https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 09 May 2026 14:35:43 +0000 https://vulnerability.circl.lu/sighting/bd9cdd42-1261-4ea4-828b-819a1c422b77/export {"uuid": "bd9cdd42-1261-4ea4-828b-819a1c422b77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-5229", "type": "seen", "source": "https://t.me/cibsecurity/73242", "content": "\u203c CVE-2023-5229 \u203c\n\nThe E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T17:21:14.000000Z"} {"uuid": "bd9cdd42-1261-4ea4-828b-819a1c422b77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-5229", "type": "seen", "source": "https://t.me/cibsecurity/73242", "content": "\u203c CVE-2023-5229 \u203c\n\nThe E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T17:21:14.000000Z"} https://vulnerability.circl.lu/sighting/bd9cdd42-1261-4ea4-828b-819a1c422b77/export Tue, 31 Oct 2023 17:21:14 +0000 https://vulnerability.circl.lu/sighting/f7fa4d6b-bcd9-463e-b178-ca81e273981a/export {"uuid": "f7fa4d6b-bcd9-463e-b178-ca81e273981a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52290", "type": "seen", "source": "https://t.me/cvedetector/917", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-52290 - Streampark-console SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2023-52290 \nPublished : July 16, 2024, 8:15 a.m. | 38\u00a0minutes ago \nDescription : In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, there is a risk of SQL injection vulnerability.\u00a0The attacker must successfully log into the system to launch an attack, which may cause data leakage. Since no data will be written, so this is a low-impact vulnerability. \n \nMitigation: \n \nall users should upgrade to 2.1.4, Such parameters will be blocked. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T11:15:11.000000Z"} {"uuid": "f7fa4d6b-bcd9-463e-b178-ca81e273981a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52290", "type": "seen", "source": "https://t.me/cvedetector/917", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-52290 - Streampark-console SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2023-52290 \nPublished : July 16, 2024, 8:15 a.m. | 38\u00a0minutes ago \nDescription : In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field. However, because this sort field isn't validated, there is a risk of SQL injection vulnerability.\u00a0The attacker must successfully log into the system to launch an attack, which may cause data leakage. Since no data will be written, so this is a low-impact vulnerability. \n \nMitigation: \n \nall users should upgrade to 2.1.4, Such parameters will be blocked. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T11:15:11.000000Z"} https://vulnerability.circl.lu/sighting/f7fa4d6b-bcd9-463e-b178-ca81e273981a/export Tue, 16 Jul 2024 11:15:11 +0000 https://vulnerability.circl.lu/sighting/dc8800f8-99d7-4c87-9466-75ac6385a1f3/export {"uuid": "dc8800f8-99d7-4c87-9466-75ac6385a1f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52291", "type": "seen", "source": "https://t.me/cvedetector/1071", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-52291 - Streampark Maven Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2023-52291 \nPublished : July 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. \n \nBackground: \n \nIn the \"Project\" module, the maven build args\u00a0\u00a0\u201c Severity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T12:22:00.000000Z"} {"uuid": "dc8800f8-99d7-4c87-9466-75ac6385a1f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52291", "type": "seen", "source": "https://t.me/cvedetector/1071", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-52291 - Streampark Maven Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2023-52291 \nPublished : July 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. \n \nBackground: \n \nIn the \"Project\" module, the maven build args\u00a0\u00a0\u201c Severity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T12:22:00.000000Z"} https://vulnerability.circl.lu/sighting/dc8800f8-99d7-4c87-9466-75ac6385a1f3/export Wed, 17 Jul 2024 12:22:00 +0000 https://vulnerability.circl.lu/sighting/9ffad856-c8b6-4d8c-8c6f-cad6d2961aa2/export {"uuid": "9ffad856-c8b6-4d8c-8c6f-cad6d2961aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52292", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113901204902829019", "content": "", "creation_timestamp": "2025-01-27T16:14:20.083394Z"} {"uuid": "9ffad856-c8b6-4d8c-8c6f-cad6d2961aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52292", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113901204902829019", "content": "", "creation_timestamp": "2025-01-27T16:14:20.083394Z"} https://vulnerability.circl.lu/sighting/9ffad856-c8b6-4d8c-8c6f-cad6d2961aa2/export Mon, 27 Jan 2025 16:14:20 +0000 https://vulnerability.circl.lu/sighting/6d3b6161-84a3-4dc8-84cf-9a757fa22ac0/export {"uuid": "6d3b6161-84a3-4dc8-84cf-9a757fa22ac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52292", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqdmftjcx2r", "content": "", "creation_timestamp": "2025-01-27T16:16:06.923617Z"} {"uuid": "6d3b6161-84a3-4dc8-84cf-9a757fa22ac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52292", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqdmftjcx2r", "content": "", "creation_timestamp": "2025-01-27T16:16:06.923617Z"} https://vulnerability.circl.lu/sighting/6d3b6161-84a3-4dc8-84cf-9a757fa22ac0/export Mon, 27 Jan 2025 16:16:06 +0000 https://vulnerability.circl.lu/sighting/acc838a4-c449-45f4-a0f5-af6b7ccb7f6a/export {"uuid": "acc838a4-c449-45f4-a0f5-af6b7ccb7f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52292", "type": "seen", "source": "https://t.me/cvedetector/16471", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-52292 - IBM Sterling File Gateway Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2023-52292 \nPublished : Jan. 27, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T17:40:27.000000Z"} {"uuid": "acc838a4-c449-45f4-a0f5-af6b7ccb7f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-52292", "type": "seen", "source": "https://t.me/cvedetector/16471", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-52292 - IBM Sterling File Gateway Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2023-52292 \nPublished : Jan. 27, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T17:40:27.000000Z"} https://vulnerability.circl.lu/sighting/acc838a4-c449-45f4-a0f5-af6b7ccb7f6a/export Mon, 27 Jan 2025 17:40:27 +0000