https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-14T23:10:20.479156+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/169467ca-9156-48d2-b8e5-1115c7d4f2a0/export169467ca-9156-48d2-b8e5-1115c7d4f2a02026-06-14T23:10:20.941348+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "169467ca-9156-48d2-b8e5-1115c7d4f2a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38808", "type": "seen", "source": "https://t.me/cibsecurity/49913", "content": "\u203c CVE-2022-38808 \u203c\n\nywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T18:28:53.000000Z"}2022-09-16T18:28:53+00:00https://vulnerability.circl.lu/sighting/2b543c3a-4c02-49b2-a8be-5764b2c9d0ca/export2b543c3a-4c02-49b2-a8be-5764b2c9d0ca2026-06-14T23:10:20.941277+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "2b543c3a-4c02-49b2-a8be-5764b2c9d0ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38801", "type": "seen", "source": "https://t.me/cibsecurity/53719", "content": "\u203c CVE-2022-38801 \u203c\n\nIn Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:14.000000Z"}2022-11-30T16:29:14+00:00https://vulnerability.circl.lu/sighting/0b8e993f-aefe-44eb-9783-f70fb45fe0d3/export0b8e993f-aefe-44eb-9783-f70fb45fe0d32026-06-14T23:10:20.941202+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "0b8e993f-aefe-44eb-9783-f70fb45fe0d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38803", "type": "seen", "source": "https://t.me/cibsecurity/53720", "content": "\u203c CVE-2022-38803 \u203c\n\nZkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:15.000000Z"}2022-11-30T16:29:15+00:00https://vulnerability.circl.lu/sighting/a8edd829-6aba-4d60-a3e0-cc8ccecf4bd1/exporta8edd829-6aba-4d60-a3e0-cc8ccecf4bd12026-06-14T23:10:20.941089+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "a8edd829-6aba-4d60-a3e0-cc8ccecf4bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38802", "type": "seen", "source": "https://t.me/cibsecurity/53721", "content": "\u203c CVE-2022-38802 \u203c\n\nZkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:16.000000Z"}2022-11-30T16:29:16+00:00https://vulnerability.circl.lu/sighting/7e683210-0f46-4bda-8fb0-fae84b3d1dfb/export7e683210-0f46-4bda-8fb0-fae84b3d1dfb2026-06-14T23:10:20.938494+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "7e683210-0f46-4bda-8fb0-fae84b3d1dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3880", "type": "seen", "source": "https://t.me/cibsecurity/54339", "content": "\u203c CVE-2022-3880 \u203c\n\nThe Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T13:16:23.000000Z"}2022-12-20T13:16:23+00:00