https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 06 May 2026 16:25:46 +0000 https://vulnerability.circl.lu/sighting/7fa7c135-ea46-4944-9a3f-b39c2b53b538/export {"uuid": "7fa7c135-ea46-4944-9a3f-b39c2b53b538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30465", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/61874", "content": "\u203c CVE-2023-30465 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0.\u00c2\u00a0By manipulating the \"orderType\" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the\u00c2\u00a0\u00c2\u00a0 user with ID 1 from the \"user\" table, one character at a time.\u00c2\u00a0 Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T18:23:27.000000Z"} {"uuid": "7fa7c135-ea46-4944-9a3f-b39c2b53b538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30465", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/61874", "content": "\u203c CVE-2023-30465 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0.\u00c2\u00a0By manipulating the \"orderType\" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the\u00c2\u00a0\u00c2\u00a0 user with ID 1 from the \"user\" table, one character at a time.\u00c2\u00a0 Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T18:23:27.000000Z"} https://vulnerability.circl.lu/sighting/7fa7c135-ea46-4944-9a3f-b39c2b53b538/export Tue, 11 Apr 2023 18:23:27 +0000 https://vulnerability.circl.lu/sighting/6fd31d30-76e2-4d43-afab-8a4fff84b22a/export {"uuid": "6fd31d30-76e2-4d43-afab-8a4fff84b22a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30463", "type": "seen", "source": "https://t.me/cibsecurity/62457", "content": "\u203c CVE-2023-30463 \u203c\n\nAltran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T16:29:54.000000Z"} {"uuid": "6fd31d30-76e2-4d43-afab-8a4fff84b22a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30463", "type": "seen", "source": "https://t.me/cibsecurity/62457", "content": "\u203c CVE-2023-30463 \u203c\n\nAltran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T16:29:54.000000Z"} https://vulnerability.circl.lu/sighting/6fd31d30-76e2-4d43-afab-8a4fff84b22a/export Wed, 19 Apr 2023 16:29:54 +0000 https://vulnerability.circl.lu/sighting/641a7af4-fbb1-43e9-9ec3-6cca6e734f33/export {"uuid": "641a7af4-fbb1-43e9-9ec3-6cca6e734f33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30466", "type": "seen", "source": "https://t.me/cibsecurity/63033", "content": "\u203c CVE-2023-30466 \u203c\n\nThis vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T14:27:09.000000Z"} {"uuid": "641a7af4-fbb1-43e9-9ec3-6cca6e734f33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30466", "type": "seen", "source": "https://t.me/cibsecurity/63033", "content": "\u203c CVE-2023-30466 \u203c\n\nThis vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T14:27:09.000000Z"} https://vulnerability.circl.lu/sighting/641a7af4-fbb1-43e9-9ec3-6cca6e734f33/export Fri, 28 Apr 2023 14:27:09 +0000 https://vulnerability.circl.lu/sighting/1c49956b-0341-47f4-89f6-88a0f0e8a458/export {"uuid": "1c49956b-0341-47f4-89f6-88a0f0e8a458", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30467", "type": "seen", "source": "https://t.me/cibsecurity/63036", "content": "\u203c CVE-2023-30467 \u203c\n\nThis vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T14:27:12.000000Z"} {"uuid": "1c49956b-0341-47f4-89f6-88a0f0e8a458", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30467", "type": "seen", "source": "https://t.me/cibsecurity/63036", "content": "\u203c CVE-2023-30467 \u203c\n\nThis vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T14:27:12.000000Z"} https://vulnerability.circl.lu/sighting/1c49956b-0341-47f4-89f6-88a0f0e8a458/export Fri, 28 Apr 2023 14:27:12 +0000 https://vulnerability.circl.lu/sighting/45b18115-d94c-4320-a706-cdd41ba4db97/export {"uuid": "45b18115-d94c-4320-a706-cdd41ba4db97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3046", "type": "seen", "source": "https://t.me/cibsecurity/67214", "content": "\u203c CVE-2023-3046 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T12:28:07.000000Z"} {"uuid": "45b18115-d94c-4320-a706-cdd41ba4db97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3046", "type": "seen", "source": "https://t.me/cibsecurity/67214", "content": "\u203c CVE-2023-3046 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T12:28:07.000000Z"} https://vulnerability.circl.lu/sighting/45b18115-d94c-4320-a706-cdd41ba4db97/export Tue, 25 Jul 2023 12:28:07 +0000 https://vulnerability.circl.lu/sighting/401de402-198f-4612-bbec-504af3904c9b/export {"uuid": "401de402-198f-4612-bbec-504af3904c9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30464", "type": "seen", "source": "https://t.me/cvedetector/6022", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-30464 - CoreDNS DNS Cache Poisoning Vulnerability\", \n \"Content\": \"CVE ID : CVE-2023-30464 \nPublished : Sept. 18, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-19T00:16:48.000000Z"} {"uuid": "401de402-198f-4612-bbec-504af3904c9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30464", "type": "seen", "source": "https://t.me/cvedetector/6022", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-30464 - CoreDNS DNS Cache Poisoning Vulnerability\", \n \"Content\": \"CVE ID : CVE-2023-30464 \nPublished : Sept. 18, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-19T00:16:48.000000Z"} https://vulnerability.circl.lu/sighting/401de402-198f-4612-bbec-504af3904c9b/export Thu, 19 Sep 2024 00:16:48 +0000 https://vulnerability.circl.lu/sighting/24f7387c-3497-4b4a-a335-4af8e94e9dca/export {"uuid": "24f7387c-3497-4b4a-a335-4af8e94e9dca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30469", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2156", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-30469\n\ud83d\udd39 Description: Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.\n\n\n\ud83d\udccf Published: 2023-05-23T01:02:58.540Z\n\ud83d\udccf Modified: 2025-01-17T16:32:42.936Z\n\ud83d\udd17 References:\n1. https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-115/index.html", "creation_timestamp": "2025-01-17T16:56:58.000000Z"} {"uuid": "24f7387c-3497-4b4a-a335-4af8e94e9dca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30469", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2156", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-30469\n\ud83d\udd39 Description: Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.\n\n\n\ud83d\udccf Published: 2023-05-23T01:02:58.540Z\n\ud83d\udccf Modified: 2025-01-17T16:32:42.936Z\n\ud83d\udd17 References:\n1. https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-115/index.html", "creation_timestamp": "2025-01-17T16:56:58.000000Z"} https://vulnerability.circl.lu/sighting/24f7387c-3497-4b4a-a335-4af8e94e9dca/export Fri, 17 Jan 2025 16:56:58 +0000