https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 05 Jun 2026 12:08:55 +0000 https://db.gcve.eu/sighting/eeab1e5b-d3b4-41c4-9fad-e06ddcf60c01/export {"uuid": "eeab1e5b-d3b4-41c4-9fad-e06ddcf60c01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38668", "type": "seen", "source": "https://t.me/cibsecurity/48558", "content": "\u203c CVE-2022-38668 \u203c\n\nHTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive data from stack memory when fulfilling a request for a static file smaller than 16 KB.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T00:20:46.000000Z"} {"uuid": "eeab1e5b-d3b4-41c4-9fad-e06ddcf60c01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38668", "type": "seen", "source": "https://t.me/cibsecurity/48558", "content": "\u203c CVE-2022-38668 \u203c\n\nHTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive data from stack memory when fulfilling a request for a static file smaller than 16 KB.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T00:20:46.000000Z"} https://db.gcve.eu/sighting/eeab1e5b-d3b4-41c4-9fad-e06ddcf60c01/export Tue, 23 Aug 2022 00:20:46 +0000 https://db.gcve.eu/sighting/2e55f960-3547-485e-a9aa-7f912b88335b/export {"uuid": "2e55f960-3547-485e-a9aa-7f912b88335b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38663", "type": "seen", "source": "https://t.me/cibsecurity/48611", "content": "\u203c CVE-2022-38663 \u203c\n\nJenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T20:27:44.000000Z"} {"uuid": "2e55f960-3547-485e-a9aa-7f912b88335b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38663", "type": "seen", "source": "https://t.me/cibsecurity/48611", "content": "\u203c CVE-2022-38663 \u203c\n\nJenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T20:27:44.000000Z"} https://db.gcve.eu/sighting/2e55f960-3547-485e-a9aa-7f912b88335b/export Tue, 23 Aug 2022 20:27:44 +0000 https://db.gcve.eu/sighting/ec895f72-d186-4e04-8f94-d814ef78a047/export {"uuid": "ec895f72-d186-4e04-8f94-d814ef78a047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38664", "type": "seen", "source": "https://t.me/cibsecurity/48616", "content": "\u203c CVE-2022-38664 \u203c\n\nJenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T20:27:52.000000Z"} {"uuid": "ec895f72-d186-4e04-8f94-d814ef78a047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38664", "type": "seen", "source": "https://t.me/cibsecurity/48616", "content": "\u203c CVE-2022-38664 \u203c\n\nJenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T20:27:52.000000Z"} https://db.gcve.eu/sighting/ec895f72-d186-4e04-8f94-d814ef78a047/export Tue, 23 Aug 2022 20:27:52 +0000 https://db.gcve.eu/sighting/de4a3d40-5927-47a7-a6f3-ef3b61a2f60d/export {"uuid": "de4a3d40-5927-47a7-a6f3-ef3b61a2f60d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38665", "type": "seen", "source": "https://t.me/cibsecurity/48618", "content": "\u203c CVE-2022-38665 \u203c\n\nJenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T20:27:54.000000Z"} {"uuid": "de4a3d40-5927-47a7-a6f3-ef3b61a2f60d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38665", "type": "seen", "source": "https://t.me/cibsecurity/48618", "content": "\u203c CVE-2022-38665 \u203c\n\nJenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-23T20:27:54.000000Z"} https://db.gcve.eu/sighting/de4a3d40-5927-47a7-a6f3-ef3b61a2f60d/export Tue, 23 Aug 2022 20:27:54 +0000 https://db.gcve.eu/sighting/e17ea5e3-f92d-4f0a-89f5-8993350f514d/export {"uuid": "e17ea5e3-f92d-4f0a-89f5-8993350f514d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38660", "type": "seen", "source": "https://t.me/cibsecurity/52573", "content": "\u203c CVE-2022-38660 \u203c\n\nHCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-04T23:31:43.000000Z"} {"uuid": "e17ea5e3-f92d-4f0a-89f5-8993350f514d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38660", "type": "seen", "source": "https://t.me/cibsecurity/52573", "content": "\u203c CVE-2022-38660 \u203c\n\nHCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-04T23:31:43.000000Z"} https://db.gcve.eu/sighting/e17ea5e3-f92d-4f0a-89f5-8993350f514d/export Fri, 04 Nov 2022 23:31:43 +0000 https://db.gcve.eu/sighting/0eac4293-3041-4f18-972a-af60635a08bf/export {"uuid": "0eac4293-3041-4f18-972a-af60635a08bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3866", "type": "seen", "source": "https://t.me/cibsecurity/52902", "content": "\u203c CVE-2022-3866 \u203c\n\nHashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:49:03.000000Z"} {"uuid": "0eac4293-3041-4f18-972a-af60635a08bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3866", "type": "seen", "source": "https://t.me/cibsecurity/52902", "content": "\u203c