https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 20 May 2026 16:13:02 +0000 https://db.gcve.eu/sighting/0e52a7aa-63d9-4f65-b010-48c07c1f7e35/export {"uuid": "0e52a7aa-63d9-4f65-b010-48c07c1f7e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-R64R-5H43-26QV", "type": "seen", "source": "https://t.me/ctinow/173128", "content": "https://ift.tt/RkJ4mO0\n[GHSA-r64r-5h43-26qv] Any authenticated user may obtain private message details from other users on the same instance", "creation_timestamp": "2024-01-24T22:27:17.000000Z"} {"uuid": "0e52a7aa-63d9-4f65-b010-48c07c1f7e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-R64R-5H43-26QV", "type": "seen", "source": "https://t.me/ctinow/173128", "content": "https://ift.tt/RkJ4mO0\n[GHSA-r64r-5h43-26qv] Any authenticated user may obtain private message details from other users on the same instance", "creation_timestamp": "2024-01-24T22:27:17.000000Z"} https://db.gcve.eu/sighting/0e52a7aa-63d9-4f65-b010-48c07c1f7e35/export Wed, 24 Jan 2024 22:27:17 +0000 https://db.gcve.eu/sighting/8425f1f3-1446-4f13-b7f2-bbb09c3cc3b4/export {"uuid": "8425f1f3-1446-4f13-b7f2-bbb09c3cc3b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-R64R-5H43-26QV", "type": "seen", "source": "https://t.me/arpsyndicate/3064", "content": "#ExploitObserverAlert\n\nGHSA-r64r-5h43-26qv\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-r64r-5h43-26qv. Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports.", "creation_timestamp": "2024-01-26T20:37:12.000000Z"} {"uuid": "8425f1f3-1446-4f13-b7f2-bbb09c3cc3b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-R64R-5H43-26QV", "type": "seen", "source": "https://t.me/arpsyndicate/3064", "content": "#ExploitObserverAlert\n\nGHSA-r64r-5h43-26qv\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-r64r-5h43-26qv. Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports.", "creation_timestamp": "2024-01-26T20:37:12.000000Z"} https://db.gcve.eu/sighting/8425f1f3-1446-4f13-b7f2-bbb09c3cc3b4/export Fri, 26 Jan 2024 20:37:12 +0000 https://db.gcve.eu/sighting/07cf16c1-6d98-453d-9af9-4d7118d0328b/export {"uuid": "07cf16c1-6d98-453d-9af9-4d7118d0328b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-R64R-5H43-26QV", "type": "seen", "source": "https://t.me/ctinow/187208", "content": "https://ift.tt/O8e5BYC\nCVE-2024-23649 | Lemmy up to 0.19.0 API report improper authorization (GHSA-r64r-5h43-26qv)", "creation_timestamp": "2024-02-18T10:48:47.000000Z"} {"uuid": "07cf16c1-6d98-453d-9af9-4d7118d0328b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-R64R-5H43-26QV", "type": "seen", "source": "https://t.me/ctinow/187208", "content": "https://ift.tt/O8e5BYC\nCVE-2024-23649 | Lemmy up to 0.19.0 API report improper authorization (GHSA-r64r-5h43-26qv)", "creation_timestamp": "2024-02-18T10:48:47.000000Z"} https://db.gcve.eu/sighting/07cf16c1-6d98-453d-9af9-4d7118d0328b/export Sun, 18 Feb 2024 10:48:47 +0000