https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-04T09:29:07.320242+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/8e384330-2112-4a1c-87e4-78c42998ca3c/export8e384330-2112-4a1c-87e4-78c42998ca3c2026-05-04T09:29:07.700759+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "8e384330-2112-4a1c-87e4-78c42998ca3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27637", "type": "exploited", "source": "https://t.me/cibsecurity/60441", "content": "\u203c CVE-2023-27637 \u203c\n\nAn issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-22T15:35:50.000000Z"}2023-03-22T15:35:50+00:00https://vulnerability.circl.lu/sighting/088e9531-0c7b-44a8-abac-16b4c6623efa/export088e9531-0c7b-44a8-abac-16b4c6623efa2026-05-04T09:29:07.700683+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "088e9531-0c7b-44a8-abac-16b4c6623efa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27638", "type": "exploited", "source": "https://t.me/cibsecurity/60443", "content": "\u203c CVE-2023-27638 \u203c\n\nAn issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-22T15:35:55.000000Z"}2023-03-22T15:35:55+00:00https://vulnerability.circl.lu/sighting/14e6d296-eb60-4058-9c4d-1ac2727b2688/export14e6d296-eb60-4058-9c4d-1ac2727b26882026-05-04T09:29:07.700599+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "14e6d296-eb60-4058-9c4d-1ac2727b2688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2763", "type": "seen", "source": "https://t.me/cibsecurity/66492", "content": "\u203c CVE-2023-2763 \u203c\n\nUse-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:41:39.000000Z"}2023-07-12T12:41:39+00:00https://vulnerability.circl.lu/sighting/455ad962-1797-445f-9c5e-911be2f86382/export455ad962-1797-445f-9c5e-911be2f863822026-05-04T09:29:07.700509+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "455ad962-1797-445f-9c5e-911be2f86382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27639", "type": "exploited", "source": "https://t.me/DarkWebInformer_CVEAlerts/1056", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27639\n\ud83d\udd39 Description: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023.\n\ud83d\udccf Published: 2023-06-01T00:00:00\n\ud83d\udccf Modified: 2025-01-09T19:42:36.229Z\n\ud83d\udd17 References:\n1. https://friends-of-presta.github.io/security-advisories/module/2023/03/30/tshirtecommerce_cwe-22.html", "creation_timestamp": "2025-01-09T20:17:14.000000Z"}2025-01-09T20:17:14+00:00https://vulnerability.circl.lu/sighting/ff68a9b9-ea6b-43fd-b37d-a6cc26a1fdf0/exportff68a9b9-ea6b-43fd-b37d-a6cc26a1fdf02026-05-04T09:29:07.700432+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "ff68a9b9-ea6b-43fd-b37d-a6cc26a1fdf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27637", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-27637.yaml", "content": "", "creation_timestamp": "2025-05-29T13:34:23.000000Z"}2025-05-29T13:34:23+00:00https://vulnerability.circl.lu/sighting/7943ac04-2a35-4a25-987b-5ddfccc4891e/export7943ac04-2a35-4a25-987b-5ddfccc4891e2026-05-04T09:29:07.700354+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "7943ac04-2a35-4a25-987b-5ddfccc4891e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27638", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-27638.yaml", "content": "", "creation_timestamp": "2025-05-29T13:34:47.000000Z"}2025-05-29T13:34:47+00:00https://vulnerability.circl.lu/sighting/c7477d25-6d81-435f-ba18-661fa6c2fa4d/exportc7477d25-6d81-435f-ba18-661fa6c2fa4d2026-05-04T09:29:07.700246+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "c7477d25-6d81-435f-ba18-661fa6c2fa4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27637", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lqg4xgtztk2v", "content": "", "creation_timestamp": "2025-05-30T21:02:20.739534Z"}2025-05-30T21:02:20.739534+00:00https://vulnerability.circl.lu/sighting/7f9123f6-1e36-45ce-9c59-5cc5e7c93cd3/export7f9123f6-1e36-45ce-9c59-5cc5e7c93cd32026-05-04T09:29:07.698319+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "7f9123f6-1e36-45ce-9c59-5cc5e7c93cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27638", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lqingc5q2g2u", "content": "", "creation_timestamp": "2025-05-31T21:02:20.943512Z"}2025-05-31T21:02:20.943512+00:00