https://db.gcve.eu/sightings/feedMost recent sightings.2026-05-31T20:23:51.898012+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/a1f13d87-d1a9-4cd5-afe4-551c5b8963a0/exporta1f13d87-d1a9-4cd5-afe4-551c5b8963a02026-05-31T20:23:52.302298+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "a1f13d87-d1a9-4cd5-afe4-551c5b8963a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21722", "type": "seen", "source": "https://t.me/cibsecurity/36363", "content": "\u203c CVE-2022-21722 \u203c\n\nPJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-27T02:19:58.000000Z"}2022-01-27T02:19:58+00:00https://db.gcve.eu/sighting/da4c4554-3486-43ca-8ec7-a452cd4f151a/exportda4c4554-3486-43ca-8ec7-a452cd4f151a2026-05-31T20:23:52.302235+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "da4c4554-3486-43ca-8ec7-a452cd4f151a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21723", "type": "seen", "source": "https://t.me/cibsecurity/36365", "content": "\u203c CVE-2022-21723 \u203c\n\nPJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-27T02:19:59.000000Z"}2022-01-27T02:19:59+00:00https://db.gcve.eu/sighting/ed78ffd5-888d-4847-b170-b4f29f32dd61/exported78ffd5-888d-4847-b170-b4f29f32dd612026-05-31T20:23:52.302181+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "ed78ffd5-888d-4847-b170-b4f29f32dd61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21720", "type": "seen", "source": "https://t.me/cibsecurity/36446", "content": "\u203c CVE-2022-21720 \u203c\n\nGLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-28T14:23:23.000000Z"}2022-01-28T14:23:23+00:00https://db.gcve.eu/sighting/e2167495-6d17-4ec3-8874-ee1872058e99/exporte2167495-6d17-4ec3-8874-ee1872058e992026-05-31T20:23:52.302120+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "e2167495-6d17-4ec3-8874-ee1872058e99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21724", "type": "seen", "source": "https://t.me/cibsecurity/36696", "content": "\u203c CVE-2022-21724 \u203c\n\npgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to remote code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-02T14:28:22.000000Z"}2022-02-02T14:28:22+00:00https://db.gcve.eu/sighting/0cd03438-ee0d-4d8d-9570-2b7fcb49c31b/export0cd03438-ee0d-4d8d-9570-2b7fcb49c31b2026-05-31T20:23:52.302057+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "0cd03438-ee0d-4d8d-9570-2b7fcb49c31b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21727", "type": "seen", "source": "https://t.me/cibsecurity/36759", "content": "\u203c CVE-2022-21727 \u203c\n\nTensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T14:29:51.000000Z"}2022-02-03T14:29:51+00:00https://db.gcve.eu/sighting/66cdc474-420d-40c9-bc45-ffd429120237/export66cdc474-420d-40c9-bc45-ffd4291202372026-05-31T20:23:52.301998+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "66cdc474-420d-40c9-bc45-ffd429120237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21726", "type": "seen", "source": "https://t.me/cibsecurity/36760", "content": "\u203c CVE-2022-21726 \u203c\n\nTensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T14:29:53.000000Z"}2022-02-03T14:29:53+00:00https://db.gcve.eu/sighting/1fc02e3b-45aa-4d45-b165-e30a01a276ab/export1fc02e3b-45aa-4d45-b165-e30a01a276ab2026-05-31T20:23:52.301936+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "1fc02e3b-45aa-4d45-b165-e30a01a276ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21728", "type": "seen", "source": "https://t.me/cibsecurity/36765", "content": "\u203c CVE-2022-21728 \u203c\n\nTensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T14:30:01.000000Z"}2022-02-03T14:30:01+00:00https://db.gcve.eu/sighting/54dbbce1-3fcf-47ba-a266-af36f387ff3b/export54dbbce1-3fcf-47ba-a266-af36f387ff3b2026-05-31T20:23:52.301845+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "54dbbce1-3fcf-47ba-a266-af36f387ff3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21729", "type": "seen", "source": "https://t.me/cibsecurity/36767", "content": "\u203c CVE-2022-21729 \u203c\n\nTensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T16:29:53.000000Z"}2022-02-03T16:29:53+00:00https://db.gcve.eu/sighting/94a546b5-c136-497b-80f3-52103f569a68/export94a546b5-c136-497b-80f3-52103f569a682026-05-31T20:23:52.300873+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "94a546b5-c136-497b-80f3-52103f569a68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21725", "type": "seen", "source": "https://t.me/cibsecurity/36770", "content": "\u203c CVE-2022-21725 \u203c\n\nTensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T16:29:59.000000Z"}2022-02-03T16:29:59+00:00https://db.gcve.eu/sighting/9a46197f-0eaa-456d-85d8-728d29282689/export9a46197f-0eaa-456d-85d8-728d292826892026-05-31T20:23:52.289027+00:00sync_userhttps://db.gcve.eu/user/sync_user{"uuid": "9a46197f-0eaa-456d-85d8-728d29282689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "cve-2022-21724", "type": "seen", "source": "https://gist.github.com/rayepenber095/9265581788dc4d7e014abf52554d8b7f", "content": "", "creation_timestamp": "2026-05-22T12:39:13.000000Z"}2026-05-22T12:39:13+00:00