https://db.gcve.eu/sightings/feed 2026-05-23T19:22:35.025309+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/8b081689-4475-4826-88c6-a53b5dd606f5/export 2026-05-23T19:22:35.599572+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "8b081689-4475-4826-88c6-a53b5dd606f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36477", "type": "seen", "source": "https://t.me/cibsecurity/65820", "content": "\u203c CVE-2023-36477 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-30T22:15:19.000000Z"} 2023-06-30T22:15:19+00:00 https://db.gcve.eu/sighting/ccef6db6-1e79-4e12-a5f6-f9bc6024c6d1/export 2026-05-23T19:22:35.599494+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "ccef6db6-1e79-4e12-a5f6-f9bc6024c6d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36473", "type": "seen", "source": "https://t.me/cibsecurity/66702", "content": "\u203c CVE-2023-36473 \u203c\n\nDiscourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-14T00:11:45.000000Z"} 2023-07-14T00:11:45+00:00 https://db.gcve.eu/sighting/330954b7-ec3a-4d65-9eb7-d676dcdbe3b5/export 2026-05-23T19:22:35.599413+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "330954b7-ec3a-4d65-9eb7-d676dcdbe3b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36479", "type": "seen", "source": "https://t.me/cibsecurity/70608", "content": "\u203c CVE-2023-36479 \u203c\n\nEclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T22:25:40.000000Z"} 2023-09-15T22:25:40+00:00 https://db.gcve.eu/sighting/8b785725-9269-4720-935b-e82301371b06/export 2026-05-23T19:22:35.599334+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "8b785725-9269-4720-935b-e82301371b06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36472", "type": "seen", "source": "https://t.me/cibsecurity/70609", "content": "\u203c CVE-2023-36472 \u203c\n\nStrapi is the an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T22:25:41.000000Z"} 2023-09-15T22:25:41+00:00 https://db.gcve.eu/sighting/c721ee41-9652-46f4-bc0e-22d61ef125c8/export 2026-05-23T19:22:35.599260+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "c721ee41-9652-46f4-bc0e-22d61ef125c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3647", "type": "seen", "source": "https://t.me/ctinow/168912", "content": "https://ift.tt/FEnJtmf\nCVE-2023-3647", "creation_timestamp": "2024-01-16T17:27:25.000000Z"} 2024-01-16T17:27:25+00:00 https://db.gcve.eu/sighting/2435f9f6-c728-45fe-be7e-dd1f9d31a8e4/export 2026-05-23T19:22:35.599181+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "2435f9f6-c728-45fe-be7e-dd1f9d31a8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3647", "type": "seen", "source": "https://t.me/ctinow/171531", "content": "https://ift.tt/TDZFuLK\nCVE-2023-3647 Exploit", "creation_timestamp": "2024-01-22T23:16:58.000000Z"} 2024-01-22T23:16:58+00:00 https://db.gcve.eu/sighting/3ae6c53e-5a76-45b9-a0a7-b831705c6432/export 2026-05-23T19:22:35.599092+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "3ae6c53e-5a76-45b9-a0a7-b831705c6432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3647", "type": "seen", "source": "https://t.me/ctinow/179887", "content": "https://ift.tt/cdkbVXD\nCVE-2023-3647 | INDIGITALL IURNY Plugin up to 3.2.2 on WordPress Setting cross site scripting", "creation_timestamp": "2024-02-06T10:41:45.000000Z"} 2024-02-06T10:41:45+00:00 https://db.gcve.eu/sighting/a514ef1e-e0a4-4d38-bf5f-353502b4d8fd/export 2026-05-23T19:22:35.599001+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "a514ef1e-e0a4-4d38-bf5f-353502b4d8fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36478", "type": "seen", "source": "https://t.me/ctinow/180831", "content": "https://ift.tt/IJxVYMe\nCVE-2023-36478 | Oracle Communications Cloud Native Core Network Exposure Function Platform denial of service", "creation_timestamp": "2024-02-07T17:16:54.000000Z"} 2024-02-07T17:16:54+00:00 https://db.gcve.eu/sighting/cb26eb3f-7259-4d65-9556-c8181f08c608/export 2026-05-23T19:22:35.598867+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "cb26eb3f-7259-4d65-9556-c8181f08c608", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36476", "type": "seen", "source": "https://t.me/cvedetector/3317", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-43378 - Calamares Nixos Extensions LUKS Key Exposure Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-43378 \nPublished : Aug. 16, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitions are encrypted; but the partitions containing either `/` or `/boot` are unencrypted; have their LUKS disk encryption key file in plain text either in `/crypto_keyfile.bin`, or in a CPIO archive attached to their NixOS initrd. `nixos-install` is not affected, nor are UEFI installations, nor was the default automatic partitioning configuration on legacy BIOS systems. The problem has been fixed in calamares-nixos-extensions 0.3.17, which was included in NixOS. The current installer images for the NixOS 24.05 and unstable (24.11) channels are unaffected. The fix reached 24.05 at 2024-08-13 20:06:59 UTC, and unstable at 2024-08-15 09:00:20 UTC. Installer images downloaded before those times may be vulnerable. The best solution for affected users is probably to back up their data and do a complete reinstallation. However, the mitigation procedure in GHSA-3rvf-24q2-24ww should work solely for the case where `/` is encrypted but `/boot` is not. If `/` is unencrypted, then the `/crypto_keyfile.bin` file will need to be deleted in addition to the remediation steps in the previous advisory. This issue is a partial regression of CVE-2023-36476 / GHSA-3rvf-24q2-24ww, which was more severe as it applied to the default configuration on BIOS systems. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-16T05:21:43.000000Z"} 2024-08-16T05:21:43+00:00 https://db.gcve.eu/sighting/ed912b1e-4689-4cba-baf2-07db2098d617/export 2026-05-23T19:22:35.597470+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "ed912b1e-4689-4cba-baf2-07db2098d617", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36471", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwpcbpibrw2z", "content": "", "creation_timestamp": "2025-08-18T21:02:49.117402Z"} 2025-08-18T21:02:49.117402+00:00