CVE-2022-3866 \u203c\n\nHashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:49:03.000000Z"} https://db.gcve.eu/sighting/0eac4293-3041-4f18-972a-af60635a08bf/export Sun, 13 Nov 2022 05:49:03 +0000 https://db.gcve.eu/sighting/68289975-2cdd-4750-9fcf-935982734dc2/export {"uuid": "68289975-2cdd-4750-9fcf-935982734dc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38662", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12497", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38662\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: \u00a0In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.\n\n\ud83d\udccf Published: 2022-12-15T20:36:54.482Z\n\ud83d\udccf Modified: 2025-04-18T15:58:02.771Z\n\ud83d\udd17 References:\n1. https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141", "creation_timestamp": "2025-04-18T16:59:15.000000Z"} {"uuid": "68289975-2cdd-4750-9fcf-935982734dc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38662", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12497", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38662\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: \u00a0In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.\n\n\ud83d\udccf Published: 2022-12-15T20:36:54.482Z\n\ud83d\udccf Modified: 2025-04-18T15:58:02.771Z\n\ud83d\udd17 References:\n1. https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141", "creation_timestamp": "2025-04-18T16:59:15.000000Z"} https://db.gcve.eu/sighting/68289975-2cdd-4750-9fcf-935982734dc2/export Fri, 18 Apr 2025 16:59:15 +0000 https://db.gcve.eu/sighting/5efe669a-9917-4a96-9598-721ba1546254/export {"uuid": "5efe669a-9917-4a96-9598-721ba1546254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38666", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14074", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38666\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:04:56.537Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T16:14:01.000000Z"} {"uuid": "5efe669a-9917-4a96-9598-721ba1546254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38666", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14074", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38666\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:04:56.537Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29\n2. http://www.openwall.com/lists/oss-security/2022/11/15/4", "creation_timestamp": "2025-04-30T16:14:01.000000Z"} https://db.gcve.eu/sighting/5efe669a-9917-4a96-9598-721ba1546254/export Wed, 30 Apr 2025 16:14:01 +0000 https://db.gcve.eu/sighting/14b4ceab-b3d2-4cc0-bd2b-4eb38bb83b1c/export {"uuid": "14b4ceab-b3d2-4cc0-bd2b-4eb38bb83b1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3866", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14370", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3866\n\ud83d\udd25 CVSS Score: 5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.\n\ud83d\udccf Published: 2022-11-10T05:34:52.468Z\n\ud83d\udccf Modified: 2025-05-01T19:05:00.374Z\n\ud83d\udd17 References:\n1. https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167", "creation_timestamp": "2025-05-01T19:14:50.000000Z"} {"uuid": "14b4ceab-b3d2-4cc0-bd2b-4eb38bb83b1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3866", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14370", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3866\n\ud83d\udd25 CVSS Score: 5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.\n\ud83d\udccf Published: 2022-11-10T05:34:52.468Z\n\ud83d\udccf Modified: 2025-05-01T19:05:00.374Z\n\ud83d\udd17 References:\n1. https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167", "creation_timestamp": "2025-05-01T19:14:50.000000Z"} https://db.gcve.eu/sighting/14b4ceab-b3d2-4cc0-bd2b-4eb38bb83b1c/export Thu, 01 May 2025 19:14:50 +0000 https://db.gcve.eu/sighting/b618786d-53b5-4166-816f-f97d19b44d87/export {"uuid": "b618786d-53b5-4166-816f-f97d19b44d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38666", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m23r4eidhsr2", "content": "", "creation_timestamp": "2025-10-01T00:16:07.506693Z"} {"uuid": "b618786d-53b5-4166-816f-f97d19b44d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38666", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m23r4eidhsr2", "content": "", "creation_timestamp": "2025-10-01T00:16:07.506693Z"} https://db.gcve.eu/sighting/b618786d-53b5-4166-816f-f97d19b44d87/export Wed, 01 Oct 2025 00:16:07 +0000