https://vulnerability.circl.lu/sightings/feed 2026-05-04T10:34:31.223781+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f8be3480-db09-4428-a9d4-d81bbc74f309/export 2026-05-04T10:34:31.512708+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f8be3480-db09-4428-a9d4-d81bbc74f309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32225", "type": "seen", "source": "https://t.me/cibsecurity/46251", "content": "\u203c CVE-2022-32225 \u203c\n\nA reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-14T18:32:47.000000Z"} 2022-07-14T18:32:47+00:00 https://vulnerability.circl.lu/sighting/dee57752-be96-4338-a5bf-760c5f970126/export 2026-05-04T10:34:31.512575+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "dee57752-be96-4338-a5bf-760c5f970126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32223", "type": "seen", "source": "Telegram/tvagmoXGD-sjRG5teDO-DfPH2_iB-IEEjYRnLqN5-gAxoA", "content": "", "creation_timestamp": "2022-07-15T08:17:26.000000Z"} 2022-07-15T08:17:26+00:00 https://vulnerability.circl.lu/sighting/70752e11-b6c3-4195-ae08-1b2ea0e42908/export 2026-05-04T10:34:31.512428+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "70752e11-b6c3-4195-ae08-1b2ea0e42908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32223", "type": "seen", "source": "https://t.me/crackcodes/838", "content": "Updates On Hackbyte Forum:-\n\n\ud83d\udcccRetbleed: Arbitrary Speculative Code Execution with Return Instructions\n\ud83d\udcccExecuting Arbitrary Code Over a Phone Line Thanks to the XBAND Video Game Modem\n\ud83d\udcccRolling PWN Attack Affecting Honda Vehicles\n\ud83d\udcccCVE-2022-32223 Discovery: DLL Hijacking via npm CLI\n\ud83d\udcccFrom Prototype Pollution to Remote Code Execution in Blitz.js\n\ud83d\udcccAttacking Active Directory: 0 to 0.9\n\ud83d\udcccCVE-2022-29885 \u2013 Apache Tomcat Cluster Service DoS\n\ud83d\udcccCVE-2022-29593\n\ud83d\udcccNorth South University / Bangladesh / email login\n\ud83d\udcccdeeppaste Leak\n\ud83d\udcccLivejournalfull Leak\n\ud83d\udcccGemotest Crm Leak\n\ud83d\udcccSplunk Attack\n\ud83d\udcccNzyme - WiFi Defense System\n\ud83d\udcccProject-Whis - Advanced HTTP Botnet\n\ud83d\udcccCode Signing Certificate Cloning Attack\n\ud83d\udcccRetbleed - Arbitrary Speculative Code Execution with Return Instruction.\n\ud83d\udcccConfluence Pre-Auth RCE.\n\ud83d\udcccmicrosoft-rpc-fuzzing-tools\n\ud83d\udcccCVE-2022-26135\n\ud83d\udcccXSS Payload List\n\ud83d\udcccheaders for hackers | PHP #ssrf | #cve-2020-7066 Video\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffb Updates:- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-07-16T09:11:59.000000Z"} 2022-07-16T09:11:59+00:00 https://vulnerability.circl.lu/sighting/c9c75d2a-9830-433b-8848-4f43630563b7/export 2026-05-04T10:34:31.512299+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "c9c75d2a-9830-433b-8848-4f43630563b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3222", "type": "seen", "source": "https://t.me/cibsecurity/49808", "content": "\u203c CVE-2022-3222 \u203c\n\nUncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-15T12:27:14.000000Z"} 2022-09-15T12:27:14+00:00 https://vulnerability.circl.lu/sighting/166bbd76-1fdb-4371-8ee5-8ff1699a7898/export 2026-05-04T10:34:31.512178+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "166bbd76-1fdb-4371-8ee5-8ff1699a7898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32223", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6843", "content": "#Blue_Team_Techniques\nCVE-2022-32223 Discovery: DLL Hijacking via npm CLI\nhttps://blog.aquasec.com/cve-2022-32223-dll-hijacking", "creation_timestamp": "2022-09-21T11:03:01.000000Z"} 2022-09-21T11:03:01+00:00 https://vulnerability.circl.lu/sighting/51c3bf17-8660-4045-9f14-720f65c0df9f/export 2026-05-04T10:34:31.512047+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "51c3bf17-8660-4045-9f14-720f65c0df9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32220", "type": "seen", "source": "https://t.me/cibsecurity/50387", "content": "\u203c CVE-2022-32220 \u203c\n\nAn information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:14:04.000000Z"} 2022-09-23T22:14:04+00:00 https://vulnerability.circl.lu/sighting/15c39fc1-5a08-4297-980a-826c3221173e/export 2026-05-04T10:34:31.511908+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "15c39fc1-5a08-4297-980a-826c3221173e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32229", "type": "seen", "source": "https://t.me/cibsecurity/50396", "content": "\u203c CVE-2022-32229 \u203c\n\nA information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:19:56.000000Z"} 2022-09-23T22:19:56+00:00 https://vulnerability.circl.lu/sighting/7c3c85a9-05fb-467b-9d67-0eb99fd2f6c3/export 2026-05-04T10:34:31.511760+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "7c3c85a9-05fb-467b-9d67-0eb99fd2f6c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32228", "type": "seen", "source": "https://t.me/cibsecurity/50414", "content": "\u203c CVE-2022-32228 \u203c\n\nAn information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:27:08.000000Z"} 2022-09-23T22:27:08+00:00 https://vulnerability.circl.lu/sighting/75592856-1740-4fbd-967e-be9bfb666e38/export 2026-05-04T10:34:31.511546+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "75592856-1740-4fbd-967e-be9bfb666e38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32226", "type": "seen", "source": "https://t.me/cibsecurity/50420", "content": "\u203c CVE-2022-32226 \u203c\n\nAn improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:27:14.000000Z"} 2022-09-23T22:27:14+00:00 https://vulnerability.circl.lu/sighting/3df391ad-3984-48aa-a855-0c677b65483d/export 2026-05-04T10:34:31.509303+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "3df391ad-3984-48aa-a855-0c677b65483d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32221", "type": "seen", "source": "https://t.me/cibsecurity/54032", "content": "\u203c CVE-2022-32221 \u203c\n\nWhen doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:22.000000Z"} 2022-12-06T00:40:22+00:00