https://vulnerability.circl.lu/sightings/feed 2026-06-27T20:17:34.402909+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/096fffca-216c-4d92-8e9f-389fef7c4816/export 2026-06-27T20:17:34.431228+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "096fffca-216c-4d92-8e9f-389fef7c4816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34185", "type": "seen", "source": "https://t.me/cibsecurity/66373", "content": "\u203c CVE-2023-34185 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <=\u00c2\u00a00.5.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T16:34:41.000000Z"} 2023-07-11T16:34:41+00:00 https://vulnerability.circl.lu/sighting/8e878352-8231-473b-89d1-9bc3f6ec891b/export 2026-06-27T20:17:34.431005+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8e878352-8231-473b-89d1-9bc3f6ec891b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3418", "type": "seen", "source": "https://t.me/cibsecurity/66819", "content": "\u203c CVE-2023-3418 \u203c\n\nThe Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-17T18:40:16.000000Z"} 2023-07-17T18:40:16+00:00 https://vulnerability.circl.lu/sighting/dad86a24-6941-4f67-8416-df60716c0e31/export 2026-06-27T20:17:34.430870+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "dad86a24-6941-4f67-8416-df60716c0e31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34189", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/67212", "content": "\u203c CVE-2023-34189 \u203c\n\nExposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.\u00c2\u00a0Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 \u00c2\u00a0to solve it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T12:28:02.000000Z"} 2023-07-25T12:28:02+00:00 https://vulnerability.circl.lu/sighting/36bb9f94-1bf9-4d03-9297-ab39e5cfd61d/export 2026-06-27T20:17:34.430736+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "36bb9f94-1bf9-4d03-9297-ab39e5cfd61d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34184", "type": "seen", "source": "https://t.me/cibsecurity/69445", "content": "\u203c CVE-2023-34184 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <=\u00c2\u00a03.2 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-30T18:12:31.000000Z"} 2023-08-30T18:12:31+00:00 https://vulnerability.circl.lu/sighting/d63963ed-088a-43b2-9c35-8d8348f6ae11/export 2026-06-27T20:17:34.430592+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d63963ed-088a-43b2-9c35-8d8348f6ae11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34180", "type": "seen", "source": "https://t.me/cibsecurity/69453", "content": "\u203c CVE-2023-34180 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <=\u00c2\u00a03.0.0 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-30T18:12:45.000000Z"} 2023-08-30T18:12:45+00:00 https://vulnerability.circl.lu/sighting/b80d16e7-9775-4eea-a6c5-2efd9e6bdf76/export 2026-06-27T20:17:34.430441+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "b80d16e7-9775-4eea-a6c5-2efd9e6bdf76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34189", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4325", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34189\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.\u00a0\n\nUsers are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 \u00a0to solve it.\n\ud83d\udccf Published: 2023-07-25T09:30:17Z\n\ud83d\udccf Modified: 2025-02-13T19:01:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34189\n2. https://github.com/apache/inlong/issues/8108\n3. https://github.com/apache/inlong/pull/8109\n4. https://github.com/apache/inlong\n5. https://lists.apache.org/thread/smxqyx43hxjvzv4w71n2n3rfho9p378s\n6. http://www.openwall.com/lists/oss-security/2023/07/25/2", "creation_timestamp": "2025-02-13T19:19:01.000000Z"} 2025-02-13T19:19:01+00:00 https://vulnerability.circl.lu/sighting/e4982965-b6a1-4705-8933-6d8b7d93168a/export 2026-06-27T20:17:34.430225+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e4982965-b6a1-4705-8933-6d8b7d93168a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34188", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5892", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34188\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.\n\ud83d\udccf Published: 2023-06-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T13:07:27.141Z\n\ud83d\udd17 References:\n1. https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f\n2. https://github.com/cesanta/mongoose/pull/2197\n3. https://github.com/cesanta/mongoose/compare/7.9...7.10\n4. https://blog.narfindustries.com/blog/narf-discovers-critical-vulnerabilities-in-cesanta-mongoose-http-server", "creation_timestamp": "2025-02-28T13:27:00.000000Z"} 2025-02-28T13:27:00+00:00 https://vulnerability.circl.lu/sighting/ce04eddd-0636-429a-b43c-e0e3df886592/export 2026-06-27T20:17:34.427647+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ce04eddd-0636-429a-b43c-e0e3df886592", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34188", "type": "seen", "source": "Telegram/zrQ78lwl6lVCUd-rwRs9Ml1l5aaG2FNQYpaTIpSuLuFRPBK3", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"} 2025-03-02T11:44:22+00:00