https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-04T11:07:22.358200+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/59e5f4ec-6b1f-46bd-92eb-76e36127f8d5/export59e5f4ec-6b1f-46bd-92eb-76e36127f8d52026-05-04T11:07:22.793469+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "59e5f4ec-6b1f-46bd-92eb-76e36127f8d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35852", "type": "seen", "source": "https://t.me/cibsecurity/65327", "content": "\u203c CVE-2023-35852 \u203c\n\nIn Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-19T12:28:31.000000Z"}2023-06-19T12:28:31+00:00https://vulnerability.circl.lu/sighting/139fdcbb-6ce7-4825-aa21-73ad263d69c6/export139fdcbb-6ce7-4825-aa21-73ad263d69c62026-05-04T11:07:22.793366+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "139fdcbb-6ce7-4825-aa21-73ad263d69c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35854", "type": "seen", "source": "https://t.me/cibsecurity/65360", "content": "\u203c CVE-2023-35854 \u203c\n\nZoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-20T16:25:32.000000Z"}2023-06-20T16:25:32+00:00https://vulnerability.circl.lu/sighting/87cd09ca-a4aa-4e84-9e4e-499abd52274b/export87cd09ca-a4aa-4e84-9e4e-499abd52274b2026-05-04T11:07:22.791784+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "87cd09ca-a4aa-4e84-9e4e-499abd52274b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35859", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7824", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-35859\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters.\n\ud83d\udccf Published: 2024-06-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-17T18:39:42.475Z\n\ud83d\udd17 References:\n1. https://lp.constantcontactpages.com/cu/c2nSB5D/moderncampuscve", "creation_timestamp": "2025-03-17T19:34:16.000000Z"}2025-03-17T19:34:16+00:00