https://vulnerability.circl.lu/sightings/feed 2026-05-06T05:39:14.781207+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/934016ac-3b09-4545-ac0c-266d4cd7fd63/export 2026-05-06T05:39:15.145520+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "934016ac-3b09-4545-ac0c-266d4cd7fd63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44457", "type": "seen", "source": "https://t.me/cibsecurity/52627", "content": "\u203c CVE-2022-44457 \u203c\n\nA vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T14:35:16.000000Z"} 2022-11-08T14:35:16+00:00 https://vulnerability.circl.lu/sighting/f06424e1-4811-43c0-afb3-be34ac374b88/export 2026-05-06T05:39:15.145289+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f06424e1-4811-43c0-afb3-be34ac374b88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4445", "type": "seen", "source": "https://t.me/cibsecurity/58004", "content": "\u203c CVE-2022-4445 \u203c\n\nThe FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-13T18:35:59.000000Z"} 2023-02-13T18:35:59+00:00 https://vulnerability.circl.lu/sighting/edf82bd4-adc7-40ba-8ca2-adc399821a3d/export 2026-05-06T05:39:15.142414+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "edf82bd4-adc7-40ba-8ca2-adc399821a3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44456", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12234", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-44456\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.\n\ud83d\udccf Published: 2022-12-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-17T14:41:58.361Z\n\ud83d\udd17 References:\n1. https://www.contec.com/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_221014_en.pdf\n2. https://www.contec.com/download/contract/contract4/?itemid=ea8039aa-3434-4999-9ab6-897aa690210c&downloaditemid=866d7d3c-aae9-438d-87f3-17aa040df90b\n3. https://jvn.jp/en/vu/JVNVU96873821/index.html", "creation_timestamp": "2025-04-17T14:58:17.000000Z"} 2025-04-17T14:58:17+00:00