https://vulnerability.circl.lu/sightings/feed 2026-06-25T11:51:24.951203+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/faba4eba-2529-4542-b86a-4ced242d31ca/export 2026-06-25T11:51:24.971759+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "faba4eba-2529-4542-b86a-4ced242d31ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/218", "content": "CVE-2022-23642 : Sourcegraph Gitserver < 3.37 RCE\nhttps://github.com/Altelus1/CVE-2022-23642", "creation_timestamp": "2022-06-12T23:09:17.000000Z"} 2022-06-12T23:09:17+00:00 https://vulnerability.circl.lu/sighting/112a7c36-bad9-4953-a5c2-2e49b24449ec/export 2026-06-25T11:51:24.971695+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "112a7c36-bad9-4953-a5c2-2e49b24449ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/685", "content": "\u200bCVE-2022-23642\n\nPoC for Sourcegraph Gitserver 3.37.0 RCE\n\nSourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus \"core.sshCommand\" can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker.\n\nhttps://github.com/Altelus1/CVE-2022-23642\n\nResearch:\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23642\n\n#exploit #cve", "creation_timestamp": "2022-06-13T03:16:30.000000Z"} 2022-06-13T03:16:30+00:00 https://vulnerability.circl.lu/sighting/1a5c4ad2-c340-47dd-b5cd-f1bd261f0c0f/export 2026-06-25T11:51:24.971634+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "1a5c4ad2-c340-47dd-b5cd-f1bd261f0c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "Telegram/Ip3Gh0poW8tdMG07iwidHvLEgfZ4cxE7wfqyPu63vqdGfw", "content": "", "creation_timestamp": "2022-06-13T03:23:07.000000Z"} 2022-06-13T03:23:07+00:00 https://vulnerability.circl.lu/sighting/32828b92-a15e-4f19-8ca9-20f22f80a702/export 2026-06-25T11:51:24.971564+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "32828b92-a15e-4f19-8ca9-20f22f80a702", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2364", "type": "seen", "source": "https://t.me/cibsecurity/46072", "content": "\u203c CVE-2022-2364 \u203c\n\nA vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input \">alert(\"XSS\") leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T21:51:46.000000Z"} 2022-07-12T21:51:46+00:00 https://vulnerability.circl.lu/sighting/8311c476-fd8f-4ee4-8cb9-9341cda670eb/export 2026-06-25T11:51:24.971494+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8311c476-fd8f-4ee4-8cb9-9341cda670eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb", "content": "", "creation_timestamp": "2022-07-13T14:37:15.000000Z"} 2022-07-13T14:37:15+00:00 https://vulnerability.circl.lu/sighting/d8e4d7ee-94a1-441b-bbb0-c97ba73b1ca2/export 2026-06-25T11:51:24.971427+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d8e4d7ee-94a1-441b-bbb0-c97ba73b1ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5664", "content": "#exploit\n1. CVE-2022-23648:\ncontainerd: Insecure handling of image volumes\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2244\n\n2. Exploit tool for CVE-2021-43008\nAdminer 1.0 - 4.6.2 Arbitrary File Read vulnerability\nhttps://github.com/p0dalirius/CVE-2021-43008-AdminerRead", "creation_timestamp": "2024-12-19T15:32:08.000000Z"} 2024-12-19T15:32:08+00:00 https://vulnerability.circl.lu/sighting/fcf1f073-06f3-4d97-af9e-2bb3089ef97b/export 2026-06-25T11:51:24.971363+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "fcf1f073-06f3-4d97-af9e-2bb3089ef97b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} 2025-02-06T03:13:45+00:00 https://vulnerability.circl.lu/sighting/4203c863-8b8c-4f7d-87d8-eebb9f2930cb/export 2026-06-25T11:51:24.971299+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "4203c863-8b8c-4f7d-87d8-eebb9f2930cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:44.000000Z"} 2025-02-23T04:10:44+00:00 https://vulnerability.circl.lu/sighting/fbb72757-232c-47f1-ac05-629fda375585/export 2026-06-25T11:51:24.971215+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "fbb72757-232c-47f1-ac05-629fda375585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "seen", "source": "https://gist.github.com/AyushyaChitransh/3b69f94e19b188ba41ee0c49a282e64c", "content": "", "creation_timestamp": "2025-03-13T20:14:03.000000Z"} 2025-03-13T20:14:03+00:00 https://vulnerability.circl.lu/sighting/90ad7ce9-c6d5-4719-98e9-63860f92c678/export 2026-06-25T11:51:24.968217+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "90ad7ce9-c6d5-4719-98e9-63860f92c678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23640", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13118", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23640\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.\n\ud83d\udccf Published: 2022-03-02T19:50:10.000Z\n\ud83d\udccf Modified: 2025-04-23T18:59:25.932Z\n\ud83d\udd17 References:\n1. https://github.com/monitorjbl/excel-streaming-reader/security/advisories/GHSA-xvm2-9xvc-hx7f\n2. https://github.com/monitorjbl/excel-streaming-reader/commit/0749c7b9709db078ccdeada16d46a34bc2910c73", "creation_timestamp": "2025-04-23T19:05:13.000000Z"} 2025-04-23T19:05:13+00:00