https://vulnerability.circl.lu/sightings/feed 2026-05-09T13:22:49.465347+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/3acaa007-42ce-491f-a3b1-902c417ca46e/export 2026-05-09T13:22:49.733797+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "3acaa007-42ce-491f-a3b1-902c417ca46e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4973", "type": "seen", "source": "https://t.me/cvedetector/8018", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-4973 - WordPress Core Authenticated Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-4973 \nPublished : Oct. 16, 2024, 7:15 a.m. | 43\u00a0minutes ago \nDescription : WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T10:30:24.000000Z"} 2024-10-16T10:30:24+00:00 https://vulnerability.circl.lu/sighting/92d1e34d-6e09-43ad-9899-43e9794d1b56/export 2026-05-09T13:22:49.733728+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "92d1e34d-6e09-43ad-9899-43e9794d1b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49732", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5509", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49732\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nsock: redo the psock vs ULP protection check\n\nCommit 8a59f9d1e3d4 (\"sock: Introduce sk->sk_prot->psock_update_sk_prot()\")\nhas moved the inet_csk_has_ulp(sk) check from sk_psock_init() to\nthe new tcp_bpf_update_proto() function. I'm guessing that this\nwas done to allow creating psocks for non-inet sockets.\n\nUnfortunately the destruction path for psock includes the ULP\nunwind, so we need to fail the sk_psock_init() itself.\nOtherwise if ULP is already present we'll notice that later,\nand call tcp_update_ulp() with the sk_proto of the ULP\nitself, which will most likely result in the ULP looping\nits callbacks.\n\ud83d\udccf Published: 2025-02-26T14:57:24.827Z\n\ud83d\udccf Modified: 2025-02-26T14:57:24.827Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/72fa0f65b56605b8a9ae9fba2082f2123f7fe017\n2. https://git.kernel.org/stable/c/922309e50befb0cfa5cb65e4989b7706d6578846\n3. https://git.kernel.org/stable/c/e34a07c0ae3906f97eb18df50902e2a01c1015b6", "creation_timestamp": "2025-02-26T15:26:12.000000Z"} 2025-02-26T15:26:12+00:00 https://vulnerability.circl.lu/sighting/bac988b8-91da-4a09-8304-a7a85d3bf736/export 2026-05-09T13:22:49.733650+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "bac988b8-91da-4a09-8304-a7a85d3bf736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49733", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6099", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49733\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC\n\nThere is a small race window at snd_pcm_oss_sync() that is called from\nOSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls\nsnd_pcm_oss_make_ready() at first, then takes the params_lock mutex\nfor the rest. When the stream is set up again by another thread\nbetween them, it leads to inconsistency, and may result in unexpected\nresults such as NULL dereference of OSS buffer as a fuzzer spotted\nrecently.\n\nThe fix is simply to cover snd_pcm_oss_make_ready() call into the same\nparams_lock mutex with snd_pcm_oss_make_ready_locked() variant.\n\ud83d\udccf Published: 2025-03-02T14:30:02.838Z\n\ud83d\udccf Modified: 2025-03-02T14:30:02.838Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0\n2. https://git.kernel.org/stable/c/fce793a056c604b41a298317cf704dae255f1b36\n3. https://git.kernel.org/stable/c/8015ef9e8a0ee5cecfd0cb6805834d007ab26f86\n4. https://git.kernel.org/stable/c/723ac5ab2891b6c10dd6cc78ef5456af593490eb\n5. https://git.kernel.org/stable/c/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d", "creation_timestamp": "2025-03-02T15:32:09.000000Z"} 2025-03-02T15:32:09+00:00 https://vulnerability.circl.lu/sighting/994adf50-065c-41cb-8a34-1690e5233aa5/export 2026-05-09T13:22:49.733568+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "994adf50-065c-41cb-8a34-1690e5233aa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49733", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljftnubptf2a", "content": "", "creation_timestamp": "2025-03-02T16:19:33.350935Z"} 2025-03-02T16:19:33.350935+00:00 https://vulnerability.circl.lu/sighting/cc35d29f-dace-492f-a026-2c113cb239f2/export 2026-05-09T13:22:49.733456+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "cc35d29f-dace-492f-a026-2c113cb239f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49733", "type": "seen", "source": "https://t.me/cvedetector/19257", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-49733 - ALSA OSS PCM Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-49733 \nPublished : March 2, 2025, 3:15 p.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC \n \nThere is a small race window at snd_pcm_oss_sync() that is called from \nOSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls \nsnd_pcm_oss_make_ready() at first, then takes the params_lock mutex \nfor the rest. When the stream is set up again by another thread \nbetween them, it leads to inconsistency, and may result in unexpected \nresults such as NULL dereference of OSS buffer as a fuzzer spotted \nrecently. \n \nThe fix is simply to cover snd_pcm_oss_make_ready() call into the same \nparams_lock mutex with snd_pcm_oss_make_ready_locked() variant. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"02 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-02T16:56:28.000000Z"} 2025-03-02T16:56:28+00:00 https://vulnerability.circl.lu/sighting/b26cc932-6f1b-405f-8828-b2f7e6c40ee5/export 2026-05-09T13:22:49.733356+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "b26cc932-6f1b-405f-8828-b2f7e6c40ee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49731", "type": "seen", "source": "Telegram/RKHWpEhOmDWXDliX9MScVW_SPEHLP7_gosrIpCH9ACr_qxa6", "content": "", "creation_timestamp": "2025-03-08T04:35:53.000000Z"} 2025-03-08T04:35:53+00:00 https://vulnerability.circl.lu/sighting/bbaf0c43-05d2-4541-83db-31d21564319b/export 2026-05-09T13:22:49.733239+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "bbaf0c43-05d2-4541-83db-31d21564319b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49737", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114169911968897392", "content": "", "creation_timestamp": "2025-03-16T03:10:04.474397Z"} 2025-03-16T03:10:04.474397+00:00 https://vulnerability.circl.lu/sighting/76dbb97e-c45e-427d-be74-b202fd4634be/export 2026-05-09T13:22:49.733109+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "76dbb97e-c45e-427d-be74-b202fd4634be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49737", "type": "seen", "source": "https://t.me/cvedetector/20393", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-49737 - X.Org X Server Input Thread Race Condition\", \n \"Content\": \"CVE ID : CVE-2022-49737 \nPublished : March 16, 2025, 1:15 a.m. | 1\u00a0hour, 20\u00a0minutes ago \nDescription : In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T03:50:03.000000Z"} 2025-03-16T03:50:03+00:00 https://vulnerability.circl.lu/sighting/fa761915-fd0c-46e3-9342-0100978108e8/export 2026-05-09T13:22:49.732173+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "fa761915-fd0c-46e3-9342-0100978108e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49737", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7808", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49737\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H)\n\ud83d\udd39 Description: In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.\n\ud83d\udccf Published: 2025-03-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-17T16:07:13.541Z\n\ud83d\udd17 References:\n1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338\n2. https://gitlab.freedesktop.org/xorg/xserver/-/issues/1260\n3. https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1081338;filename=dix-Hold-input-lock-for-AttachDevice.patch;msg=5\n4. https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0", "creation_timestamp": "2025-03-17T16:47:49.000000Z"} 2025-03-17T16:47:49+00:00 https://vulnerability.circl.lu/sighting/685dfe36-af84-44bc-9aab-118187a88afb/export 2026-05-09T13:22:49.730281+00:00 Alexandre Dulaunoy http://vulnerability.circl.lu/user/adulau {"uuid": "685dfe36-af84-44bc-9aab-118187a88afb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-49730", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} 2025-12-03T14:14:49.267740+00:00