Most recent sightings.

Most recent sightings. https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 05 Jun 2026 14:50:05 +0000 aab17e8e-0984-4927-9fe6-40257815e9a0 https://db.gcve.eu/sighting/aab17e8e-0984-4927-9fe6-40257815e9a0/export {"uuid": "aab17e8e-0984-4927-9fe6-40257815e9a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31189", "type": "seen", "source": "https://t.me/cibsecurity/47386", "content": "\u203c CVE-2022-31189 \u203c\n\nDSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an \"Internal System Error\" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:30.000000Z"} {"uuid": "aab17e8e-0984-4927-9fe6-40257815e9a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31189", "type": "seen", "source": "https://t.me/cibsecurity/47386", "content": "\u203c CVE-2022-31189 \u203c\n\nDSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an \"Internal System Error\" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:30.000000Z"} https://db.gcve.eu/sighting/aab17e8e-0984-4927-9fe6-40257815e9a0/export Tue, 02 Aug 2022 00:17:30 +0000 aa2fdb3f-f57e-4a51-924c-2fb33665b6a9 https://db.gcve.eu/sighting/aa2fdb3f-f57e-4a51-924c-2fb33665b6a9/export {"uuid": "aa2fdb3f-f57e-4a51-924c-2fb33665b6a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31186", "type": "seen", "source": "https://t.me/cibsecurity/47385", "content": "\u203c CVE-2022-31186 \u203c\n\nNextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:30.000000Z"} {"uuid": "aa2fdb3f-f57e-4a51-924c-2fb33665b6a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31186", "type": "seen", "source": "https://t.me/cibsecurity/47385", "content": "\u203c CVE-2022-31186 \u203c\n\nNextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:30.000000Z"} https://db.gcve.eu/sighting/aa2fdb3f-f57e-4a51-924c-2fb33665b6a9/export Tue, 02 Aug 2022 00:17:30 +0000 0c733c0f-53ee-4176-bd82-4bfd9557c802 https://db.gcve.eu/sighting/0c733c0f-53ee-4176-bd82-4bfd9557c802/export {"uuid": "0c733c0f-53ee-4176-bd82-4bfd9557c802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3118", "type": "seen", "source": "https://t.me/cibsecurity/49276", "content": "\u203c CVE-2022-3118 \u203c\n\nA vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-04T12:41:02.000000Z"} {"uuid": "0c733c0f-53ee-4176-bd82-4bfd9557c802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3118", "type": "seen", "source": "https://t.me/cibsecurity/49276", "content": "\u203c CVE-2022-3118 \u203c\n\nA vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-04T12:41:02.000000Z"} https://db.gcve.eu/sighting/0c733c0f-53ee-4176-bd82-4bfd9557c802/export Sun, 04 Sep 2022 12:41:02 +0000 2fe57030-3ee3-4456-843e-89180b1419c5 https://db.gcve.eu/sighting/2fe57030-3ee3-4456-843e-89180b1419c5/export {"uuid": "2fe57030-3ee3-4456-843e-89180b1419c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31188", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6771", "content": "#exploit\n1. CVE-2022-32792:\nWebKit B3ReduceStrength Out-of-Bounds Write\nhttps://starlabs.sg/blog/2022/09-step-by-step-walkthrough-of-cve-2022-32792\n\n2. CVE-2022-31188:\nOpenCV CVAT SSRF\nhttps://github.com/emirpolatt/CVE-2022-31188\n\n3. CVE-2022-40297:\nPrivilage escalation in Ubuntu Touch 16.04 - by PIN Bruteforce\nhttps://github.com/filipkarc/PoC-ubuntutouch-pin-privesc", "creation_timestamp": "2022-09-10T13:17:01.000000Z"} {"uuid": "2fe57030-3ee3-4456-843e-89180b1419c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31188", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6771", "content": "#exploit\n1. CVE-2022-32792:\nWebKit B3ReduceStrength Out-of-Bounds Write\nhttps://starlabs.sg/blog/2022/09-step-by-step-walkthrough-of-cve-2022-32792\n\n2. CVE-2022-31188:\nOpenCV CVAT SSRF\nhttps://github.com/emirpolatt/CVE-2022-31188\n\n3. CVE-2022-40297:\nPrivilage escalation in Ubuntu Touch 16.04 - by PIN Bruteforce\nhttps://github.com/filipkarc/PoC-ubuntutouch-pin-privesc", "creation_timestamp": "2022-09-10T13:17:01.000000Z"} https://db.gcve.eu/sighting/2fe57030-3ee3-4456-843e-89180b1419c5/export