https://vulnerability.circl.lu/sightings/feed 2026-06-29T13:23:52.044184+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/2b01bcbf-41f8-4bd2-9456-1237e7171a43/export 2026-06-29T13:23:52.058227+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "2b01bcbf-41f8-4bd2-9456-1237e7171a43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4541", "type": "seen", "source": "https://t.me/cvedetector/6404", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-4541 - WordPress Visitors Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-4541 \nPublished : Sept. 26, 2024, 10:15 a.m. | 38\u00a0minutes ago \nDescription : The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the nm_vistior page. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"26 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-26T12:57:33.000000Z"} 2024-09-26T12:57:33+00:00 https://vulnerability.circl.lu/sighting/7bdc51ff-1f44-4e39-981d-b60aa8556fba/export 2026-06-29T13:23:52.060336+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7bdc51ff-1f44-4e39-981d-b60aa8556fba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45412", "type": "seen", "source": "https://t.me/cibsecurity/55182", "content": "\u203c CVE-2022-45412 \u203c\n\nWhen resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. *This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:27:20.000000Z"} 2022-12-22T22:27:20+00:00 https://vulnerability.circl.lu/sighting/7499ad32-120f-43e5-bd2d-c542d424472b/export 2026-06-29T13:23:52.060435+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7499ad32-120f-43e5-bd2d-c542d424472b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45414", "type": "seen", "source": "https://t.me/cibsecurity/55176", "content": "\u203c CVE-2022-45414 \u203c\n\nIf a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:27:13.000000Z"} 2022-12-22T22:27:13+00:00 https://vulnerability.circl.lu/sighting/a22690c9-94c1-47f5-b07c-0d8b95eab031/export 2026-06-29T13:23:52.060513+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a22690c9-94c1-47f5-b07c-0d8b95eab031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45417", "type": "seen", "source": "https://t.me/cibsecurity/55138", "content": "\u203c CVE-2022-45417 \u203c\n\nService Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:20:06.000000Z"} 2022-12-22T22:20:06+00:00 https://vulnerability.circl.lu/sighting/269e29fe-5172-4136-87da-7cca6aa2d371/export 2026-06-29T13:23:52.060586+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "269e29fe-5172-4136-87da-7cca6aa2d371", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45411", "type": "seen", "source": "https://t.me/cibsecurity/55129", "content": "\u203c CVE-2022-45411 \u203c\n\nCross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-standard headers such as X-Http-Method-Override that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:19:57.000000Z"} 2022-12-22T22:19:57+00:00