https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-17T10:52:41.090888+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/5da99da1-098e-4d05-901d-3a0302680f8d/export5da99da1-098e-4d05-901d-3a0302680f8d2026-06-17T10:52:41.463276+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "5da99da1-098e-4d05-901d-3a0302680f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26560", "type": "seen", "source": "https://t.me/cibsecurity/62885", "content": "\u203c CVE-2023-26560 \u203c\n\nNorthern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T07:30:38.000000Z"}2023-04-26T07:30:38+00:00https://vulnerability.circl.lu/sighting/cd5f1989-2717-4abb-9cd2-048effa754d7/exportcd5f1989-2717-4abb-9cd2-048effa754d72026-06-17T10:52:41.463191+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "cd5f1989-2717-4abb-9cd2-048effa754d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26567", "type": "seen", "source": "https://t.me/cibsecurity/62943", "content": "\u203c CVE-2023-26567 \u203c\n\nSangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:17.000000Z"}2023-04-27T00:25:17+00:00https://vulnerability.circl.lu/sighting/c92312a3-329f-42b3-9386-a969277bb0c0/exportc92312a3-329f-42b3-9386-a969277bb0c02026-06-17T10:52:41.463103+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "c92312a3-329f-42b3-9386-a969277bb0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2656", "type": "seen", "source": "https://t.me/cibsecurity/63875", "content": "\u203c CVE-2023-2656 \u203c\n\nA vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228798 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T16:15:19.000000Z"}2023-05-11T16:15:19+00:00https://vulnerability.circl.lu/sighting/9ff68454-2fa2-48e2-b2b8-b88ab4790637/export9ff68454-2fa2-48e2-b2b8-b88ab47906372026-06-17T10:52:41.463012+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "9ff68454-2fa2-48e2-b2b8-b88ab4790637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26563", "type": "seen", "source": "https://t.me/cibsecurity/66606", "content": "\u203c CVE-2023-26563 \u203c\n\nThe Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T00:25:48.000000Z"}2023-07-13T00:25:48+00:00https://vulnerability.circl.lu/sighting/f7779f75-a2b5-4e00-80a9-6af710ca208a/exportf7779f75-a2b5-4e00-80a9-6af710ca208a2026-06-17T10:52:41.462916+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "f7779f75-a2b5-4e00-80a9-6af710ca208a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26564", "type": "seen", "source": "https://t.me/cibsecurity/66607", "content": "\u203c CVE-2023-26564 \u203c\n\nThe Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T00:25:49.000000Z"}2023-07-13T00:25:49+00:00https://vulnerability.circl.lu/sighting/6c7a2eed-291f-47b1-9804-6057e17a22d4/export6c7a2eed-291f-47b1-9804-6057e17a22d42026-06-17T10:52:41.462832+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "6c7a2eed-291f-47b1-9804-6057e17a22d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26568", "type": "seen", "source": "https://t.me/cibsecurity/72835", "content": "\u203c CVE-2023-26568 \u203c\n\nUnauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend\u00e2\u20ac\u2122s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:39:21.000000Z"}2023-10-25T22:39:21+00:00https://vulnerability.circl.lu/sighting/3bbedb6c-72b4-463c-8f76-3ae9f6b662fd/export3bbedb6c-72b4-463c-8f76-3ae9f6b662fd2026-06-17T10:52:41.462718+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "3bbedb6c-72b4-463c-8f76-3ae9f6b662fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26569", "type": "seen", "source": "https://t.me/cibsecurity/72841", "content": "\u203c CVE-2023-26569 \u203c\n\nUnauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend\u00e2\u20ac\u2122s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:39:28.000000Z"}2023-10-25T22:39:28+00:00https://vulnerability.circl.lu/sighting/2ef45015-208e-43a0-b6a0-e107ee2bdb53/export2ef45015-208e-43a0-b6a0-e107ee2bdb532026-06-17T10:52:41.460519+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "2ef45015-208e-43a0-b6a0-e107ee2bdb53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26562", "type": "seen", "source": "https://t.me/ctinow/183968", "content": "https://ift.tt/hnVU6EQ\nCVE-2023-26562", "creation_timestamp": "2024-02-13T17:21:59.000000Z"}2024-02-13T17:21:59+00:00