Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-06T09:56:03.353461+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/ca0d7a5b-45e2-408d-9767-ea3877db9c88/export ca0d7a5b-45e2-408d-9767-ea3877db9c88 2026-05-06T09:56:03.802354+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "ca0d7a5b-45e2-408d-9767-ea3877db9c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24131", "type": "seen", "source": "https://t.me/cibsecurity/39807", "content": "\u203c CVE-2022-24131 \u203c\n\nDouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T16:12:21.000000Z"} 2022-03-30T16:12:21+00:00 https://vulnerability.circl.lu/sighting/245973b5-c9fc-476d-84bd-b85a6e4059d8/export 245973b5-c9fc-476d-84bd-b85a6e4059d8 2026-05-06T09:56:03.802274+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "245973b5-c9fc-476d-84bd-b85a6e4059d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24135", "type": "seen", "source": "https://t.me/cibsecurity/39867", "content": "\u203c CVE-2022-24135 \u203c\n\nQingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T22:17:31.000000Z"} 2022-03-30T22:17:31+00:00 https://vulnerability.circl.lu/sighting/a54855a5-c0e0-466a-8da4-4d3085e7f392/export a54855a5-c0e0-466a-8da4-4d3085e7f392 2026-05-06T09:56:03.802190+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a54855a5-c0e0-466a-8da4-4d3085e7f392", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24132", "type": "seen", "source": "https://t.me/cibsecurity/39868", "content": "\u203c CVE-2022-24132 \u203c\n\nphpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T22:17:32.000000Z"} 2022-03-30T22:17:32+00:00 https://vulnerability.circl.lu/sighting/23b5b101-d0db-4519-8a71-9fb7e4769f89/export 23b5b101-d0db-4519-8a71-9fb7e4769f89 2026-05-06T09:56:03.802092+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "23b5b101-d0db-4519-8a71-9fb7e4769f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24136", "type": "seen", "source": "https://t.me/cibsecurity/39908", "content": "\u203c CVE-2022-24136 \u203c\n\nHospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-31T14:18:25.000000Z"} 2022-03-31T14:18:25+00:00 https://vulnerability.circl.lu/sighting/727dfd77-dc16-47b2-a1af-d5a5cf2e9eb6/export 727dfd77-dc16-47b2-a1af-d5a5cf2e9eb6 2026-05-06T09:56:03.801863+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "727dfd77-dc16-47b2-a1af-d5a5cf2e9eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24138", "type": "seen", "source": "https://t.me/cibsecurity/45639", "content": "\u203c CVE-2022-24138 \u203c\n\nIOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has \"rwx\" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:45.000000Z"} 2022-07-06T16:20:45+00:00 https://vulnerability.circl.lu/sighting/f616c195-77f7-4724-8bda-b8e839af353e/export f616c195-77f7-4724-8bda-b8e839af353e 2026-05-06T09:56:03.801539+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f616c195-77f7-4724-8bda-b8e839af353e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24139", "type": "seen", "source": "https://t.me/cibsecurity/45642", "content": "\u203c CVE-2022-24139 \u203c\n\nIn IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:47.000000Z"} 2022-07-06T16:20:47+00:00 https://vulnerability.circl.lu/sighting/5e20acc3-b8c0-4dbb-87af-bc7e10405b04/export 5e20acc3-b8c0-4dbb-87af-bc7e10405b04 2026-05-06T09:56:03.801437+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "5e20acc3-b8c0-4dbb-87af-bc7e10405b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2413", "type": "seen", "source": "https://t.me/ctinow/173001", "content": "https://ift.tt/U0F7aZd\nCVE-2022-2413 Exploit", "creation_timestamp": "2024-01-24T19:16:30.000000Z"} 2024-01-24T19:16:30+00:00 https://vulnerability.circl.lu/sighting/a5911767-e1df-4187-ac95-fcf6eec1ff4e/export a5911767-e1df-4187-ac95-fcf6eec1ff4e 2026-05-06T09:56:03.799241+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a5911767-e1df-4187-ac95-fcf6eec1ff4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2413", "type": "seen", "source": "https://t.me/ctinow/180044", "content": "https://ift.tt/53hXYGb\nCVE-2022-2413 | simonpedge Slide Anything Plugin up to 2.3.46 on WordPress cross site scripting", "creation_timestamp": "2024-02-06T15:17:15.000000Z"} 2024-02-06T15:17:15+00:00