https://db.gcve.eu/sightings/feed 2026-05-28T17:26:45.583355+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/ce323e55-720f-431b-b138-26a769fdf93e/export 2026-05-28T17:26:46.264211+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "ce323e55-720f-431b-b138-26a769fdf93e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24060", "type": "seen", "source": "https://t.me/cibsecurity/37764", "content": "\u203c CVE-2022-24060 \u203c\n\nThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15099.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T22:41:15.000000Z"} 2022-02-18T22:41:15+00:00 https://db.gcve.eu/sighting/61bf88fb-c522-49bb-bf50-a301b794597c/export 2026-05-28T17:26:46.264148+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "61bf88fb-c522-49bb-bf50-a301b794597c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24064", "type": "seen", "source": "https://t.me/cibsecurity/37784", "content": "\u203c CVE-2022-24064 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15161.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T22:44:21.000000Z"} 2022-02-18T22:44:21+00:00 https://db.gcve.eu/sighting/bd5d79e5-ddf8-4737-9560-f478e8abf323/export 2026-05-28T17:26:46.264092+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "bd5d79e5-ddf8-4737-9560-f478e8abf323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24063", "type": "seen", "source": "https://t.me/cibsecurity/37790", "content": "\u203c CVE-2022-24063 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15105.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T22:44:41.000000Z"} 2022-02-18T22:44:41+00:00 https://db.gcve.eu/sighting/54788cc0-7f46-4ceb-8821-c61f70dd10e8/export 2026-05-28T17:26:46.264038+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "54788cc0-7f46-4ceb-8821-c61f70dd10e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24066", "type": "seen", "source": "https://t.me/cibsecurity/40023", "content": "\u203c CVE-2022-24066 \u203c\n\nThe package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-02T00:20:00.000000Z"} 2022-04-02T00:20:00+00:00 https://db.gcve.eu/sighting/e41b60b6-498e-4cb4-aa77-d524bd4e19cc/export 2026-05-28T17:26:46.263980+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "e41b60b6-498e-4cb4-aa77-d524bd4e19cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24065", "type": "seen", "source": "https://t.me/cibsecurity/43985", "content": "\u203c CVE-2022-24065 \u203c\n\nThe package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-08T12:45:04.000000Z"} 2022-06-08T12:45:04+00:00 https://db.gcve.eu/sighting/82bf5544-9ef5-4043-ab83-e9dc52a61312/export 2026-05-28T17:26:46.263921+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "82bf5544-9ef5-4043-ab83-e9dc52a61312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2406", "type": "seen", "source": "https://t.me/cibsecurity/46272", "content": "\u203c CVE-2022-2406 \u203c\n\nThe legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-14T22:32:50.000000Z"} 2022-07-14T22:32:50+00:00 https://db.gcve.eu/sighting/d651f32c-15b0-4c0a-8608-205b3ab564c4/export 2026-05-28T17:26:46.263861+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "d651f32c-15b0-4c0a-8608-205b3ab564c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24066", "type": "seen", "source": "https://t.me/cibsecurity/54044", "content": "\u203c CVE-2022-25912 \u203c\n\nThe package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T10:12:41.000000Z"} 2022-12-06T10:12:41+00:00 https://db.gcve.eu/sighting/17ad15c1-7e56-4b61-819d-5a9e62450f07/export 2026-05-28T17:26:46.263774+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "17ad15c1-7e56-4b61-819d-5a9e62450f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24066", "type": "seen", "source": "https://t.me/VulnerabilityNews/31336", "content": "The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://ift.tt/lNWz7AC).\nPublished at: December 06, 2022 at 06:15AM\nView on website", "creation_timestamp": "2022-12-08T07:42:50.000000Z"} 2022-12-08T07:42:50+00:00 https://db.gcve.eu/sighting/5602e2ff-1a3a-4a76-8ffd-194adfe18404/export 2026-05-28T17:26:46.260587+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "5602e2ff-1a3a-4a76-8ffd-194adfe18404", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24066", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12991", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25912\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P)\n\ud83d\udd39 Description: The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).\n\ud83d\udccf Published: 2022-12-12T01:49:10.008Z\n\ud83d\udccf Modified: 2025-04-22T20:15:14.996Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221\n2. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532\n3. https://github.com/steveukx/git-js/commit/774648049eb3e628379e292ea172dccaba610504\n4. https://github.com/steveukx/git-js/releases/tag/simple-git%403.15.0\n5. https://github.com/steveukx/git-js/blob/main/docs/PLUGIN-UNSAFE-ACTIONS.md%23overriding-allowed-protocols", "creation_timestamp": "2025-04-22T21:04:34.000000Z"} 2025-04-22T21:04:34+00:00