{"vulnerability": "cve-2023-2709", "sightings": [{"uuid": "a7088e8d-fadd-4ba8-9421-673133d5440e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27094", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5501", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27094\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module.\n\ud83d\udccf Published: 2023-03-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-26T15:18:00.399Z\n\ud83d\udd17 References:\n1. https://github.com/opengoofy/hippo4j/issues/1059", "creation_timestamp": "2025-02-26T15:26:02.000000Z"}, {"uuid": "110b0dd2-efff-46b1-ad80-0ad855d107ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27095", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5586", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27095\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.\n\ud83d\udccf Published: 2023-03-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-26T19:03:11.563Z\n\ud83d\udd17 References:\n1. https://github.com/opengoofy/hippo4j/issues/1061", "creation_timestamp": "2025-02-26T19:24:18.000000Z"}, {"uuid": "4c9a70ce-8240-4e3c-8cfd-68c43a843467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27095", "type": "seen", "source": "https://t.me/cibsecurity/60109", "content": "\u203c CVE-2023-27095 \u203c\n\nInsecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T06:30:31.000000Z"}, {"uuid": "0c14581f-a3ce-42aa-b7b5-6bed42f461bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27091", "type": "seen", "source": "https://t.me/cibsecurity/61421", "content": "\u203c CVE-2023-27091 \u203c\n\nAn unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-04T22:25:48.000000Z"}, {"uuid": "e0c7977a-68b5-4842-b02a-bc270ef5e777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27091", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4469", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27091\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2023-04-04T18:15:07.043\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://gitee.com/xiaobingby/TeaCMS/issues/I6GDRU\n2. https://gitee.com/xiaobingby/TeaCMS/issues/I6SXAF\n3. https://gitee.com/xiaobingby/TeaCMS/issues/I6GDRU\n4. https://gitee.com/xiaobingby/TeaCMS/issues/I6SXAF", "creation_timestamp": "2025-02-14T19:11:04.000000Z"}, {"uuid": "b9608a7b-5a70-43f3-b57b-66de6f435644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27098", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27098\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.\n\ud83d\udccf Published: 2024-01-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-18T16:57:42.565Z\n\ud83d\udd17 References:\n1. http://tp-link.com\n2. http://tp-lin.com\n3. https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support\n4. https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098", "creation_timestamp": "2025-06-18T17:39:05.000000Z"}, {"uuid": "9629880f-7abb-4003-ac1e-d3c489cace39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27093", "type": "seen", "source": "Telegram/CaBVfyh0RBDSeNGwolskzIrp-0RIco_3bkH80-2gSJ1EMkSp", "content": "", "creation_timestamp": "2025-03-02T11:44:20.000000Z"}, {"uuid": "5b8cee52-f978-431c-8597-c86453a489e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27098", "type": "seen", "source": "https://t.me/ctinow/174017", "content": "https://ift.tt/a6cmO0D\nCVE-2023-27098 | TP-Link Tapo APK up to 2.12.703 Login Panel hard-coded credentials", "creation_timestamp": "2024-01-26T07:07:26.000000Z"}, {"uuid": "e11abec8-8b40-4284-a69c-4d6bffc34738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27098", "type": "seen", "source": "https://t.me/ctinow/164771", "content": "https://ift.tt/2TzdJcP\nCVE-2023-27098", "creation_timestamp": "2024-01-09T03:26:11.000000Z"}, {"uuid": "fc08b40c-d144-4e8d-9676-1a1a5a33fe97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27094", "type": "seen", "source": "https://t.me/cibsecurity/60604", "content": "\u203c CVE-2023-27094 \u203c\n\nAn issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T19:37:08.000000Z"}, {"uuid": "7b6eb276-c71e-4559-84a4-bf5190acdb67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27093", "type": "seen", "source": "https://t.me/cibsecurity/59906", "content": "\u203c CVE-2023-27093 \u203c\n\nCross Site Scripting vulnerability found in My-Blog allows attackers to cause a denial of service via the Post function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T17:23:34.000000Z"}, {"uuid": "9f4cd302-d03d-4834-a1e6-803ae24c2697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27098", "type": "seen", "source": "https://t.me/ctinow/167583", "content": "https://ift.tt/BVadhWf\nCVE-2023-27098 Exploit", "creation_timestamp": "2024-01-12T23:16:24.000000Z"}, {"uuid": "4f27a7fb-4f5f-4cb8-8702-48d4bac9ac30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27096", "type": "seen", "source": "https://t.me/cibsecurity/60782", "content": "\u203c CVE-2023-27096 \u203c\n\nInsecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-27T18:20:04.000000Z"}]}