https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 01 May 2026 01:02:18 +0000 https://db.gcve.eu/sighting/7a584ff7-e632-4fb6-8abd-925a7c6ecfca/export {"uuid": "7a584ff7-e632-4fb6-8abd-925a7c6ecfca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22121", "type": "seen", "source": "https://t.me/cibsecurity/35189", "content": "\u203c CVE-2022-22121 \u203c\n\nIn NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-10T18:15:02.000000Z"} {"uuid": "7a584ff7-e632-4fb6-8abd-925a7c6ecfca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22121", "type": "seen", "source": "https://t.me/cibsecurity/35189", "content": "\u203c CVE-2022-22121 \u203c\n\nIn NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-10T18:15:02.000000Z"} https://db.gcve.eu/sighting/7a584ff7-e632-4fb6-8abd-925a7c6ecfca/export Mon, 10 Jan 2022 18:15:02 +0000 https://db.gcve.eu/sighting/ced21a7c-8c4b-4047-8045-d7dc64ed62e9/export {"uuid": "ced21a7c-8c4b-4047-8045-d7dc64ed62e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22123", "type": "seen", "source": "https://t.me/cibsecurity/35423", "content": "\u203c CVE-2022-22123 \u203c\n\nIn Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim\u00e2\u20ac\u2122s server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T20:18:20.000000Z"} {"uuid": "ced21a7c-8c4b-4047-8045-d7dc64ed62e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22123", "type": "seen", "source": "https://t.me/cibsecurity/35423", "content": "\u203c CVE-2022-22123 \u203c\n\nIn Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim\u00e2\u20ac\u2122s server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T20:18:20.000000Z"} https://db.gcve.eu/sighting/ced21a7c-8c4b-4047-8045-d7dc64ed62e9/export Thu, 13 Jan 2022 20:18:20 +0000 https://db.gcve.eu/sighting/40652d12-1bea-48f9-a9b1-ae856727ceb0/export {"uuid": "40652d12-1bea-48f9-a9b1-ae856727ceb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22125", "type": "seen", "source": "https://t.me/cibsecurity/35427", "content": "\u203c CVE-2022-22125 \u203c\n\nIn Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim\u00e2\u20ac\u2122s server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T20:18:25.000000Z"} {"uuid": "40652d12-1bea-48f9-a9b1-ae856727ceb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22125", "type": "seen", "source": "https://t.me/cibsecurity/35427", "content": "\u203c CVE-2022-22125 \u203c\n\nIn Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim\u00e2\u20ac\u2122s server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T20:18:25.000000Z"} https://db.gcve.eu/sighting/40652d12-1bea-48f9-a9b1-ae856727ceb0/export Thu, 13 Jan 2022 20:18:25 +0000 https://db.gcve.eu/sighting/bd49ca6c-59df-4870-ab4f-98903401b51d/export {"uuid": "bd49ca6c-59df-4870-ab4f-98903401b51d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22124", "type": "seen", "source": "https://t.me/cibsecurity/35428", "content": "\u203c CVE-2022-22124 \u203c\n\nIn Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim\u00e2\u20ac\u2122s browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T20:18:26.000000Z"} {"uuid": "bd49ca6c-59df-4870-ab4f-98903401b51d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22124", "type": "seen", "source": "https://t.me/cibsecurity/35428", "content": "\u203c CVE-2022-22124 \u203c\n\nIn Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim\u00e2\u20ac\u2122s browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T20:18:26.000000Z"} https://db.gcve.eu/sighting/bd49ca6c-59df-4870-ab4f-98903401b51d/export Thu, 13 Jan 2022 20:18:26 +0000 https://db.gcve.eu/sighting/ac217f4d-32fa-4593-9fff-3837bb1feaa1/export {"uuid": "ac217f4d-32fa-4593-9fff-3837bb1feaa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22122", "type": "seen", "source": "https://t.me/cibsecurity/35433", "content": "\u203c CVE-2022-22122 \u203c\n\nIn Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser\u00e2\u20ac\u2122s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, to completely take over a victim account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T20:18:32.000000Z"} {"uuid": "ac217f4d-32fa-4593-9fff-3837bb1feaa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22122", "type": "seen", "source": "https://t.me/cibsecurity/35433", "content": "\u203c CVE-2022-22122 \u203c\n\nIn Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser\u00e2\u20ac\u2122s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, to