https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 08 Jun 2026 13:58:20 +0000 https://db.gcve.eu/sighting/3c311a59-7a7f-4de9-8699-96e27ea2f29a/export {"uuid": "3c311a59-7a7f-4de9-8699-96e27ea2f29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34265", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2463", "content": "#Tools \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bBokuLoader\n\nCobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.\n\nhttps://github.com/xforcered/BokuLoader\n\n#loader #cs #evasion #av #cobalt\n\n\u200b\u200bSparrow-WiFi\n\nSparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. \n\nIn its most comprehensive use cases, sparrow-wifi integrates wifi, software-defined radio (hackrf), advanced bluetooth tools (traditional and Ubertooth), traditional GPS (via gpsd), and drone/rover GPS via mavlink in one solution.\n\nhttps://github.com/ghostop14/sparrow-wifi\n\n\u200b\u200bReverseShell\n\nA reverseshell for Linux. Written In Python3. \n\nhttps://github.com/Keyj33k/ReverseShell\n\n\u200b\u200bGPU_ShellCode\n\ngpu poisoning; hide the payload inside the gpu memory.\n\nafter my older repo, in which i used the thread description to hide the payload, i wanted to find new way, so now im using nividia gpu memory using cuda api's to allocate, write, and free when there is no need for the payload to be found in memory.\n\nhttps://github.com/H1d3r/GPU_ShellCode\n\n\u200b\u200bPapaya\n\n#NoSQL Injection Tool to bypass login forms & extract usernames/passwords using regular expressions. \n\nPapaya is a tool to test if a #MongoDB/NoSQL-based web application is vulnerable to a basic NoSQL injection on POST login forms, including tests for password and username extraction.\n\nhttps://github.com/eversinc33/Papaya\n\n\u200b\u200bSecurity Bugs\n\nFull disclosures for CVE ids, proofs of concept, exploits, 0day bugs and so on. Microsoft Internet Explorer 11 (protected mode off) & Adobe Acrobat Reader DC ActiveX\n\nhttps://github.com/j00sean/SecBugs\n\nCVE-2022-34265\n\nPoC verification of Django vulnerability \n\nA vulnerability (CVE-2022-34265) in Django was disclosed on July 5, 2022 (US time). This article describes our discussion of this vulnerability and the results of our verification.\n\nhttps://github.com/aeyesec/CVE-2022-34265\n\n\u200b\u200bCrackQL\n\nA GraphQL password brute-force and fuzzing utility.\n\nCrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations.\n\nhttps://github.com/nicholasaleks/CrackQL\n\n\u200b\u200bAwesome-web3-Security\n\nA curated list of web3 Security materials and resources For Pentesters and Bug Hunters.\n\nhttps://github.com/Anugrahsr/Awesome-web3-Security\n\n\u200b\u200bGadgetToJScript\n\nA tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA scripts.\n\nThe current gadget triggers a call to Activator.CreateInstance() when deserialized using BinaryFormatter from jscript/vbscript/vba, this means it can be used to trigger execution of your .NET assembly of choice via the default/public constructor.\n\nThe tool was created mainly for automating WSH scripts weaponization for RT engagements (Initial Access, Lateral Movement, Persistence), the shellcode loader which was used for PoC is removed and replaced by an example assembly implemented in the TestAssembly project.\n\nhttps://github.com/med0x2e/GadgetToJScript\n\nBTC:\nbc1q62lwma4r3w3klq4mcn5hys9nps5h40qmafrc8e\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-03-13T07:34:06.000000Z"} {"uuid": "3c311a59-7a7f-4de9-8699-96e27ea2f29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34265", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2463", "content": "#Tools \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bBokuLoader\n\nCobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.