Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 11 May 2026 06:06:18 +0000 a68a00eb-63ea-4b73-8ecd-12b39d2d3eac https://vulnerability.circl.lu/sighting/a68a00eb-63ea-4b73-8ecd-12b39d2d3eac/export {"uuid": "a68a00eb-63ea-4b73-8ecd-12b39d2d3eac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27640", "type": "exploited", "source": "https://t.me/DarkWebInformer_CVEAlerts/834", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27640\n\ud83d\udd39 Description: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023.\n\ud83d\udccf Published: 2023-06-01T00:00:00\n\ud83d\udccf Modified: 2025-01-08T20:58:57.837Z\n\ud83d\udd17 References:\n1. https://friends-of-presta.github.io/security-advisories/module/2023/03/30/tshirtecommerce_cwe-22.html", "creation_timestamp": "2025-01-08T21:13:28.000000Z"} {"uuid": "a68a00eb-63ea-4b73-8ecd-12b39d2d3eac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27640", "type": "exploited", "source": "https://t.me/DarkWebInformer_CVEAlerts/834", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27640\n\ud83d\udd39 Description: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023.\n\ud83d\udccf Published: 2023-06-01T00:00:00\n\ud83d\udccf Modified: 2025-01-08T20:58:57.837Z\n\ud83d\udd17 References:\n1. https://friends-of-presta.github.io/security-advisories/module/2023/03/30/tshirtecommerce_cwe-22.html", "creation_timestamp": "2025-01-08T21:13:28.000000Z"} https://vulnerability.circl.lu/sighting/a68a00eb-63ea-4b73-8ecd-12b39d2d3eac/export Wed, 08 Jan 2025 21:13:28 +0000