https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-07T13:06:36.251841+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/aa861be7-f3f1-4cae-aa5f-c35b9b31b04f/exportaa861be7-f3f1-4cae-aa5f-c35b9b31b04f2026-05-07T13:06:36.546631+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "aa861be7-f3f1-4cae-aa5f-c35b9b31b04f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28111", "type": "seen", "source": "https://t.me/cibsecurity/60264", "content": "\u203c CVE-2023-28111 \u203c\n\nDiscourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T19:31:49.000000Z"}2023-03-17T19:31:49+00:00https://vulnerability.circl.lu/sighting/ff83fc60-8b70-449c-8414-5f0a4d5c514a/exportff83fc60-8b70-449c-8414-5f0a4d5c514a2026-05-07T13:06:36.546541+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "ff83fc60-8b70-449c-8414-5f0a4d5c514a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28116", "type": "seen", "source": "https://t.me/cibsecurity/60276", "content": "\u203c CVE-2023-28116 \u203c\n\nContiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the \"develop\" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-18T01:31:50.000000Z"}2023-03-18T01:31:50+00:00https://vulnerability.circl.lu/sighting/e0017374-74c7-4b42-9f82-ef0615dd103e/exporte0017374-74c7-4b42-9f82-ef0615dd103e2026-05-07T13:06:36.546453+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "e0017374-74c7-4b42-9f82-ef0615dd103e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28115", "type": "seen", "source": "https://t.me/cibsecurity/60277", "content": "\u203c CVE-2023-28115 \u203c\n\nSnappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the `generateFromHtml()` function, it will invoke deserialization. This vulnerability is capable of remote code execution if Snappy is used with frameworks or developer code with vulnerable POP chains. It has been fixed in version 1.4.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-18T01:31:50.000000Z"}2023-03-18T01:31:50+00:00https://vulnerability.circl.lu/sighting/e21c6e32-687e-42fb-81a9-a146fc31e802/exporte21c6e32-687e-42fb-81a9-a146fc31e8022026-05-07T13:06:36.546371+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "e21c6e32-687e-42fb-81a9-a146fc31e802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28118", "type": "seen", "source": "https://t.me/cibsecurity/60306", "content": "\u203c CVE-2023-28118 \u203c\n\nkaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-20T15:34:08.000000Z"}2023-03-20T15:34:08+00:00https://vulnerability.circl.lu/sighting/2ac58d8a-bd52-47c6-8912-0007da542d31/export2ac58d8a-bd52-47c6-8912-0007da542d312026-05-07T13:06:36.546284+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "2ac58d8a-bd52-47c6-8912-0007da542d31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28117", "type": "seen", "source": "https://t.me/cibsecurity/60519", "content": "\u203c CVE-2023-28117 \u203c\n\nSentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-22T23:36:00.000000Z"}2023-03-22T23:36:00+00:00https://vulnerability.circl.lu/sighting/758ad2f2-92a6-4202-a9d6-205d0b0b3e8a/export758ad2f2-92a6-4202-a9d6-205d0b0b3e8a2026-05-07T13:06:36.546195+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "758ad2f2-92a6-4202-a9d6-205d0b0b3e8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28119", "type": "seen", "source": "https://t.me/cibsecurity/60531", "content": "\u203c CVE-2023-28119 \u203c\n\nThe crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-22T23:36:21.000000Z"}2023-03-22T23:36:21+00:00https://vulnerability.circl.lu/sighting/cac90ea0-187b-43ca-a9f9-ecaa8ef7d49b/exportcac90ea0-187b-43ca-a9f9-ecaa8ef7d49b2026-05-07T13:06:36.546110+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "cac90ea0-187b-43ca-a9f9-ecaa8ef7d49b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28115", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7977", "content": "#exploit\n1. CVE-2023-28115:\nSnappy PHP Vulnerability: PHAR deserialization allowing RCE\nhttps://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc\n\n2. CVE-2022-37337, CVE-2022-38452, CVE-2022-36429: \nNetgear Orbi Satellite router vulnerable to arbitrary command