https://db.gcve.eu/sightings/feedMost recent sightings.2026-05-31T20:27:29.123202+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/4f9e41ae-af56-4e31-ba65-8863c0ee3a92/export4f9e41ae-af56-4e31-ba65-8863c0ee3a922026-05-31T20:27:29.504649+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "4f9e41ae-af56-4e31-ba65-8863c0ee3a92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23557", "type": "seen", "source": "https://t.me/cibsecurity/36893", "content": "\u203c CVE-2022-23557 \u203c\n\nTensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-05T02:42:26.000000Z"}2022-02-05T02:42:26+00:00https://db.gcve.eu/sighting/7a2a2eb0-c599-4294-8ade-e200711bf5cb/export7a2a2eb0-c599-4294-8ade-e200711bf5cb2026-05-31T20:27:29.504595+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "7a2a2eb0-c599-4294-8ade-e200711bf5cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23558", "type": "seen", "source": "https://t.me/cibsecurity/36903", "content": "\u203c CVE-2022-23558 \u203c\n\nTensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-05T02:45:24.000000Z"}2022-02-05T02:45:24+00:00https://db.gcve.eu/sighting/d14b3e03-8bbe-4945-9902-17a0b8b4762d/exportd14b3e03-8bbe-4945-9902-17a0b8b4762d2026-05-31T20:27:29.504544+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "d14b3e03-8bbe-4945-9902-17a0b8b4762d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2355", "type": "seen", "source": "https://t.me/cibsecurity/47745", "content": "\u203c CVE-2022-2355 \u203c\n\nThe Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-08T18:24:00.000000Z"}2022-08-08T18:24:00+00:00https://db.gcve.eu/sighting/e41a169d-c7e8-4827-83c8-f40c987078c5/exporte41a169d-c7e8-4827-83c8-f40c987078c52026-05-31T20:27:29.504489+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "e41a169d-c7e8-4827-83c8-f40c987078c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23551", "type": "seen", "source": "https://t.me/cibsecurity/55076", "content": "\u203c CVE-2022-23551 \u203c\n\naad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\\oauth2\\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T22:13:04.000000Z"}2022-12-21T22:13:04+00:00https://db.gcve.eu/sighting/a34b5430-618b-40e8-bc8e-0d11a75e049e/exporta34b5430-618b-40e8-bc8e-0d11a75e049e2026-05-31T20:27:29.504434+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "a34b5430-618b-40e8-bc8e-0d11a75e049e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23556", "type": "seen", "source": "https://t.me/cibsecurity/55193", "content": "\u203c CVE-2022-23556 \u203c\n\nCodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure `Config\\App::$proxyIPs`. As a workaround, do not use `$request->getIPAddress()`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:30:13.000000Z"}2022-12-22T22:30:13+00:00https://db.gcve.eu/sighting/540548d2-0fc5-49b1-9f71-d1dff6299a91/export540548d2-0fc5-49b1-9f71-d1dff6299a912026-05-31T20:27:29.504372+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "540548d2-0fc5-49b1-9f71-d1dff6299a91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23553", "type": "seen", "source": "https://t.me/cibsecurity/55507", "content": "\u203c CVE-2022-23553 \u203c\n\nAlpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T22:12:30.000000Z"}2022-12-28T22:12:30+00:00https://db.gcve.eu/sighting/f70cda11-7337-4b3a-a21a-cab9d9c77988/exportf70cda11-7337-4b3a-a21a-cab9d9c779882026-05-31T20:27:29.504274+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "f70cda11-7337-4b3a-a21a-cab9d9c77988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23552", "type": "seen", "source": "https://t.me/cibsecurity/57121", "content": "\u203c CVE-2022-23552 \u203c\n\nGrafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-28T02:34:55.000000Z"}2023-01-28T02:34:55+00:00https://db.gcve.eu/sighting/519f02f6-c641-4efd-aad6-005c504e9775/export519f02f6-c641-4efd-aad6-005c504e97752026-05-31T20:27:29.500983+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "519f02f6-c641-4efd-aad6-005c504e9775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23553", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11352", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23553\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.\n\ud83d\udccf Published: 2022-12-28T18:01:14.741Z\n\ud83d\udccf Modified: 2025-04-10T20:29:58.561Z\n\ud83d\udd17 References:\n1. https://securitylab.github.com/advisories/GHSL-2021-1009-Alpine/\n2. https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/BlacklistUrlFilter.java#L107-L121\n3. https://github.com/stevespringett/Alpine/blob/alpine-parent-1.10.2/alpine/src/main/java/alpine/filters/WhitelistUrlFilter.java#L115-L127", "creation_timestamp": "2025-04-10T20:49:53.000000Z"}2025-04-10T20:49:53+00:00