<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-04T04:46:35.411112+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/69f79617-dd9b-4096-8ed8-54381e59f31d/export</id>
    <title>69f79617-dd9b-4096-8ed8-54381e59f31d</title>
    <updated>2026-07-04T04:46:35.430155+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "69f79617-dd9b-4096-8ed8-54381e59f31d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25608", "type": "seen", "source": "https://t.me/cibsecurity/70381", "content": "\u203c CVE-2023-25608 \u203c\n\nAn incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T16:23:48.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/69f79617-dd9b-4096-8ed8-54381e59f31d/export"/>
    <published>2023-09-13T16:23:48+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21/export</id>
    <title>0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21</title>
    <updated>2026-07-04T04:46:35.432232+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25600", "type": "seen", "source": "https://t.me/cibsecurity/67690", "content": "\u203c CVE-2023-25600 \u203c\n\nAn issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T18:40:11.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21/export"/>
    <published>2023-08-03T18:40:11+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ce1d5590-df26-4a3a-9f5a-3b8d3896ef60/export</id>
    <title>ce1d5590-df26-4a3a-9f5a-3b8d3896ef60</title>
    <updated>2026-07-04T04:46:35.432340+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ce1d5590-df26-4a3a-9f5a-3b8d3896ef60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25606", "type": "seen", "source": "https://t.me/cibsecurity/66404", "content": "\u203c CVE-2023-25606 \u203c\n\nAn improper limitation of a pathname to a restricted directory ('Path Traversal')\u00c2\u00a0vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface\u00c2\u00a07.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 \u00c2\u00a0all versions may allow a remote and\u00c2\u00a0authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:40.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ce1d5590-df26-4a3a-9f5a-3b8d3896ef60/export"/>
    <published>2023-07-11T20:29:40+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4da02d66-408d-4648-b684-ff0cd9789d41/export</id>
    <title>4da02d66-408d-4648-b684-ff0cd9789d41</title>
    <updated>2026-07-04T04:46:35.432413+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4da02d66-408d-4648-b684-ff0cd9789d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25601", "type": "seen", "source": "https://t.me/cibsecurity/62533", "content": "\u203c CVE-2023-25601 \u203c\n\nOn version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-20T20:30:45.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4da02d66-408d-4648-b684-ff0cd9789d41/export"/>
    <published>2023-04-20T20:30:45+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f57e67e0-9f1b-49aa-83fc-4ef0555d9763/export</id>
    <title>f57e67e0-9f1b-49aa-83fc-4ef0555d9763</title>
    <updated>2026-07-04T04:46:35.432476+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f57e67e0-9f1b-49aa-83fc-4ef0555d9763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25605", "type": "seen", "source": "https://t.me/cibsecurity/59594", "content": "\u203c CVE-2023-25605 \u203c\n\nA improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:30.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f57e67e0-9f1b-49aa-83fc-4ef0555d9763/export"/>
    <published>2023-03-07T20:23:30+00:00</published>
  </entry>
</feed>
