https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 06 May 2026 09:55:37 +0000 https://vulnerability.circl.lu/sighting/ca0d7a5b-45e2-408d-9767-ea3877db9c88/export {"uuid": "ca0d7a5b-45e2-408d-9767-ea3877db9c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24131", "type": "seen", "source": "https://t.me/cibsecurity/39807", "content": "\u203c CVE-2022-24131 \u203c\n\nDouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T16:12:21.000000Z"} {"uuid": "ca0d7a5b-45e2-408d-9767-ea3877db9c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24131", "type": "seen", "source": "https://t.me/cibsecurity/39807", "content": "\u203c CVE-2022-24131 \u203c\n\nDouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T16:12:21.000000Z"} https://vulnerability.circl.lu/sighting/ca0d7a5b-45e2-408d-9767-ea3877db9c88/export Wed, 30 Mar 2022 16:12:21 +0000 https://vulnerability.circl.lu/sighting/245973b5-c9fc-476d-84bd-b85a6e4059d8/export {"uuid": "245973b5-c9fc-476d-84bd-b85a6e4059d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24135", "type": "seen", "source": "https://t.me/cibsecurity/39867", "content": "\u203c CVE-2022-24135 \u203c\n\nQingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T22:17:31.000000Z"} {"uuid": "245973b5-c9fc-476d-84bd-b85a6e4059d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24135", "type": "seen", "source": "https://t.me/cibsecurity/39867", "content": "\u203c CVE-2022-24135 \u203c\n\nQingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T22:17:31.000000Z"} https://vulnerability.circl.lu/sighting/245973b5-c9fc-476d-84bd-b85a6e4059d8/export Wed, 30 Mar 2022 22:17:31 +0000 https://vulnerability.circl.lu/sighting/a54855a5-c0e0-466a-8da4-4d3085e7f392/export {"uuid": "a54855a5-c0e0-466a-8da4-4d3085e7f392", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24132", "type": "seen", "source": "https://t.me/cibsecurity/39868", "content": "\u203c CVE-2022-24132 \u203c\n\nphpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T22:17:32.000000Z"} {"uuid": "a54855a5-c0e0-466a-8da4-4d3085e7f392", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24132", "type": "seen", "source": "https://t.me/cibsecurity/39868", "content": "\u203c CVE-2022-24132 \u203c\n\nphpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T22:17:32.000000Z"} https://vulnerability.circl.lu/sighting/a54855a5-c0e0-466a-8da4-4d3085e7f392/export Wed, 30 Mar 2022 22:17:32 +0000 https://vulnerability.circl.lu/sighting/23b5b101-d0db-4519-8a71-9fb7e4769f89/export {"uuid": "23b5b101-d0db-4519-8a71-9fb7e4769f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24136", "type": "seen", "source": "https://t.me/cibsecurity/39908", "content": "\u203c CVE-2022-24136 \u203c\n\nHospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-31T14:18:25.000000Z"} {"uuid": "23b5b101-d0db-4519-8a71-9fb7e4769f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24136", "type": "seen", "source": "https://t.me/cibsecurity/39908", "content": "\u203c CVE-2022-24136 \u203c\n\nHospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-31T14:18:25.000000Z"} https://vulnerability.circl.lu/sighting/23b5b101-d0db-4519-8a71-9fb7e4769f89/export Thu, 31 Mar 2022 14:18:25 +0000 https://vulnerability.circl.lu/sighting/727dfd77-dc16-47b2-a1af-d5a5cf2e9eb6/export {"uuid": "727dfd77-dc16-47b2-a1af-d5a5cf2e9eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24138", "type": "seen", "source": "https://t.me/cibsecurity/45639", "content": "\u203c CVE-2022-24138 \u203c\n\nIOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has \"rwx\" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:45.000000Z"} {"uuid": "727dfd77-dc16-47b2-a1af-d5a5cf2e9eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24138", "type": "seen", "source": "https://t.me/cibsecurity/45639", "content": "\u203c CVE-2022-24138 \u203c\n\nIOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has \"rwx\" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:45.000000Z"} https://vulnerability.circl.lu/sighting/727dfd77-dc16-47b2-a1af-d5a5cf2e9eb6/export Wed, 06 Jul 2022 16:20:45 +0000 https://vulnerability.circl.lu/sighting/f616c195-77f7-4724-8bda-b8e839af353e/export {"uuid": "f616c195-77f7-4724-8bda-b8e839af353e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24139", "type": "seen", "source": "https://t.me/cibsecurity/45642", "content": "\u203c CVE-2022-24139 \u203c\n\nIn IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:47.000000Z"} {"uuid": "f616c195-77f7-4724-8bda-b8e839af353e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24139", "type": "seen", "source": "https://t.me/cibsecurity/45642", "content": "\u203c CVE-2022-24139 \u203c\n\nIn IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:47.000000Z"} https://vulnerability.circl.lu/sighting/f616c195-77f7-4724-8bda-b8e839af353e/export Wed, 06 Jul 2022 16:20:47 +0000 https://vulnerability.circl.lu/sighting/5e20acc3-b8c0-4dbb-87af-bc7e10405b04/export {"uuid": "5e20acc3-b8c0-4dbb-87af-bc7e10405b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2413", "type": "seen", "source": "https://t.me/ctinow/173001", "content": "https://ift.tt/U0F7aZd\nCVE-2022-2413 Exploit", "creation_timestamp": "2024-01-24T19:16:30.000000Z"} {"uuid": "5e20acc3-b8c0-4dbb-87af-bc7e10405b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2413", "type": "seen", "source": "https://t.me/ctinow/173001", "content": "https://ift.tt/U0F7aZd\nCVE-2022-2413 Exploit", "creation_timestamp": "2024-01-24T19:16:30.000000Z"} https://vulnerability.circl.lu/sighting/5e20acc3-b8c0-4dbb-87af-bc7e10405b04/export Wed, 24 Jan 2024 19:16:30 +0000 https://vulnerability.circl.lu/sighting/a5911767-e1df-4187-ac95-fcf6eec1ff4e/export {"uuid": "a5911767-e1df-4187-ac95-fcf6eec1ff4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2413", "type": "seen", "source": "https://t.me/ctinow/180044", "content": "https://ift.tt/53hXYGb\nCVE-2022-2413 | simonpedge Slide Anything Plugin up to 2.3.46 on WordPress cross site scripting", "creation_timestamp": "2024-02-06T15:17:15.000000Z"} {"uuid": "a5911767-e1df-4187-ac95-fcf6eec1ff4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2413", "type": "seen", "source": "https://t.me/ctinow/180044", "content": "https://ift.tt/53hXYGb\nCVE-2022-2413 | simonpedge Slide Anything Plugin up to 2.3.46 on WordPress cross site scripting", "creation_timestamp": "2024-02-06T15:17:15.000000Z"} https://vulnerability.circl.lu/sighting/a5911767-e1df-4187-ac95-fcf6eec1ff4e/export Tue, 06 Feb 2024 15:17:15 +0000