\n\nhttps://github.com/xforcered/BokuLoader\n\n#loader #cs #evasion #av #cobalt\n\n\u200b\u200bSparrow-WiFi\n\nSparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. \n\nIn its most comprehensive use cases, sparrow-wifi integrates wifi, software-defined radio (hackrf), advanced bluetooth tools (traditional and Ubertooth), traditional GPS (via gpsd), and drone/rover GPS via mavlink in one solution.\n\nhttps://github.com/ghostop14/sparrow-wifi\n\n\u200b\u200bReverseShell\n\nA reverseshell for Linux. Written In Python3. \n\nhttps://github.com/Keyj33k/ReverseShell\n\n\u200b\u200bGPU_ShellCode\n\ngpu poisoning; hide the payload inside the gpu memory.\n\nafter my older repo, in which i used the thread description to hide the payload, i wanted to find new way, so now im using nividia gpu memory using cuda api's to allocate, write, and free when there is no need for the payload to be found in memory.\n\nhttps://github.com/H1d3r/GPU_ShellCode\n\n\u200b\u200bPapaya\n\n#NoSQL Injection Tool to bypass login forms & extract usernames/passwords using regular expressions. \n\nPapaya is a tool to test if a #MongoDB/NoSQL-based web application is vulnerable to a basic NoSQL injection on POST login forms, including tests for password and username extraction.\n\nhttps://github.com/eversinc33/Papaya\n\n\u200b\u200bSecurity Bugs\n\nFull disclosures for CVE ids, proofs of concept, exploits, 0day bugs and so on. Microsoft Internet Explorer 11 (protected mode off) & Adobe Acrobat Reader DC ActiveX\n\nhttps://github.com/j00sean/SecBugs\n\nCVE-2022-34265\n\nPoC verification of Django vulnerability \n\nA vulnerability (CVE-2022-34265) in Django was disclosed on July 5, 2022 (US time). This article describes our discussion of this vulnerability and the results of our verification.\n\nhttps://github.com/aeyesec/CVE-2022-34265\n\n\u200b\u200bCrackQL\n\nA GraphQL password brute-force and fuzzing utility.\n\nCrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations.\n\nhttps://github.com/nicholasaleks/CrackQL\n\n\u200b\u200bAwesome-web3-Security\n\nA curated list of web3 Security materials and resources For Pentesters and Bug Hunters.\n\nhttps://github.com/Anugrahsr/Awesome-web3-Security\n\n\u200b\u200bGadgetToJScript\n\nA tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA scripts.\n\nThe current gadget triggers a call to Activator.CreateInstance() when deserialized using BinaryFormatter from jscript/vbscript/vba, this means it can be used to trigger execution of your .NET assembly of choice via the default/public constructor.\n\nThe tool was created mainly for automating WSH scripts weaponization for RT engagements (Initial Access, Lateral Movement, Persistence), the shellcode loader which was used for PoC is removed and replaced by an example assembly implemented in the TestAssembly project.\n\nhttps://github.com/med0x2e/GadgetToJScript\n\nBTC:\nbc1q62lwma4r3w3klq4mcn5hys9nps5h40qmafrc8e\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-03-13T07:34:06.000000Z"} https://db.gcve.eu/sighting/3c311a59-7a7f-4de9-8699-96e27ea2f29a/export Mon, 13 Mar 2023 07:34:06 +0000 https://db.gcve.eu/sighting/2ad8efd7-5ea4-4baf-96fd-bf0bea95aad0/export {"uuid": "2ad8efd7-5ea4-4baf-96fd-bf0bea95aad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34267", "type": "seen", "source": "https://t.me/ctinow/159168", "content": "https://ift.tt/2tAYmC8\nCVE-2022-34267", "creation_timestamp": "2023-12-25T09:31:14.000000Z"} {"uuid": "2ad8efd7-5ea4-4baf-96fd-bf0bea95aad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34267", "type": "seen", "source": "https://t.me/ctinow/159168", "content": "https://ift.tt/2tAYmC8\nCVE-2022-34267", "creation_timestamp": "2023-12-25T09:31:14.000000Z"} https://db.gcve.eu/sighting/2ad8efd7-5ea4-4baf-96fd-bf0bea95aad0/export Mon, 25 Dec 2023 09:31:14 +0000 https://db.gcve.eu/sighting/ff5e740d-0a3a-4f00-a7c2-f040b2fdfb1b/export {"uuid": "ff5e740d-0a3a-4f00-a7c2-f040b2fdfb1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34268", "type": "seen", "source": "https://t.me/ctinow/159169", "content": "https://ift.tt/TO2tZFl\nCVE-2022-34268", "creation_timestamp": "2023-12-25T09:31:15.000000Z"} {"uuid": "ff5e740d-0a3a-4f00-a7c2-f040b2fdfb1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34268", "type": "seen", "source": "https://t.me/ctinow/159169", "content": "https://ift.tt/TO2tZFl\nCVE-2022-34268", "creation_timestamp": "2023-12-25T09:31:15.000000Z"} https://db.gcve.eu/sighting/ff5e740d-0a3a-4f00-a7c2-f040b2fdfb1b/export Mon, 25 Dec 2023 09:31:15 +0000 https://db.gcve.eu/sighting/c8822dd2-8c6f-484a-ba38-176e8a6b8cac/export {"uuid": "c8822dd2-8c6f-484a-ba38-176e8a6b8cac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34267", "type": "seen", "source": "https://t.me/arpsyndicate/2185", "content": "#ExploitObserverAlert\n\nCVE-2022-34267\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34267. An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.", "creation_timestamp": "2023-12-28T03:29:28.000000Z"} {"uuid": "c8822dd2-8c6f-484a-ba38-176e8a6b8cac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34267", "type": "seen", "source": "https://t.me/arpsyndicate/2185", "content": "#ExploitObserverAlert\n\nCVE-2022-34267\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34267. An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.", "creation_timestamp": "2023-12-28T03:29:28.000000Z"} https://db.gcve.eu/sighting/c8822dd2-8c6f-484a-ba38-176e8a6b8cac/export Thu, 28 Dec 2023 03:29:28 +0000 https://db.gcve.eu/sighting/c68a1c45-59a2-40e3-b437-387dcd6c786c/export {"uuid": "c68a1c45-59a2-40e3-b437-387dcd6c786c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34268", "type": "seen", "source": "https://t.me/arpsyndicate/2200", "content": "#ExploitObserverAlert\n\nCVE-2022-34268\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34268. An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.", "creation_timestamp": "2023-12-28T05:42:33.000000Z"} {"uuid": "c68a1c45-59a2-40e3-b437-387dcd6c786c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34268", "type": "seen", "source": "https://t.me/arpsyndicate/2200", "content": "#ExploitObserverAlert\n\nCVE-2022-34268\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-34268. An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.", "creation_timestamp": "2023-12-28T05:42:33.000000Z"} https://db.gcve.eu/sighting/c68a1c45-59a2-40e3-b437-387dcd6c786c/export Thu, 28 Dec 2023 05:42:33 +0000 https://db.gcve.eu/sighting/26318706-d8fc-4386-a625-b7aa31400b34/export {"uuid": "26318706-d8fc-4386-a625-b7aa31400b34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34268", "type": "seen", "source": "https://t.me/ctinow/162754", "content": "https://ift.tt/N0f94gu\nCVE-2022-34268 Exploit", "creation_timestamp": "2024-01-04T04:21:52.000000Z"} {"uuid": "26318706-d8fc-4386-a625-b7aa31400b34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34268", "type": "seen", "source": "https://t.me/ctinow/162754", "content": "https://ift.tt/N0f94gu\nCVE-2022-34268 Exploit", "creation_timestamp": "2024-01-04T04:21:52.000000Z"} https://db.gcve.eu/sighting/26318706-d8fc-4386-a625-b7aa31400b34/export