<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 03 Jul 2026 18:21:42 +0000</lastBuildDate>
    <item>
      <title>17e8bf21-4268-4a1f-8655-39025f0a437b</title>
      <link>https://vulnerability.circl.lu/sighting/17e8bf21-4268-4a1f-8655-39025f0a437b/export</link>
      <description>{"uuid": "17e8bf21-4268-4a1f-8655-39025f0a437b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22720", "type": "seen", "source": "https://t.me/cibsecurity/63895", "content": "\u203c CVE-2023-22720 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin &amp;lt;=\u00c2\u00a04.9.3 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T18:15:29.000000Z"}</description>
      <content:encoded>{"uuid": "17e8bf21-4268-4a1f-8655-39025f0a437b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22720", "type": "seen", "source": "https://t.me/cibsecurity/63895", "content": "\u203c CVE-2023-22720 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin &amp;lt;=\u00c2\u00a04.9.3 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T18:15:29.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/17e8bf21-4268-4a1f-8655-39025f0a437b/export</guid>
      <pubDate>Thu, 11 May 2023 18:15:29 +0000</pubDate>
    </item>
    <item>
      <title>bb167268-07fb-444f-919e-59f492016b25</title>
      <link>https://vulnerability.circl.lu/sighting/bb167268-07fb-444f-919e-59f492016b25/export</link>
      <description>{"uuid": "bb167268-07fb-444f-919e-59f492016b25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22729", "type": "seen", "source": "https://t.me/cibsecurity/62901", "content": "\u203c CVE-2023-22729 \u203c\n\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T18:25:58.000000Z"}</description>
      <content:encoded>{"uuid": "bb167268-07fb-444f-919e-59f492016b25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22729", "type": "seen", "source": "https://t.me/cibsecurity/62901", "content": "\u203c CVE-2023-22729 \u203c\n\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T18:25:58.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bb167268-07fb-444f-919e-59f492016b25/export</guid>
      <pubDate>Wed, 26 Apr 2023 18:25:58 +0000</pubDate>
    </item>
    <item>
      <title>ca219ac1-f325-4117-bcf0-b2a869379bc2</title>
      <link>https://vulnerability.circl.lu/sighting/ca219ac1-f325-4117-bcf0-b2a869379bc2/export</link>
      <description>{"uuid": "ca219ac1-f325-4117-bcf0-b2a869379bc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22728", "type": "seen", "source": "https://t.me/cibsecurity/62899", "content": "\u203c CVE-2023-22728 \u203c\n\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T18:25:56.000000Z"}</description>
      <content:encoded>{"uuid": "ca219ac1-f325-4117-bcf0-b2a869379bc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22728", "type": "seen", "source": "https://t.me/cibsecurity/62899", "content": "\u203c CVE-2023-22728 \u203c\n\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T18:25:56.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ca219ac1-f325-4117-bcf0-b2a869379bc2/export</guid>
      <pubDate>Wed, 26 Apr 2023 18:25:56 +0000</pubDate>
    </item>
    <item>
      <title>1cba4f01-3955-4f57-8a8f-e1256b7b3beb</title>
      <link>https://vulnerability.circl.lu/sighting/1cba4f01-3955-4f57-8a8f-e1256b7b3beb/export</link>
      <description>{"uuid": "1cba4f01-3955-4f57-8a8f-e1256b7b3beb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22721", "type": "seen", "source": "https://t.me/cibsecurity/56868", "content": "\u203c CVE-2023-22721 \u203c\n\nAuth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress &amp;lt;= 3.2.7 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T20:24:09.000000Z"}</description>
      <content:encoded>{"uuid": "1cba4f01-3955-4f57-8a8f-e1256b7b3beb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22721", "type": "seen", "source": "https://t.me/cibsecurity/56868", "content": "\u203c CVE-2023-22721 \u203c\n\nAuth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress &amp;lt;= 3.2.7 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T20:24:09.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1cba4f01-3955-4f57-8a8f-e1256b7b3beb/export</guid>
      <pubDate>Mon, 23 Jan 2023 20:24:09 +0000</pubDate>
    </item>
    <item>
