https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 05 Jun 2026 11:39:55 +0000 https://vulnerability.circl.lu/sighting/6c72e3a7-24e0-4128-9a4d-96de3ce9f129/export {"uuid": "6c72e3a7-24e0-4128-9a4d-96de3ce9f129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23328", "type": "seen", "source": "https://t.me/cibsecurity/59854", "content": "\u203c CVE-2023-23328 \u203c\n\nA File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-11T00:27:32.000000Z"} {"uuid": "6c72e3a7-24e0-4128-9a4d-96de3ce9f129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23328", "type": "seen", "source": "https://t.me/cibsecurity/59854", "content": "\u203c CVE-2023-23328 \u203c\n\nA File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-11T00:27:32.000000Z"} https://vulnerability.circl.lu/sighting/6c72e3a7-24e0-4128-9a4d-96de3ce9f129/export Sat, 11 Mar 2023 00:27:32 +0000 https://vulnerability.circl.lu/sighting/ccad219a-24ac-465d-83a0-b57e0c064b72/export {"uuid": "ccad219a-24ac-465d-83a0-b57e0c064b72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23325", "type": "seen", "source": "https://t.me/ctinow/156815", "content": "https://ift.tt/1ogikTq\nCVE-2023-23325 | Zumtobel Netlink CCD Onboard up to 3.80 NetHostname command injection", "creation_timestamp": "2023-12-20T09:12:06.000000Z"} {"uuid": "ccad219a-24ac-465d-83a0-b57e0c064b72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23325", "type": "seen", "source": "https://t.me/ctinow/156815", "content": "https://ift.tt/1ogikTq\nCVE-2023-23325 | Zumtobel Netlink CCD Onboard up to 3.80 NetHostname command injection", "creation_timestamp": "2023-12-20T09:12:06.000000Z"} https://vulnerability.circl.lu/sighting/ccad219a-24ac-465d-83a0-b57e0c064b72/export Wed, 20 Dec 2023 09:12:06 +0000 https://vulnerability.circl.lu/sighting/693036f3-f5b4-49c1-987e-9a556db88347/export {"uuid": "693036f3-f5b4-49c1-987e-9a556db88347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23324", "type": "seen", "source": "https://t.me/ctinow/156817", "content": "https://ift.tt/9DyitUp\nCVE-2023-23324 | Zumtobel Netlink CCD Onboard up to 3.80 hard-coded credentials", "creation_timestamp": "2023-12-20T09:12:08.000000Z"} {"uuid": "693036f3-f5b4-49c1-987e-9a556db88347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23324", "type": "seen", "source": "https://t.me/ctinow/156817", "content": "https://ift.tt/9DyitUp\nCVE-2023-23324 | Zumtobel Netlink CCD Onboard up to 3.80 hard-coded credentials", "creation_timestamp": "2023-12-20T09:12:08.000000Z"} https://vulnerability.circl.lu/sighting/693036f3-f5b4-49c1-987e-9a556db88347/export Wed, 20 Dec 2023 09:12:08 +0000 https://vulnerability.circl.lu/sighting/39bed1b4-61ce-47b0-a265-d8afd137ef22/export {"uuid": "39bed1b4-61ce-47b0-a265-d8afd137ef22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2332", "type": "seen", "source": "https://t.me/cvedetector/11063", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-2332 - \"Pimcore Stored XSS in Pricing Rules Conditions\"\", \n \"Content\": \"CVE ID : CVE-2023-2332 \nPublished : Nov. 15, 2024, 11:15 a.m. | 36\u00a0minutes ago \nDescription : A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T13:15:37.000000Z"} {"uuid": "39bed1b4-61ce-47b0-a265-d8afd137ef22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2332", "type": "seen", "source": "https://t.me/cvedetector/11063", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-2332 - \"Pimcore Stored XSS in Pricing Rules Conditions\"\", \n \"Content\": \"CVE ID : CVE-2023-2332 \nPublished : Nov. 15, 2024, 11:15 a.m. | 36\u00a0minutes ago \nDescription : A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Nov 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T13:15:37.000000Z"} https://vulnerability.circl.lu/sighting/39bed1b4-61ce-47b0-a265-d8afd137ef22/export Fri, 15 Nov 2024 13:15:37 +0000 https://vulnerability.circl.lu/sighting/6bdf965f-34f1-4c61-9a4c-b373d5589bb4/export {"uuid": "6bdf965f-34f1-4c61-9a4c-b373d5589bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23326", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5769", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23326\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.