https://vulnerability.circl.lu/sightings/feed 2026-06-25T11:50:22.491762+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/8fc3f4ca-e862-4b8e-b2dc-e681d7709825/export 2026-06-25T11:50:22.508363+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8fc3f4ca-e862-4b8e-b2dc-e681d7709825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23635", "type": "seen", "source": "https://t.me/cibsecurity/37906", "content": "\u203c CVE-2022-23635 \u203c\n\nIstio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-23T00:23:46.000000Z"} 2022-02-23T00:23:46+00:00 https://vulnerability.circl.lu/sighting/7fcd0c62-0b06-41bc-8423-f2abcb21644b/export 2026-06-25T11:50:22.508288+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7fcd0c62-0b06-41bc-8423-f2abcb21644b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2363", "type": "seen", "source": "https://t.me/cibsecurity/46074", "content": "\u203c CVE-2022-2363 \u203c\n\nA vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/admin/search/searching/. The manipulation of the argument search with the input \">alert(\"XSS\") leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T20:25:20.000000Z"} 2022-07-12T20:25:20+00:00 https://vulnerability.circl.lu/sighting/58fd9d34-4531-48c7-8253-aa9f0f4490c7/export 2026-06-25T11:50:22.508223+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "58fd9d34-4531-48c7-8253-aa9f0f4490c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23631", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6398", "content": "#exploit\n1. Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706\nhttps://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706\n\n2. CVE-2022-23631:\nRCE via Prototype Pollution in Blitz.js\nhttps://blog.sonarsource.com/blitzjs-prototype-pollution", "creation_timestamp": "2022-07-14T13:07:20.000000Z"} 2022-07-14T13:07:20+00:00 https://vulnerability.circl.lu/sighting/386fa62e-5e35-4ebb-8035-61e77256babb/export 2026-06-25T11:50:22.508107+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "386fa62e-5e35-4ebb-8035-61e77256babb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23631", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/333", "content": "CVE-2022-23631 : RCE via Prototype Pollution in Blitz.js\nhttps://blog.sonarsource.com/blitzjs-prototype-pollution", "creation_timestamp": "2022-07-16T23:53:49.000000Z"} 2022-07-16T23:53:49+00:00 https://vulnerability.circl.lu/sighting/7cc8a04b-9f10-4866-ae81-71196d306154/export 2026-06-25T11:50:22.507962+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7cc8a04b-9f10-4866-ae81-71196d306154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23630", "type": "seen", "source": "https://t.me/cibsecurity/37258", "content": "\u203c CVE-2022-23630 \u203c\n\nGradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-24T08:19:51.000000Z"} 2023-10-24T08:19:51+00:00 https://vulnerability.circl.lu/sighting/2b73f226-4ff0-42fe-b717-642a352703b1/export 2026-06-25T11:50:22.507827+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "2b73f226-4ff0-42fe-b717-642a352703b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23635", "type": "seen", "source": "https://t.me/arpsyndicate/127", "content": "#ExploitObserverAlert\n\nCVE-2022-23635\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-23635. Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\nFIRST-EPSS: 0.001210000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-12T18:22:33.000000Z"} 2023-11-12T18:22:33+00:00 https://vulnerability.circl.lu/sighting/c92045c2-e47a-4f69-95dc-3427bf2aa964/export 2026-06-25T11:50:22.507710+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "c92045c2-e47a-4f69-95dc-3427bf2aa964", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23631", "type": "seen", "source": "https://t.me/ctinow/164845", "content": "https://ift.tt/49U3xKi\nCVE-2022-23631 Exploit", "creation_timestamp": "2024-01-09T08:16:10.000000Z"} 2024-01-09T08:16:10+00:00 https://vulnerability.circl.lu/sighting/2d2a2dc2-76c9-404d-a442-3edb9be9d17c/export 2026-06-25T11:50:22.507594+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "2d2a2dc2-76c9-404d-a442-3edb9be9d17c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23633", "type": "seen", "source": "https://t.me/ctinow/170326", "content": "https://ift.tt/NnVhJQ9\nCVE-2022-23633 Ruby on Rails Vulnerability in NetApp Products", "creation_timestamp": "2024-01-19T18:32:03.000000Z"} 2024-01-19T18:32:03+00:00 https://vulnerability.circl.lu/sighting/3d3293d9-f9bd-424c-8f61-8e27669e92e8/export 2026-06-25T11:50:22.507439+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "3d3293d9-f9bd-424c-8f61-8e27669e92e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23632", "type": "seen", "source": "https://gist.github.com/alon710/9def45344bb07b378de41c3c4e762379", "content": "", "creation_timestamp": "2026-01-24T21:25:43.000000Z"} 2026-01-24T21:25:43+00:00 https://vulnerability.circl.lu/sighting/149c2d2b-7901-461a-8c70-a41f39c4527d/export 2026-06-25T11:50:22.505763+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "149c2d2b-7901-461a-8c70-a41f39c4527d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23632", "type": "seen", "source": "https://gist.github.com/alon710/7c3fde71c655f15e964d83a59a44bf40", "content": "", "creation_timestamp": "2026-01-24T22:41:08.000000Z"} 2026-01-24T22:41:08+00:00