https://db.gcve.eu/sightings/feed 2026-05-11T18:50:42.355961+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/096db8eb-d102-40ca-89a4-24292157b1ec/export 2026-05-11T18:50:42.737408+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "096db8eb-d102-40ca-89a4-24292157b1ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39215", "type": "seen", "source": "https://t.me/cibsecurity/49859", "content": "\u203c CVE-2022-39215 \u203c\n\nTauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T02:27:58.000000Z"} 2022-09-16T02:27:58+00:00 https://db.gcve.eu/sighting/81022e9a-364b-4a55-bddb-286f086bb3d2/export 2026-05-11T18:50:42.737342+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "81022e9a-364b-4a55-bddb-286f086bb3d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39213", "type": "seen", "source": "https://t.me/cibsecurity/49861", "content": "\u203c CVE-2022-39213 \u203c\n\ngo-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). In affected versions when a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag `v0.4.0`, by the commit `d9d478ff0c13b8b09ace030db9262f3c2fe031f4`. Users are advised to upgrade. Users unable to upgrade may avoid this issue by parsing only CVSS v2.0 vector strings that do not have all attributes defined (e.g. `AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M`). As stated in [SECURITY.md](https://github.com/pandatix/go-cvss/blob/master/SECURITY.md), the CPE v2.3 to refer to this Go module is `cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*:*:*:*`. The entry has already been requested to the NVD CPE dictionary.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T02:28:03.000000Z"} 2022-09-16T02:28:03+00:00 https://db.gcve.eu/sighting/68a21d54-49fd-487f-a3bd-1b9961110962/export 2026-05-11T18:50:42.737280+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "68a21d54-49fd-487f-a3bd-1b9961110962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39212", "type": "seen", "source": "https://t.me/cibsecurity/50010", "content": "\u203c CVE-2022-39212 \u203c\n\nNextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select \"None\" as camera before joining the call.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-17T07:29:29.000000Z"} 2022-09-17T07:29:29+00:00 https://db.gcve.eu/sighting/e65873d2-b1a6-4d83-b9d1-7724fd3151a1/export 2026-05-11T18:50:42.737211+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "e65873d2-b1a6-4d83-b9d1-7724fd3151a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39217", "type": "seen", "source": "https://t.me/cibsecurity/50011", "content": "\u203c CVE-2022-39217 \u203c\n\nsome-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-17T07:29:30.000000Z"} 2022-09-17T07:29:30+00:00 https://db.gcve.eu/sighting/ecae732f-dc86-4d2a-a3a2-0c65b1a8e833/export 2026-05-11T18:50:42.737142+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "ecae732f-dc86-4d2a-a3a2-0c65b1a8e833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39210", "type": "seen", "source": "https://t.me/cibsecurity/50012", "content": "\u203c CVE-2022-39210 \u203c\n\nNextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-17T07:29:31.000000Z"} 2022-09-17T07:29:31+00:00 https://db.gcve.eu/sighting/ac49cd83-8efa-4501-8546-88bde38ff738/export 2026-05-11T18:50:42.737074+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "ac49cd83-8efa-4501-8546-88bde38ff738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39219", "type": "seen", "source": "https://t.me/cibsecurity/50487", "content": "\u203c CVE-2022-39219 \u203c\n\nBifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T18:36:25.000000Z"} 2022-09-26T18:36:25+00:00 https://db.gcve.eu/sighting/bf1444f5-25e8-43fd-896b-fdc4b17dc832/export 2026-05-11T18:50:42.736979+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "bf1444f5-25e8-43fd-896b-fdc4b17dc832", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39216", "type": "seen", "source": "https://t.me/cibsecurity/59989", "content": "\u203c CVE-2022-39216 \u203c\n\nCombodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-14T19:23:24.000000Z"} 2023-03-14T19:23:24+00:00 https://db.gcve.eu/sighting/41894bb0-3aa4-4d16-8987-e588319aa52c/export 2026-05-11T18:50:42.735409+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "41894bb0-3aa4-4d16-8987-e588319aa52c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3921", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12873", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3921\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE\n\ud83d\udccf Published: 2022-12-12T17:57:09.917Z\n\ud83d\udccf Modified: 2025-04-22T14:42:28.536Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f", "creation_timestamp": "2025-04-22T15:03:54.000000Z"} 2025-04-22T15:03:54+00:00