execution\nhttps://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution\n\n3. CVE-2023-21800:\nWindows Installer EoP\nhttps://blog.doyensec.com//2023/03/21/windows-installer.html", "creation_timestamp": "2023-03-23T11:05:11.000000Z"}2023-03-23T11:05:11+00:00https://vulnerability.circl.lu/sighting/f292bd1b-8a67-45f0-82ff-9dbebc2ab2b0/exportf292bd1b-8a67-45f0-82ff-9dbebc2ab2b02026-05-07T13:06:36.546020+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "f292bd1b-8a67-45f0-82ff-9dbebc2ab2b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28112", "type": "seen", "source": "https://t.me/cibsecurity/60267", "content": "\u203c CVE-2023-28112 \u203c\n\nDiscourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This affects any site running the `tests-passed` or `beta` branches versions 3.1.0.beta2 and prior. This issue is patched in version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-07T20:55:53.000000Z"}2023-04-07T20:55:53+00:00https://vulnerability.circl.lu/sighting/e6d15b2b-b3ec-4996-8523-f677a6871c91/exporte6d15b2b-b3ec-4996-8523-f677a6871c912026-05-07T13:06:36.545882+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "e6d15b2b-b3ec-4996-8523-f677a6871c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2811", "type": "seen", "source": "https://t.me/kasraone_com/320", "content": "CVE-2023-2811\n\n\n\u0627\u0641\u0632\u0648\u0646\u0647 \u0648\u0631\u062f\u067e\u0631\u0633 Google Map Shortcode \u062a\u0627 \u0646\u0633\u062e\u0647 3.1.2 \u0627\u0632 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0648\u06cc\u0698\u06af\u06cc\u200c\u0647\u0627\u06cc \u06a9\u062f \u06a9\u0648\u062a\u0627\u0647 \u062e\u0648\u062f \u0642\u0628\u0644 \u0627\u0632 \u0628\u0627\u0632\u06af\u0634\u062a \u0622\u0646\u200c\u0647\u0627 \u062f\u0631 \u0635\u0641\u062d\u0647\u060c \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0648 \u0641\u0631\u0627\u0631 \u0646\u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0627 \u0646\u0642\u0634 \u062d\u062f\u0627\u0642\u0644 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u0634\u0627\u0631\u06a9\u062a \u06a9\u0646\u0646\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u062d\u0645\u0644\u0627\u062a Stored Cross-Site Scripting \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0627 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0627\u0644\u0627\u062a\u0631 \u0645\u0627\u0646\u0646\u062f \u0645\u062f\u06cc\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f", "creation_timestamp": "2023-06-27T13:12:31.000000Z"}2023-06-27T13:12:31+00:00https://vulnerability.circl.lu/sighting/f6625ca6-bff8-4167-b64a-fb4377f7c496/exportf6625ca6-bff8-4167-b64a-fb4377f7c4962026-05-07T13:06:36.543010+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "f6625ca6-bff8-4167-b64a-fb4377f7c496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28115", "type": "seen", "source": "https://t.me/cibsecurity/70031", "content": "\u203c CVE-2023-41330 \u203c\n\nknplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page.## IssueOn March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as the `$filename` parameter in the `prepareOutput()` function. In the original vulnerability, a file name with a `phar://` wrapper could be sent to the `fileExists()` function, equivalent to the `file_exists()` PHP function. This allowed users to trigger a deserialization on arbitrary PHAR files. To fix this issue, the string is now passed to the `strpos()` function and if it starts with `phar://`, an exception is raised. However, PHP wrappers being case insensitive, this patch can be bypassed using `PHAR://` instead of `phar://`. A successful exploitation of this vulnerability allows executing arbitrary code and accessing the underlying filesystem. The attacker must be able to upload a file and the server must be running a PHP version prior to 8. This issue has been addressed in commit `d3b742d61a` which has been included in version 1.4.3. Users are advised to upgrade. Users unable to upgrade should ensure that only trusted users may submit data to the `AbstractGenerator->generate(...)` function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T22:18:16.000000Z"}2023-09-06T22:18:16+00:00