      <title>567626d8-bcfc-460c-aa6c-e1365296c142</title>
      <link>https://vulnerability.circl.lu/sighting/567626d8-bcfc-460c-aa6c-e1365296c142/export</link>
      <description>{"uuid": "567626d8-bcfc-460c-aa6c-e1365296c142", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22726", "type": "seen", "source": "https://t.me/cibsecurity/56799", "content": "\u203c CVE-2023-22726 \u203c\n\nact is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. The /upload endpoint is vulnerable to path traversal as filepath is user controlled, and ultimately flows into os.Mkdir and os.Open. The /artifact endpoint is vulnerable to path traversal as the path is variable is user controlled, and the specified file is ultimately returned by the server. This has been addressed in version 0.2.40. Users are advised to upgrade. Users unable to upgrade may, during implementation of Open and OpenAtEnd for FS, ensure to use ValidPath() to check against path traversal or clean the user-provided paths manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-21T00:22:55.000000Z"}</description>
      <content:encoded>{"uuid": "567626d8-bcfc-460c-aa6c-e1365296c142", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22726", "type": "seen", "source": "https://t.me/cibsecurity/56799", "content": "\u203c CVE-2023-22726 \u203c\n\nact is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. The /upload endpoint is vulnerable to path traversal as filepath is user controlled, and ultimately flows into os.Mkdir and os.Open. The /artifact endpoint is vulnerable to path traversal as the path is variable is user controlled, and the specified file is ultimately returned by the server. This has been addressed in version 0.2.40. Users are advised to upgrade. Users unable to upgrade may, during implementation of Open and OpenAtEnd for FS, ensure to use ValidPath() to check against path traversal or clean the user-provided paths manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-21T00:22:55.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/567626d8-bcfc-460c-aa6c-e1365296c142/export</guid>
      <pubDate>Sat, 21 Jan 2023 00:22:55 +0000</pubDate>
    </item>
    <item>
      <title>d24d0dee-3314-4707-a714-2a6cf08d8845</title>
      <link>https://vulnerability.circl.lu/sighting/d24d0dee-3314-4707-a714-2a6cf08d8845/export</link>
      <description>{"uuid": "d24d0dee-3314-4707-a714-2a6cf08d8845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22727", "type": "seen", "source": "https://t.me/cibsecurity/56620", "content": "\u203c CVE-2023-22727 \u203c\n\nCakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T00:15:20.000000Z"}</description>
      <content:encoded>{"uuid": "d24d0dee-3314-4707-a714-2a6cf08d8845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22727", "type": "seen", "source": "https://t.me/cibsecurity/56620", "content": "\u203c CVE-2023-22727 \u203c\n\nCakePHP is a development framework for PHP web apps. In affected versions the `Cake\\Database\\Query::limit()` and `Cake\\Database\\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T00:15:20.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d24d0dee-3314-4707-a714-2a6cf08d8845/export</guid>
      <pubDate>Wed, 18 Jan 2023 00:15:20 +0000</pubDate>
    </item>
    <item>
      <title>ea79f14f-f65a-4a49-a9a4-e0205035399b</title>
      <link>https://vulnerability.circl.lu/sighting/ea79f14f-f65a-4a49-a9a4-e0205035399b/export</link>
      <description>{"uuid": "ea79f14f-f65a-4a49-a9a4-e0205035399b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-22726", "type": "published-proof-of-concept", "source": "https://github.com/nektos/act/security/advisories/GHSA-pc99-qmg4-rcff", "content": "", "creation_timestamp": "2023-01-16T21:43:07.000000Z"}</description>
      <content:encoded>{"uuid": "ea79f14f-f65a-4a49-a9a4-e0205035399b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-22726", "type": "published-proof-of-concept", "source": "https://github.com/nektos/act/security/advisories/GHSA-pc99-qmg4-rcff", "content": "", "creation_timestamp": "2023-01-16T21:43:07.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ea79f14f-f65a-4a49-a9a4-e0205035399b/export</guid>
      <pubDate>Mon, 16 Jan 2023 21:43:07 +0000</pubDate>
    </item>
  </channel>
</rss>
