https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 09:48:45 +0000 https://vulnerability.circl.lu/sighting/59e5f4ec-6b1f-46bd-92eb-76e36127f8d5/export {"uuid": "59e5f4ec-6b1f-46bd-92eb-76e36127f8d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35852", "type": "seen", "source": "https://t.me/cibsecurity/65327", "content": "\u203c CVE-2023-35852 \u203c\n\nIn Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-19T12:28:31.000000Z"} {"uuid": "59e5f4ec-6b1f-46bd-92eb-76e36127f8d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35852", "type": "seen", "source": "https://t.me/cibsecurity/65327", "content": "\u203c CVE-2023-35852 \u203c\n\nIn Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-19T12:28:31.000000Z"} https://vulnerability.circl.lu/sighting/59e5f4ec-6b1f-46bd-92eb-76e36127f8d5/export Mon, 19 Jun 2023 12:28:31 +0000 https://vulnerability.circl.lu/sighting/139fdcbb-6ce7-4825-aa21-73ad263d69c6/export {"uuid": "139fdcbb-6ce7-4825-aa21-73ad263d69c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35854", "type": "seen", "source": "https://t.me/cibsecurity/65360", "content": "\u203c CVE-2023-35854 \u203c\n\nZoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-20T16:25:32.000000Z"} {"uuid": "139fdcbb-6ce7-4825-aa21-73ad263d69c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35854", "type": "seen", "source": "https://t.me/cibsecurity/65360", "content": "\u203c CVE-2023-35854 \u203c\n\nZoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-20T16:25:32.000000Z"} https://vulnerability.circl.lu/sighting/139fdcbb-6ce7-4825-aa21-73ad263d69c6/export Tue, 20 Jun 2023 16:25:32 +0000 https://vulnerability.circl.lu/sighting/87cd09ca-a4aa-4e84-9e4e-499abd52274b/export {"uuid": "87cd09ca-a4aa-4e84-9e4e-499abd52274b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35859", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7824", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-35859\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters.\n\ud83d\udccf Published: 2024-06-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-17T18:39:42.475Z\n\ud83d\udd17 References:\n1. https://lp.constantcontactpages.com/cu/c2nSB5D/moderncampuscve", "creation_timestamp": "2025-03-17T19:34:16.000000Z"} {"uuid": "87cd09ca-a4aa-4e84-9e4e-499abd52274b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35859", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7824", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-35859\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters.\n\ud83d\udccf Published: 2024-06-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-17T18:39:42.475Z\n\ud83d\udd17 References:\n1. https://lp.constantcontactpages.com/cu/c2nSB5D/moderncampuscve", "creation_timestamp": "2025-03-17T19:34:16.000000Z"} https://vulnerability.circl.lu/sighting/87cd09ca-a4aa-4e84-9e4e-499abd52274b/export Mon, 17 Mar 2025 19:34:16 +0000