0634\u062f\u0647 \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u062f\u0648\u0631\u0628\u06cc\u0646 \u0648 \u0645\u06cc\u06a9\u0631\u0648\u0641\u0648\u0646 \u0634\u0645\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.\n\u0627\u06cc\u0646 \u0627\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0645\u0647\u0646\u062f\u0633 \u062f\u0631 \u06af\u0648\u06af\u0644 \u067e\u06cc\u062f\u0627 \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u0628\u0647 \u062a\u0644\u06af\u0631\u0627\u0645 \u06af\u0632\u0627\u0631\u0634 \u0634\u062f\u0647 \u0648 \u0637\u0628\u0642 \u0645\u0639\u0645\u0648\u0644 \u062a\u0644\u06af\u0631\u0627\u0645 \u0628\u0647 \u0622\u0646 \u0631\u0633\u06cc\u062f\u06af\u06cc \u0646\u06a9\u0631\u062f\u0647.\nhttps://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram", "creation_timestamp": "2023-05-16T09:58:06.000000Z"}, {"uuid": "5cd495d4-8a4d-4153-88f7-c2dd6a472fcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "published-proof-of-concept", "source": "https://t.me/Russian_OSINT/2546", "content": "\ud83d\udcf2 \u041c\u044d\u0442\u0442 \u0419\u043e\u0445\u0430\u043d\u0441\u0435\u043d: \u0412 Telegram \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u0430\u0451\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u0430\u043c\u0435\u0440\u0435 \u0438 \u043c\u0438\u043a\u0440\u043e\u0444\u043e\u043d\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\ud83d\udd0dhttps://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram\n\n\ud83d\udc46\"\u042f \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043d\u0438\u043a\u0430\u043a\u043e\u0433\u043e \u043e\u0442\u0432\u0435\u0442\u0430 \u043e\u0442 Telegram \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u043c\u0435\u0441\u044f\u0446\u0430, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0431\u044b\u043b\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0437\u0433\u043e\u0432\u043e\u0440\u043e\u0432 \u0441 \u043d\u0438\u043c\u0438 \u0438 \u0434\u0430\u0436\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u043b\u0441\u044f \u0442\u0438\u043a\u0435\u0442 \u0447\u0435\u0440\u0435\u0437 VINCE. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u0448\u043b\u043e \u0442\u0440\u0438 \u043c\u0435\u0441\u044f\u0446\u0430, \u044f \u0440\u0435\u0448\u0438\u043b \u043f\u0440\u0438\u0434\u0430\u0442\u044c \u043e\u0433\u043b\u0430\u0441\u043a\u0435 \u044d\u0442\u0443 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e\", - \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440.\n\n\u270b @Russian_OSINT", "creation_timestamp": "2023-05-15T23:10:39.000000Z"}, {"uuid": "acf951a2-5868-4935-8115-512d01b28f0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26819", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln7gixd2in2l", "content": "", "creation_timestamp": "2025-04-20T00:48:58.172224Z"}, {"uuid": "e66db366-3ef7-45e0-9bc8-4fc0149f7288", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "published-proof-of-concept", "source": "https://t.me/cKure/11480", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 #Untested CVE-2023-26818: Exploit MacOS TCC Bypass W/ Telegram. You can read the vulnerability analysis Part 1 and Part 2 for sandbox bypass.\n\nhttps://github.com/Zeyad-Azima/CVE-2023-26818", "creation_timestamp": "2023-09-01T16:30:14.000000Z"}, {"uuid": "fccdf546-47dd-4e14-8c00-10ecd267e565", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26813", "type": "seen", "source": "Telegram/cpuojzTQjkclvILwrGZkxJw7xs3QwdNl6DjgKUbEwfbw5TrI", "content": "", "creation_timestamp": "2025-02-01T17:28:11.000000Z"}, {"uuid": "56007a17-e07c-4625-ba2e-9bc2384910d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/969", "content": "https://github.com/Zeyad-Azima/CVE-2023-26818\nExploit MacOS TCC Bypass W/ Telegram\n#github", "creation_timestamp": "2023-08-31T05:16:49.000000Z"}, {"uuid": "036d04ae-c505-4b8b-a58e-b45faee12e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26819", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mdd4lkocb3r2", "content": "", "creation_timestamp": "2026-01-26T11:16:24.059207Z"}, {"uuid": "bf29c48e-a74e-47d8-82d2-cd13387d390a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26819", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mddecas3jk23", "content": "", "creation_timestamp": "2026-01-26T13:34:22.957416Z"}, {"uuid": "7e66ab74-312e-4bec-8d6d-5551037986ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5118", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-26818 Exploit MacOS TCC Bypass W/ Telegram\nURL\uff1ahttps://github.com/Zeyad-Azima/CVE-2023-26818\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-11T12:54:37.000000Z"}, {"uuid": "ceb14559-8666-4e12-b396-d679417e462f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26819", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12600", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26819\n\ud83d\udd25 CVSS Score: 2.9 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {\"a\": true, \"b\": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.\n\ud83d\udccf Published: 2025-04-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-19T21:30:22.133Z\n\ud83d\udd17 References:\n1. https://github.com/boofish/json_bugs/tree/main/cjson", "creation_timestamp": "2025-04-19T22:00:01.000000Z"}, {"uuid": "3bcbc883-e870-4813-adff-ae974fc12113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26818", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/3721", "content": "The article will cover several basic concepts in macOS to provide the relevant background that will help the reader understand the process of identifying the weakness and writing an exploit that will gain a local privilege escalation by getting access to the camera through the permissions that were prreviously ganted to the Telegram application.\n. . .\nAfter that, we will write the Dylib that will be used in the exploit to perform the recording from the camera and save it to a file.\n\n\u0420\u0435\u0430\u043a\u0446\u0438\u044f Telegram \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u043f\u043e\u0445\u0443\u0439+\u043f\u043e\u0445\u0443\u0439\n\nCVE-2023-26818 - Bypass TCC with Telegram in macOS\nhttps://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/", "creation_timestamp": "2023-05-16T21:51:19.000000Z"}]}