{"vulnerability": "cve-2023-3625", "sightings": [{"uuid": "3c37f8b1-3b6f-4689-8652-5d884922c8f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36258", "type": "seen", "source": "https://t.me/breachdetector/327369", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-36258 LangChain Kod Y\u00fcr\u00fctme Zafiyet A\u00e7\u0131\u011f\u0131 Nedir ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"31 Aug 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-08-31T10:45:28.000000Z"}, {"uuid": "13483ba2-d072-4b2b-ad52-ea67ec7c2431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36259", "type": "seen", "source": "https://t.me/ctinow/190266", "content": "https://ift.tt/0Ssd7pC\nCVE-2023-36259 | Craft CMS up to 3.0.1 User Creation cross site scripting", "creation_timestamp": "2024-02-22T00:51:52.000000Z"}, {"uuid": "bb411766-d234-4a1e-a8e3-1d7110484c7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36250", "type": "seen", "source": "https://t.me/cibsecurity/70453", "content": "\u203c CVE-2023-36250 \u203c\n\nCSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-04T08:41:09.000000Z"}, {"uuid": "b5fb7074-8032-441f-8e7d-f92aefbe7a2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36259", "type": "seen", "source": "https://t.me/ctinow/175815", "content": "https://ift.tt/uCjnY5m\nCVE-2023-36259", "creation_timestamp": "2024-01-30T10:31:44.000000Z"}, {"uuid": "45ba2306-7d08-42e6-a457-6e008baeeb06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36258", "type": "seen", "source": "https://t.me/cibsecurity/65890", "content": "\u203c CVE-2023-36258 \u203c\n\nAn issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-04T00:23:00.000000Z"}, {"uuid": "163cbf52-0cb9-47b3-8ded-1623c1567df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36255", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llcon64l7r2p", "content": "", "creation_timestamp": "2025-03-26T21:02:11.699741Z"}, {"uuid": "dcc24bcb-9fdc-4730-b1aa-e42e9d64b3f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36250", "type": "published-proof-of-concept", "source": "https://t.me/cKure/11486", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 CVE-2023-36250: CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.\n\nhttps://github.com/BrunoTeixeira1996/CVE-2023-36250", "creation_timestamp": "2023-09-02T11:09:21.000000Z"}, {"uuid": "1f1520d2-03d0-4ccb-b063-6d950955cd0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36258", "type": "seen", "source": "https://t.me/cibsecurity/71868", "content": "\u203c CVE-2023-44467 \u203c\n\nlangchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T00:16:12.000000Z"}, {"uuid": "9a9f13b9-1010-4eaf-81ce-23189b84b4a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36255", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "ebfeabeb-251f-4b8c-b1c7-7af9c7e5e9d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3625", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2584", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1a\u514d\u6740\n\u63cf\u8ff0\uff1a\u514d\u6740\uff0c\u7ea2\u961f\uff0c\u84dd\u961f\uff0c\u9632\u5b88\nURL\uff1ahttps://github.com/huihuo123/CVE-2023-3625\n\n\u6807\u7b7e\uff1a#\u514d\u6740", "creation_timestamp": "2022-06-27T16:07:13.000000Z"}, {"uuid": "12577679-87c1-47c6-ba6d-d20d3ca2cef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36250", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3176", "content": "Hackers Factory \n\nSocial engineering tool [Access Webcam & Microphone & Location Finder] With Python\n\nhttps://github.com/ultrasecurity/Storm-Breaker\n\nEternalHush - new free advanced open-source c2 framework\n\nhttps://github.com/APT64/EternalHushFramework\n\nVMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)\n\nhttps://github.com/sinsinology/CVE-2023-34039\n\nCSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.\n\nhttps://github.com/BrunoTeixeira1996/CVE-2023-36250\n\nA collection of tools for security research on Starlink's User Terminal\n\nhttps://github.com/quarkslab/starlink-tools\n\nSession Hijacking Visual Exploitation\n\nhttps://github.com/doyensec/Session-Hijacking-Visual-Exploitation\n\nPwn2Own Vancouver 2023 Ubuntu LPE exploit\n\nhttps://github.com/synacktiv/CVE-2023-35001\n\nMaking Favicon.ico based Recon Great again \n\nhttps://github.com/devanshbatham/FavFreak\n\nA modern tool written in Python that automates your xss findings.\n\nhttps://github.com/faiyazahmad07/xss_vibes\n\nGet PROXY List that gets updated everyday\n\nhttps://github.com/TheSpeedX/PROXY-List\n\n#infosec #cybersecurity #hackersfactory \n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-09-04T16:29:39.000000Z"}, {"uuid": "138023b0-ae98-4879-b9a3-3767d0c51267", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36256", "type": "seen", "source": "https://t.me/cibsecurity/66225", "content": "\u203c CVE-2023-36256 \u203c\n\nThe Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T22:17:57.000000Z"}, {"uuid": "121819d6-1834-4c20-bd28-08361728748f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36250", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8956", "content": "#exploit\n1. CVE-2023-36250:\nCSV Injection in GNOME time tracker\nhttps://github.com/BrunoTeixeira1996/CVE-2023-36250\n\n2. CVE-2023-35001:\nUbuntu nftables oob read/write exploit\nhttps://github.com/synacktiv/CVE-2023-35001", "creation_timestamp": "2023-09-02T12:17:01.000000Z"}, {"uuid": "86b480af-782a-4623-a383-84c39598bbdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36255", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/eramba_rce.rb", "content": "", "creation_timestamp": "2025-03-25T18:01:43.000000Z"}]}