https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 25 Jun 2026 05:35:49 +0000 https://vulnerability.circl.lu/sighting/650ae011-1e8b-4ff6-a5c2-a50582771203/export {"uuid": "650ae011-1e8b-4ff6-a5c2-a50582771203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21701", "type": "seen", "source": "https://t.me/cibsecurity/35904", "content": "\u203c CVE-2022-21701 \u203c\n\nIstio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gateways.gateway.networking.k8s.io` objects can escalate this privilege to create other resources that they may not have access to, such as `Pod`. This vulnerability impacts only an Alpha level feature, the Kubernetes Gateway API. This is not the same as the Istio Gateway type (gateways.networking.istio.io), which is not vulnerable. Users are advised to upgrade to resolve this issue. Users unable to upgrade should implement any of the following which will prevent this vulnerability: Remove the gateways.gateway.networking.k8s.io CustomResourceDefinition, set PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER=true environment variable in Istiod, or remove CREATE permissions for gateways.gateway.networking.k8s.io objects from untrusted users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-20T00:40:52.000000Z"} {"uuid": "650ae011-1e8b-4ff6-a5c2-a50582771203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21701", "type": "seen", "source": "https://t.me/cibsecurity/35904", "content": "\u203c CVE-2022-21701 \u203c\n\nIstio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gateways.gateway.networking.k8s.io` objects can escalate this privilege to create other resources that they may not have access to, such as `Pod`. This vulnerability impacts only an Alpha level feature, the Kubernetes Gateway API. This is not the same as the Istio Gateway type (gateways.networking.istio.io), which is not vulnerable. Users are advised to upgrade to resolve this issue. Users unable to upgrade should implement any of the following which will prevent this vulnerability: Remove the gateways.gateway.networking.k8s.io CustomResourceDefinition, set PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER=true environment variable in Istiod, or remove CREATE permissions for gateways.gateway.networking.k8s.io objects from untrusted users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-20T00:40:52.000000Z"} https://vulnerability.circl.lu/sighting/650ae011-1e8b-4ff6-a5c2-a50582771203/export Thu, 20 Jan 2022 00:40:52 +0000 https://vulnerability.circl.lu/sighting/ae99ad69-01ec-4e77-804c-12d4df675807/export {"uuid": "ae99ad69-01ec-4e77-804c-12d4df675807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21708", "type": "seen", "source": "https://t.me/cibsecurity/36088", "content": "\u203c CVE-2022-21708 \u203c\n\ngraphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-22T02:15:35.000000Z"} {"uuid": "ae99ad69-01ec-4e77-804c-12d4df675807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21708", "type": "seen", "source": "https://t.me/cibsecurity/36088", "content": "\u203c CVE-2022-21708 \u203c\n\ngraphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-22T02:15:35.000000Z"} https://vulnerability.circl.lu/sighting/ae99ad69-01ec-4e77-804c-12d4df675807/export Sat, 22 Jan 2022 02:15:35 +0000 https://vulnerability.circl.lu/sighting/d05e6465-daaf-42fc-9a48-c746812cd054/export {"uuid": "d05e6465-daaf-42fc-9a48-c746812cd054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21703", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6017", "content": "CVE-2022-21703: cross-origin request forgery against Grafana\n\nhttps://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/", "creation_timestamp": "2022-02-08T21:54:06.000000Z"} {"uuid": "d05e6465-daaf-42fc-9a48-c746812cd054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21703", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6017", "content": "CVE-2022-21703: cross-origin request forgery against Grafana\n\nhttps://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/", "creation_timestamp": "2022-02-08T21:54:06.000000Z"} https://vulnerability.circl.lu/sighting/d05e6465-daaf-42fc-9a48-c746812cd054/export Tue, 08 Feb 2022 21:54:06 +0000 https://vulnerability.circl.lu/sighting/93faf2cd-ea14-4d45-a66b-22a6b629aec4/export {"uuid": "93faf2cd-ea14-4d45-a66b-22a6b629aec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21702", "type": "seen", "source": "https://t.me/cibsecurity/37022", "content": "\u203c CVE-2022-21702 \u203c\n\nGrafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-08T22:42:03.000000Z"} {"uuid": "93faf2cd-ea14-4d45-a66b-22a6b629aec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21702", "type": "seen", "source": "https://t.me/cibsecurity/37022", "content": "\u203c CVE-2022-21702 \u203c\n\nGrafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-08T22:42:03.000000Z"} https://vulnerability.circl.lu/sighting/93faf2cd-ea14-4d45-a66b-22a6b629aec4/export Tue, 08 Feb 2022 22:42:03 +0000 https://vulnerability.circl.lu/sighting/7d046f98-256c-4ce9-9e2a-fe46facbff83/export {"uuid": "7d046f98-256c-4ce9-9e2a-fe46facbff83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21703", "type": "seen", "source": "https://t.me/cibsecurity/37026", "content": "\u203c CVE-2022-21703 \u203c\n\nGrafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T00:15:21.000000Z"} {"uuid": "7d046f98-256c-4ce9-9e2a-fe46facbff83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21703", "type": "seen", "source": "https://t.me/cibsecurity/37026", "content": "\u203c CVE-2022-21703 \u203c\n\nGrafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-09T00:15:21.000000Z"} https://vulnerability.circl.lu/sighting/7d046f98-256c-4ce9-9e2a-fe46facbff83/export Wed, 09 Feb 2022 00:15:21 +0000 https://vulnerability.circl.lu/sighting/60a3873b-9f7f-4c43-99a3-c03675191dbe/export {"uuid": "60a3873b-9f7f-4c43-99a3-c03675191dbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21703", "type": "published-proof-of-concept", "source": "https://t.me/hack_room_channel/270", "content": "CVE-2022-21703: cross-origin request forgery against Grafana\n\nhttps://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/", "creation_timestamp": "2022-02-09T08:42:11.000000Z"} {"uuid": "60a3873b-9f7f-4c43-99a3-c03675191dbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21703", "type": "published-proof-of-concept", "source": "https://t.me/hack_room_channel/270", "content": "CVE-2022-21703: cross-origin request forgery against Grafana\n\nhttps://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/", "creation_timestamp": "2022-02-09T08:42:11.000000Z"} https://vulnerability.circl.lu/sighting/60a3873b-9f7f-4c43-99a3-c03675191dbe/export Wed, 09 Feb 2022 08:42:11 +0000 https://vulnerability.circl.lu/sighting/720c6af5-2937-4695-b3c1-7bc296507c0c/export {"uuid": "720c6af5-2937-4695-b3c1-7bc296507c0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21703", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5399", "content": "#Threat_Research\n1. Cross-origin request forgery against Grafana (CVE-2022-21703)\nhttps://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup\n2. WordPress <5.8.3 - Object Injection Vulnerability (CVE-2022-21663)\nhttps://blog.sonarsource.com/wordpress-object-injection-vulnerability\n3. A Remote Stack Overflow in The Linux Kernel (CVE-2022-0435)\nhttps://www.openwall.com/lists/oss-security/2022/02/10/1", "creation_timestamp": "2022-02-12T13:52:55.000000Z"} {"uuid": "720c6af5-2937-4695-b3c1-7bc296507c0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21703", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5399", "content": "#Threat_Research\n1. Cross-origin request forgery against Grafana (CVE-2022-21703)\nhttps://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup\n2. WordPress <5.8.3 - Object Injection Vulnerability (CVE-2022-21663)\nhttps://blog.sonarsource.com/wordpress-object-injection-vulnerability\n3. A Remote Stack Overflow in The Linux Kernel (CVE-2022-0435)\nhttps://www.openwall.com/lists/oss-security/2022/02/10/1", "creation_timestamp": "2022-02-12T13:52:55.000000Z"} https://vulnerability.circl.lu/sighting/720c6af5-2937-4695-b3c1-7bc296507c0c/export Sat, 12 Feb 2022 13:52:55 +0000 https://vulnerability.circl.lu/sighting/0101736a-e9e2-4c4f-a137-3ee30f182644/export {"uuid": "0101736a-e9e2-4c4f-a137-3ee30f182644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21705", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/37965", "content": "\u203c CVE-2022-21705 \u203c\n\nOctobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-23T22:13:46.000000Z"} {"uuid": "0101736a-e9e2-4c4f-a137-3ee30f182644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21705", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/37965", "content": "\u203c CVE-2022-21705 \u203c\n\nOctobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-23T22:13:46.000000Z"} https://vulnerability.circl.lu/sighting/0101736a-e9e2-4c4f-a137-3ee30f182644/export Wed, 23 Feb 2022 22:13:46 +0000 https://vulnerability.circl.lu/sighting/de2e82cb-a99a-4758-9380-7d0bee51f2a1/export {"uuid": "de2e82cb-a99a-4758-9380-7d0bee51f2a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21706", "type": "seen", "source": "https://t.me/cibsecurity/38158", "content": "\u203c CVE-2022-21706 \u203c\n\nZulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-26T16:50:45.000000Z"} {"uuid": "de2e82cb-a99a-4758-9380-7d0bee51f2a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21706", "type": "seen", "source": "https://t.me/cibsecurity/38158", "content": "\u203c CVE-2022-21706 \u203c\n\nZulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-26T16:50:45.000000Z"} https://vulnerability.circl.lu/sighting/de2e82cb-a99a-4758-9380-7d0bee51f2a1/export Sat, 26 Feb 2022 16:50:45 +0000 https://vulnerability.circl.lu/sighting/6ca7f5ad-03a4-4f56-bd2c-2565fe4dbce2/export {"uuid": "6ca7f5ad-03a4-4f56-bd2c-2565fe4dbce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2170", "type": "seen", "source": "https://t.me/cibsecurity/47316", "content": "\u203c CVE-2022-2170 \u203c\n\nThe Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-01T16:16:53.000000Z"} {"uuid": "6ca7f5ad-03a4-4f56-bd2c-2565fe4dbce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2170", "type": "seen", "source": "https://t.me/cibsecurity/47316", "content": "\u203c CVE-2022-2170 \u203c\n\nThe Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-01T16:16:53.000000Z"} https://vulnerability.circl.lu/sighting/6ca7f5ad-03a4-4f56-bd2c-2565fe4dbce2/export Mon, 01 Aug 2022 16:16:53 +0000