https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 06 Jun 2026 10:30:49 +0000 https://db.gcve.eu/sighting/aea2a483-f310-4e66-a72a-a8d1191cb5f9/export {"uuid": "aea2a483-f310-4e66-a72a-a8d1191cb5f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28426", "type": "seen", "source": "https://t.me/cibsecurity/60323", "content": "\u203c CVE-2023-28426 \u203c\n\nsavg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in versions prior to 0.16.0 that allows an attacker to upload an SVG with persistent cross-site scripting. HTML elements within CDATA needed to be sanitized correctly, as we were converting them to a textnode and therefore, the library wasn't seeing them as DOM elements. This issue is fixed in version 0.16.0. Any data within a CDATA node will now be sanitised using HTMLPurifier. The maintainers have also removed many of the HTML and MathML elements from the allowed element list, as without ForiegnObject, they're not legal within the SVG context. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-20T17:34:11.000000Z"} {"uuid": "aea2a483-f310-4e66-a72a-a8d1191cb5f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28426", "type": "seen", "source": "https://t.me/cibsecurity/60323", "content": "\u203c CVE-2023-28426 \u203c\n\nsavg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in versions prior to 0.16.0 that allows an attacker to upload an SVG with persistent cross-site scripting. HTML elements within CDATA needed to be sanitized correctly, as we were converting them to a textnode and therefore, the library wasn't seeing them as DOM elements. This issue is fixed in version 0.16.0. Any data within a CDATA node will now be sanitised using HTMLPurifier. The maintainers have also removed many of the HTML and MathML elements from the allowed element list, as without ForiegnObject, they're not legal within the SVG context. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-20T17:34:11.000000Z"} https://db.gcve.eu/sighting/aea2a483-f310-4e66-a72a-a8d1191cb5f9/export Mon, 20 Mar 2023 17:34:11 +0000 https://db.gcve.eu/sighting/78b45aa1-6882-4172-823d-b5d888aa225a/export {"uuid": "78b45aa1-6882-4172-823d-b5d888aa225a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28422", "type": "seen", "source": "https://t.me/cibsecurity/60561", "content": "\u203c CVE-2023-28422 \u203c\n\nAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T15:51:40.000000Z"} {"uuid": "78b45aa1-6882-4172-823d-b5d888aa225a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28422", "type": "seen", "source": "https://t.me/cibsecurity/60561", "content": "\u203c CVE-2023-28422 \u203c\n\nAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T15:51:40.000000Z"} https://db.gcve.eu/sighting/78b45aa1-6882-4172-823d-b5d888aa225a/export Thu, 23 Mar 2023 15:51:40 +0000 https://db.gcve.eu/sighting/e2979789-1adc-4602-96e9-598f0a0424d5/export {"uuid": "e2979789-1adc-4602-96e9-598f0a0424d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28427", "type": "seen", "source": "https://t.me/cibsecurity/60973", "content": "\u203c CVE-2023-28427 \u203c\n\nmatrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T00:49:54.000000Z"} {"uuid": "e2979789-1adc-4602-96e9-598f0a0424d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28427", "type": "seen", "source": "https://t.me/cibsecurity/60973", "content": "\u203c CVE-2023-28427 \u203c\n\nmatrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T00:49:54.000000Z"} https://db.gcve.eu/sighting/e2979789-1adc-4602-96e9-598f0a0424d5/export Wed, 29 Mar 2023 00:49:54 +0000 https://db.gcve.eu/sighting/830d4985-8070-496c-b430-73e1680791a2/export {"uuid": "830d4985-8070-496c-b430-73e1680791a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28425", "type": "seen", "source": "https://t.me/cibsecurity/60350", "content": "\u203c CVE-2023-28425 \u203c\n\nRedis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-02T22:23:59.000000Z"} {"uuid": "830d4985-8070-496c-b430-73e1680791a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28425", "type": "seen", "source": "https://t.me/cibsecurity/60350", "content": "\u203c CVE-2023-28425 \u203c\n\nRedis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-02T22:23:59.000000Z"} https://db.gcve.eu/sighting/830d4985-8070-496c-b430-73e1680791a2/export Sun, 02 Apr 2023 22:23:59 +0000 https://db.gcve.eu/sighting/48d2b61b-3d9f-4117-b05d-5b8fd9911c74/export {"uuid": "48d2b61b-3d9f-4117-b05d-5b8fd9911c74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28425", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8053", "content": "#exploit\n1. Dissecting redis CVE-2023-28425 with chatGPT as assistant\nhttps://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html\n\n2. CVE-2022-2884:\nGitLab v.15.3 - RCE (Authenticated)\nhttps://www.exploit-db.com/exploits/51181\n\n3. CVE-2022-39396:\nAnalysis of parse-server from prototype pollution to RCE