https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-25T14:19:54.146667+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/bdb0b086-e834-45f9-b434-e461e2c9e955/exportbdb0b086-e834-45f9-b434-e461e2c9e9552026-06-25T14:19:54.163450+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "bdb0b086-e834-45f9-b434-e461e2c9e955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23863", "type": "seen", "source": "https://t.me/cibsecurity/36462", "content": "\u203c CVE-2022-23863 \u203c\n\nZoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-28T18:26:44.000000Z"}2022-01-28T18:26:44+00:00https://vulnerability.circl.lu/sighting/eaac11a9-53cd-4dac-883c-17729d4fa49b/exporteaac11a9-53cd-4dac-883c-17729d4fa49b2026-06-25T14:19:54.163360+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "eaac11a9-53cd-4dac-883c-17729d4fa49b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23868", "type": "seen", "source": "https://t.me/cibsecurity/39799", "content": "\u203c CVE-2022-23868 \u203c\n\nRuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T14:12:11.000000Z"}2022-03-30T14:12:11+00:00https://vulnerability.circl.lu/sighting/e4331831-3b12-4945-9037-ba84a1743169/exporte4331831-3b12-4945-9037-ba84a17431692026-06-25T14:19:54.163271+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "e4331831-3b12-4945-9037-ba84a1743169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23869", "type": "seen", "source": "https://t.me/cibsecurity/39802", "content": "\u203c CVE-2022-23869 \u203c\n\nIn RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T14:12:14.000000Z"}2022-03-30T14:12:14+00:00https://vulnerability.circl.lu/sighting/af04b405-933e-49cc-8180-cb1495fdb1e9/exportaf04b405-933e-49cc-8180-cb1495fdb1e92026-06-25T14:19:54.163179+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "af04b405-933e-49cc-8180-cb1495fdb1e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23865", "type": "seen", "source": "https://t.me/cibsecurity/40879", "content": "\u203c CVE-2022-23865 \u203c\n\nNyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '\"> on the thes1 parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T20:20:14.000000Z"}2022-04-15T20:20:14+00:00https://vulnerability.circl.lu/sighting/4c06d38b-21d8-4d20-a0e8-d472383dc725/export4c06d38b-21d8-4d20-a0e8-d472383dc7252026-06-25T14:19:54.163084+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "4c06d38b-21d8-4d20-a0e8-d472383dc725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2386", "type": "seen", "source": "https://t.me/cibsecurity/47733", "content": "\u203c CVE-2022-2386 \u203c\n\nThe Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-08T18:23:44.000000Z"}2022-08-08T18:23:44+00:00https://vulnerability.circl.lu/sighting/c53735a0-19a7-4dec-93ae-474d0ca71150/exportc53735a0-19a7-4dec-93ae-474d0ca711502026-06-25T14:19:54.162962+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "c53735a0-19a7-4dec-93ae-474d0ca71150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23862", "type": "seen", "source": "https://t.me/cvedetector/8625", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-23862 - Y Soft SAFEQ JMX Remote Code Execution and Privilege Escalation\", \n \"Content\": \"CVE ID : CVE-2022-23862 \nPublished : Oct. 22, 2024, 4:15 p.m. | 32\u00a0minutes ago \nDescription : A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the \"NT Authority\\System\" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T18:48:07.000000Z"}2024-10-22T18:48:07+00:00https://vulnerability.circl.lu/sighting/30f914dc-ede8-456f-bb4e-c14a35496e6e/export30f914dc-ede8-456f-bb4e-c14a35496e6e2026-06-25T14:19:54.161499+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "30f914dc-ede8-456f-bb4e-c14a35496e6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23861", "type": "seen", "source": "https://t.me/cvedetector/8626", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-23861 - Y Soft SAFEQ Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-23861 \nPublished : Oct. 22, 2024, 4:15 p.m. | 32\u00a0minutes ago \nDescription : Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T18:48:08.000000Z"}2024-10-22T18:48:08+00:00