https://db.gcve.eu/sightings/feed 2026-05-04T13:59:54.262952+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/6d22d235-2725-45a3-b6c7-d6d4797fa7f5/export 2026-05-04T13:59:54.623216+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "6d22d235-2725-45a3-b6c7-d6d4797fa7f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28627", "type": "seen", "source": "https://t.me/cibsecurity/60823", "content": "\u203c CVE-2023-28627 \u203c\n\npymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute arbitrary OS commands as the user running the pymedusa program. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T00:37:57.000000Z"} 2023-03-28T00:37:57+00:00 https://db.gcve.eu/sighting/eeb68910-655a-4c4f-84ad-8950dde80bc8/export 2026-05-04T13:59:54.623163+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "eeb68910-655a-4c4f-84ad-8950dde80bc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28629", "type": "seen", "source": "https://t.me/cibsecurity/60833", "content": "\u203c CVE-2023-28629 \u203c\n\nGoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that has permissions to configure GoCD pipelines could include JavaScript elements within the label template, causing a XSS vulnerability to be triggered for any users viewing the Value Stream Map or Job Details for runs of the affected pipeline, potentially allowing them to perform arbitrary actions within the victim's browser context rather than their own. This issue has been fixed in GoCD 23.1.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T00:38:10.000000Z"} 2023-03-28T00:38:10+00:00 https://db.gcve.eu/sighting/9939ff0e-7180-4d83-8fc6-9eb514867462/export 2026-05-04T13:59:54.623078+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "9939ff0e-7180-4d83-8fc6-9eb514867462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28628", "type": "seen", "source": "https://t.me/cibsecurity/60832", "content": "\u203c CVE-2023-28628 \u203c\n\nlambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in question doesn't handle the backslash (`\\`) character in the username correctly, leading to a wrong output. ex. a payload of `https://example.com\\\\@google.com` would return that the host is `google.com`, but the correct host should be `example.com`. Given that the library returns the wrong authority this may be abused to bypass host restrictions depending on how the library is used in an application. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T02:39:19.000000Z"} 2023-03-28T02:39:19+00:00 https://db.gcve.eu/sighting/a9ee26cb-7d42-4e07-b6c5-36dcd7ff91f0/export 2026-05-04T13:59:54.622986+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "a9ee26cb-7d42-4e07-b6c5-36dcd7ff91f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28626", "type": "seen", "source": "https://t.me/cibsecurity/60964", "content": "\u203c CVE-2023-28626 \u203c\n\ncomrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-047`\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T00:46:10.000000Z"} 2023-03-29T00:46:10+00:00 https://db.gcve.eu/sighting/be51a4cb-8b37-436c-b8f1-4c6c7f8c6f5e/export 2026-05-04T13:59:54.622842+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "be51a4cb-8b37-436c-b8f1-4c6c7f8c6f5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28625", "type": "seen", "source": "https://t.me/cibsecurity/61322", "content": "\u203c CVE-2023-28625 \u203c\n\nmod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-03T18:24:48.000000Z"} 2023-04-03T18:24:48+00:00 https://db.gcve.eu/sighting/4344e4b8-9b84-4c01-b762-3d06a79c12b4/export 2026-05-04T13:59:54.622535+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "4344e4b8-9b84-4c01-b762-3d06a79c12b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28623", "type": "seen", "source": "https://t.me/cibsecurity/64475", "content": "\u203c CVE-2023-28623 \u203c\n\nZulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don't require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that's not in the organization's LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-20T02:23:25.000000Z"} 2023-05-20T02:23:25+00:00 https://db.gcve.eu/sighting/05fd4b07-1ee4-4914-bbd2-88f68a1595e0/export 2026-05-04T13:59:54.620035+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "05fd4b07-1ee4-4914-bbd2-88f68a1595e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28622", "type": "seen", "source": "https://t.me/cibsecurity/68733", "content": "\u203c CVE-2023-28622 \u203c\n\nAuth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <=\u00c2\u00a01.0.0 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T12:37:22.000000Z"} 2023-08-17T12:37:22+00:00