Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-04T09:48:39.253825+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/28ef31b4-30f6-44ff-a3ee-0c1bef90273d/export 28ef31b4-30f6-44ff-a3ee-0c1bef90273d 2026-05-04T09:48:39.675472+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "28ef31b4-30f6-44ff-a3ee-0c1bef90273d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4675", "type": "seen", "source": "https://t.me/cibsecurity/56850", "content": "\u203c CVE-2022-4675 \u203c\n\nThe Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:25:22.000000Z"} 2023-01-23T18:25:22+00:00 https://vulnerability.circl.lu/sighting/d44d3629-ffbe-499e-a8d9-e8d22b8728b1/export d44d3629-ffbe-499e-a8d9-e8d22b8728b1 2026-05-04T09:48:39.675399+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "d44d3629-ffbe-499e-a8d9-e8d22b8728b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46752", "type": "seen", "source": "https://t.me/cibsecurity/59680", "content": "\u203c CVE-2022-46752 \u203c\n\nDell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-08T20:23:19.000000Z"} 2023-03-08T20:23:19+00:00 https://vulnerability.circl.lu/sighting/a458ed26-808c-4e52-b981-315c1dc48ef6/export a458ed26-808c-4e52-b981-315c1dc48ef6 2026-05-04T09:48:39.675319+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a458ed26-808c-4e52-b981-315c1dc48ef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://t.me/cibsecurity/68874", "content": "\u203c CVE-2022-46751 \u203c\n\nImproper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle's \"Java API for XML Processing (JAXP) Security Guide\".\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-21T12:40:52.000000Z"} 2023-08-21T12:40:52+00:00 https://vulnerability.circl.lu/sighting/84b90dba-83a1-4ce7-ab4f-8e6ae884882d/export 84b90dba-83a1-4ce7-ab4f-8e6ae884882d 2026-05-04T09:48:39.675233+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "84b90dba-83a1-4ce7-ab4f-8e6ae884882d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46756", "type": "seen", "source": "https://t.me/cibsecurity/57268", "content": "\u203c CVE-2022-46756 \u203c\n\nDell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-25T12:34:50.000000Z"} 2023-09-25T12:34:50+00:00 https://vulnerability.circl.lu/sighting/8ac9c6b4-4a60-4ece-ae27-3ee2ca7e0819/export 8ac9c6b4-4a60-4ece-ae27-3ee2ca7e0819 2026-05-04T09:48:39.675134+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8ac9c6b4-4a60-4ece-ae27-3ee2ca7e0819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://t.me/ctinow/180780", "content": "https://ift.tt/bgjioMx\nCVE-2022-46751 | Oracle Communications Cloud Native Core Automated Test Suite ATS Framework xml injection", "creation_timestamp": "2024-02-07T16:16:43.000000Z"} 2024-02-07T16:16:43+00:00 https://vulnerability.circl.lu/sighting/ec77a7fc-05a9-4d51-9681-6a4518a7e9e8/export ec77a7fc-05a9-4d51-9681-6a4518a7e9e8 2026-05-04T09:48:39.675056+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "ec77a7fc-05a9-4d51-9681-6a4518a7e9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://t.me/ctinow/181952", "content": "https://ift.tt/8yTgdRn\nCVE-2022-46751 | Oracle Business Intelligence Enterprise Edition 6.4.0.0.0 Visual Analyzer unknown vulnerability", "creation_timestamp": "2024-02-09T10:51:22.000000Z"} 2024-02-09T10:51:22+00:00 https://vulnerability.circl.lu/sighting/fdbf1c2f-93e9-4f7a-a5db-d20e0d9d9c19/export fdbf1c2f-93e9-4f7a-a5db-d20e0d9d9c19 2026-05-04T09:48:39.674972+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "fdbf1c2f-93e9-4f7a-a5db-d20e0d9d9c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113477970956610756", "content": "", "creation_timestamp": "2024-11-13T22:20:22.951664Z"} 2024-11-13T22:20:22.951664+00:00 https://vulnerability.circl.lu/sighting/13caf5b4-3505-4500-a9bc-61d53cf525e4/export 13caf5b4-3505-4500-a9bc-61d53cf525e4 2026-05-04T09:48:39.674857+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "13caf5b4-3505-4500-a9bc-61d53cf525e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46752", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5967", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46752\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: \nDell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.\n\n\n\ud83d\udccf Published: 2023-03-08T16:51:55.033Z\n\ud83d\udccf Modified: 2025-02-28T18:32:37.203Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000207928/dsa-2023-011-dell-client-platform-security-update-for-a-bios-vulnerability", "creation_timestamp": "2025-02-28T19:27:15.000000Z"} 2025-02-28T19:27:15+00:00 https://vulnerability.circl.lu/sighting/bf08f7b9-3451-48c8-a48b-5226ae3f6ef2/export bf08f7b9-3451-48c8-a48b-5226ae3f6ef2 2026-05-04T09:48:39.671890+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "bf08f7b9-3451-48c8-a48b-5226ae3f6ef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46754", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46754\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: \nWyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-10T21:25:19.476Z\n\ud83d\udccf Modified: 2025-03-21T19:49:50.393Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000206134/dsa-2022-329-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities", "creation_timestamp": "2025-03-21T20:24:52.000000Z"} 2025-03-21T20:24:52+00:00