Sat, 10 Sep 2022 13:17:01 +0000 08c4aa8c-b172-447a-b3b3-83e55f775c14 https://db.gcve.eu/sighting/08c4aa8c-b172-447a-b3b3-83e55f775c14/export {"uuid": "08c4aa8c-b172-447a-b3b3-83e55f775c14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31188", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/93", "content": "CVAT 2.0 - SSRF (Server Side Request Forgery)\n\n\ud83d\uddc2 Description:\n#CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. \n#Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade.\n\n\u2328 Type: webapps \n\n\ud83d\udcbb Platform: Python\n\n\ud83c\udf10 Vendor Homepage: \ud83c\udf10Github\n\n\ud83d\udee1 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64)\n\n\ud83d\udc51 CVE: CVE-2022-31188\n\n#CVE #SSRF #Exploit #Python\n\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\n\ud83d\udc64 T.me/MRvirusIRBOT \n\ud83d\udce2 T.me/SashClient\n\ud83e\udea9 Https://discord.gg/UfFvDYBBMM \n\ud83c\udf10 Https://sash.mybin.ir", "creation_timestamp": "2023-02-01T02:23:35.000000Z"} {"uuid": "08c4aa8c-b172-447a-b3b3-83e55f775c14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31188", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/93", "content": "CVAT 2.0 - SSRF (Server Side Request Forgery)\n\n\ud83d\uddc2 Description:\n#CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. \n#Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade.\n\n\u2328 Type: webapps \n\n\ud83d\udcbb Platform: Python\n\n\ud83c\udf10 Vendor Homepage: \ud83c\udf10Github\n\n\ud83d\udee1 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64)\n\n\ud83d\udc51 CVE: CVE-2022-31188\n\n#CVE #SSRF #Exploit #Python\n\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\n\ud83d\udc64 T.me/MRvirusIRBOT \n\ud83d\udce2 T.me/SashClient\n\ud83e\udea9 Https://discord.gg/UfFvDYBBMM \n\ud83c\udf10 Https://sash.mybin.ir", "creation_timestamp": "2023-02-01T02:23:35.000000Z"} https://db.gcve.eu/sighting/08c4aa8c-b172-447a-b3b3-83e55f775c14/export Wed, 01 Feb 2023 02:23:35 +0000 3a51b408-8a09-43a7-a095-48c8e28e8de0 https://db.gcve.eu/sighting/3a51b408-8a09-43a7-a095-48c8e28e8de0/export {"uuid": "3a51b408-8a09-43a7-a095-48c8e28e8de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31188", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2759", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nTracer\n\nFeatures:\n\u25ab\ufe0f 170+ sites that are checked\n\u25ab\ufe0f Filter websites based on their domain or category\n\u25ab\ufe0f Limit the pool of sites that will be checked\n\u25ab\ufe0f Save the result of each check in a report file\n\u25ab\ufe0f Open successful results in your browser\n\u25ab\ufe0f Customizability:\n\u25ab\ufe0f Use the included config file to change the behavior of Tracer\n\u25ab\ufe0f Easy to use\n\nhttps://github.com/chr3st5an/tracer\n\n\u200b\u200bxsser\n\nCross Site \"Scripter\" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.\n\nIt provides several options to try to bypass certain filters and various special techniques for code injection.\n\nXSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:\n\n\u25ab\ufe0f PHP-IDS\n\u25ab\ufe0f Imperva Incapsula WAF\n\u25ab\ufe0f WebKnight WAF\n\u25ab\ufe0f F5 Big IP WAF\n\u25ab\ufe0f Barracuda WAF\n\u25ab\ufe0f Mod-Security\n\u25ab\ufe0f QuickDefense\n\u25ab\ufe0f SucuriWAF \n\u25ab\ufe0f Google Chrome\n\u25ab\ufe0f Internet Explorer\n\u25ab\ufe0f Mozilla's Gecko rendering engine, used by Firefox/Iceweasel\n\u25ab\ufe0f Netscape in IE rendering engine mode\n\u25ab\ufe0f Netscape in the Gecko rendering engine mode\n\u25ab\ufe0f Opera Browser\n\nhttps://github.com/epsylon/xsser\n\nWebsite:\nhttps://xsser.03c8.net/\n\n\u200b\u200bOpenWRTInvasion\n\nRoot shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C...\n\nhttps://github.com/acecilia/OpenWRTInvasion\n\n\u200b\u200bMitra\n\nA tool to generate binary polyglots (files that are valid with several file formats).