https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 25 Jun 2026 11:50:22 +0000 https://vulnerability.circl.lu/sighting/8fc3f4ca-e862-4b8e-b2dc-e681d7709825/export {"uuid": "8fc3f4ca-e862-4b8e-b2dc-e681d7709825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23635", "type": "seen", "source": "https://t.me/cibsecurity/37906", "content": "\u203c CVE-2022-23635 \u203c\n\nIstio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-23T00:23:46.000000Z"} {"uuid": "8fc3f4ca-e862-4b8e-b2dc-e681d7709825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23635", "type": "seen", "source": "https://t.me/cibsecurity/37906", "content": "\u203c CVE-2022-23635 \u203c\n\nIstio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-23T00:23:46.000000Z"} https://vulnerability.circl.lu/sighting/8fc3f4ca-e862-4b8e-b2dc-e681d7709825/export Wed, 23 Feb 2022 00:23:46 +0000 https://vulnerability.circl.lu/sighting/7fcd0c62-0b06-41bc-8423-f2abcb21644b/export {"uuid": "7fcd0c62-0b06-41bc-8423-f2abcb21644b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2363", "type": "seen", "source": "https://t.me/cibsecurity/46074", "content": "\u203c CVE-2022-2363 \u203c\n\nA vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/admin/search/searching/. The manipulation of the argument search with the input \">alert(\"XSS\") leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T20:25:20.000000Z"} {"uuid": "7fcd0c62-0b06-41bc-8423-f2abcb21644b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2363", "type": "seen", "source": "https://t.me/cibsecurity/46074", "content": "\u203c CVE-2022-2363 \u203c\n\nA vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/admin/search/searching/. The manipulation of the argument search with the input \">alert(\"XSS\") leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T20:25:20.000000Z"} https://vulnerability.circl.lu/sighting/7fcd0c62-0b06-41bc-8423-f2abcb21644b/export Tue, 12 Jul 2022 20:25:20 +0000 https://vulnerability.circl.lu/sighting/58fd9d34-4531-48c7-8253-aa9f0f4490c7/export {"uuid": "58fd9d34-4531-48c7-8253-aa9f0f4490c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23631", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6398", "content": "#exploit\n1. Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706\nhttps://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706\n\n2. CVE-2022-23631:\nRCE via Prototype Pollution in Blitz.js\nhttps://blog.sonarsource.com/blitzjs-prototype-pollution", "creation_timestamp": "2022-07-14T13:07:20.000000Z"} {"uuid": "58fd9d34-4531-48c7-8253-aa9f0f4490c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23631", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6398", "content": "#exploit\n1. Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706\nhttps://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706\n\n2. CVE-2022-23631:\nRCE via Prototype Pollution in Blitz.js\nhttps://blog.sonarsource.com/blitzjs-prototype-pollution", "creation_timestamp": "2022-07-14T13:07:20.000000Z"} https://vulnerability.circl.lu/sighting/58fd9d34-4531-48c7-8253-aa9f0f4490c7/export Thu, 14 Jul 2022 13:07:20 +0000 https://vulnerability.circl.lu/sighting/386fa62e-5e35-4ebb-8035-61e77256babb/export {"uuid": "386fa62e-5e35-4ebb-8035-61e77256babb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23631", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/333", "content": "CVE-2022-23631 : RCE via Prototype Pollution in Blitz.js\nhttps://blog.sonarsource.com/blitzjs-prototype-pollution", "creation_timestamp": "2022-07-16T23:53:49.000000Z"} {"uuid": "386fa62e-5e35-4ebb-8035-61e77256babb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23631", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/333", "content": "CVE-2022-23631 : RCE via Prototype Pollution in Blitz.js\nhttps://blog.sonarsource.com/blitzjs-prototype-pollution", "creation_timestamp": "2022-07-16T23:53:49.000000Z"} https://vulnerability.circl.lu/sighting/386fa62e-5e35-4ebb-8035-61e77256babb/export Sat, 16 Jul 2022 23:53:49 +0000 https://vulnerability.circl.lu/sighting/7cc8a04b-9f10-4866-ae81-71196d306154/export {"uuid": "7cc8a04b-9f10-4866-ae81-71196d306154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23630", "type": "seen", "source": "https://t.me/cibsecurity/37258", "content": "\u203c CVE-2022-23630 \u203c\n\nGradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-24T08:19:51.000000Z"} {"uuid": "7cc8a04b-9f10-4866-ae81-71196d306154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23630", "type": "seen", "source": "https://t.me/cibsecurity/37258", "content": "\u203c