completely take over a victim account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T20:18:32.000000Z"} https://db.gcve.eu/sighting/ac217f4d-32fa-4593-9fff-3837bb1feaa1/export Thu, 13 Jan 2022 20:18:32 +0000 https://db.gcve.eu/sighting/625b4f5c-828d-4827-b92c-5e39e70424bb/export {"uuid": "625b4f5c-828d-4827-b92c-5e39e70424bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22126", "type": "seen", "source": "https://t.me/cibsecurity/37849", "content": "\u203c CVE-2022-22126 \u203c\n\nOpenmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the \u00e2\u20ac\u0153Web Page\u00e2\u20ac\ufffd element, that allows the injection of malicious JavaScript into the \u00e2\u20ac\u02dcURL\u00e2\u20ac\u2122 field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-20T22:40:33.000000Z"} {"uuid": "625b4f5c-828d-4827-b92c-5e39e70424bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22126", "type": "seen", "source": "https://t.me/cibsecurity/37849", "content": "\u203c CVE-2022-22126 \u203c\n\nOpenmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the \u00e2\u20ac\u0153Web Page\u00e2\u20ac\ufffd element, that allows the injection of malicious JavaScript into the \u00e2\u20ac\u02dcURL\u00e2\u20ac\u2122 field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-20T22:40:33.000000Z"} https://db.gcve.eu/sighting/625b4f5c-828d-4827-b92c-5e39e70424bb/export Sun, 20 Feb 2022 22:40:33 +0000 https://db.gcve.eu/sighting/fed352b0-5d60-4986-bd60-5fcc38222da8/export {"uuid": "fed352b0-5d60-4986-bd60-5fcc38222da8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22127", "type": "seen", "source": "https://t.me/cibsecurity/43341", "content": "\u203c CVE-2022-22127 \u203c\n\nTableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-25T18:38:20.000000Z"} {"uuid": "fed352b0-5d60-4986-bd60-5fcc38222da8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22127", "type": "seen", "source": "https://t.me/cibsecurity/43341", "content": "\u203c CVE-2022-22127 \u203c\n\nTableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-25T18:38:20.000000Z"} https://db.gcve.eu/sighting/fed352b0-5d60-4986-bd60-5fcc38222da8/export Wed, 25 May 2022 18:38:20 +0000 https://db.gcve.eu/sighting/a6e41bf7-0e04-4b01-b3dd-5bd718dffc96/export {"uuid": "a6e41bf7-0e04-4b01-b3dd-5bd718dffc96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22128", "type": "seen", "source": "https://t.me/cibsecurity/51613", "content": "\u203c CVE-2022-22128 \u203c\n\nTableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent\u00e2\u20ac\u2122s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T20:13:30.000000Z"} {"uuid": "a6e41bf7-0e04-4b01-b3dd-5bd718dffc96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22128", "type": "seen", "source": "https://t.me/cibsecurity/51613", "content": "\u203c CVE-2022-22128 \u203c\n\nTableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent\u00e2\u20ac\u2122s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T20:13:30.000000Z"} https://db.gcve.eu/sighting/a6e41bf7-0e04-4b01-b3dd-5bd718dffc96/export Mon, 17 Oct 2022 20:13:30 +0000 https://db.gcve.eu/sighting/568b3ede-2827-45cc-a76f-faa79230e134/export {"uuid": "568b3ede-2827-45cc-a76f-faa79230e134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22128", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-14", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"} {"uuid": "568b3ede-2827-45cc-a76f-faa79230e134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22128", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-14", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"} https://db.gcve.eu/sighting/568b3ede-2827-45cc-a76f-faa79230e134/export Thu, 13 Feb 2025 11:00:00 +0000 https://db.gcve.eu/sighting/e018ba51-4534-4587-8a8c-6e6452c407a6/export {"uuid": "e018ba51-4534-4587-8a8c-6e6452c407a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22127", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-14", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"} {"uuid": "e018ba51-4534-4587-8a8c-6e6452c407a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22127", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-14", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"} https://db.gcve.eu/sighting/e018ba51-4534-4587-8a8c-6e6452c407a6/export Thu, 13 Feb 2025 11:00:00 +0000