vulnerability\nhttps://paper.seebug.org/2059", "creation_timestamp": "2023-04-04T11:01:01.000000Z"} {"uuid": "48d2b61b-3d9f-4117-b05d-5b8fd9911c74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28425", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8053", "content": "#exploit\n1. Dissecting redis CVE-2023-28425 with chatGPT as assistant\nhttps://tin-z.github.io/redis/cve/chatgpt/2023/04/02/redis-cve2023.html\n\n2. CVE-2022-2884:\nGitLab v.15.3 - RCE (Authenticated)\nhttps://www.exploit-db.com/exploits/51181\n\n3. CVE-2022-39396:\nAnalysis of parse-server from prototype pollution to RCE vulnerability\nhttps://paper.seebug.org/2059", "creation_timestamp": "2023-04-04T11:01:01.000000Z"} https://db.gcve.eu/sighting/48d2b61b-3d9f-4117-b05d-5b8fd9911c74/export Tue, 04 Apr 2023 11:01:01 +0000 https://db.gcve.eu/sighting/aa05f64b-9e32-420b-bf7a-fadeffb88ec1/export {"uuid": "aa05f64b-9e32-420b-bf7a-fadeffb88ec1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28424", "type": "seen", "source": "Telegram/YPSFRJaXJu22SzL-lnmgNittGl2SN26SC5hMmH64EzvAW7E", "content": "", "creation_timestamp": "2023-06-28T15:51:20.000000Z"} {"uuid": "aa05f64b-9e32-420b-bf7a-fadeffb88ec1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28424", "type": "seen", "source": "Telegram/YPSFRJaXJu22SzL-lnmgNittGl2SN26SC5hMmH64EzvAW7E", "content": "", "creation_timestamp": "2023-06-28T15:51:20.000000Z"} https://db.gcve.eu/sighting/aa05f64b-9e32-420b-bf7a-fadeffb88ec1/export Wed, 28 Jun 2023 15:51:20 +0000 https://db.gcve.eu/sighting/7e50a019-70b3-4ec8-85ca-2d47c998dfee/export {"uuid": "7e50a019-70b3-4ec8-85ca-2d47c998dfee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28424", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8632", "content": "#Threat_Research\nSQL Injections in Soko:\nWhy ORMs and Prepared Statements Can't (Always) Win (CVE-2023-28424)\nhttps://www.sonarsource.com/blog/why-orms-and-prepared-statements-cant-always-win", "creation_timestamp": "2023-07-08T12:47:01.000000Z"} {"uuid": "7e50a019-70b3-4ec8-85ca-2d47c998dfee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28424", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8632", "content": "#Threat_Research\nSQL Injections in Soko:\nWhy ORMs and Prepared Statements Can't (Always) Win (CVE-2023-28424)\nhttps://www.sonarsource.com/blog/why-orms-and-prepared-statements-cant-always-win", "creation_timestamp": "2023-07-08T12:47:01.000000Z"} https://db.gcve.eu/sighting/7e50a019-70b3-4ec8-85ca-2d47c998dfee/export Sat, 08 Jul 2023 12:47:01 +0000 https://db.gcve.eu/sighting/5377bca8-e197-4c79-ac1a-4a02c7c92a90/export {"uuid": "5377bca8-e197-4c79-ac1a-4a02c7c92a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28424", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4725", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-28424\nURL\uff1ahttps://github.com/Fire-Null/CVE-2023-28424\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-11T13:41:26.000000Z"} {"uuid": "5377bca8-e197-4c79-ac1a-4a02c7c92a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28424", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4725", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-28424\nURL\uff1ahttps://github.com/Fire-Null/CVE-2023-28424\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-11T13:41:26.000000Z"} https://db.gcve.eu/sighting/5377bca8-e197-4c79-ac1a-4a02c7c92a90/export Tue, 11 Jul 2023 13:41:26 +0000 https://db.gcve.eu/sighting/f21fddeb-b9bb-45ac-94b6-4a3501a6c810/export {"uuid": "f21fddeb-b9bb-45ac-94b6-4a3501a6c810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28421", "type": "seen", "source": "https://t.me/ctinow/157744", "content": "https://ift.tt/bXd28NB\nCVE-2023-28421", "creation_timestamp": "2023-12-21T15:21:41.000000Z"} {"uuid": "f21fddeb-b9bb-45ac-94b6-4a3501a6c810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28421", "type": "seen", "source": "https://t.me/ctinow/157744", "content": "https://ift.tt/bXd28NB\nCVE-2023-28421", "creation_timestamp": "2023-12-21T15:21:41.000000Z"} https://db.gcve.eu/sighting/f21fddeb-b9bb-45ac-94b6-4a3501a6c810/export Thu, 21 Dec 2023 15:21:41 +0000 https://db.gcve.eu/sighting/e52cb742-1c3f-4715-ad5f-9a3aa3a9deec/export {"uuid": "e52cb742-1c3f-4715-ad5f-9a3aa3a9deec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28421", "type": "seen", "source": "https://t.me/ctinow/167999", "content": "https://ift.tt/8cKoeHn\nCVE-2023-28421 | Winwar Media Email Marketing Plugin up to 3.10 on WordPress information disclosure", "creation_timestamp": "2024-01-14T11:11:30.000000Z"} {"uuid": "e52cb742-1c3f-4715-ad5f-9a3aa3a9deec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28421", "type": "seen", "source": "https://t.me/ctinow/167999", "content": "https://ift.tt/8cKoeHn\nCVE-2023-28421 | Winwar Media Email Marketing Plugin up to 3.10 on WordPress information disclosure", "creation_timestamp": "2024-01-14T11:11:30.000000Z"} https://db.gcve.eu/sighting/e52cb742-1c3f-4715-ad5f-9a3aa3a9deec/export Sun, 14 Jan 2024 11:11:30 +0000