https://vulnerability.circl.lu/sightings/feed 2026-05-05T21:17:12.820190+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/329a6026-9422-4e6e-8282-b3ea3fb55b29/export 2026-05-05T21:17:13.259272+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "329a6026-9422-4e6e-8282-b3ea3fb55b29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45529", "type": "seen", "source": "https://t.me/cibsecurity/53381", "content": "\u203c CVE-2022-45529 \u203c\n\nAeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \\admin\\includes\\edit_post.php. This vulnerability allows attackers to access database information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T00:13:17.000000Z"} 2022-11-23T00:13:17+00:00 https://vulnerability.circl.lu/sighting/91a5840e-47e1-4a92-ad2b-17d079ee6cfa/export 2026-05-05T21:17:13.259175+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "91a5840e-47e1-4a92-ad2b-17d079ee6cfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45523", "type": "seen", "source": "https://t.me/cibsecurity/54163", "content": "\u203c CVE-2022-45523 \u203c\n\nTenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-08T18:17:37.000000Z"} 2022-12-08T18:17:37+00:00 https://vulnerability.circl.lu/sighting/5d453832-3d52-4be9-85da-d13ddf8e4857/export 2026-05-05T21:17:13.259076+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "5d453832-3d52-4be9-85da-d13ddf8e4857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45526", "type": "seen", "source": "https://t.me/cibsecurity/57803", "content": "\u203c CVE-2022-45526 \u203c\n\nSQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T22:25:38.000000Z"} 2023-02-08T22:25:38+00:00 https://vulnerability.circl.lu/sighting/0aeafc18-6e90-44a2-99f8-c498bf77affd/export 2026-05-05T21:17:13.258967+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "0aeafc18-6e90-44a2-99f8-c498bf77affd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45527", "type": "seen", "source": "https://t.me/cibsecurity/57806", "content": "\u203c CVE-2022-45527 \u203c\n\nFile upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T22:25:41.000000Z"} 2023-02-08T22:25:41+00:00 https://vulnerability.circl.lu/sighting/3b76e584-cb9a-4596-a239-2e688a942917/export 2026-05-05T21:17:13.258832+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "3b76e584-cb9a-4596-a239-2e688a942917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4552", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9179", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4552\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack\n\ud83d\udccf Published: 2023-01-30T20:31:51.944Z\n\ud83d\udccf Modified: 2025-03-27T19:13:12.983Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/307b0fe4-39de-4fbb-8bb0-f7f15ec6ef52", "creation_timestamp": "2025-03-27T19:26:51.000000Z"} 2025-03-27T19:26:51+00:00 https://vulnerability.circl.lu/sighting/b328cf52-8961-4ed0-b111-116b47c06c3e/export 2026-05-05T21:17:13.256564+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "b328cf52-8961-4ed0-b111-116b47c06c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45529", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13554", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45529\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \\admin\\includes\\edit_post.php. This vulnerability allows attackers to access database information.\n\ud83d\udccf Published: 2022-11-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T21:02:24.173Z\n\ud83d\udd17 References:\n1. https://rdyx0.github.io/2018/09/05/AeroCMS-v0.0.1-SQLi%20edit_post_post_category_id_sql_injectin/\n2. https://github.com/rdyx0/CVE/blob/master/AeroCMS/AeroCMS-v0.0.1-SQLi/edit_post_post_category_id_sql_injection/edit_post_post_category_id_sql_injection.md", "creation_timestamp": "2025-04-25T22:07:32.000000Z"} 2025-04-25T22:07:32+00:00