https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 25 Jun 2026 11:51:24 +0000 https://vulnerability.circl.lu/sighting/faba4eba-2529-4542-b86a-4ced242d31ca/export {"uuid": "faba4eba-2529-4542-b86a-4ced242d31ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/218", "content": "CVE-2022-23642 : Sourcegraph Gitserver < 3.37 RCE\nhttps://github.com/Altelus1/CVE-2022-23642", "creation_timestamp": "2022-06-12T23:09:17.000000Z"} {"uuid": "faba4eba-2529-4542-b86a-4ced242d31ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/218", "content": "CVE-2022-23642 : Sourcegraph Gitserver < 3.37 RCE\nhttps://github.com/Altelus1/CVE-2022-23642", "creation_timestamp": "2022-06-12T23:09:17.000000Z"} https://vulnerability.circl.lu/sighting/faba4eba-2529-4542-b86a-4ced242d31ca/export Sun, 12 Jun 2022 23:09:17 +0000 https://vulnerability.circl.lu/sighting/112a7c36-bad9-4953-a5c2-2e49b24449ec/export {"uuid": "112a7c36-bad9-4953-a5c2-2e49b24449ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/685", "content": "\u200bCVE-2022-23642\n\nPoC for Sourcegraph Gitserver 3.37.0 RCE\n\nSourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus \"core.sshCommand\" can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker.\n\nhttps://github.com/Altelus1/CVE-2022-23642\n\nResearch:\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23642\n\n#exploit #cve", "creation_timestamp": "2022-06-13T03:16:30.000000Z"} {"uuid": "112a7c36-bad9-4953-a5c2-2e49b24449ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/685", "content": "\u200bCVE-2022-23642\n\nPoC for Sourcegraph Gitserver 3.37.0 RCE\n\nSourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus \"core.sshCommand\" can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker.\n\nhttps://github.com/Altelus1/CVE-2022-23642\n\nResearch:\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23642\n\n#exploit #cve", "creation_timestamp": "2022-06-13T03:16:30.000000Z"} https://vulnerability.circl.lu/sighting/112a7c36-bad9-4953-a5c2-2e49b24449ec/export Mon, 13 Jun 2022 03:16:30 +0000 https://vulnerability.circl.lu/sighting/1a5c4ad2-c340-47dd-b5cd-f1bd261f0c0f/export {"uuid": "1a5c4ad2-c340-47dd-b5cd-f1bd261f0c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "Telegram/Ip3Gh0poW8tdMG07iwidHvLEgfZ4cxE7wfqyPu63vqdGfw", "content": "", "creation_timestamp": "2022-06-13T03:23:07.000000Z"} {"uuid": "1a5c4ad2-c340-47dd-b5cd-f1bd261f0c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "Telegram/Ip3Gh0poW8tdMG07iwidHvLEgfZ4cxE7wfqyPu63vqdGfw", "content": "", "creation_timestamp": "2022-06-13T03:23:07.000000Z"} https://vulnerability.circl.lu/sighting/1a5c4ad2-c340-47dd-b5cd-f1bd261f0c0f/export Mon, 13 Jun 2022 03:23:07 +0000 https://vulnerability.circl.lu/sighting/32828b92-a15e-4f19-8ca9-20f22f80a702/export {"uuid": "32828b92-a15e-4f19-8ca9-20f22f80a702", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2364", "type": "seen", "source": "https://t.me/cibsecurity/46072", "content": "\u203c CVE-2022-2364 \u203c\n\nA vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input \">alert(\"XSS\") leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T21:51:46.000000Z"} {"uuid": "32828b92-a15e-4f19-8ca9-20f22f80a702", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2364", "type": "seen", "source": "https://t.me/cibsecurity/46072", "content": "\u203c CVE-2022-2364 \u203c\n\nA vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input \">alert(\"XSS\") leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T21:51:46.000000Z"} https://vulnerability.circl.lu/sighting/32828b92-a15e-4f19-8ca9-20f22f80a702/export Tue, 12 Jul 2022 21:51:46 +0000 https://vulnerability.circl.lu/sighting/8311c476-fd8f-4ee4-8cb9-9341cda670eb/export {"uuid": "8311c476-fd8f-4ee4-8cb9-9341cda670eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb", "content": "", "creation_timestamp": "2022-07-13T14:37:15.000000Z"} {"uuid": "8311c476-fd8f-4ee4-8cb9-9341cda670eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb", "content": "", "creation_timestamp": "2022-07-13T14:37:15.000000Z"} https://vulnerability.circl.lu/sighting/8311c476-fd8f-4ee4-8cb9-9341cda670eb/export Wed, 13 Jul 2022 14:37:15 +0000 