https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 06 May 2026 12:42:30 +0000 https://db.gcve.eu/sighting/1a3f66be-890b-4ee0-89ed-cc4e1e60d357/export {"uuid": "1a3f66be-890b-4ee0-89ed-cc4e1e60d357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22930", "type": "seen", "source": "https://t.me/cibsecurity/35987", "content": "\u203c CVE-2022-22930 \u203c\n\nA remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-21T02:12:27.000000Z"} {"uuid": "1a3f66be-890b-4ee0-89ed-cc4e1e60d357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22930", "type": "seen", "source": "https://t.me/cibsecurity/35987", "content": "\u203c CVE-2022-22930 \u203c\n\nA remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-21T02:12:27.000000Z"} https://db.gcve.eu/sighting/1a3f66be-890b-4ee0-89ed-cc4e1e60d357/export Fri, 21 Jan 2022 02:12:27 +0000 https://db.gcve.eu/sighting/b1482f67-875a-4be2-bcd7-d4e1611d67ff/export {"uuid": "b1482f67-875a-4be2-bcd7-d4e1611d67ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22932", "type": "seen", "source": "https://t.me/cibsecurity/36292", "content": "\u203c CVE-2022-22932 \u203c\n\nApache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T14:19:28.000000Z"} {"uuid": "b1482f67-875a-4be2-bcd7-d4e1611d67ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22932", "type": "seen", "source": "https://t.me/cibsecurity/36292", "content": "\u203c CVE-2022-22932 \u203c\n\nApache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T14:19:28.000000Z"} https://db.gcve.eu/sighting/b1482f67-875a-4be2-bcd7-d4e1611d67ff/export Wed, 26 Jan 2022 14:19:28 +0000 https://db.gcve.eu/sighting/54bec3bb-33ce-4a4d-8fab-fd6451897c5a/export {"uuid": "54bec3bb-33ce-4a4d-8fab-fd6451897c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22938", "type": "seen", "source": "https://t.me/cibsecurity/36485", "content": "\u203c CVE-2022-22938 \u203c\n\nVMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-28T22:22:08.000000Z"} {"uuid": "54bec3bb-33ce-4a4d-8fab-fd6451897c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22938", "type": "seen", "source": "https://t.me/cibsecurity/36485", "content": "\u203c CVE-2022-22938 \u203c\n\nVMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-28T22:22:08.000000Z"} https://db.gcve.eu/sighting/54bec3bb-33ce-4a4d-8fab-fd6451897c5a/export Fri, 28 Jan 2022 22:22:08 +0000 https://db.gcve.eu/sighting/41a9e588-090a-44a5-9f08-016d25160a65/export {"uuid": "41a9e588-090a-44a5-9f08-016d25160a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22931", "type": "seen", "source": "https://t.me/cibsecurity/36971", "content": "\u203c CVE-2022-22931 \u203c\n\nFix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-07T22:35:25.000000Z"} {"uuid": "41a9e588-090a-44a5-9f08-016d25160a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22931", "type": "seen", "source": "https://t.me/cibsecurity/36971", "content": "\u203c CVE-2022-22931 \u203c\n\nFix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-07T22:35:25.000000Z"} https://db.gcve.eu/sighting/41a9e588-090a-44a5-9f08-016d25160a65/export Mon, 07 Feb 2022 22:35:25 +0000 https://db.gcve.eu/sighting/deda3914-10d8-4bb4-a387-5dd7514b5a05/export {"uuid": "deda3914-10d8-4bb4-a387-5dd7514b5a05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22934", "type": "seen", "source": "https://t.me/cibsecurity/39761", "content": "\u203c CVE-2022-22934 \u203c\n\nAn issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion\u00e2\u20ac\u2122s public key, which can result in attackers substituting arbitrary pillar data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T20:11:35.000000Z"} {"uuid": "deda3914-10d8-4bb4-a387-5dd7514b5a05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22934", "type": "seen", "source": "https://t.me/cibsecurity/39761", "content": "\u203c CVE-2022-22934 \u203c\n\nAn issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion\u00e2\u20ac\u2122s public key, which can result in attackers substituting arbitrary pillar data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T20:11:35.000000Z"} https://db.gcve.eu/sighting/deda3914-10d8-4bb4-a387-5dd7514b5a05/export Tue, 29 Mar 2022 20:11:35 +0000 https://db.gcve.eu/sighting/c00a0dc8-01b0-449d-84be-03e5ccf0d24b/export {"uuid": "c00a0dc8-01b0-449d-84be-03e5ccf0d24b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2293", "type": "seen", "source": "https://t.me/cibsecurity/45995", "content": "\u203c CVE-2022-2293 \u203c\n\nA vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ci_ssms/index.php/orders/create. The manipulation of the argument customer_name with the input alert(\"XSS\") leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T18:25:46.000000Z"} {"uuid": "c00a0dc8-01b0-449d-84be-03e5ccf0d24b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2293", "type": "seen", "source": "https://t.me/cibsecurity/45995", "content": "\u203c CVE-2022-2293 \u203c\n\nA vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ci_ssms/index.php/orders/create. The manipulation of the argument customer_name with the input alert(\"XSS\") leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T18:25:46.000000Z"} https://db.gcve.eu/sighting/c00a0dc8-01b0-449d-84be-03e5ccf0d24b/export Tue, 12 Jul 2022 18:25:46 +0000 https://db.gcve.eu/sighting/78ca4076-2617-44a7-a4ba-0650df15ca33/export {"uuid": "78ca4076-2617-44a7-a4ba-0650df15ca33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22931", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzjb4l2u", "content": "", "creation_timestamp": "2025-08-19T21:02:24.777221Z"} {"uuid": "78ca4076-2617-44a7-a4ba-0650df15ca33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22931", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzjb4l2u", "content": "", "creation_timestamp": "2025-08-19T21:02:24.777221Z"} https://db.gcve.eu/sighting/78ca4076-2617-44a7-a4ba-0650df15ca33/export Tue, 19 Aug 2025 21:02:24 +0000 https://db.gcve.eu/sighting/9534fac8-b0be-4b24-91e1-b0a4cbfdfdf9/export {"uuid": "9534fac8-b0be-4b24-91e1-b0a4cbfdfdf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22932", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto2wof32w", "content": "", "creation_timestamp": "2025-08-21T21:02:34.404418Z"} {"uuid": "9534fac8-b0be-4b24-91e1-b0a4cbfdfdf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22932", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto2wof32w", "content": "", "creation_timestamp": "2025-08-21T21:02:34.404418Z"} https://db.gcve.eu/sighting/9534fac8-b0be-4b24-91e1-b0a4cbfdfdf9/export Thu, 21 Aug 2025 21:02:34 +0000