https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-29T17:22:20.797104+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/1f24c5e1-5ee0-4ca5-b4c3-0535906a5b9b/export1f24c5e1-5ee0-4ca5-b4c3-0535906a5b9b2026-06-29T17:22:20.814845+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "1f24c5e1-5ee0-4ca5-b4c3-0535906a5b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46147", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12883", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46147\n\ud83d\udd25 CVSS Score: 8.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds.\n\ud83d\udccf Published: 2022-11-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T15:59:21.749Z\n\ud83d\udd17 References:\n1. https://github.com/openedx/xblock-drag-and-drop-v2/security/advisories/GHSA-qv6c-367r-3w6q\n2. https://github.com/openedx/xblock-drag-and-drop-v2/pull/295#issuecomment-1277693864\n3. https://github.com/openedx/xblock-drag-and-drop-v2/commit/68887d1b4a44325d2de7573d450e41129ba98b1a\n4. https://github.com/openedx/xblock-drag-and-drop-v2/releases/tag/v3.0.0", "creation_timestamp": "2025-04-22T16:03:24.000000Z"}2025-04-22T16:03:24+00:00https://vulnerability.circl.lu/sighting/af2bf8e6-23f6-4f4c-833c-0f8482970773/exportaf2bf8e6-23f6-4f4c-833c-0f84829707732026-06-29T17:22:20.816192+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "af2bf8e6-23f6-4f4c-833c-0f8482970773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4614", "type": "seen", "source": "https://t.me/cibsecurity/54905", "content": "\u203c CVE-2022-4614 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository alagrede/znote-app prior to 1.7.11.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T22:23:13.000000Z"}2022-12-19T22:23:13+00:00https://vulnerability.circl.lu/sighting/b7d8f47e-ec16-4333-9cce-b42be7a31b1b/exportb7d8f47e-ec16-4333-9cce-b42be7a31b1b2026-06-29T17:22:20.816293+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "b7d8f47e-ec16-4333-9cce-b42be7a31b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46142", "type": "seen", "source": "https://t.me/cibsecurity/54420", "content": "\u203c CVE-2022-46142 \u203c\n\nAffected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T18:22:09.000000Z"}2022-12-13T18:22:09+00:00https://vulnerability.circl.lu/sighting/2db0453e-45cf-4b12-b85c-53fd1435e3f8/export2db0453e-45cf-4b12-b85c-53fd1435e3f82026-06-29T17:22:20.816378+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "2db0453e-45cf-4b12-b85c-53fd1435e3f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46144", "type": "seen", "source": "https://t.me/cibsecurity/54407", "content": "\u203c CVE-2022-46144 \u203c\n\nA vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= 2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= 2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= 2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= 2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= 2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= 2.3 < V3.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T18:21:52.000000Z"}2022-12-13T18:21:52+00:00https://vulnerability.circl.lu/sighting/af2e28ad-8126-471e-b768-7e960876f486/exportaf2e28ad-8126-471e-b768-7e960876f4862026-06-29T17:22:20.816475+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "af2e28ad-8126-471e-b768-7e960876f486", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46143", "type": "seen", "source": "https://t.me/cibsecurity/54404", "content": "\u203c CVE-2022-46143 \u203c\n\nAffected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T18:21:49.000000Z"}2022-12-13T18:21:49+00:00https://vulnerability.circl.lu/sighting/59a93e2c-be61-4fb4-9e27-9ac54763a277/export59a93e2c-be61-4fb4-9e27-9ac54763a2772026-06-29T17:22:20.816562+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "59a93e2c-be61-4fb4-9e27-9ac54763a277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46146", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1619", "content": "#exploit\n1. CVE-2022-3328:\nRace condition in snap-confine's must_mkdir_and_open_with_perms()\nhttps://seclists.org/oss-sec/2022/q4/164\n\n2. CVE-2022-46146:\nAuthentication Bypass in Open-Source Prometheus Project\nhttps://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project\n\n3. CVE-2022-4116:\nQuarkus Java framework RCE\nhttps://joebeeton.github.io\n]-> https://github.com/JoeBeeton/simple-request-attacks", "creation_timestamp": "2022-12-06T04:04:16.000000Z"}2022-12-06T04:04:16+00:00https://vulnerability.circl.lu/sighting/43045b03-d451-49df-a35e-f3843c4a213e/export43045b03-d451-49df-a35e-f3843c4a213e2026-06-29T17:22:20.816638+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "43045b03-d451-49df-a35e-f3843c4a213e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46145", "type": "seen", "source": "https://t.me/cibsecurity/53829", "content": "\u203c CVE-2022-46145 \u203c\n\nauthentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-02T20:37:35.000000Z"}2022-12-02T20:37:35+00:00https://vulnerability.circl.lu/sighting/3ac6d072-ae5f-4ae3-a87a-143d2ab2983f/export3ac6d072-ae5f-4ae3-a87a-143d2ab2983f2026-06-29T17:22:20.816716+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "3ac6d072-ae5f-4ae3-a87a-143d2ab2983f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46146", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7281", "content": "#exploit\n1. CVE-2022-3328:\nRace condition in snap-confine's must_mkdir_and_open_with_perms()\nhttps://seclists.org/oss-sec/2022/q4/164\n\n2. CVE-2022-46146:\nAuthentication Bypass in Open-Source Prometheus Project\nhttps://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project\n\n3. CVE-2022-4116:\nQuarkus Java framework RCE\nhttps://joebeeton.github.io\n]-> https://github.com/JoeBeeton/simple-request-attacks", "creation_timestamp": "2022-12-02T11:01:15.000000Z"}2022-12-02T11:01:15+00:00https://vulnerability.circl.lu/sighting/e68d66fc-fc3a-441e-8d43-e589c98558b7/exporte68d66fc-fc3a-441e-8d43-e589c98558b72026-06-29T17:22:20.816788+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "e68d66fc-fc3a-441e-8d43-e589c98558b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46149", "type": "seen", "source": "https://t.me/cibsecurity/53732", "content": "\u203c CVE-2022-46149 \u203c\n\nCap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T20:30:55.000000Z"}2022-11-30T20:30:55+00:00https://vulnerability.circl.lu/sighting/429097f8-6788-4519-8209-055f2e135656/export429097f8-6788-4519-8209-055f2e1356562026-06-29T17:22:20.816865+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "429097f8-6788-4519-8209-055f2e135656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46148", "type": "seen", "source": "https://t.me/cibsecurity/53667", "content": "\u203c CVE-2022-46148 \u203c\n\nDiscourse is an open-source messaging platform. In versions 2.8.10 and prior on the `stable` branch and versions 2.9.0.beta11 and prior on the `beta` and `tests-passed` branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse\u00e2\u20ac\u2122s default Content Security Policy. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T20:29:03.000000Z"}2022-11-29T20:29:03+00:00