Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 19 Jun 2026 11:46:32 +0000 f09e1921-147b-4173-bdd7-c3416d0b80e9 https://vulnerability.circl.lu/sighting/f09e1921-147b-4173-bdd7-c3416d0b80e9/export {"uuid": "f09e1921-147b-4173-bdd7-c3416d0b80e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-48312", "type": "published-proof-of-concept", "source": "https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp", "content": "", "creation_timestamp": "2023-11-23T11:30:01.000000Z"} {"uuid": "f09e1921-147b-4173-bdd7-c3416d0b80e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-48312", "type": "published-proof-of-concept", "source": "https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp", "content": "", "creation_timestamp": "2023-11-23T11:30:01.000000Z"} https://vulnerability.circl.lu/sighting/f09e1921-147b-4173-bdd7-c3416d0b80e9/export Thu, 23 Nov 2023 11:30:01 +0000 449a7914-74b5-4ff4-a4f3-8d175ff6df11 https://vulnerability.circl.lu/sighting/449a7914-74b5-4ff4-a4f3-8d175ff6df11/export {"uuid": "449a7914-74b5-4ff4-a4f3-8d175ff6df11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48312", "type": "seen", "source": "https://t.me/ctinow/155416", "content": "https://ift.tt/QTGcEim\nCVE-2023-48312 | capsule-proxy up to 0.4.5 TokenReview improper authentication", "creation_timestamp": "2023-12-16T14:48:04.000000Z"} {"uuid": "449a7914-74b5-4ff4-a4f3-8d175ff6df11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48312", "type": "seen", "source": "https://t.me/ctinow/155416", "content": "https://ift.tt/QTGcEim\nCVE-2023-48312 | capsule-proxy up to 0.4.5 TokenReview improper authentication", "creation_timestamp": "2023-12-16T14:48:04.000000Z"} https://vulnerability.circl.lu/sighting/449a7914-74b5-4ff4-a4f3-8d175ff6df11/export Sat, 16 Dec 2023 14:48:04 +0000 dcde9042-3552-4858-8b76-552bfcd7d47c https://vulnerability.circl.lu/sighting/dcde9042-3552-4858-8b76-552bfcd7d47c/export {"uuid": "dcde9042-3552-4858-8b76-552bfcd7d47c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48314", "type": "seen", "source": "https://t.me/ctinow/158245", "content": "https://ift.tt/ufARyqe\nCVE-2023-48314 | CollaboraOnline prior 23.5.403 Built-in CODE Server App proxy.php cross site scripting (GHSA-qjrm-q4h5-v3r2)", "creation_timestamp": "2023-12-22T08:51:33.000000Z"} {"uuid": "dcde9042-3552-4858-8b76-552bfcd7d47c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48314", "type": "seen", "source": "https://t.me/ctinow/158245", "content": "https://ift.tt/ufARyqe\nCVE-2023-48314 | CollaboraOnline prior 23.5.403 Built-in CODE Server App proxy.php cross site scripting (GHSA-qjrm-q4h5-v3r2)", "creation_timestamp": "2023-12-22T08:51:33.000000Z"} https://vulnerability.circl.lu/sighting/dcde9042-3552-4858-8b76-552bfcd7d47c/export Fri, 22 Dec 2023 08:51:33 +0000 5f328997-0fb6-457f-a848-e9835e70a925 https://vulnerability.circl.lu/sighting/5f328997-0fb6-457f-a848-e9835e70a925/export {"uuid": "5f328997-0fb6-457f-a848-e9835e70a925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48315", "type": "seen", "source": "https://t.me/ctinow/158764", "content": "https://ift.tt/pSDCzlO\nCVE-2023-48315 | azure-rtos netxduo up to 6.2.1 expired pointer dereference (GHSA-rj6h-jjg2-7gf3)", "creation_timestamp": "2023-12-23T10:21:56.000000Z"} {"uuid": "5f328997-0fb6-457f-a848-e9835e70a925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48315", "type": "seen", "source": "https://t.me/ctinow/158764", "content": "https://ift.tt/pSDCzlO\nCVE-2023-48315 | azure-rtos netxduo up to 6.2.1 expired pointer dereference (GHSA-rj6h-jjg2-7gf3)", "creation_timestamp": "2023-12-23T10:21:56.000000Z"} https://vulnerability.circl.lu/sighting/5f328997-0fb6-457f-a848-e9835e70a925/export Sat, 23 Dec 2023 10:21:56 +0000 c16dc5ee-f00c-4746-bf0b-2b4c6c990cb2 https://vulnerability.circl.lu/sighting/c16dc5ee-f00c-4746-bf0b-2b4c6c990cb2/export {"uuid": "c16dc5ee-f00c-4746-bf0b-2b4c6c990cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48311", "type": "seen", "source": "https://t.me/ctinow/161125", "content": "https://ift.tt/Qpx0Jz8\nCVE-2023-48311 | DockerSpawner prior 13.0.0 Image input