https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-04T15:33:54.549789+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/b6a08afc-46d1-4e5e-a1f2-47e0dce24fb0/exportb6a08afc-46d1-4e5e-a1f2-47e0dce24fb02026-05-04T15:33:54.974038+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "b6a08afc-46d1-4e5e-a1f2-47e0dce24fb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42745", "type": "seen", "source": "https://t.me/cibsecurity/52535", "content": "\u203c CVE-2022-42745 \u203c\n\nCandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T23:25:57.000000Z"}2022-11-03T23:25:57+00:00https://vulnerability.circl.lu/sighting/7d970f90-b9f7-4e30-a309-26c21001241f/export7d970f90-b9f7-4e30-a309-26c21001241f2026-05-04T15:33:54.973900+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "7d970f90-b9f7-4e30-a309-26c21001241f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42743", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/52536", "content": "\u203c CVE-2022-42743 \u203c\n\ndeep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T23:25:58.000000Z"}2022-11-03T23:25:58+00:00https://vulnerability.circl.lu/sighting/499fea5d-4d68-443b-b4ac-f3995b6e9906/export499fea5d-4d68-443b-b4ac-f3995b6e99062026-05-04T15:33:54.973759+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "499fea5d-4d68-443b-b4ac-f3995b6e9906", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42746", "type": "seen", "source": "https://t.me/cibsecurity/52543", "content": "\u203c CVE-2022-42746 \u203c\n\nCandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T23:26:08.000000Z"}2022-11-03T23:26:08+00:00https://vulnerability.circl.lu/sighting/c29b9b3f-f5f8-4cd7-9716-73f1dc966adf/exportc29b9b3f-f5f8-4cd7-9716-73f1dc966adf2026-05-04T15:33:54.973617+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "c29b9b3f-f5f8-4cd7-9716-73f1dc966adf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42748", "type": "seen", "source": "https://t.me/cibsecurity/52545", "content": "\u203c CVE-2022-42748 \u203c\n\nCandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T23:26:10.000000Z"}2022-11-03T23:26:10+00:00https://vulnerability.circl.lu/sighting/93930603-32d0-4810-afa5-4ea0d9c4cd97/export93930603-32d0-4810-afa5-4ea0d9c4cd972026-05-04T15:33:54.973461+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "93930603-32d0-4810-afa5-4ea0d9c4cd97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42749", "type": "seen", "source": "https://t.me/cibsecurity/52546", "content": "\u203c CVE-2022-42749 \u203c\n\nCandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T23:26:11.000000Z"}2022-11-03T23:26:11+00:00https://vulnerability.circl.lu/sighting/8ab38f9c-b6ca-4d61-b23a-4d4b5185501c/export8ab38f9c-b6ca-4d61-b23a-4d4b5185501c2026-05-04T15:33:54.973283+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "8ab38f9c-b6ca-4d61-b23a-4d4b5185501c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4274", "type": "seen", "source": "https://t.me/cibsecurity/53950", "content": "\u203c CVE-2022-4274 \u203c\n\nA vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-03T18:37:58.000000Z"}2022-12-03T18:37:58+00:00https://vulnerability.circl.lu/sighting/a5c467f0-5747-41f6-90fa-cc18ec0d7ee1/exporta5c467f0-5747-41f6-90fa-cc18ec0d7ee12026-05-04T15:33:54.971031+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "a5c467f0-5747-41f6-90fa-cc18ec0d7ee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42744", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14845", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42744\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.\n\ud83d\udccf Published: 2022-11-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T13:04:12.220Z\n\ud83d\udd17 References:\n1. https://candidats.net/\n2. https://fluidattacks.com/advisories/mohawke/", "creation_timestamp": "2025-05-05T13:19:06.000000Z"}2025-05-05T13:19:06+00:00