{"vulnerability": "cve-2023-3145", "sightings": [{"uuid": "a6924497-6c7c-4a85-b88d-5a826703e316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31455", "type": "seen", "source": "https://t.me/ctinow/159148", "content": "https://ift.tt/0Nu9pQ8\nCVE-2023-31455", "creation_timestamp": "2023-12-25T07:26:58.000000Z"}, {"uuid": "85113c27-5958-449c-a5d0-a13cde2f58c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31456", "type": "seen", "source": "https://t.me/cvedetector/991", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-31456 - \"Fluid Topics SSRF Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2023-31456 \nPublished : July 16, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authenticated user. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T21:18:19.000000Z"}, {"uuid": "f9c834a7-06e0-4d2d-96be-4b8b90d318a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31455", "type": "seen", "source": "https://t.me/ctinow/170089", "content": "https://ift.tt/wbNpKq9\nCVE-2023-31455 | Pexip Infinity up to 31.1 RTCP denial of service", "creation_timestamp": "2024-01-19T08:11:50.000000Z"}, {"uuid": "6852eb1b-a25f-4dab-908d-64c33e8a26ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31454", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/64540", "content": "\u203c CVE-2023-31454 \u203c\n\nIncorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.\u00c2\u00a0The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T18:24:47.000000Z"}, {"uuid": "78cd31a1-0ebd-40ad-a1af-ba83a8a036c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31453", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/64533", "content": "\u203c CVE-2023-31453 \u203c\n\nIncorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The\u00c2\u00a0attacker can delete others' subscriptions, even if they are not the ownerof the deleted subscription.\u00c2\u00a0Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T18:24:37.000000Z"}, {"uuid": "2048ed7d-48f7-4b66-96b5-11a36fe1ebad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-31452", "type": "seen", "source": "https://t.me/cibsecurity/68092", "content": "\u203c CVE-2023-31452 \u203c\n\nAn issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T16:14:55.000000Z"}, {"uuid": "54907341-b895-495f-ad11-bdd30185314c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3145", "type": "seen", "source": "https://t.me/cibsecurity/65039", "content": "\u203c CVE-2023-3145 \u203c\n\nA vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\\Users.php?f=registration. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231014 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-07T18:35:08.000000Z"}]}