\n\nhttps://github.com/corkami/mitra\n\n\u200b\u200bCVE-2022-20126\n\nhttps://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126\n\n\u200b\u200bModules\n\nOpen sourced the \"assembly execute\" and \"powerpick\" module/command. Have fun.\n\nhttps://github.com/HavocFramework/Modules\n\n\u200b\u200bMinimalistic TCP and UDP port scanners\n\nA simple yet powerful TCP and UDP port scanners:\n\n\u25ab\ufe0f Detection of open, closed and filtered ports (both TCP and UDP)\n\u25ab\ufe0f Ability to scan a single host, network range or a list of hosts in a file\n\u25ab\ufe0f Adjustable timeout values for effective and reliable port scanning\n\nDespite the minimalistic design, both port scanners keep track of everything by using a simple state file (scanresults.txt) which is created in the current working directory. \n\nhttps://github.com/InfosecMatter/Minimalistic-offensive-security-tools\n\nDetails:\nhttps://www.infosecmatter.com/port-scanner-in-powershell-tcp-udp-ps1/\n\n\u200b\u200bontgo403\n\nA tool to bypass 40X errors.\n\nhttps://github.com/devploit/dontgo403\n\n\u200b\u200bCVE-2022-31188\n\nOpenCV CVAT (Computer Vision Annotation Tool) SSRF.\n\nCVAT is an open source Computer Vision Annotation Tool developed by Intel. Any user with \"Task Create\" authorization can trigger the SSRF vulnerability by sending a malicious HTTP request and gaining access to other open ports on the system.\n\nhttps://github.com/emirpolatt/CVE-2022-31188\n\n#cve\n\n\u200b\u200bRUST_SYSCALLS\n\nSingle stub direct and indirect syscalling with runtime SSN resolving for windows.\n\nFeatures:\n\u25ab\ufe0f One single line for all your syscalls\n\u25ab\ufe0f Function name hashing at compilation time\n\u25ab\ufe0f Direct or indirect sycalls\n\u25ab\ufe0f x86_64, WOW64 and x86 native support\n\u25ab\ufe0f Designed to allow the implementation of custom SSN fetching methods (check the end of this readme for more info)\n\nhttps://github.com/janoglezcampos/rust_syscalls\n\n\u200b\u200bCVE-2022-22629 Proof of concept\n\nThis post is about the poc for the WebGL bug that was patched in Safari 15.4 security updates.\n\nhttps://github.com/parsdefense/CVE-2022-22629\n\n#cve\n\n\u200b\u200bTcbElevation.cpp\n\nWe are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege\n\nHow?\n\nLeveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM\n\nShould be \"lighter\" than the classic S4U\n\nhttps://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178\n\n\u200b\u200bJava-Deserialization-Cheat-Sheet\n\nA cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.\n\nhttps://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org", "creation_timestamp": "2023-03-29T08:59:52.000000Z"} {"uuid": "3a51b408-8a09-43a7-a095-48c8e28e8de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31188", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2759", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nTracer\n\nFeatures:\n\u25ab\ufe0f 170+ sites that are checked\n\u25ab\ufe0f Filter websites based on their domain or category\n\u25ab\ufe0f Limit the pool of sites that will be checked\n\u25ab\ufe0f Save the result of each check in a report file\n\u25ab\ufe0f Open successful results in your browser\n\u25ab\ufe0f Customizability:\n\u25ab\ufe0f Use the included config file to change the behavior of Tracer\n\u25ab\ufe0f Easy to use\n\nhttps://github.com/chr3st5an/tracer\n\n\u200b\u200bxsser\n\nCross Site \"Scripter\" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.\n\nIt provides several options to try to bypass certain filters and various special techniques for code injection.