https://vulnerability.circl.lu/sightings/feed 2026-05-05T21:06:19.526729+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/57e39f63-4f2b-4e9f-9525-0c7970962efc/export 2026-05-05T21:06:19.816749+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "57e39f63-4f2b-4e9f-9525-0c7970962efc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33252", "type": "seen", "source": "https://t.me/cibsecurity/64497", "content": "\u203c CVE-2023-33252 \u203c\n\niden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T02:24:59.000000Z"} 2023-05-22T02:24:59+00:00 https://vulnerability.circl.lu/sighting/4be0a5a1-4723-426d-94e9-26058a94f136/export 2026-05-05T21:06:19.816679+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "4be0a5a1-4723-426d-94e9-26058a94f136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33254", "type": "seen", "source": "https://t.me/cibsecurity/64499", "content": "\u203c CVE-2023-33254 \u203c\n\nThere is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T02:25:01.000000Z"} 2023-05-22T02:25:01+00:00 https://vulnerability.circl.lu/sighting/ecf8dc5b-f204-4fbb-93f6-14b6157b68e2/export 2026-05-05T21:06:19.816607+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "ecf8dc5b-f204-4fbb-93f6-14b6157b68e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33253", "type": "seen", "source": "https://t.me/cibsecurity/65133", "content": "\u203c CVE-2023-33253 \u203c\n\nLabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-12T16:39:50.000000Z"} 2023-06-12T16:39:50+00:00 https://vulnerability.circl.lu/sighting/395bfb8f-8ffc-46e1-93ba-1d69b79de500/export 2026-05-05T21:06:19.816517+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "395bfb8f-8ffc-46e1-93ba-1d69b79de500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3325", "type": "seen", "source": "https://t.me/cibsecurity/65355", "content": "\u203c CVE-2023-3325 \u203c\n\nThe CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-20T12:25:15.000000Z"} 2023-06-20T12:25:15+00:00 https://vulnerability.circl.lu/sighting/ddd392ce-e682-440f-b73d-5b4b8f3b43de/export 2026-05-05T21:06:19.816443+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "ddd392ce-e682-440f-b73d-5b4b8f3b43de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33257", "type": "seen", "source": "https://t.me/cibsecurity/67593", "content": "\u203c CVE-2023-33257 \u203c\n\nVerint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T18:39:19.000000Z"} 2023-08-02T18:39:19+00:00 https://vulnerability.circl.lu/sighting/5d9594a6-cd4e-45ea-95de-08d859730b5c/export 2026-05-05T21:06:19.816362+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "5d9594a6-cd4e-45ea-95de-08d859730b5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33255", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1858", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33255\n\ud83d\udd39 Description: An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application.\n\ud83d\udccf Published: 2023-05-26T00:00:00\n\ud83d\udccf Modified: 2025-01-15T20:33:07.303Z\n\ud83d\udd17 References:\n1. https://schutzwerk.com\n2. https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt\n3. http://seclists.org/fulldisclosure/2023/May/21\n4. http://packetstormsecurity.com/files/172644/Papaya-Medical-Viewer-1.0-Cross-Site-Scripting.html\n5. https://www.schutzwerk.com/blog/schutzwerk-sa-2022-001/", "creation_timestamp": "2025-01-15T20:54:56.000000Z"} 2025-01-15T20:54:56+00:00 https://vulnerability.circl.lu/sighting/ed5cd4f1-bfed-4efc-97ca-fe13f22fd4a0/export 2026-05-05T21:06:19.816285+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "ed5cd4f1-bfed-4efc-97ca-fe13f22fd4a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33252", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2419", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33252\n\ud83d\udd39 Description: iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.\n\ud83d\udccf Published: 2023-05-21T00:00:00\n\ud83d\udccf Modified: 2025-01-21T16:54:23.973Z\n\ud83d\udd17 References:\n1. https://github.com/iden3/snarkjs/commits/master/src/groth16_verify.js\n2. https://github.com/iden3/snarkjs/tags", "creation_timestamp": "2025-01-21T17:00:36.000000Z"} 2025-01-21T17:00:36+00:00 https://vulnerability.circl.lu/sighting/e32e0723-50bf-444e-bb7a-d9166553a6e3/export 2026-05-05T21:06:19.816170+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e32e0723-50bf-444e-bb7a-d9166553a6e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33251", "type": "seen", "source": "Telegram/6eaiVpP7D7d7MLja7Gg0xobPFOSHFj1G4htbCFLv7L-9HKNi", "content": "", "creation_timestamp": "2025-02-01T17:28:10.000000Z"} 2025-02-01T17:28:10+00:00 https://vulnerability.circl.lu/sighting/805ca4fb-dfee-46e6-92b5-630d690b18c9/export 2026-05-05T21:06:19.816002+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "805ca4fb-dfee-46e6-92b5-630d690b18c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33254", "type": "seen", "source": "Telegram/1xYPApKroK8NNrI0VRas_lTyev040vXmNFr6VPCPgipazjfd", "content": "", "creation_timestamp": "2025-02-01T17:28:10.000000Z"} 2025-02-01T17:28:10+00:00 https://vulnerability.circl.lu/sighting/3f331918-f714-40a0-af51-8603736c08f7/export 2026-05-05T21:06:19.812983+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "3f331918-f714-40a0-af51-8603736c08f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33250", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7958", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33250\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.\n\ud83d\udccf Published: 2023-05-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T18:36:45.174Z\n\ud83d\udd17 References:\n1. https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ\n2. https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/\n3. https://security.netapp.com/advisory/ntap-20230622-0006/\n4. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dbe245cdf5189e88d680379ed13901356628b650\n5. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=804ca14d04df09bf7924bacc5ad22a4bed80c94f\n6. https://bugzilla.suse.com/show_bug.cgi?id=1211597", "creation_timestamp": "2025-03-18T19:02:49.000000Z"} 2025-03-18T19:02:49+00:00