<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://db.gcve.eu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 01 Jul 2026 11:28:37 +0000</lastBuildDate>
    <item>
      <title>7e9c1e33-fcad-4ee3-9392-24fada030c18</title>
      <link>https://db.gcve.eu/sighting/7e9c1e33-fcad-4ee3-9392-24fada030c18/export</link>
      <description>{"uuid": "7e9c1e33-fcad-4ee3-9392-24fada030c18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20357", "type": "seen", "source": "https://t.me/cibsecurity/47922", "content": "\u203c CVE-2022-20357 \u203c\n\nIn writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:32:32.000000Z"}</description>
      <content:encoded>{"uuid": "7e9c1e33-fcad-4ee3-9392-24fada030c18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20357", "type": "seen", "source": "https://t.me/cibsecurity/47922", "content": "\u203c CVE-2022-20357 \u203c\n\nIn writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:32:32.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/7e9c1e33-fcad-4ee3-9392-24fada030c18/export</guid>
      <pubDate>Thu, 11 Aug 2022 00:32:32 +0000</pubDate>
    </item>
    <item>
      <title>13184e7a-7342-46df-871e-b2490f4f4c4e</title>
      <link>https://db.gcve.eu/sighting/13184e7a-7342-46df-871e-b2490f4f4c4e/export</link>
      <description>{"uuid": "13184e7a-7342-46df-871e-b2490f4f4c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20355", "type": "seen", "source": "https://t.me/cibsecurity/47892", "content": "\u203c CVE-2022-20355 \u203c\n\nIn get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:26:15.000000Z"}</description>
      <content:encoded>{"uuid": "13184e7a-7342-46df-871e-b2490f4f4c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20355", "type": "seen", "source": "https://t.me/cibsecurity/47892", "content": "\u203c CVE-2022-20355 \u203c\n\nIn get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:26:15.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/13184e7a-7342-46df-871e-b2490f4f4c4e/export</guid>
      <pubDate>Thu, 11 Aug 2022 00:26:15 +0000</pubDate>
    </item>
    <item>
      <title>d815acdd-758e-49cd-9809-6a61d99a2eab</title>
      <link>https://db.gcve.eu/sighting/d815acdd-758e-49cd-9809-6a61d99a2eab/export</link>
      <description>{"uuid": "d815acdd-758e-49cd-9809-6a61d99a2eab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20356", "type": "seen", "source": "https://t.me/cibsecurity/47889", "content": "\u203c CVE-2022-20356 \u203c\n\nIn shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:26:12.000000Z"}</description>
      <content:encoded>{"uuid": "d815acdd-758e-49cd-9809-6a61d99a2eab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20356", "type": "seen", "source": "https://t.me/cibsecurity/47889", "content": "\u203c CVE-2022-20356 \u203c\n\nIn shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:26:12.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/d815acdd-758e-49cd-9809-6a61d99a2eab/export</guid>
      <pubDate>Thu, 11 Aug 2022 00:26:12 +0000</pubDate>
    </item>
    <item>
      <title>b7bfde2d-9f73-4de7-a60a-db6bf0d6e2c2</title>
      <link>https://db.gcve.eu/sighting/b7bfde2d-9f73-4de7-a60a-db6bf0d6e2c2/export</link>
      <description>{"uuid": "b7bfde2d-9f73-4de7-a60a-db6bf0d6e2c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2035", "type": "seen", "source": "https://t.me/cibsecurity/44106", "content": "\u203c CVE-2022-2035 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions &amp;lt; 20.1.45.914, 21.1.x &amp;lt; 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-09T18:33:34.000000Z"}</description>
      <content:encoded>{"uuid": "b7bfde2d-9f73-4de7-a60a-db6bf0d6e2c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2035", "type": "seen", "source": "https://t.me/cibsecurity/44106", "content": "\u203c CVE-2022-2035 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions &amp;lt; 20.1.45.914, 21.1.x &amp;lt; 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-09T18:33:34.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/b7bfde2d-9f73-4de7-a60a-db6bf0d6e2c2/export</guid>
      <pubDate>Thu, 09 Jun 2022 18:33:34 +0000</pubDate>
    </item>
  </channel>
</rss>
