{"vulnerability": "cve-2023-3409", "sightings": [{"uuid": "49bcd3f6-31f3-47e9-95e3-66da8223b014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2023-34092", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mickqn34q622", "content": "", "creation_timestamp": "2026-03-30T21:03:04.006708Z"}, {"uuid": "3e551b49-c5cf-4003-ad38-3494b2c906f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34094", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/762", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34094\n\ud83d\udd39 Description: ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can exploit this vulnerability to steal the API keys in the configuration file. The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication can help mitigate the vulnerability.\n\ud83d\udccf Published: 2023-06-02T15:19:45.596Z\n\ud83d\udccf Modified: 2025-01-08T17:57:02.918Z\n\ud83d\udd17 References:\n1. https://github.com/GaiZhenbiao/ChuanhuChatGPT/security/advisories/GHSA-j34w-9xr4-m9p8\n2. https://github.com/GaiZhenbiao/ChuanhuChatGPT/commit/bfac445e799c317b0f5e738ab394032a18de62eb", "creation_timestamp": "2025-01-08T18:18:00.000000Z"}, {"uuid": "688857ea-3c72-4ee3-b33c-686c563c0d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3409", "type": "seen", "source": "https://t.me/CveExploits/15", "content": "\ud83d\udea8 CVE-2023-3409\nThe Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", "creation_timestamp": "2024-08-17T14:01:45.000000Z"}, {"uuid": "57ccf75f-2a1f-418b-8baa-450aadf9dfe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34093", "type": "seen", "source": "https://t.me/cibsecurity/67241", "content": "\u203c CVE-2023-34093 \u203c\n\nStrapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T18:26:56.000000Z"}, {"uuid": "0f407179-e01a-4779-b96d-93afe905b648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34097", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/714", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34097\n\ud83d\udd39 Description: hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. \n\ud83d\udccf Published: 2023-06-05T20:02:04.497Z\n\ud83d\udccf Modified: 2025-01-08T15:58:21.195Z\n\ud83d\udd17 References:\n1. https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qpx8-wq6q-r833\n2. https://github.com/hoppscotch/hoppscotch/commit/15424903ede20b155d764abf4c4f7c2c84c11247", "creation_timestamp": "2025-01-08T16:16:05.000000Z"}, {"uuid": "5b10522c-96a8-4fa2-bd4d-2c4716eb89e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34094", "type": "seen", "source": "https://gist.github.com/YLChen-007/f5917326e450495f833a79c081f3c8d0", "content": "", "creation_timestamp": "2026-02-08T14:12:58.000000Z"}, {"uuid": "3fc0636a-7da9-46f1-8704-225ee12677e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34096", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4523", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aThruk Monitoring Web Interface <= 3.06 vulnerable to CVE-2023-34096 (Path Traversal).\nURL\uff1ahttps://github.com/galoget/Thruk-CVE-2023-34096\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-09T05:39:15.000000Z"}]}