\n\nXSSer has pre-installed [ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:\n\n\u25ab\ufe0f PHP-IDS\n\u25ab\ufe0f Imperva Incapsula WAF\n\u25ab\ufe0f WebKnight WAF\n\u25ab\ufe0f F5 Big IP WAF\n\u25ab\ufe0f Barracuda WAF\n\u25ab\ufe0f Mod-Security\n\u25ab\ufe0f QuickDefense\n\u25ab\ufe0f SucuriWAF \n\u25ab\ufe0f Google Chrome\n\u25ab\ufe0f Internet Explorer\n\u25ab\ufe0f Mozilla's Gecko rendering engine, used by Firefox/Iceweasel\n\u25ab\ufe0f Netscape in IE rendering engine mode\n\u25ab\ufe0f Netscape in the Gecko rendering engine mode\n\u25ab\ufe0f Opera Browser\n\nhttps://github.com/epsylon/xsser\n\nWebsite:\nhttps://xsser.03c8.net/\n\n\u200b\u200bOpenWRTInvasion\n\nRoot shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C...\n\nhttps://github.com/acecilia/OpenWRTInvasion\n\n\u200b\u200bMitra\n\nA tool to generate binary polyglots (files that are valid with several file formats).\n\nhttps://github.com/corkami/mitra\n\n\u200b\u200bCVE-2022-20126\n\nhttps://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126\n\n\u200b\u200bModules\n\nOpen sourced the \"assembly execute\" and \"powerpick\" module/command. Have fun.\n\nhttps://github.com/HavocFramework/Modules\n\n\u200b\u200bMinimalistic TCP and UDP port scanners\n\nA simple yet powerful TCP and UDP port scanners:\n\n\u25ab\ufe0f Detection of open, closed and filtered ports (both TCP and UDP)\n\u25ab\ufe0f Ability to scan a single host, network range or a list of hosts in a file\n\u25ab\ufe0f Adjustable timeout values for effective and reliable port scanning\n\nDespite the minimalistic design, both port scanners keep track of everything by using a simple state file (scanresults.txt) which is created in the current working directory. \n\nhttps://github.com/InfosecMatter/Minimalistic-offensive-security-tools\n\nDetails:\nhttps://www.infosecmatter.com/port-scanner-in-powershell-tcp-udp-ps1/\n\n\u200b\u200bontgo403\n\nA tool to bypass 40X errors.\n\nhttps://github.com/devploit/dontgo403\n\n\u200b\u200bCVE-2022-31188\n\nOpenCV CVAT (Computer Vision Annotation Tool) SSRF.\n\nCVAT is an open source Computer Vision Annotation Tool developed by Intel. Any user with \"Task Create\" authorization can trigger the SSRF vulnerability by sending a malicious HTTP request and gaining access to other open ports on the system.\n\nhttps://github.com/emirpolatt/CVE-2022-31188\n\n#cve\n\n\u200b\u200bRUST_SYSCALLS\n\nSingle stub direct and indirect syscalling with runtime SSN resolving for windows.\n\nFeatures:\n\u25ab\ufe0f One single line for all your syscalls\n\u25ab\ufe0f Function name hashing at compilation time\n\u25ab\ufe0f Direct or indirect sycalls\n\u25ab\ufe0f x86_64, WOW64 and x86 native support\n\u25ab\ufe0f Designed to allow the implementation of custom SSN fetching methods (check the end of this readme for more info)\n\nhttps://github.com/janoglezcampos/rust_syscalls\n\n\u200b\u200bCVE-2022-22629 Proof of concept\n\nThis post is about the poc for the WebGL bug that was patched in Safari 15.4 security updates.\n\nhttps://github.com/parsdefense/CVE-2022-22629\n\n#cve\n\n\u200b\u200bTcbElevation.cpp\n\nWe are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege\n\nHow?\n\nLeveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM\n\nShould be \"lighter\" than the classic S4U\n\nhttps://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178\n\n\u200b\u200bJava-Deserialization-Cheat-Sheet\n\nA cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.\n\nhttps://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org", "creation_timestamp": "2023-03-29T08:59:52.000000Z"} https://db.gcve.eu/sighting/3a51b408-8a09-43a7-a095-48c8e28e8de0/export Wed, 29 Mar 2023 08:59:52 +0000 259bc2a0-c462-47e1-bd34-b633c1eefa58 https://db.gcve.eu/sighting/259bc2a0-c462-47e1-bd34-b633c1eefa58/export {"uuid": "259bc2a0-c462-47e1-bd34-b633c1eefa58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31185", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13109", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-31185\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed.