Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-04T19:20:00.213022+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/12952688-46d9-4d5f-97c2-4d72f0ed866c/export 12952688-46d9-4d5f-97c2-4d72f0ed866c 2026-05-04T19:20:00.656379+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "12952688-46d9-4d5f-97c2-4d72f0ed866c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44019", "type": "seen", "source": "https://t.me/cibsecurity/52273", "content": "\u203c CVE-2022-44019 \u203c\n\nIn Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-30T06:30:47.000000Z"} 2022-10-30T06:30:47+00:00 https://vulnerability.circl.lu/sighting/0c01907a-46ae-4743-8524-28a8d760cdd2/export 0c01907a-46ae-4743-8524-28a8d760cdd2 2026-05-04T19:20:00.656292+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "0c01907a-46ae-4743-8524-28a8d760cdd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4401", "type": "seen", "source": "https://t.me/cibsecurity/54261", "content": "\u203c CVE-2022-4401 \u203c\n\nA vulnerability was found in pallidlight online-course-selection-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-215268.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-11T12:19:56.000000Z"} 2022-12-11T12:19:56+00:00 https://vulnerability.circl.lu/sighting/d6e7e5ee-3f6e-4df4-a359-46458d447674/export d6e7e5ee-3f6e-4df4-a359-46458d447674 2026-05-04T19:20:00.656201+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "d6e7e5ee-3f6e-4df4-a359-46458d447674", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44017", "type": "seen", "source": "https://t.me/cibsecurity/55290", "content": "\u203c CVE-2022-44017 \u203c\n\nAn issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/#main can be used for this. This is due to the credentials not being cleaned from the local storage after logout.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T07:39:40.000000Z"} 2022-12-25T07:39:40+00:00 https://vulnerability.circl.lu/sighting/8b3dd4ad-47bb-49d5-a7e0-6e7733db39bb/export 8b3dd4ad-47bb-49d5-a7e0-6e7733db39bb 2026-05-04T19:20:00.656111+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8b3dd4ad-47bb-49d5-a7e0-6e7733db39bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44016", "type": "seen", "source": "https://t.me/cibsecurity/55291", "content": "\u203c CVE-2022-44016 \u203c\n\nAn issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '\"ImagesPath\":\"C:\\\\\"' value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T07:39:41.000000Z"} 2022-12-25T07:39:41+00:00 https://vulnerability.circl.lu/sighting/04d3c970-1e31-4b4b-98b5-58fd7f7cd562/export 04d3c970-1e31-4b4b-98b5-58fd7f7cd562 2026-05-04T19:20:00.656019+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "04d3c970-1e31-4b4b-98b5-58fd7f7cd562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44013", "type": "seen", "source": "https://t.me/cibsecurity/55292", "content": "\u203c CVE-2022-44013 \u203c\n\nAn issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T07:39:42.000000Z"} 2022-12-25T07:39:42+00:00 https://vulnerability.circl.lu/sighting/4b8249bc-d1d9-475d-981c-c22740fdcf23/export 4b8249bc-d1d9-475d-981c-c22740fdcf23 2026-05-04T19:20:00.655929+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "4b8249bc-d1d9-475d-981c-c22740fdcf23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44015", "type": "seen", "source": "https://t.me/cibsecurity/55295", "content": "\u203c CVE-2022-44015 \u203c\n\nAn issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T07:39:48.000000Z"} 2022-12-25T07:39:48+00:00 https://vulnerability.circl.lu/sighting/bca41a3d-2832-4409-b8e9-e2a0b8dd1e38/export bca41a3d-2832-4409-b8e9-e2a0b8dd1e38 2026-05-04T19:20:00.655842+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "bca41a3d-2832-4409-b8e9-e2a0b8dd1e38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44014", "type": "seen", "source": "https://t.me/cibsecurity/55298", "content": "\u203c CVE-2022-44014 \u203c\n\nAn issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T07:39:54.000000Z"} 2022-12-25T07:39:54+00:00 https://vulnerability.circl.lu/sighting/d951ed53-d04f-4210-9c70-2326f86d21b6/export d951ed53-d04f-4210-9c70-2326f86d21b6 2026-05-04T19:20:00.655744+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "d951ed53-d04f-4210-9c70-2326f86d21b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44012", "type": "seen", "source": "https://t.me/cibsecurity/55305", "content": "\u203c CVE-2022-44012 \u203c\n\nAn issue was discovered in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be decrypted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T09:49:50.000000Z"} 2022-12-25T09:49:50+00:00 https://vulnerability.circl.lu/sighting/e37205f0-9b32-404b-bc47-79bd27384a97/export e37205f0-9b32-404b-bc47-79bd27384a97 2026-05-04T19:20:00.655628+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e37205f0-9b32-404b-bc47-79bd27384a97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44018", "type": "seen", "source": "https://t.me/cibsecurity/57017", "content": "\u203c CVE-2022-44018 \u203c\n\nIn Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:47:12.000000Z"} 2023-01-27T00:47:12+00:00 https://vulnerability.circl.lu/sighting/a67539c6-5ba6-4502-872a-287e49c0077a/export a67539c6-5ba6-4502-872a-287e49c0077a 2026-05-04T19:20:00.652911+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a67539c6-5ba6-4502-872a-287e49c0077a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44018", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9929", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-44018\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.\n\ud83d\udccf Published: 2023-01-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-01T15:23:24.823Z\n\ud83d\udd17 References:\n1. https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-10.html", "creation_timestamp": "2025-04-01T15:32:48.000000Z"} 2025-04-01T15:32:48+00:00