https://vulnerability.circl.lu/sightings/feed 2026-05-05T19:45:57.703313+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f94ab498-7e51-46a0-bfe0-2b6541ce20b2/export 2026-05-05T19:45:58.063037+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f94ab498-7e51-46a0-bfe0-2b6541ce20b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30616", "type": "seen", "source": "https://t.me/cibsecurity/62546", "content": "\u203c CVE-2023-30616 \u203c\n\nForm block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-20T22:31:00.000000Z"} 2023-04-20T22:31:00+00:00 https://vulnerability.circl.lu/sighting/74977b13-ddd5-430a-85a1-df5697adceec/export 2026-05-05T19:45:58.062953+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "74977b13-ddd5-430a-85a1-df5697adceec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30618", "type": "seen", "source": "https://t.me/cibsecurity/62636", "content": "\u203c CVE-2023-30618 \u203c\n\nKitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-22T00:32:01.000000Z"} 2023-04-22T00:32:01+00:00 https://vulnerability.circl.lu/sighting/c29440f8-ad14-45c5-ac6f-cc3ba4308951/export 2026-05-05T19:45:58.062872+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "c29440f8-ad14-45c5-ac6f-cc3ba4308951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30613", "type": "seen", "source": "https://t.me/cibsecurity/62723", "content": "\u203c CVE-2023-30613 \u203c\n\nKiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer. Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `` tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-24T20:19:23.000000Z"} 2023-04-24T20:19:23+00:00 https://vulnerability.circl.lu/sighting/10fc6c15-bacc-45e7-8c0e-7a600104819b/export 2026-05-05T19:45:58.062791+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "10fc6c15-bacc-45e7-8c0e-7a600104819b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30619", "type": "seen", "source": "https://t.me/cibsecurity/63296", "content": "\u203c CVE-2023-30619 \u203c\n\nTuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-04T18:33:15.000000Z"} 2023-05-04T18:33:15+00:00 https://vulnerability.circl.lu/sighting/e7f77034-0fbf-4982-a666-119ff2ae2df6/export 2026-05-05T19:45:58.062708+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e7f77034-0fbf-4982-a666-119ff2ae2df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3061", "type": "seen", "source": "https://t.me/cibsecurity/64890", "content": "\u203c CVE-2023-3061 \u203c\n\nA vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-02T18:37:27.000000Z"} 2023-06-02T18:37:27+00:00 https://vulnerability.circl.lu/sighting/e87dfa89-8dbd-40c0-b563-d0480ead69c3/export 2026-05-05T19:45:58.062629+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e87dfa89-8dbd-40c0-b563-d0480ead69c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/ctinow/162473", "content": "https://ift.tt/n4mLBOq\nCVE-2023-30617", "creation_timestamp": "2024-01-03T17:26:50.000000Z"} 2024-01-03T17:26:50+00:00 https://vulnerability.circl.lu/sighting/0ffb5cc7-ce5d-4ebb-ab40-f40669908c93/export 2026-05-05T19:45:58.062529+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "0ffb5cc7-ce5d-4ebb-ab40-f40669908c93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/cibsecurity/74322", "content": "\u203c\ufe0fCVE-2023-30617\u203c\ufe0f\n\nKruise provides automated management of largescale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruisedaemon run can leverage the kruisedaemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets e.g. the kruisemanager service account token to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruisedaemonrole to drop the cluster level secret getlist privilege.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:36:04.000000Z"} 2024-01-04T01:36:04+00:00 https://vulnerability.circl.lu/sighting/c3f4a59f-e814-4b6e-a48e-dad0044535f3/export 2026-05-05T19:45:58.062440+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "c3f4a59f-e814-4b6e-a48e-dad0044535f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/arpsyndicate/2496", "content": "#ExploitObserverAlert\n\nCVE-2023-30617\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-30617. Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.", "creation_timestamp": "2024-01-05T16:46:11.000000Z"} 2024-01-05T16:46:11+00:00 https://vulnerability.circl.lu/sighting/99830c77-7037-4fa2-84e9-e97ab8d5e4bb/export 2026-05-05T19:45:58.062327+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "99830c77-7037-4fa2-84e9-e97ab8d5e4bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/ctinow/172118", "content": "https://ift.tt/Y540nqU\nCVE-2023-30617 | openkruise Kruise up to 1.3.0/1.4.0/1.5.1 kruise-daemon pod unnecessary privileges (GHSA-437m-7hj5-9mpw)", "creation_timestamp": "2024-01-23T16:56:40.000000Z"} 2024-01-23T16:56:40+00:00 https://vulnerability.circl.lu/sighting/47940b44-30d7-40d3-a8cd-b8fb4ef7d485/export 2026-05-05T19:45:58.059827+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "47940b44-30d7-40d3-a8cd-b8fb4ef7d485", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30610", "type": "seen", "source": "Telegram/_QjLVcu-WqgjAE7odPYeG3ITIVOyHAbZfXok_zVYSRTpFnRR", "content": "", "creation_timestamp": "2025-02-06T02:43:29.000000Z"} 2025-02-06T02:43:29+00:00