\n\ud83d\udccf Published: 2022-08-01T19:25:11.000Z\n\ud83d\udccf Modified: 2025-04-23T17:56:22.307Z\n\ud83d\udd17 References:\n1. https://github.com/makedeb/mprweb/security/advisories/GHSA-jm39-h693-678g\n2. https://github.com/makedeb/mprweb/commit/d13e3f2f5a9c0b0f6782f35d837090732026ad77", "creation_timestamp": "2025-04-23T18:05:50.000000Z"} {"uuid": "259bc2a0-c462-47e1-bd34-b633c1eefa58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31185", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13109", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-31185\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed.\n\ud83d\udccf Published: 2022-08-01T19:25:11.000Z\n\ud83d\udccf Modified: 2025-04-23T17:56:22.307Z\n\ud83d\udd17 References:\n1. https://github.com/makedeb/mprweb/security/advisories/GHSA-jm39-h693-678g\n2. https://github.com/makedeb/mprweb/commit/d13e3f2f5a9c0b0f6782f35d837090732026ad77", "creation_timestamp": "2025-04-23T18:05:50.000000Z"} https://db.gcve.eu/sighting/259bc2a0-c462-47e1-bd34-b633c1eefa58/export Wed, 23 Apr 2025 18:05:50 +0000 507ff957-d281-4cb9-a9c6-75ae0bbc2cab https://db.gcve.eu/sighting/507ff957-d281-4cb9-a9c6-75ae0bbc2cab/export {"uuid": "507ff957-d281-4cb9-a9c6-75ae0bbc2cab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31186", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13110", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-31186\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs.\n\ud83d\udccf Published: 2022-08-01T19:25:24.000Z\n\ud83d\udccf Modified: 2025-04-23T17:56:16.785Z\n\ud83d\udd17 References:\n1. https://next-auth.js.org/getting-started/upgrade-v4\n2. https://github.com/nextauthjs/next-auth/security/advisories/GHSA-p6mm-27gq-9v3p\n3. https://next-auth.js.org/configuration/options#logger\n4. https://next-auth.js.org/warnings#debug_enabled", "creation_timestamp": "2025-04-23T18:05:54.000000Z"} {"uuid": "507ff957-d281-4cb9-a9c6-75ae0bbc2cab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31186", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13110", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-31186\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs.\n\ud83d\udccf Published: 2022-08-01T19:25:24.000Z\n\ud83d\udccf Modified: 2025-04-23T17:56:16.785Z\n\ud83d\udd17 References:\n1. https://next-auth.js.org/getting-started/upgrade-v4\n2. https://github.com/nextauthjs/next-auth/security/advisories/GHSA-p6mm-27gq-9v3p\n3. https://next-auth.js.org/configuration/options#logger\n4. https://next-auth.js.org/warnings#debug_enabled", "creation_timestamp": "2025-04-23T18:05:54.000000Z"} https://db.gcve.eu/sighting/507ff957-d281-4cb9-a9c6-75ae0bbc2cab/export Wed, 23 Apr 2025 18:05:54 +0000 9fc08a07-f2af-4278-9142-f7b9e719b9be https://db.gcve.eu/sighting/9fc08a07-f2af-4278-9142-f7b9e719b9be/export {"uuid": "9fc08a07-f2af-4278-9142-f7b9e719b9be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31181", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-31181.yaml", "content": "", "creation_timestamp": "2025-10-10T10:45:00.000000Z"} {"uuid": "9fc08a07-f2af-4278-9142-f7b9e719b9be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31181", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-31181.yaml", "content": "", "creation_timestamp": "2025-10-10T10:45:00.000000Z"} https://db.gcve.eu/sighting/9fc08a07-f2af-4278-9142-f7b9e719b9be/export Fri, 10 Oct 2025 10:45:00 +0000 de66c718-4d61-4b3c-bc71-7f1e8254d3b2 https://db.gcve.eu/sighting/de66c718-4d61-4b3c-bc71-7f1e8254d3b2/export {"uuid": "de66c718-4d61-4b3c-bc71-7f1e8254d3b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31181", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2zlw2ljbi27", "content": "", "creation_timestamp": "2025-10-12T21:02:31.935832Z"} {"uuid": "de66c718-4d61-4b3c-bc71-7f1e8254d3b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31181", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2zlw2ljbi27", "content": "", "creation_timestamp": "2025-10-12T21:02:31.935832Z"} https://db.gcve.eu/sighting/de66c718-4d61-4b3c-bc71-7f1e8254d3b2/export Sun, 12 Oct 2025 21:02:31 +0000