https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 31 May 2026 23:10:18 +0000 https://vulnerability.circl.lu/sighting/c9d38655-1a8e-41f5-afb5-ce5cfc8293d6/export {"uuid": "c9d38655-1a8e-41f5-afb5-ce5cfc8293d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23837", "type": "seen", "source": "https://t.me/cibsecurity/36086", "content": "\u203c CVE-2022-23837 \u203c\n\nIn api.rb in Sidekiq before 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-22T00:13:50.000000Z"} {"uuid": "c9d38655-1a8e-41f5-afb5-ce5cfc8293d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23837", "type": "seen", "source": "https://t.me/cibsecurity/36086", "content": "\u203c CVE-2022-23837 \u203c\n\nIn api.rb in Sidekiq before 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-22T00:13:50.000000Z"} https://vulnerability.circl.lu/sighting/c9d38655-1a8e-41f5-afb5-ce5cfc8293d6/export Sat, 22 Jan 2022 00:13:50 +0000 https://vulnerability.circl.lu/sighting/de9bc446-033a-4c7b-911f-48d9cc9bbf1f/export {"uuid": "de9bc446-033a-4c7b-911f-48d9cc9bbf1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23833", "type": "seen", "source": "https://t.me/cibsecurity/36740", "content": "\u203c CVE-2022-23833 \u203c\n\nAn issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T07:29:37.000000Z"} {"uuid": "de9bc446-033a-4c7b-911f-48d9cc9bbf1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23833", "type": "seen", "source": "https://t.me/cibsecurity/36740", "content": "\u203c CVE-2022-23833 \u203c\n\nAn issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T07:29:37.000000Z"} https://vulnerability.circl.lu/sighting/de9bc446-033a-4c7b-911f-48d9cc9bbf1f/export Thu, 03 Feb 2022 07:29:37 +0000 https://vulnerability.circl.lu/sighting/607a00da-7c4e-4939-b486-6e407b635638/export {"uuid": "607a00da-7c4e-4939-b486-6e407b635638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23835", "type": "seen", "source": "https://t.me/cibsecurity/38070", "content": "\u203c CVE-2022-23835 \u203c\n\n** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a \"concrete and exploitable risk.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T07:20:09.000000Z"} {"uuid": "607a00da-7c4e-4939-b486-6e407b635638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23835", "type": "seen", "source": "https://t.me/cibsecurity/38070", "content": "\u203c CVE-2022-23835 \u203c\n\n** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a \"concrete and exploitable risk.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T07:20:09.000000Z"} https://vulnerability.circl.lu/sighting/607a00da-7c4e-4939-b486-6e407b635638/export Fri, 25 Feb 2022 07:20:09 +0000 https://vulnerability.circl.lu/sighting/519eecf9-8e93-4cf5-9b4f-70f18adfe3df/export {"uuid": "519eecf9-8e93-4cf5-9b4f-70f18adfe3df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23835", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5542", "content": "#Threat_Research\n1. Apache JSPWiki preauth Stored XSS to ATO (CVE-2022-24948)\nhttps://octagon.net/blog/2022/03/02/apache-jspwiki-preauth-xss-to-ato\n2. A security analysis of Visual Voicemail (CVE-2022-23835)\nhttps://gitlab.com/kop316/vvm-disclosure", "creation_timestamp": "2022-03-05T11:07:01.000000Z"} {"uuid": "519eecf9-8e93-4cf5-9b4f-70f18adfe3df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23835", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5542", "content": "#Threat_Research\n1. Apache JSPWiki preauth Stored XSS to ATO (CVE-2022-24948)\nhttps://octagon.net/blog/2022/03/02/apache-jspwiki-preauth-xss-to-ato\n2. A security analysis of Visual Voicemail (CVE-2022-23835)\nhttps://gitlab.com/kop316/vvm-disclosure", "creation_timestamp": "2022-03-05T11:07:01.000000Z"} https://vulnerability.circl.lu/sighting/519eecf9-8e93-4cf5-9b4f-70f18adfe3df/export Sat, 05 Mar 2022 11:07:01 +0000 https://vulnerability.circl.lu/sighting/1932b7e9-aa80-4f47-8bcd-9afc9c13c019/export {"uuid": "1932b7e9-aa80-4f47-8bcd-9afc9c13c019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23837", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwf2tymq2s2j", "content": "", "creation_timestamp": "2025-08-14T19:23:09.626529Z"} {"uuid": "1932b7e9-aa80-4f47-8bcd-9afc9c13c019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23837", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwf2tymq2s2j", "content": "", "creation_timestamp": "2025-08-14T19:23:09.626529Z"} https://vulnerability.circl.lu/sighting/1932b7e9-aa80-4f47-8bcd-9afc9c13c019/export Thu, 14 Aug 2025 19:23:09 +0000