<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sat, 04 Jul 2026 04:46:35 +0000</lastBuildDate>
    <item>
      <title>69f79617-dd9b-4096-8ed8-54381e59f31d</title>
      <link>https://vulnerability.circl.lu/sighting/69f79617-dd9b-4096-8ed8-54381e59f31d/export</link>
      <description>{"uuid": "69f79617-dd9b-4096-8ed8-54381e59f31d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25608", "type": "seen", "source": "https://t.me/cibsecurity/70381", "content": "\u203c CVE-2023-25608 \u203c\n\nAn incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T16:23:48.000000Z"}</description>
      <content:encoded>{"uuid": "69f79617-dd9b-4096-8ed8-54381e59f31d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25608", "type": "seen", "source": "https://t.me/cibsecurity/70381", "content": "\u203c CVE-2023-25608 \u203c\n\nAn incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T16:23:48.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/69f79617-dd9b-4096-8ed8-54381e59f31d/export</guid>
      <pubDate>Wed, 13 Sep 2023 16:23:48 +0000</pubDate>
    </item>
    <item>
      <title>0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21</title>
      <link>https://vulnerability.circl.lu/sighting/0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21/export</link>
      <description>{"uuid": "0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25600", "type": "seen", "source": "https://t.me/cibsecurity/67690", "content": "\u203c CVE-2023-25600 \u203c\n\nAn issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T18:40:11.000000Z"}</description>
      <content:encoded>{"uuid": "0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25600", "type": "seen", "source": "https://t.me/cibsecurity/67690", "content": "\u203c CVE-2023-25600 \u203c\n\nAn issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-03T18:40:11.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/0eb20bc6-0b5a-4ac8-b3f0-3df905d93e21/export</guid>
      <pubDate>Thu, 03 Aug 2023 18:40:11 +0000</pubDate>
    </item>
    <item>
      <title>ce1d5590-df26-4a3a-9f5a-3b8d3896ef60</title>
      <link>https://vulnerability.circl.lu/sighting/ce1d5590-df26-4a3a-9f5a-3b8d3896ef60/export</link>
      <description>{"uuid": "ce1d5590-df26-4a3a-9f5a-3b8d3896ef60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25606", "type": "seen", "source": "https://t.me/cibsecurity/66404", "content": "\u203c CVE-2023-25606 \u203c\n\nAn improper limitation of a pathname to a restricted directory ('Path Traversal')\u00c2\u00a0vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface\u00c2\u00a07.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 \u00c2\u00a0all versions may allow a remote and\u00c2\u00a0authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:40.000000Z"}</description>
      <content:encoded>{"uuid": "ce1d5590-df26-4a3a-9f5a-3b8d3896ef60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25606", "type": "seen", "source": "https://t.me/cibsecurity/66404", "content": "\u203c CVE-2023-25606 \u203c\n\nAn improper limitation of a pathname to a restricted directory ('Path Traversal')\u00c2\u00a0vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface\u00c2\u00a07.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 \u00c2\u00a0all versions may allow a remote and\u00c2\u00a0authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:40.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ce1d5590-df26-4a3a-9f5a-3b8d3896ef60/export</guid>
      <pubDate>Tue, 11 Jul 2023 20:29:40 +0000</pubDate>
    </item>
    <item>
      <title>4da02d66-408d-4648-b684-ff0cd9789d41</title>
      <link>https://vulnerability.circl.lu/sighting/4da02d66-408d-4648-b684-ff0cd9789d41/export</link>
      <description>{"uuid": "4da02d66-408d-4648-b684-ff0cd9789d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25601", "type": "seen", "source": "https://t.me/cibsecurity/62533", "content": "\u203c CVE-2023-25601 \u203c\n\nOn version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-20T20:30:45.000000Z"}</description>
      <content:encoded>{"uuid": "4da02d66-408d-4648-b684-ff0cd9789d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25601", "type": "seen", "source": "https://t.me/cibsecurity/62533", "content": "\u203c CVE-2023-25601 \u203c\n\nOn version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-20T20:30:45.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4da02d66-408d-4648-b684-ff0cd9789d41/export</guid>
      <pubDate>Thu, 20 Apr 2023 20:30:45 +0000</pubDate>
    </item>
    <item>
      <title>f57e67e0-9f1b-49aa-83fc-4ef0555d9763</title>
      <link>https://vulnerability.circl.lu/sighting/f57e67e0-9f1b-49aa-83fc-4ef0555d9763/export</link>
      <description>{"uuid": "f57e67e0-9f1b-49aa-83fc-4ef0555d9763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25605", "type": "seen", "source": "https://t.me/cibsecurity/59594", "content": "\u203c CVE-2023-25605 \u203c\n\nA improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:30.000000Z"}</description>
      <content:encoded>{"uuid": "f57e67e0-9f1b-49aa-83fc-4ef0555d9763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25605", "type": "seen", "source": "https://t.me/cibsecurity/59594", "content": "\u203c CVE-2023-25605 \u203c\n\nA improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:30.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f57e67e0-9f1b-49aa-83fc-4ef0555d9763/export</guid>
      <pubDate>Tue, 07 Mar 2023 20:23:30 +0000</pubDate>
    </item>
  </channel>
</rss>
