https://vulnerability.circl.lu/sightings/feed 2026-05-01T15:59:48.869122+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/1a8d6bb0-a88b-43f9-b9b2-693539492f45/export 2026-05-01T15:59:49.303051+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "1a8d6bb0-a88b-43f9-b9b2-693539492f45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4397", "type": "seen", "source": "https://t.me/cibsecurity/54258", "content": "\u203c CVE-2022-4397 \u203c\n\nA vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-11T09:23:53.000000Z"} 2022-12-11T09:23:53+00:00 https://vulnerability.circl.lu/sighting/3ef293c3-86fa-4bb7-86b0-2e286ab479b6/export 2026-05-01T15:59:49.302944+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "3ef293c3-86fa-4bb7-86b0-2e286ab479b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43970", "type": "seen", "source": "https://t.me/cibsecurity/56176", "content": "\u203c CVE-2022-43970 \u203c\n\nA buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T00:27:49.000000Z"} 2023-01-10T00:27:49+00:00 https://vulnerability.circl.lu/sighting/20874de3-767a-4e15-8a72-2ca5a6619474/export 2026-05-01T15:59:49.302838+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "20874de3-767a-4e15-8a72-2ca5a6619474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43973", "type": "seen", "source": "https://t.me/cibsecurity/56177", "content": "\u203c CVE-2022-43973 \u203c\n\nAn arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T00:27:50.000000Z"} 2023-01-10T00:27:50+00:00 https://vulnerability.circl.lu/sighting/17e28cca-d6d4-4c73-a32d-3e279fa42e45/export 2026-05-01T15:59:49.302731+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "17e28cca-d6d4-4c73-a32d-3e279fa42e45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43972", "type": "seen", "source": "https://t.me/cibsecurity/56184", "content": "\u203c CVE-2022-43972 \u203c\n\nA null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T00:27:59.000000Z"} 2023-01-10T00:27:59+00:00 https://vulnerability.circl.lu/sighting/78dc0673-e062-4712-b48c-65c381f31c15/export 2026-05-01T15:59:49.302625+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "78dc0673-e062-4712-b48c-65c381f31c15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43971", "type": "seen", "source": "https://t.me/cibsecurity/56185", "content": "\u203c CVE-2022-43971 \u203c\n\nAn arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T00:28:03.000000Z"} 2023-01-10T00:28:03+00:00 https://vulnerability.circl.lu/sighting/9666eda1-9d7d-4ab3-a83c-9a247c166556/export 2026-05-01T15:59:49.302504+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "9666eda1-9d7d-4ab3-a83c-9a247c166556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43977", "type": "seen", "source": "https://t.me/cibsecurity/56630", "content": "\u203c CVE-2022-43977 \u203c\n\nAn issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T00:15:36.000000Z"} 2023-01-18T00:15:36+00:00 https://vulnerability.circl.lu/sighting/e851c01a-b1a1-4d13-87e2-fbecc3ba7459/export 2026-05-01T15:59:49.302348+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e851c01a-b1a1-4d13-87e2-fbecc3ba7459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43976", "type": "seen", "source": "https://t.me/cibsecurity/56634", "content": "\u203c CVE-2022-43976 \u203c\n\nAn issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T00:15:41.000000Z"} 2023-01-18T00:15:41+00:00 https://vulnerability.circl.lu/sighting/34c10101-c88f-4a63-8bd6-d87f7de60d42/export 2026-05-01T15:59:49.299938+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "34c10101-c88f-4a63-8bd6-d87f7de60d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43975", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10737", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43975\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888.\n\ud83d\udccf Published: 2023-01-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-07T16:25:04.747Z\n\ud83d\udd17 References:\n1. https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json", "creation_timestamp": "2025-04-07T16:45:26.000000Z"} 2025-04-07T16:45:26+00:00