https://vulnerability.circl.lu/sightings/feed 2026-05-06T13:37:33.993737+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/3b860a91-49da-4c79-8108-a65c27eb335e/export 2026-05-06T13:37:34.315847+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "3b860a91-49da-4c79-8108-a65c27eb335e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41715", "type": "seen", "source": "https://t.me/cibsecurity/51427", "content": "\u203c CVE-2022-41715 \u203c\n\nPrograms which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T18:29:01.000000Z"} 2022-10-14T18:29:01+00:00 https://vulnerability.circl.lu/sighting/ca1ec574-1be5-4c0d-a9f6-29752852082c/export 2026-05-06T13:37:34.315774+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "ca1ec574-1be5-4c0d-a9f6-29752852082c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41711", "type": "seen", "source": "https://t.me/cibsecurity/52074", "content": "\u203c CVE-2022-41711 \u203c\n\nBadaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-26T00:26:50.000000Z"} 2022-10-26T00:26:50+00:00 https://vulnerability.circl.lu/sighting/cee3b172-eb16-461c-af28-a4fd3922ed13/export 2026-05-06T13:37:34.315693+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "cee3b172-eb16-461c-af28-a4fd3922ed13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41716", "type": "seen", "source": "https://t.me/cibsecurity/52490", "content": "\u203c CVE-2022-41716 \u203c\n\nDue to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\".\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T19:19:58.000000Z"} 2022-11-02T19:19:58+00:00 https://vulnerability.circl.lu/sighting/5f4641d3-a6cc-4c16-8c6b-eb5833867d14/export 2026-05-06T13:37:34.315616+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "5f4641d3-a6cc-4c16-8c6b-eb5833867d14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41713", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/52533", "content": "\u203c CVE-2022-41713 \u203c\n\ndeep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T23:25:55.000000Z"} 2022-11-03T23:25:55+00:00 https://vulnerability.circl.lu/sighting/d633331a-5d11-4acb-b97a-a1edbdb49847/export 2026-05-06T13:37:34.315532+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "d633331a-5d11-4acb-b97a-a1edbdb49847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41714", "type": "seen", "source": "https://t.me/cibsecurity/52542", "content": "\u203c CVE-2022-41714 \u203c\n\nfastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T23:26:07.000000Z"} 2022-11-03T23:26:07+00:00 https://vulnerability.circl.lu/sighting/8961d619-b459-40e7-9101-2dd44c18b189/export 2026-05-06T13:37:34.315450+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8961d619-b459-40e7-9101-2dd44c18b189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41719", "type": "seen", "source": "https://t.me/cibsecurity/52891", "content": "\u203c CVE-2022-41719 \u203c\n\nUnmarshal can panic on some inputs, possibly allowing for denial of service attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:45:21.000000Z"} 2022-11-13T05:45:21+00:00 https://vulnerability.circl.lu/sighting/8580380c-cd6f-44c8-ba00-3e2fb9185fc1/export 2026-05-06T13:37:34.315369+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8580380c-cd6f-44c8-ba00-3e2fb9185fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41712", "type": "seen", "source": "https://t.me/cibsecurity/53523", "content": "\u203c CVE-2022-41712 \u203c\n\nFrappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-25T20:15:49.000000Z"} 2022-11-25T20:15:49+00:00 https://vulnerability.circl.lu/sighting/0eb12630-29af-46ad-a78f-3576b4427743/export 2026-05-06T13:37:34.315279+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "0eb12630-29af-46ad-a78f-3576b4427743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41717", "type": "seen", "source": "https://t.me/cibsecurity/54196", "content": "\u203c CVE-2022-41717 \u203c\n\nAn attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-08T22:12:54.000000Z"} 2022-12-08T22:12:54+00:00 https://vulnerability.circl.lu/sighting/e1313b7f-f3c6-4138-86b6-29c9edbcccfc/export 2026-05-06T13:37:34.315159+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e1313b7f-f3c6-4138-86b6-29c9edbcccfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4171", "type": "seen", "source": "https://t.me/cibsecurity/54474", "content": "\u203c CVE-2022-4171 \u203c\n\nThe demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T00:22:06.000000Z"} 2022-12-14T00:22:06+00:00 https://vulnerability.circl.lu/sighting/71380702-aa58-47e2-b63b-4009f0288350/export 2026-05-06T13:37:34.312749+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "71380702-aa58-47e2-b63b-4009f0288350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4171", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2838", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4171\n\ud83d\udd39 Description: The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.\n\ud83d\udccf Published: 2022-12-13T20:16:52.649Z\n\ud83d\udccf Modified: 2025-01-23T20:32:54.812Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2830349%40demon-image-annotation&new=2830349%40demon-image-annotation&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-23T21:03:50.000000Z"} 2025-01-23T21:03:50+00:00