https://vulnerability.circl.lu/sighting/d8e4d7ee-94a1-441b-bbb0-c97ba73b1ca2/export {"uuid": "d8e4d7ee-94a1-441b-bbb0-c97ba73b1ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5664", "content": "#exploit\n1. CVE-2022-23648:\ncontainerd: Insecure handling of image volumes\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2244\n\n2. Exploit tool for CVE-2021-43008\nAdminer 1.0 - 4.6.2 Arbitrary File Read vulnerability\nhttps://github.com/p0dalirius/CVE-2021-43008-AdminerRead", "creation_timestamp": "2024-12-19T15:32:08.000000Z"} {"uuid": "d8e4d7ee-94a1-441b-bbb0-c97ba73b1ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5664", "content": "#exploit\n1. CVE-2022-23648:\ncontainerd: Insecure handling of image volumes\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2244\n\n2. Exploit tool for CVE-2021-43008\nAdminer 1.0 - 4.6.2 Arbitrary File Read vulnerability\nhttps://github.com/p0dalirius/CVE-2021-43008-AdminerRead", "creation_timestamp": "2024-12-19T15:32:08.000000Z"} https://vulnerability.circl.lu/sighting/d8e4d7ee-94a1-441b-bbb0-c97ba73b1ca2/export Thu, 19 Dec 2024 15:32:08 +0000 https://vulnerability.circl.lu/sighting/fcf1f073-06f3-4d97-af9e-2bb3089ef97b/export {"uuid": "fcf1f073-06f3-4d97-af9e-2bb3089ef97b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} {"uuid": "fcf1f073-06f3-4d97-af9e-2bb3089ef97b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"} https://vulnerability.circl.lu/sighting/fcf1f073-06f3-4d97-af9e-2bb3089ef97b/export Thu, 06 Feb 2025 03:13:45 +0000 https://vulnerability.circl.lu/sighting/4203c863-8b8c-4f7d-87d8-eebb9f2930cb/export {"uuid": "4203c863-8b8c-4f7d-87d8-eebb9f2930cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:44.000000Z"} {"uuid": "4203c863-8b8c-4f7d-87d8-eebb9f2930cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:44.000000Z"} https://vulnerability.circl.lu/sighting/4203c863-8b8c-4f7d-87d8-eebb9f2930cb/export Sun, 23 Feb 2025 04:10:44 +0000 https://vulnerability.circl.lu/sighting/fbb72757-232c-47f1-ac05-629fda375585/export {"uuid": "fbb72757-232c-47f1-ac05-629fda375585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "seen", "source": "https://gist.github.com/AyushyaChitransh/3b69f94e19b188ba41ee0c49a282e64c", "content": "", "creation_timestamp": "2025-03-13T20:14:03.000000Z"} {"uuid": "fbb72757-232c-47f1-ac05-629fda375585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23648", "type": "seen", "source": "https://gist.github.com/AyushyaChitransh/3b69f94e19b188ba41ee0c49a282e64c", "content": "", "creation_timestamp": "2025-03-13T20:14:03.000000Z"} https://vulnerability.circl.lu/sighting/fbb72757-232c-47f1-ac05-629fda375585/export Thu, 13 Mar 2025 20:14:03 +0000 https://vulnerability.circl.lu/sighting/90ad7ce9-c6d5-4719-98e9-63860f92c678/export {"uuid": "90ad7ce9-c6d5-4719-98e9-63860f92c678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23640", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13118", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23640\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.\n\ud83d\udccf Published: 2022-03-02T19:50:10.000Z\n\ud83d\udccf Modified: 2025-04-23T18:59:25.932Z\n\ud83d\udd17 References:\n1. https://github.com/monitorjbl/excel-streaming-reader/security/advisories/GHSA-xvm2-9xvc-hx7f\n2. https://github.com/monitorjbl/excel-streaming-reader/commit/0749c7b9709db078ccdeada16d46a34bc2910c73", "creation_timestamp": "2025-04-23T19:05:13.000000Z"} {"uuid": "90ad7ce9-c6d5-4719-98e9-63860f92c678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23640", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13118", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23640\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.\n\ud83d\udccf Published: 2022-03-02T19:50:10.000Z\n\ud83d\udccf Modified: 2025-04-23T18:59:25.932Z\n\ud83d\udd17 References:\n1. https://github.com/monitorjbl/excel-streaming-reader/security/advisories/GHSA-xvm2-9xvc-hx7f\n2. https://github.com/monitorjbl/excel-streaming-reader/commit/0749c7b9709db078ccdeada16d46a34bc2910c73", "creation_timestamp": "2025-04-23T19:05:13.000000Z"} https://vulnerability.circl.lu/sighting/90ad7ce9-c6d5-4719-98e9-63860f92c678/export Wed, 23 Apr 2025 19:05:13 +0000