Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 17 Jun 2026 11:15:48 +0000 5da99da1-098e-4d05-901d-3a0302680f8d https://vulnerability.circl.lu/sighting/5da99da1-098e-4d05-901d-3a0302680f8d/export {"uuid": "5da99da1-098e-4d05-901d-3a0302680f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26560", "type": "seen", "source": "https://t.me/cibsecurity/62885", "content": "\u203c CVE-2023-26560 \u203c\n\nNorthern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T07:30:38.000000Z"} {"uuid": "5da99da1-098e-4d05-901d-3a0302680f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26560", "type": "seen", "source": "https://t.me/cibsecurity/62885", "content": "\u203c CVE-2023-26560 \u203c\n\nNorthern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T07:30:38.000000Z"} https://vulnerability.circl.lu/sighting/5da99da1-098e-4d05-901d-3a0302680f8d/export Wed, 26 Apr 2023 07:30:38 +0000 cd5f1989-2717-4abb-9cd2-048effa754d7 https://vulnerability.circl.lu/sighting/cd5f1989-2717-4abb-9cd2-048effa754d7/export {"uuid": "cd5f1989-2717-4abb-9cd2-048effa754d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26567", "type": "seen", "source": "https://t.me/cibsecurity/62943", "content": "\u203c CVE-2023-26567 \u203c\n\nSangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:17.000000Z"} {"uuid": "cd5f1989-2717-4abb-9cd2-048effa754d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26567", "type": "seen", "source": "https://t.me/cibsecurity/62943", "content": "\u203c CVE-2023-26567 \u203c\n\nSangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:17.000000Z"} https://vulnerability.circl.lu/sighting/cd5f1989-2717-4abb-9cd2-048effa754d7/export Thu, 27 Apr 2023 00:25:17 +0000 c92312a3-329f-42b3-9386-a969277bb0c0 https://vulnerability.circl.lu/sighting/c92312a3-329f-42b3-9386-a969277bb0c0/export {"uuid": "c92312a3-329f-42b3-9386-a969277bb0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2656", "type": "seen", "source": "https://t.me/cibsecurity/63875", "content": "\u203c CVE-2023-2656 \u203c\n\nA vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228798 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T16:15:19.000000Z"} {"uuid": "c92312a3-329f-42b3-9386-a969277bb0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2656", "type": "seen", "source": "https://t.me/cibsecurity/63875", "content": "\u203c CVE-2023-2656 \u203c\n\nA vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228798 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T16:15:19.000000Z"} https://vulnerability.circl.lu/sighting/c92312a3-329f-42b3-9386-a969277bb0c0/export Thu, 11 May 2023 16:15:19 +0000 9ff68454-2fa2-48e2-b2b8-b88ab4790637 https://vulnerability.circl.lu/sighting/9ff68454-2fa2-48e2-b2b8-b88ab4790637/export {"uuid": "9ff68454-2fa2-48e2-b2b8-b88ab4790637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26563", "type": "seen", "source": "https://t.me/cibsecurity/66606", "content": "\u203c CVE-2023-26563 \u203c\n\nThe Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T00:25:48.000000Z"} {"uuid": "9ff68454-2fa2-48e2-b2b8-b88ab4790637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26563", "type": "seen", "source": "https://t.me/cibsecurity/66606", "content": "\u203c CVE-2023-26563 \u203c\n\nThe Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T00:25:48.000000Z"} https://vulnerability.circl.lu/sighting/9ff68454-2fa2-48e2-b2b8-b88ab4790637/export Thu, 13 Jul 2023 00:25:48 +0000 f7779f75-a2b5-4e00-80a9-6af710ca208a https://vulnerability.circl.lu/sighting/f7779f75-a2b5-4e00-80a9-6af710ca208a/export {"uuid": "f7779f75-a2b5-4e00-80a9-6af710ca208a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26564", "type": "seen", "source": "https://t.me/cibsecurity/66607", "content": "\u203c CVE-2023-26564 \u203c\n\nThe Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T00:25:49.000000Z"} {"uuid": "f7779f75-a2b5-4e00-80a9-6af710ca208a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26564", "type": "seen", "source": "https://t.me/cibsecurity/66607", "content": "\u203c CVE-2023-26564 \u203c\n\nThe Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T00:25:49.000000Z"} https://vulnerability.circl.lu/sighting/f7779f75-a2b5-4e00-80a9-6af710ca208a/export Thu, 13 Jul 2023 00:25:49 +0000 6c7a2eed-291f-47b1-9804-6057e17a22d4 https://vulnerability.circl.lu/sighting/6c7a2eed-291f-47b1-9804-6057e17a22d4/export {"uuid": "6c7a2eed-291f-47b1-9804-6057e17a22d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26568", "type": "seen", "source": "https://t.me/cibsecurity/72835", "content": "\u203c CVE-2023-26568 \u203c\n\nUnauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend\u00e2\u20ac\u2122s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:39:21.000000Z"} {"uuid": "6c7a2eed-291f-47b1-9804-6057e17a22d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26568", "type": "seen", "source": "https://t.me/cibsecurity/72835", "content": "\u203c CVE-2023-26568 \u203c\n\nUnauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend\u00e2\u20ac\u2122s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:39:21.000000Z"} https://vulnerability.circl.lu/sighting/6c7a2eed-291f-47b1-9804-6057e17a22d4/export Wed, 25 Oct 2023 22:39:21 +0000 3bbedb6c-72b4-463c-8f76-3ae9f6b662fd https://vulnerability.circl.lu/sighting/3bbedb6c-72b4-463c-8f76-3ae9f6b662fd/export {"uuid": "3bbedb6c-72b4-463c-8f76-3ae9f6b662fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26569", "type": "seen", "source": "https://t.me/cibsecurity/72841", "content": "\u203c CVE-2023-26569 \u203c\n\nUnauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend\u00e2\u20ac\u2122s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:39:28.000000Z"} {"uuid": "3bbedb6c-72b4-463c-8f76-3ae9f6b662fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26569", "type": "seen", "source": "https://t.me/cibsecurity/72841", "content": "\u203c CVE-2023-26569 \u203c\n\nUnauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend\u00e2\u20ac\u2122s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:39:28.000000Z"} https://vulnerability.circl.lu/sighting/3bbedb6c-72b4-463c-8f76-3ae9f6b662fd/export Wed, 25 Oct 2023 22:39:28 +0000 2ef45015-208e-43a0-b6a0-e107ee2bdb53 https://vulnerability.circl.lu/sighting/2ef45015-208e-43a0-b6a0-e107ee2bdb53/export {"uuid": "2ef45015-208e-43a0-b6a0-e107ee2bdb53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26562", "type": "seen", "source": "https://t.me/ctinow/183968", "content": "https://ift.tt/hnVU6EQ\nCVE-2023-26562", "creation_timestamp": "2024-02-13T17:21:59.000000Z"} {"uuid": "2ef45015-208e-43a0-b6a0-e107ee2bdb53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26562", "type": "seen", "source": "https://t.me/ctinow/183968", "content": "https://ift.tt/hnVU6EQ\nCVE-2023-26562", "creation_timestamp": "2024-02-13T17:21:59.000000Z"} https://vulnerability.circl.lu/sighting/2ef45015-208e-43a0-b6a0-e107ee2bdb53/export Tue, 13 Feb 2024 17:21:59 +0000