Thu, 04 Jan 2024 04:21:52 +0000 https://db.gcve.eu/sighting/19ff7c34-76b3-49c3-89f9-7491fa41c40c/export {"uuid": "19ff7c34-76b3-49c3-89f9-7491fa41c40c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34267", "type": "seen", "source": "https://t.me/ctinow/162826", "content": "https://ift.tt/WiouwsZ\nCVE-2022-34267 Exploit", "creation_timestamp": "2024-01-04T08:16:40.000000Z"} {"uuid": "19ff7c34-76b3-49c3-89f9-7491fa41c40c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34267", "type": "seen", "source": "https://t.me/ctinow/162826", "content": "https://ift.tt/WiouwsZ\nCVE-2022-34267 Exploit", "creation_timestamp": "2024-01-04T08:16:40.000000Z"} https://db.gcve.eu/sighting/19ff7c34-76b3-49c3-89f9-7491fa41c40c/export Thu, 04 Jan 2024 08:16:40 +0000 https://db.gcve.eu/sighting/f2b083aa-8a77-4d21-bfb7-fc185d050488/export {"uuid": "f2b083aa-8a77-4d21-bfb7-fc185d050488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34267", "type": "seen", "source": "https://t.me/ctinow/170103", "content": "https://ift.tt/XTrsR9z\nCVE-2022-34267 | RWS WorldServer up to 11.7.2 JAR Archive api improper authentication", "creation_timestamp": "2024-01-19T09:16:23.000000Z"} {"uuid": "f2b083aa-8a77-4d21-bfb7-fc185d050488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34267", "type": "seen", "source": "https://t.me/ctinow/170103", "content": "https://ift.tt/XTrsR9z\nCVE-2022-34267 | RWS WorldServer up to 11.7.2 JAR Archive api improper authentication", "creation_timestamp": "2024-01-19T09:16:23.000000Z"} https://db.gcve.eu/sighting/f2b083aa-8a77-4d21-bfb7-fc185d050488/export Fri, 19 Jan 2024 09:16:23 +0000 https://db.gcve.eu/sighting/cfb62bae-42b4-442e-bcb0-1c259da66729/export {"uuid": "cfb62bae-42b4-442e-bcb0-1c259da66729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34268", "type": "seen", "source": "https://t.me/ctinow/170107", "content": "https://ift.tt/jgRVX9G\nCVE-2022-34268 | RWS WorldServer up to 11.7.2 /clientLogin improper authentication", "creation_timestamp": "2024-01-19T09:16:27.000000Z"} {"uuid": "cfb62bae-42b4-442e-bcb0-1c259da66729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34268", "type": "seen", "source": "https://t.me/ctinow/170107", "content": "https://ift.tt/jgRVX9G\nCVE-2022-34268 | RWS WorldServer up to 11.7.2 /clientLogin improper authentication", "creation_timestamp": "2024-01-19T09:16:27.000000Z"} https://db.gcve.eu/sighting/cfb62bae-42b4-442e-bcb0-1c259da66729/export Fri, 19 Jan 2024 09:16:27 +0000 https://db.gcve.eu/sighting/2979635a-cd9b-4826-9d62-641e70604160/export {"uuid": "2979635a-cd9b-4826-9d62-641e70604160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34265", "type": "seen", "source": "https://t.me/arpsyndicate/4392", "content": "#ExploitObserverAlert\n\nCVE-2022-34265\n\nDESCRIPTION: Exploit Observer has 47 entries in 9 file formats related to CVE-2022-34265. An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.\n\nFIRST-EPSS: 0.117370000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-04-09T05:15:10.000000Z"} {"uuid": "2979635a-cd9b-4826-9d62-641e70604160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34265", "type": "seen", "source": "https://t.me/arpsyndicate/4392", "content": "#ExploitObserverAlert\n\nCVE-2022-34265\n\nDESCRIPTION: Exploit Observer has 47 entries in 9 file formats related to CVE-2022-34265. An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.\n\nFIRST-EPSS: 0.117370000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-04-09T05:15:10.000000Z"} https://db.gcve.eu/sighting/2979635a-cd9b-4826-9d62-641e70604160/export Tue, 09 Apr 2024 05:15:10 +0000