https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 14:21:50 +0000 https://vulnerability.circl.lu/sighting/9e4dd7ee-05ae-434f-b1d3-0e732504160c/export {"uuid": "9e4dd7ee-05ae-434f-b1d3-0e732504160c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28155", "type": "seen", "source": "https://t.me/cibsecurity/60155", "content": "\u203c CVE-2023-28155 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T17:31:04.000000Z"} {"uuid": "9e4dd7ee-05ae-434f-b1d3-0e732504160c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28155", "type": "seen", "source": "https://t.me/cibsecurity/60155", "content": "\u203c CVE-2023-28155 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T17:31:04.000000Z"} https://vulnerability.circl.lu/sighting/9e4dd7ee-05ae-434f-b1d3-0e732504160c/export Thu, 16 Mar 2023 17:31:04 +0000 https://vulnerability.circl.lu/sighting/a7fc4c35-2b45-4f94-ba99-2080f39556e9/export {"uuid": "a7fc4c35-2b45-4f94-ba99-2080f39556e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28152", "type": "seen", "source": "https://t.me/cibsecurity/60652", "content": "\u203c CVE-2023-28152 \u203c\n\nAn issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-24T19:42:30.000000Z"} {"uuid": "a7fc4c35-2b45-4f94-ba99-2080f39556e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28152", "type": "seen", "source": "https://t.me/cibsecurity/60652", "content": "\u203c CVE-2023-28152 \u203c\n\nAn issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-24T19:42:30.000000Z"} https://vulnerability.circl.lu/sighting/a7fc4c35-2b45-4f94-ba99-2080f39556e9/export Fri, 24 Mar 2023 19:42:30 +0000 https://vulnerability.circl.lu/sighting/a976d356-783a-4d5a-9864-657102a646b8/export {"uuid": "a976d356-783a-4d5a-9864-657102a646b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28158", "type": "seen", "source": "https://t.me/cibsecurity/61011", "content": "\u203c CVE-2023-28158 \u203c\n\nPrivilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T16:26:37.000000Z"} {"uuid": "a976d356-783a-4d5a-9864-657102a646b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28158", "type": "seen", "source": "https://t.me/cibsecurity/61011", "content": "\u203c CVE-2023-28158 \u203c\n\nPrivilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T16:26:37.000000Z"} https://vulnerability.circl.lu/sighting/a976d356-783a-4d5a-9864-657102a646b8/export Wed, 29 Mar 2023 16:26:37 +0000 https://vulnerability.circl.lu/sighting/f667c0d7-67f5-4cd3-bcac-1c31fed41cbe/export {"uuid": "f667c0d7-67f5-4cd3-bcac-1c31fed41cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2815", "type": "seen", "source": "https://t.me/cibsecurity/64466", "content": "\u203c CVE-2023-2815 \u203c\n\nA vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-19T20:33:30.000000Z"} {"uuid": "f667c0d7-67f5-4cd3-bcac-1c31fed41cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2815", "type": "seen", "source": "https://t.me/cibsecurity/64466", "content": "\u203c CVE-2023-2815 \u203c\n\nA vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-19T20:33:30.000000Z"} https://vulnerability.circl.lu/sighting/f667c0d7-67f5-4cd3-bcac-1c31fed41cbe/export Fri, 19 May 2023 20:33:30 +0000 https://vulnerability.circl.lu/sighting/4f642ff3-cf0d-4a56-81a8-80dbd52ea804/export {"uuid": "4f642ff3-cf0d-4a56-81a8-80dbd52ea804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28153", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1890", "content": "Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App (CVE-2023-28153, CVE-2023-29078, CVE-2023-29079)\n1) Login and registration returns password as MD5 hash\n2) Stored XSS via device name in parent Dashboard\n3) Possible CSRF attacks in parent Dashboard \n4) Arbitrary File Upload to AWS S3 bucket\n5) Disable Child App Restriction without Parent's notice\nhttps://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-kiddoware-kids-place-parental-control-android-app/", "creation_timestamp": "2023-06-27T08:54:53.000000Z"} {"uuid": "4f642ff3-cf0d-4a56-81a8-80dbd52ea804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28153", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1890", "content": "Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App (CVE-2023-28153, CVE-2023-29078, CVE-2023-29079)\n1) Login and registration returns password as MD5 hash\n2) Stored XSS via device name in parent Dashboard\n3) Possible CSRF attacks in parent Dashboard \n4) Arbitrary File Upload to AWS S3 bucket\n5) Disable Child App Restriction without Parent's notice\nhttps://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-kiddoware-kids-place-parental-control-android-app/", "creation_timestamp": "2023-06-27T08:54:53.000000Z"} https://vulnerability.circl.lu/sighting/4f642ff3-cf0d-4a56-81a8-80dbd52ea804/export Tue, 27 Jun 2023 08:54:53 +0000