\n\ud83d\udccf Published: 2023-03-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-27T18:53:45.874Z\n\ud83d\udd17 References:\n1. http://avantfax.com\n2. https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md", "creation_timestamp": "2025-02-27T19:26:13.000000Z"} {"uuid": "6bdf965f-34f1-4c61-9a4c-b373d5589bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23326", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5769", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23326\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.\n\ud83d\udccf Published: 2023-03-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-27T18:53:45.874Z\n\ud83d\udd17 References:\n1. http://avantfax.com\n2. https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md", "creation_timestamp": "2025-02-27T19:26:13.000000Z"} https://vulnerability.circl.lu/sighting/6bdf965f-34f1-4c61-9a4c-b373d5589bb4/export Thu, 27 Feb 2025 19:26:13 +0000 https://vulnerability.circl.lu/sighting/a662718c-1047-4923-a496-ddf61706befe/export {"uuid": "a662718c-1047-4923-a496-ddf61706befe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23326", "type": "seen", "source": "Telegram/8lcroUBd7ttW_c5Lb24K3ExcwZdJ09KJ90j2PHqq0srCUB1M", "content": "", "creation_timestamp": "2025-03-02T11:44:19.000000Z"} {"uuid": "a662718c-1047-4923-a496-ddf61706befe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23326", "type": "seen", "source": "Telegram/8lcroUBd7ttW_c5Lb24K3ExcwZdJ09KJ90j2PHqq0srCUB1M", "content": "", "creation_timestamp": "2025-03-02T11:44:19.000000Z"} https://vulnerability.circl.lu/sighting/a662718c-1047-4923-a496-ddf61706befe/export Sun, 02 Mar 2025 11:44:19 +0000 https://vulnerability.circl.lu/sighting/3fc4739b-07dd-40c0-8dcc-bad2ab58b96f/export {"uuid": "3fc4739b-07dd-40c0-8dcc-bad2ab58b96f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23328", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6427", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23328\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.\n\ud83d\udccf Published: 2023-03-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-04T21:24:50.628Z\n\ud83d\udd17 References:\n1. http://avantfax.com\n2. https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md", "creation_timestamp": "2025-03-04T21:35:33.000000Z"} {"uuid": "3fc4739b-07dd-40c0-8dcc-bad2ab58b96f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23328", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6427", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23328\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.\n\ud83d\udccf Published: 2023-03-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-04T21:24:50.628Z\n\ud83d\udd17 References:\n1. http://avantfax.com\n2. https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md", "creation_timestamp": "2025-03-04T21:35:33.000000Z"} https://vulnerability.circl.lu/sighting/3fc4739b-07dd-40c0-8dcc-bad2ab58b96f/export Tue, 04 Mar 2025 21:35:33 +0000 https://vulnerability.circl.lu/sighting/20fe5c6e-1437-4388-9912-0e126231844a/export {"uuid": "20fe5c6e-1437-4388-9912-0e126231844a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23327", "type": "seen", "source": "Telegram/7Ey-gW9GzSfHbWACKWdO1xREYWnRCQ7bFkXiQfcAdOWfJB1B", "content": "", "creation_timestamp": "2025-03-06T02:16:32.000000Z"} {"uuid": "20fe5c6e-1437-4388-9912-0e126231844a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23327", "type": "seen", "source": "Telegram/7Ey-gW9GzSfHbWACKWdO1xREYWnRCQ7bFkXiQfcAdOWfJB1B", "content": "", "creation_timestamp": "2025-03-06T02:16:32.000000Z"} https://vulnerability.circl.lu/sighting/20fe5c6e-1437-4388-9912-0e126231844a/export Thu, 06 Mar 2025 02:16:32 +0000