validation", "creation_timestamp": "2023-12-31T16:46:40.000000Z"} {"uuid": "c16dc5ee-f00c-4746-bf0b-2b4c6c990cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48311", "type": "seen", "source": "https://t.me/ctinow/161125", "content": "https://ift.tt/Qpx0Jz8\nCVE-2023-48311 | DockerSpawner prior 13.0.0 Image input validation", "creation_timestamp": "2023-12-31T16:46:40.000000Z"} https://vulnerability.circl.lu/sighting/c16dc5ee-f00c-4746-bf0b-2b4c6c990cb2/export Sun, 31 Dec 2023 16:46:40 +0000 efbf8128-278f-4101-ad0a-fb485a4e863d https://vulnerability.circl.lu/sighting/efbf8128-278f-4101-ad0a-fb485a4e863d/export {"uuid": "efbf8128-278f-4101-ad0a-fb485a4e863d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48313", "type": "seen", "source": "https://t.me/ctinow/161854", "content": "https://ift.tt/tH1mdKZ\nCVE-2023-48313 | Umbraco CMS up to 10.8.0/12.3.3 cross site scripting (GHSA-v98m-398x-269r)", "creation_timestamp": "2024-01-02T16:11:17.000000Z"} {"uuid": "efbf8128-278f-4101-ad0a-fb485a4e863d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48313", "type": "seen", "source": "https://t.me/ctinow/161854", "content": "https://ift.tt/tH1mdKZ\nCVE-2023-48313 | Umbraco CMS up to 10.8.0/12.3.3 cross site scripting (GHSA-v98m-398x-269r)", "creation_timestamp": "2024-01-02T16:11:17.000000Z"} https://vulnerability.circl.lu/sighting/efbf8128-278f-4101-ad0a-fb485a4e863d/export Tue, 02 Jan 2024 16:11:17 +0000 42982335-91da-483d-99e9-e8f8bc203e21 https://vulnerability.circl.lu/sighting/42982335-91da-483d-99e9-e8f8bc203e21/export {"uuid": "42982335-91da-483d-99e9-e8f8bc203e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48312", "type": "seen", "source": "https://t.me/arpsyndicate/2327", "content": "#ExploitObserverAlert\n\nCVE-2023-48312\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-48312. capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.\n\nFIRST-EPSS: 0.000610000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-03T15:34:41.000000Z"} {"uuid": "42982335-91da-483d-99e9-e8f8bc203e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48312", "type": "seen", "source": "https://t.me/arpsyndicate/2327", "content": "#ExploitObserverAlert\n\nCVE-2023-48312\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-48312. capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.\n\nFIRST-EPSS: 0.000610000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-03T15:34:41.000000Z"} https://vulnerability.circl.lu/sighting/42982335-91da-483d-99e9-e8f8bc203e21/export Wed, 03 Jan 2024 15:34:41 +0000 62010903-8866-4f9f-af12-5e9d35242251 https://vulnerability.circl.lu/sighting/62010903-8866-4f9f-af12-5e9d35242251/export {"uuid": "62010903-8866-4f9f-af12-5e9d35242251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48310", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18077", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-48310\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue.\n\ud83d\udccf Published: 2023-11-20T23:07:13.720Z\n\ud83d\udccf Modified: 2025-06-11T14:04:56.455Z\n\ud83d\udd17 References:\n1. https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-9fhc-f3mr-w6h6\n2. https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-mmpf-rw6c-67mm\n3. https://github.com/NC3-LU/TestingPlatform/commit/7b3e7ca869a4845aa7445f874c22c5929315c3a7\n4. https://github.com/NC3-LU/TestingPlatform/releases/tag/v2.1.1", "creation_timestamp": "2025-06-11T14:31:29.000000Z"} {"uuid": "62010903-8866-4f9f-af12-5e9d35242251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48310", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18077", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-48310\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue.\n\ud83d\udccf Published: 2023-11-20T23:07:13.720Z\n\ud83d\udccf Modified: 2025-06-11T14:04:56.455Z\n\ud83d\udd17 References:\n1. https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-9fhc-f3mr-w6h6\n2. https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-mmpf-rw6c-67mm\n3. https://github.com/NC3-LU/TestingPlatform/commit/7b3e7ca869a4845aa7445f874c22c5929315c3a7\n4. https://github.com/NC3-LU/TestingPlatform/releases/tag/v2.1.1", "creation_timestamp": "2025-06-11T14:31:29.000000Z"} https://vulnerability.circl.lu/sighting/62010903-8866-4f9f-af12-5e9d35242251/export Wed, 11 Jun 2025 14:31:29 +0000