https://db.gcve.eu/sightings/feed 2026-06-05T21:15:01.015661+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/29cde779-f9bf-457a-a045-99de27a8ad98/export 2026-06-05T21:15:01.364973+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "29cde779-f9bf-457a-a045-99de27a8ad98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48362", "type": "seen", "source": "https://t.me/cibsecurity/58903", "content": "\u203c CVE-2022-48362 \u203c\n\nZoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-26T14:27:46.000000Z"} 2023-02-26T14:27:46+00:00 https://db.gcve.eu/sighting/82b32c16-9717-4158-84f3-4079d9601bae/export 2026-06-05T21:15:01.364873+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "82b32c16-9717-4158-84f3-4079d9601bae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48364", "type": "seen", "source": "https://t.me/cibsecurity/59480", "content": "\u203c CVE-2022-48364 \u203c\n\nThe undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T16:12:54.000000Z"} 2023-03-06T16:12:54+00:00 https://db.gcve.eu/sighting/246a49e7-9cfe-4cd9-a709-ea727c7f2741/export 2026-06-05T21:15:01.364771+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "246a49e7-9cfe-4cd9-a709-ea727c7f2741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48361", "type": "seen", "source": "https://t.me/cibsecurity/60841", "content": "\u203c CVE-2022-48361 \u203c\n\nThe Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T02:26:10.000000Z"} 2023-03-28T02:26:10+00:00 https://db.gcve.eu/sighting/bcf66d26-8a82-4eaa-8ab5-570071f31762/export 2026-06-05T21:15:01.364656+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "bcf66d26-8a82-4eaa-8ab5-570071f31762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48363", "type": "seen", "source": "https://t.me/cibsecurity/58915", "content": "\u203c CVE-2022-48363 \u203c\n\nIn MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T15:58:20.000000Z"} 2023-10-11T15:58:20+00:00 https://db.gcve.eu/sighting/8e701a5e-81f9-4fd1-ba21-eb4adce4c8ad/export 2026-06-05T21:15:01.364530+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "8e701a5e-81f9-4fd1-ba21-eb4adce4c8ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48363", "type": "seen", "source": "https://t.me/arpsyndicate/513", "content": "#ExploitObserverAlert\n\nCVE-2022-48363\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-48363. In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.\n\nFIRST-EPSS: 0.000520000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-23T21:58:35.000000Z"} 2023-11-23T21:58:35+00:00 https://db.gcve.eu/sighting/aa3b15bc-80ee-4ec9-a67d-e92d17a4169e/export 2026-06-05T21:15:01.364283+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "aa3b15bc-80ee-4ec9-a67d-e92d17a4169e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48363", "type": "seen", "source": "https://t.me/arpsyndicate/1610", "content": "#ExploitObserverAlert\n\nCVE-2022-48363\n\nDESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-48363. In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.\n\nFIRST-EPSS: 0.000520000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T11:55:01.000000Z"} 2023-12-10T11:55:01+00:00 https://db.gcve.eu/sighting/0d173da3-4523-460c-a389-6762abd4ffaf/export 2026-06-05T21:15:01.364037+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "0d173da3-4523-460c-a389-6762abd4ffaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48364", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6747", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48364\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.\n\ud83d\udccf Published: 2023-03-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-06T20:02:21.461Z\n\ud83d\udd17 References:\n1. https://github.com/mastodon/mastodon/pull/18525\n2. https://github.com/mastodon/mastodon/compare/v3.5.2...v3.5.3\n3. https://github.com/40826d/advisories/blob/master/CVE-2022-48364/README.md\n4. https://github.com/mastodon/mastodon/blob/main/CHANGELOG.md#353---2022-05-26", "creation_timestamp": "2025-03-06T20:34:11.000000Z"} 2025-03-06T20:34:11+00:00 https://db.gcve.eu/sighting/4c5c3254-a439-4fec-9d14-bf3396ffb4d2/export 2026-06-05T21:15:01.363977+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "4c5c3254-a439-4fec-9d14-bf3396ffb4d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48364", "type": "seen", "source": "Telegram/zvIrm9y4EJ-eIJ9mGhyJ-ioCdSG4IHPkk01zk7QpecsKfgKW", "content": "", "creation_timestamp": "2025-03-08T04:34:11.000000Z"} 2025-03-08T04:34:11+00:00 https://db.gcve.eu/sighting/50dc894e-33ef-48dc-b767-0d007e85a282/export 2026-06-05T21:15:01.363790+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "50dc894e-33ef-48dc-b767-0d007e85a282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48362", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7230", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48362\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)\n\ud83d\udccf Published: 2023-02-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-11T20:28:51.711Z\n\ud83d\udd17 References:\n1. https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html\n2. https://www.manageengine.com/products/desktop-central/cve-2022-48362.html", "creation_timestamp": "2025-03-11T20:41:22.000000Z"} 2025-03-11T20:41:22+00:00 https://db.gcve.eu/sighting/b784603c-0202-4af5-afcb-14ae145ca355/export 2026-06-05T21:15:01.361315+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "b784603c-0202-4af5-afcb-14ae145ca355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48363", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7245", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48363\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.\n\ud83d\udccf Published: 2023-02-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-11T19:54:43.431Z\n\ud83d\udd17 References:\n1. https://gerrit.automotivelinux.org/gerrit/q/project:src%252Flibqtappfw+status:open\n2. https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28484\n3. https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28485\n4. https://jira.automotivelinux.org/browse/SPEC-4661", "creation_timestamp": "2025-03-11T20:41:42.000000Z"} 2025-03-11T20:41:42+00:00