https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 01 May 2026 01:01:42 +0000 https://db.gcve.eu/sighting/729932cd-ec47-400c-ab46-432a9562b3ac/export {"uuid": "729932cd-ec47-400c-ab46-432a9562b3ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24916", "type": "seen", "source": "https://t.me/cibsecurity/37256", "content": "\u203c CVE-2022-24916 \u203c\n\nOptimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T22:14:11.000000Z"} {"uuid": "729932cd-ec47-400c-ab46-432a9562b3ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24916", "type": "seen", "source": "https://t.me/cibsecurity/37256", "content": "\u203c CVE-2022-24916 \u203c\n\nOptimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T22:14:11.000000Z"} https://db.gcve.eu/sighting/729932cd-ec47-400c-ab46-432a9562b3ac/export Thu, 10 Feb 2022 22:14:11 +0000 https://db.gcve.eu/sighting/48e67e4f-2890-455e-943e-bdfbc0712b06/export {"uuid": "48e67e4f-2890-455e-943e-bdfbc0712b06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24919", "type": "seen", "source": "https://t.me/cibsecurity/38619", "content": "\u203c CVE-2022-24919 \u203c\n\nAn authenticated user can create a link with reflected Javascript code inside it for graphs\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T22:15:05.000000Z"} {"uuid": "48e67e4f-2890-455e-943e-bdfbc0712b06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24919", "type": "seen", "source": "https://t.me/cibsecurity/38619", "content": "\u203c CVE-2022-24919 \u203c\n\nAn authenticated user can create a link with reflected Javascript code inside it for graphs\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T22:15:05.000000Z"} https://db.gcve.eu/sighting/48e67e4f-2890-455e-943e-bdfbc0712b06/export Wed, 09 Mar 2022 22:15:05 +0000 https://db.gcve.eu/sighting/cac6b62e-90d9-4a7f-91f9-d4147e1e47c3/export {"uuid": "cac6b62e-90d9-4a7f-91f9-d4147e1e47c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24918", "type": "seen", "source": "https://t.me/cibsecurity/38622", "content": "\u203c CVE-2022-24918 \u203c\n\nAn authenticated user can create a link with reflected Javascript code inside it for items\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T22:15:11.000000Z"} {"uuid": "cac6b62e-90d9-4a7f-91f9-d4147e1e47c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24918", "type": "seen", "source": "https://t.me/cibsecurity/38622", "content": "\u203c CVE-2022-24918 \u203c\n\nAn authenticated user can create a link with reflected Javascript code inside it for items\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T22:15:11.000000Z"} https://db.gcve.eu/sighting/cac6b62e-90d9-4a7f-91f9-d4147e1e47c3/export Wed, 09 Mar 2022 22:15:11 +0000 https://db.gcve.eu/sighting/45414e13-8a22-4605-b05b-c501b02f0aba/export {"uuid": "45414e13-8a22-4605-b05b-c501b02f0aba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24917", "type": "seen", "source": "https://t.me/cibsecurity/38627", "content": "\u203c CVE-2022-24917 \u203c\n\nAn authenticated user can create a link with reflected Javascript code inside it for services\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T22:15:18.000000Z"} {"uuid": "45414e13-8a22-4605-b05b-c501b02f0aba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24917", "type": "seen", "source": "https://t.me/cibsecurity/38627", "content": "\u203c CVE-2022-24917 \u203c\n\nAn authenticated user can create a link with reflected Javascript code inside it for services\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2 page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T22:15:18.000000Z"} https://db.gcve.eu/sighting/45414e13-8a22-4605-b05b-c501b02f0aba/export Wed, 09 Mar 2022 22:15:18 +0000 https://db.gcve.eu/sighting/a5a2a63a-0763-4d1c-a6d1-29f5efa61469/export {"uuid": "a5a2a63a-0763-4d1c-a6d1-29f5efa61469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24915", "type": "seen", "source": "https://t.me/cibsecurity/38684", "content": "\u203c CVE-2022-24915 \u203c\n\nThe absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:19:14.000000Z"} {"uuid": "a5a2a63a-0763-4d1c-a6d1-29f5efa61469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24915", "type": "seen", "source": "https://t.me/cibsecurity/38684", "content": "\u203c CVE-2022-24915 \u203c\n\nThe absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:19:14.000000Z"} https://db.gcve.eu/sighting/a5a2a63a-0763-4d1c-a6d1-29f5efa61469/export Thu, 10 Mar 2022 20:19:14 +0000 https://db.gcve.eu/sighting/f46f65ce-ee5d-42ab-b823-4dbaaa7e5c72/export {"uuid": "f46f65ce-ee5d-42ab-b823-4dbaaa7e5c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24910", "type": "seen", "source": "https://t.me/cibsecurity/42523", "content": "\u203c CVE-2022-24910 \u203c\n\nA buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T20:42:11.000000Z"} {"uuid": "f46f65ce-ee5d-42ab-b823-4dbaaa7e5c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24910", "type": "seen", "source": "https://t.me/cibsecurity/42523", "content": "\u203c CVE-2022-24910 \u203c\n\nA buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T20:42:11.000000Z"} https://db.gcve.eu/sighting/f46f65ce-ee5d-42ab-b823-4dbaaa7e5c72/export Thu, 12 May 2022 20:42:11 +0000 https://db.gcve.eu/sighting/a3239361-af5a-4fcd-a2ed-3217a84c3501/export {"uuid": "a3239361-af5a-4fcd-a2ed-3217a84c3501", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2491", "type": "seen", "source": "https://t.me/cibsecurity/46647", "content": "\u203c CVE-2022-2491 \u203c\n\nA vulnerability has been found in SourceCodester Library Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file lab.php. The manipulation of the argument Section with the input 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71716b7171,0x546e4444736b7743575a666d4873746a6450616261527a67627944426946507245664143694c6a4c,0x7162706b71),NULL,NULL,NULL,NULL# leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-20T16:20:09.000000Z"} {"uuid": "a3239361-af5a-4fcd-a2ed-3217a84c3501", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2491", "type": "seen", "source": "https://t.me/cibsecurity/46647", "content": "\u203c CVE-2022-2491 \u203c\n\nA vulnerability has been found in SourceCodester Library Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file lab.php. The manipulation of the argument Section with the input 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71716b7171,0x546e4444736b7743575a666d4873746a6450616261527a67627944426946507245664143694c6a4c,0x7162706b71),NULL,NULL,NULL,NULL# leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-20T16:20:09.000000Z"} https://db.gcve.eu/sighting/a3239361-af5a-4fcd-a2ed-3217a84c3501/export Wed, 20 Jul 2022 16:20:09 +0000 https://db.gcve.eu/sighting/22f54102-8278-42f1-9b33-af1942effa7d/export {"uuid": "22f54102-8278-42f1-9b33-af1942effa7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24912", "type": "seen", "source": "https://t.me/cibsecurity/47250", "content": "\u203c CVE-2022-24912 \u203c\n\nThe package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-29T14:13:25.000000Z"} {"uuid": "22f54102-8278-42f1-9b33-af1942effa7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24912", "type": "seen", "source": "https://t.me/cibsecurity/47250", "content": "\u203c CVE-2022-24912 \u203c\n\nThe package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-29T14:13:25.000000Z"} https://db.gcve.eu/sighting/22f54102-8278-42f1-9b33-af1942effa7d/export Fri, 29 Jul 2022 14:13:25 +0000 https://db.gcve.eu/sighting/d7519084-e64d-41bc-961c-e26b44684ddd/export {"uuid": "d7519084-e64d-41bc-961c-e26b44684ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24913", "type": "seen", "source": "https://t.me/cibsecurity/56409", "content": "\u203c CVE-2022-24913 \u203c\n\nVersions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-12T07:30:03.000000Z"} {"uuid": "d7519084-e64d-41bc-961c-e26b44684ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24913", "type": "seen", "source": "https://t.me/cibsecurity/56409", "content": "\u203c CVE-2022-24913 \u203c\n\nVersions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-12T07:30:03.000000Z"} https://db.gcve.eu/sighting/d7519084-e64d-41bc-961c-e26b44684ddd/export Thu, 12 Jan 2023 07:30:03 +0000