<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 10 Jul 2026 23:09:22 +0000</lastBuildDate>
    <item>
      <title>bc40d4d3-58ab-4c16-a064-f52909b558a8</title>
      <link>https://vulnerability.circl.lu/sighting/bc40d4d3-58ab-4c16-a064-f52909b558a8/export</link>
      <description>{"uuid": "bc40d4d3-58ab-4c16-a064-f52909b558a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15005", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11451", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2016-15005\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.\n\ud83d\udccf Published: 2022-12-27T21:13:27.393Z\n\ud83d\udccf Modified: 2025-04-11T16:39:25.100Z\n\ud83d\udd17 References:\n1. https://github.com/dinever/golf/pull/24\n2. https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe\n3. https://github.com/dinever/golf/issues/20\n4. https://pkg.go.dev/vuln/GO-2020-0045", "creation_timestamp": "2025-04-11T16:50:58.000000Z"}</description>
      <content:encoded>{"uuid": "bc40d4d3-58ab-4c16-a064-f52909b558a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15005", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11451", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2016-15005\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.\n\ud83d\udccf Published: 2022-12-27T21:13:27.393Z\n\ud83d\udccf Modified: 2025-04-11T16:39:25.100Z\n\ud83d\udd17 References:\n1. https://github.com/dinever/golf/pull/24\n2. https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe\n3. https://github.com/dinever/golf/issues/20\n4. https://pkg.go.dev/vuln/GO-2020-0045", "creation_timestamp": "2025-04-11T16:50:58.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bc40d4d3-58ab-4c16-a064-f52909b558a8/export</guid>
      <pubDate>Fri, 11 Apr 2025 16:50:58 +0000</pubDate>
    </item>
    <item>
      <title>78d96c09-7d05-4f22-805c-414e25853241</title>
      <link>https://vulnerability.circl.lu/sighting/78d96c09-7d05-4f22-805c-414e25853241/export</link>
      <description>{"uuid": "78d96c09-7d05-4f22-805c-414e25853241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15007", "type": "seen", "source": "https://t.me/cibsecurity/55746", "content": "\u203c CVE-2016-15007 \u203c\n\nA vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The name of the patch is db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-02T22:30:22.000000Z"}</description>
      <content:encoded>{"uuid": "78d96c09-7d05-4f22-805c-414e25853241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15007", "type": "seen", "source": "https://t.me/cibsecurity/55746", "content": "\u203c CVE-2016-15007 \u203c\n\nA vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The name of the patch is db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-02T22:30:22.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/78d96c09-7d05-4f22-805c-414e25853241/export</guid>
      <pubDate>Mon, 02 Jan 2023 22:30:22 +0000</pubDate>
    </item>
    <item>
      <title>79f81425-7f64-425f-9482-79c7ad11cdf5</title>
      <link>https://vulnerability.circl.lu/sighting/79f81425-7f64-425f-9482-79c7ad11cdf5/export</link>
      <description>{"uuid": "79f81425-7f64-425f-9482-79c7ad11cdf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15005", "type": "seen", "source": "https://t.me/cibsecurity/55459", "content": "\u203c CVE-2016-15005 \u203c\n\nCSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:12:14.000000Z"}</description>
      <content:encoded>{"uuid": "79f81425-7f64-425f-9482-79c7ad11cdf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15005", "type": "seen", "source": "https://t.me/cibsecurity/55459", "content": "\u203c CVE-2016-15005 \u203c\n\nCSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:12:14.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/79f81425-7f64-425f-9482-79c7ad11cdf5/export</guid>
      <pubDate>Wed, 28 Dec 2022 00:12:14 +0000</pubDate>
    </item>
    <item>
      <title>98ad20ee-4920-40ff-9963-ce9a25fad2dd</title>
      <link>https://vulnerability.circl.lu/sighting/98ad20ee-4920-40ff-9963-ce9a25fad2dd/export</link>
      <description>{"uuid": "98ad20ee-4920-40ff-9963-ce9a25fad2dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15003", "type": "seen", "source": "https://t.me/cibsecurity/46425", "content": "\u203c CVE-2016-15003 \u203c\n\nA vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\\Program Files\\FileZilla FTP Client\\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T12:34:19.000000Z"}</description>
      <content:encoded>{"uuid": "98ad20ee-4920-40ff-9963-ce9a25fad2dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-15003", "type": "seen", "source": "https://t.me/cibsecurity/46425", "content": "\u203c CVE-2016-15003 \u203c\n\nA vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\\Program Files\\FileZilla FTP Client\\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T12:34:19.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/98ad20ee-4920-40ff-9963-ce9a25fad2dd/export</guid>
      <pubDate>Mon, 18 Jul 2022 12:34:19 +0000</pubDate>
    </item>
  </channel>
</rss>
