https://vulnerability.circl.lu/sightings/feed 2026-05-04T13:41:04.360089+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/7ac87573-ea24-4e01-91b1-551044d1848e/export 2026-05-04T13:41:04.683280+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "7ac87573-ea24-4e01-91b1-551044d1848e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25260", "type": "seen", "source": "https://t.me/cibsecurity/38127", "content": "\u203c CVE-2022-25260 \u203c\n\nJetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T22:21:15.000000Z"} 2022-02-25T22:21:15+00:00 https://vulnerability.circl.lu/sighting/f010ef0a-10d6-45e5-8155-3d3f9a6ebb73/export 2026-05-04T13:41:04.683113+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f010ef0a-10d6-45e5-8155-3d3f9a6ebb73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25260", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/504", "content": "CVE-2022-25260 : JetBrains Hub < 2021.1.14276 - blind Server-Side Request Forgery\nhttps://github.com/yuriisanin/CVE-2022-25260", "creation_timestamp": "2022-10-02T16:31:00.000000Z"} 2022-10-02T16:31:00+00:00 https://vulnerability.circl.lu/sighting/10a6b388-dcb9-40ea-a3ff-655da691e234/export 2026-05-04T13:41:04.679852+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "10a6b388-dcb9-40ea-a3ff-655da691e234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25260", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2751", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bCVE-2022-20360\n\nAndroid setChecked LPE\n\nhttps://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20360\n\n#cve\n\n\u200b\u200bCVE-2022-20128\n\nAndroid Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.\n\nhttps://github.com/irsl/CVE-2022-20128\n\n#cve\n\n\u200b\u200bSandbox Scryer\n\nThe Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement and in threat hunting By allowing researchers to send thousands of samples to a sandbox for building a profile that can be used with the ATT&CK technique, the Sandbox Scryer delivers an unprecedented ability to solve use cases at scale.\n\nThe tool is intended for cybersecurity professionals who are interested in threat hunting and attack analysis leveraging sandbox output data. The Sandbox Scryer tool currently consumes output from the free and public Hybrid Analysis malware analysis service helping analysts expedite and scale threat hunting.\n\nhttps://github.com/PayloadSecurity/Sandbox_Scryer\n\nCrowdStrike Introduces Sandbox Scryer: A Free Threat-Hunting Tool for Generating MITRE ATT&CK and Navigator Data: https://www.crowdstrike.com/blog/sandbox-scryer\n\n\u200b\u200bleaky-paths\n\nA collection of special paths linked to major web CVEs, known juicy APIs, misconfigurations.. etc. These could be used for web-content discovery as a way to find quick wins.\n\nUpdate: I have removed all the other sub-list files and kept everything consolidated on \"all-files\". This would be much better to remove confusion and keep it all-in-one.\n\nhttps://github.com/ayoubfathi/leaky-paths\n\n\u200b\u200bCVE-2022-25260\n\nJetBrains Hub pre-auth semi-blind server-side request forgery (SSRF)\n\nhttps://github.com/yuriisanin/CVE-2022-25260\n\n#cve #poc\n\n\u200b\u200bInvoke-DLLClone\n\nInvoke-DllClone combines two projects called Koppeling and Invoke-MetaTwin. Invoke-DllClone can copy metadata and the AuthenticodeSignature from a source binary and into a target binary It also uses koppeling to clone the export table from a refference dll onto a malicious DLL post-build using NetClone Finally, it also supports random fake signatures using LazySign logic.\n\nhttps://github.com/jfmaes/Invoke-DLLClone\n\n\u200b\u200bRedeye\n\nRedeye is a great platform that any #redteam should have - It covers all aspects of red team engagement - Whether it is to organize all sort of data, create a timeline of the engagement and much more!\n\nhttps://github.com/redeye-framework/Redeye\n\n\u200b\u200bCVE-2022-37706\n\nA reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04).\n\nhttps://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit\n\n#cve #exploit\n\n\u200b\u200bEyeBinder\n\nA free silent (hidden) open-source native file binder.\n\nFeatures:\n\u25ab\ufe0f Native or Managed - Builds the final executable as a native (C) or a managed (.NET C#) 32-bit file depending on choice\n\u25ab\ufe0f Silent - Drops and executes (if enabled) files without any visible output unless the bound program has one\n\u25ab\ufe0f Multiple files - Supports binding any amount of files\n\u25ab\ufe0f Compatible - Supports all tested Windows version (Windows 7 to Windows 11) and all file types\n\u25ab\ufe0f Windows Defender exclusions - Can add exclusions into Windows Defender to ignore any detections from the bound files\n\u25ab\ufe0f Icon/Assembly - Supports adding an Icon and/or Assembly Data to the built file\n\u25ab\ufe0f Fake Error - Supports displaying a fake error message when file is originally started\n\nhttps://github.com/TeamDarkAnon/EyEyeBinde\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org\n\n#InsoSec #cybersec \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-03-28T08:55:29.000000Z"} 2023-03-28T08:55:29+00:00