Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-04T09:48:33.548190+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/1e53caba-6de6-48c7-929f-ed9e0ff5b54b/export 1e53caba-6de6-48c7-929f-ed9e0ff5b54b 2026-05-04T09:48:33.960510+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "1e53caba-6de6-48c7-929f-ed9e0ff5b54b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38732", "type": "seen", "source": "https://t.me/cibsecurity/50735", "content": "\u203c CVE-2022-38732 \u203c\n\nSnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-29T18:35:09.000000Z"} 2022-09-29T18:35:09+00:00 https://vulnerability.circl.lu/sighting/1db00c1b-730d-400a-a43a-d961408bde59/export 1db00c1b-730d-400a-a43a-d961408bde59 2026-05-04T09:48:33.960426+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "1db00c1b-730d-400a-a43a-d961408bde59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38733", "type": "seen", "source": "https://t.me/cibsecurity/55025", "content": "\u203c CVE-2022-38733 \u203c\n\nOnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T00:12:43.000000Z"} 2022-12-21T00:12:43+00:00 https://vulnerability.circl.lu/sighting/ec37fa5e-ecfd-475d-8f43-99057ee0af6d/export ec37fa5e-ecfd-475d-8f43-99057ee0af6d 2026-05-04T09:48:33.960340+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "ec37fa5e-ecfd-475d-8f43-99057ee0af6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38731", "type": "seen", "source": "https://t.me/cKure/10672", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-38731: A blind arbitrary file read, that could also be used for authentication coercion via a mechanism known as a Universal Naming Convention (UNC) path.\n\nQaelum DOSE Zero-Day. \n\nhttps://www.pwc.co.uk/issues/cyber-security-services/research/ethical-hacking-team-discovered-zero-day-vulnerability.html", "creation_timestamp": "2023-02-15T05:27:59.000000Z"} 2023-02-15T05:27:59+00:00 https://vulnerability.circl.lu/sighting/a43f97cb-4cd6-47ca-bf48-27473215c0f2/export a43f97cb-4cd6-47ca-bf48-27473215c0f2 2026-05-04T09:48:33.960253+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a43f97cb-4cd6-47ca-bf48-27473215c0f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38731", "type": "seen", "source": "https://t.me/cibsecurity/58311", "content": "\u203c CVE-2022-38731 \u203c\n\nQaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T16:12:17.000000Z"} 2023-02-16T16:12:17+00:00 https://vulnerability.circl.lu/sighting/a669d875-7fd2-4d95-9ec4-ba3ec6b4b3d7/export a669d875-7fd2-4d95-9ec4-ba3ec6b4b3d7 2026-05-04T09:48:33.960163+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a669d875-7fd2-4d95-9ec4-ba3ec6b4b3d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38734", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6863", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38734\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service.\n\ud83d\udccf Published: 2023-03-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T17:31:03.400Z\n\ud83d\udd17 References:\n1. https://security.netapp.com/advisory/ntap-20230228-0001/", "creation_timestamp": "2025-03-07T17:35:14.000000Z"} 2025-03-07T17:35:14+00:00 https://vulnerability.circl.lu/sighting/4739f78c-32a0-4ab4-a2b1-19401f2e1c19/export 4739f78c-32a0-4ab4-a2b1-19401f2e1c19 2026-05-04T09:48:33.960075+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "4739f78c-32a0-4ab4-a2b1-19401f2e1c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38734", "type": "seen", "source": "Telegram/HqVZrl08ts1ueAe8w4pM3nvHtFdAMoEQruFqJJUzvIYKlWTg", "content": "", "creation_timestamp": "2025-03-08T04:35:52.000000Z"} 2025-03-08T04:35:52+00:00 https://vulnerability.circl.lu/sighting/1c7fe71e-dbd7-4987-9eb0-5c4484564e7f/export 1c7fe71e-dbd7-4987-9eb0-5c4484564e7f 2026-05-04T09:48:33.959973+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "1c7fe71e-dbd7-4987-9eb0-5c4484564e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38731", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8067", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38731\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.\n\ud83d\udccf Published: 2023-02-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T14:51:05.923Z\n\ud83d\udd17 References:\n1. https://qaelum.com/solutions/dose\n2. https://www.pwc.co.uk/issues/cyber-security-services/research/ethical-hacking-team-discovered-zero-day-vulnerability.html", "creation_timestamp": "2025-03-19T15:17:51.000000Z"} 2025-03-19T15:17:51+00:00 https://vulnerability.circl.lu/sighting/8323be6a-9cdd-4c68-ab6f-d643cb127851/export 8323be6a-9cdd-4c68-ab6f-d643cb127851 2026-05-04T09:48:33.959849+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8323be6a-9cdd-4c68-ab6f-d643cb127851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38733", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12133", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38733\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.\n\ud83d\udccf Published: 2022-12-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-16T18:35:31.486Z\n\ud83d\udd17 References:\n1. https://security.netapp.com/advisory/NTAP-20221220-0001/", "creation_timestamp": "2025-04-16T18:56:10.000000Z"} 2025-04-16T18:56:10+00:00 https://vulnerability.circl.lu/sighting/c358ba0b-27cd-455f-89fc-2f55b0f9f8cc/export c358ba0b-27cd-455f-89fc-2f55b0f9f8cc 2026-05-04T09:48:33.956545+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "c358ba0b-27cd-455f-89fc-2f55b0f9f8cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3873", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14351", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3873\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T17:59:19.909Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/52a4085e-b687-489b-9ed6-f0987583ed77\n2. https://github.com/jgraph/drawio/commit/d37894baf125430e85840c2635563b10d1a6523d", "creation_timestamp": "2025-05-01T18:15:46.000000Z"} 2025-05-01T18:15:46+00:00