CVE-2022-23630 \u203c\n\nGradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-24T08:19:51.000000Z"} https://vulnerability.circl.lu/sighting/7cc8a04b-9f10-4866-ae81-71196d306154/export Tue, 24 Oct 2023 08:19:51 +0000 https://vulnerability.circl.lu/sighting/2b73f226-4ff0-42fe-b717-642a352703b1/export {"uuid": "2b73f226-4ff0-42fe-b717-642a352703b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23635", "type": "seen", "source": "https://t.me/arpsyndicate/127", "content": "#ExploitObserverAlert\n\nCVE-2022-23635\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-23635. Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\nFIRST-EPSS: 0.001210000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-12T18:22:33.000000Z"} {"uuid": "2b73f226-4ff0-42fe-b717-642a352703b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23635", "type": "seen", "source": "https://t.me/arpsyndicate/127", "content": "#ExploitObserverAlert\n\nCVE-2022-23635\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-23635. Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\nFIRST-EPSS: 0.001210000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-12T18:22:33.000000Z"} https://vulnerability.circl.lu/sighting/2b73f226-4ff0-42fe-b717-642a352703b1/export Sun, 12 Nov 2023 18:22:33 +0000 https://vulnerability.circl.lu/sighting/c92045c2-e47a-4f69-95dc-3427bf2aa964/export {"uuid": "c92045c2-e47a-4f69-95dc-3427bf2aa964", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23631", "type": "seen", "source": "https://t.me/ctinow/164845", "content": "https://ift.tt/49U3xKi\nCVE-2022-23631 Exploit", "creation_timestamp": "2024-01-09T08:16:10.000000Z"} {"uuid": "c92045c2-e47a-4f69-95dc-3427bf2aa964", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23631", "type": "seen", "source": "https://t.me/ctinow/164845", "content": "https://ift.tt/49U3xKi\nCVE-2022-23631 Exploit", "creation_timestamp": "2024-01-09T08:16:10.000000Z"} https://vulnerability.circl.lu/sighting/c92045c2-e47a-4f69-95dc-3427bf2aa964/export Tue, 09 Jan 2024 08:16:10 +0000 https://vulnerability.circl.lu/sighting/2d2a2dc2-76c9-404d-a442-3edb9be9d17c/export {"uuid": "2d2a2dc2-76c9-404d-a442-3edb9be9d17c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23633", "type": "seen", "source": "https://t.me/ctinow/170326", "content": "https://ift.tt/NnVhJQ9\nCVE-2022-23633 Ruby on Rails Vulnerability in NetApp Products", "creation_timestamp": "2024-01-19T18:32:03.000000Z"} {"uuid": "2d2a2dc2-76c9-404d-a442-3edb9be9d17c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23633", "type": "seen", "source": "https://t.me/ctinow/170326", "content": "https://ift.tt/NnVhJQ9\nCVE-2022-23633 Ruby on Rails Vulnerability in NetApp Products", "creation_timestamp": "2024-01-19T18:32:03.000000Z"} https://vulnerability.circl.lu/sighting/2d2a2dc2-76c9-404d-a442-3edb9be9d17c/export Fri, 19 Jan 2024 18:32:03 +0000 https://vulnerability.circl.lu/sighting/3d3293d9-f9bd-424c-8f61-8e27669e92e8/export {"uuid": "3d3293d9-f9bd-424c-8f61-8e27669e92e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23632", "type": "seen", "source": "https://gist.github.com/alon710/9def45344bb07b378de41c3c4e762379", "content": "", "creation_timestamp": "2026-01-24T21:25:43.000000Z"} {"uuid": "3d3293d9-f9bd-424c-8f61-8e27669e92e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23632", "type": "seen", "source": "https://gist.github.com/alon710/9def45344bb07b378de41c3c4e762379", "content": "", "creation_timestamp": "2026-01-24T21:25:43.000000Z"} https://vulnerability.circl.lu/sighting/3d3293d9-f9bd-424c-8f61-8e27669e92e8/export Sat, 24 Jan 2026 21:25:43 +0000 https://vulnerability.circl.lu/sighting/149c2d2b-7901-461a-8c70-a41f39c4527d/export {"uuid": "149c2d2b-7901-461a-8c70-a41f39c4527d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23632", "type": "seen", "source": "https://gist.github.com/alon710/7c3fde71c655f15e964d83a59a44bf40", "content": "", "creation_timestamp": "2026-01-24T22:41:08.000000Z"} {"uuid": "149c2d2b-7901-461a-8c70-a41f39c4527d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23632", "type": "seen", "source": "https://gist.github.com/alon710/7c3fde71c655f15e964d83a59a44bf40", "content": "", "creation_timestamp": "2026-01-24T22:41:08.000000Z"} https://vulnerability.circl.lu/sighting/149c2d2b-7901-461a-8c70-a41f39c4527d/export Sat, 24 Jan 2026 22:41:08 +0000