https://db.gcve.eu/sightings/feedMost recent sightings.2026-05-30T14:05:41.446327+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/b7ea18d5-e3f7-4a39-937e-1e4629b1a2f0/exportb7ea18d5-e3f7-4a39-937e-1e4629b1a2f02026-05-30T14:05:41.846227+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "b7ea18d5-e3f7-4a39-937e-1e4629b1a2f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4760", "type": "seen", "source": "https://t.me/cibsecurity/70876", "content": "\u203c CVE-2023-4760 \u203c\n\nIn Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \\ (backslashes) coming further back are kept.For example, a file name such as /..\\..\\webapps\\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\\..\\webapps\\shell.war in its webapps directory and can then be executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T12:30:57.000000Z"}2023-09-21T12:30:57+00:00https://db.gcve.eu/sighting/6402e68a-fcba-45a2-85f0-9ad3fb6de789/export6402e68a-fcba-45a2-85f0-9ad3fb6de7892026-05-30T14:05:41.844843+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "6402e68a-fcba-45a2-85f0-9ad3fb6de789", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-47609", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/749", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-47609\n\ud83d\udd39 Description: SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.\n\ud83d\udccf Published: 2023-11-14T05:12:19.484Z\n\ud83d\udccf Modified: 2025-01-08T16:44:16.361Z\n\ud83d\udd17 References:\n1. https://oss-calendar.com/news/20231113/\n2. https://jvn.jp/en/jp/JVN67822421/", "creation_timestamp": "2025-01-08T17:18:09.000000Z"}2025-01-08T17:18:09+00:00