Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 25 Jun 2026 20:20:26 +0000 f962bd79-00b5-489a-9c24-25a3780b0777 https://vulnerability.circl.lu/sighting/f962bd79-00b5-489a-9c24-25a3780b0777/export {"uuid": "f962bd79-00b5-489a-9c24-25a3780b0777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24948", "type": "seen", "source": "https://t.me/cibsecurity/38077", "content": "\u203c CVE-2022-24948 \u203c\n\nA carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T12:20:30.000000Z"} {"uuid": "f962bd79-00b5-489a-9c24-25a3780b0777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24948", "type": "seen", "source": "https://t.me/cibsecurity/38077", "content": "\u203c CVE-2022-24948 \u203c\n\nA carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T12:20:30.000000Z"} https://vulnerability.circl.lu/sighting/f962bd79-00b5-489a-9c24-25a3780b0777/export Fri, 25 Feb 2022 12:20:30 +0000 27cb0b0a-fa93-40da-aac7-0f04b06bb144 https://vulnerability.circl.lu/sighting/27cb0b0a-fa93-40da-aac7-0f04b06bb144/export {"uuid": "27cb0b0a-fa93-40da-aac7-0f04b06bb144", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24948", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6065", "content": "CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO\n\nhttps://octagon.net/blog/2022/03/02/apache-jspwiki-preauth-xss-to-ato/", "creation_timestamp": "2022-03-03T14:54:39.000000Z"} {"uuid": "27cb0b0a-fa93-40da-aac7-0f04b06bb144", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24948", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6065", "content": "CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO\n\nhttps://octagon.net/blog/2022/03/02/apache-jspwiki-preauth-xss-to-ato/", "creation_timestamp": "2022-03-03T14:54:39.000000Z"} https://vulnerability.circl.lu/sighting/27cb0b0a-fa93-40da-aac7-0f04b06bb144/export Thu, 03 Mar 2022 14:54:39 +0000 49395321-b38a-46ec-9569-f62bb69855e1 https://vulnerability.circl.lu/sighting/49395321-b38a-46ec-9569-f62bb69855e1/export {"uuid": "49395321-b38a-46ec-9569-f62bb69855e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24948", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5542", "content": "#Threat_Research\n1. Apache JSPWiki preauth Stored XSS to ATO (CVE-2022-24948)\nhttps://octagon.net/blog/2022/03/02/apache-jspwiki-preauth-xss-to-ato\n2. A security analysis of Visual Voicemail (CVE-2022-23835)\nhttps://gitlab.com/kop316/vvm-disclosure", "creation_timestamp": "2022-03-05T11:07:01.000000Z"} {"uuid": "49395321-b38a-46ec-9569-f62bb69855e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24948", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5542", "content": "#Threat_Research\n1. Apache JSPWiki preauth Stored XSS to ATO (CVE-2022-24948)\nhttps://octagon.net/blog/2022/03/02/apache-jspwiki-preauth-xss-to-ato\n2. A security analysis of Visual Voicemail (CVE-2022-23835)\nhttps://gitlab.com/kop316/vvm-disclosure", "creation_timestamp": "2022-03-05T11:07:01.000000Z"} https://vulnerability.circl.lu/sighting/49395321-b38a-46ec-9569-f62bb69855e1/export Sat, 05 Mar 2022 11:07:01 +0000 196a5400-ae09-4452-94cd-2d7e31547595 https://vulnerability.circl.lu/sighting/196a5400-ae09-4452-94cd-2d7e31547595/export {"uuid": "196a5400-ae09-4452-94cd-2d7e31547595", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24947", "type": "seen", "source": "https://t.me/cibsecurity/38074", "content": "\u203c CVE-2022-24947 \u203c\n\nApache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-21T21:53:17.000000Z"} {"uuid": "196a5400-ae09-4452-94cd-2d7e31547595", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24947", "type": "seen", "source": "https://t.me/cibsecurity/38074", "content": "\u203c CVE-2022-24947 \u203c\n\nApache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-21T21:53:17.000000Z"} https://vulnerability.circl.lu/sighting/196a5400-ae09-4452-94cd-2d7e31547595/export Mon, 21 Mar 2022 21:53:17 +0000 2269b81e-74e0-45f8-9c58-cd24b5b4320f https://vulnerability.circl.lu/sighting/2269b81e-74e0-45f8-9c58-cd24b5b4320f/export {"uuid": "2269b81e-74e0-45f8-9c58-cd24b5b4320f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24949", "type": "seen", "source": "https://t.me/cibsecurity/48198", "content": "\u203c CVE-2022-24949 \u203c\n\nA privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T07:38:37.000000Z"} {"uuid": "2269b81e-74e0-45f8-9c58-cd24b5b4320f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24949", "type": "seen", "source": "https://t.me/cibsecurity/48198", "content": "\u203c CVE-2022-24949 \u203c\n\nA privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T07:38:37.000000Z"} https://vulnerability.circl.lu/sighting/2269b81e-74e0-45f8-9c58-cd24b5b4320f/export Tue, 16 Aug 2022 07:38:37 +0000 37d80e04-9f96-4e23-8e58-73c2828b6b6c https://vulnerability.circl.lu/sighting/37d80e04-9f96-4e23-8e58-73c2828b6b6c/export {"uuid": "37d80e04-9f96-4e23-8e58-73c2828b6b6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24942", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7802", "content": "#exploit\n1. CVE-2022-24942:\nHeap-based buffer overflow in Silicon Labs Gecko SDK\nhttps://bugprove.com/knowledge-hub/cve-2022-24942-heap-based-buffer-overflow-in-silicon-labs-gecko-sdk\n\n2. Assessing Potential Exploitation of Grafana's CVE-2021-43798 for Initial Access\nhttps://vulncheck.com/blog/grafana-cve-2021-43798", "creation_timestamp": "2023-02-22T11:03:01.000000Z"} {"uuid": "37d80e04-9f96-4e23-8e58-73c2828b6b6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24942", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7802", "content": "#exploit\n1. CVE-2022-24942:\nHeap-based buffer overflow in Silicon Labs Gecko SDK\nhttps://bugprove.com/knowledge-hub/cve-2022-24942-heap-based-buffer-overflow-in-silicon-labs-gecko-sdk\n\n2. Assessing Potential Exploitation of Grafana's CVE-2021-43798 for Initial Access\nhttps://vulncheck.com/blog/grafana-cve-2021-43798", "creation_timestamp": "2023-02-22T11:03:01.000000Z"} https://vulnerability.circl.lu/sighting/37d80e04-9f96-4e23-8e58-73c2828b6b6c/export Wed, 22 Feb 2023 11:03:01 +0000 b82e55ac-33f5-4c7c-85d5-fa0216509dc5 https://vulnerability.circl.lu/sighting/b82e55ac-33f5-4c7c-85d5-fa0216509dc5/export {"uuid": "b82e55ac-33f5-4c7c-85d5-fa0216509dc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24942", "type": "published-proof-of-concept", "source": "Telegram/3tWpMS3hffClZ7U7dw_NP4VHkMD6lYyOkQFf6wMvUPlPkwI", "content": "", "creation_timestamp": "2023-02-23T09:08:37.000000Z"} {"uuid": "b82e55ac-33f5-4c7c-85d5-fa0216509dc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24942", "type": "published-proof-of-concept", "source": "Telegram/3tWpMS3hffClZ7U7dw_NP4VHkMD6lYyOkQFf6wMvUPlPkwI", "content": "", "creation_timestamp": "2023-02-23T09:08:37.000000Z"} https://vulnerability.circl.lu/sighting/b82e55ac-33f5-4c7c-85d5-fa0216509dc5/export Thu, 23 Feb 2023 09:08:37 +0000 126a9901-2dd7-40e9-972b-ee4fce80945e https://vulnerability.circl.lu/sighting/126a9901-2dd7-40e9-972b-ee4fce80945e/export {"uuid": "126a9901-2dd7-40e9-972b-ee4fce80945e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24947", "type": "seen", "source": "https://t.me/arpsyndicate/3156", "content": "#ExploitObserverAlert\n\nCVE-2022-24947\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-24947. Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.\n\nFIRST-EPSS: 0.000910000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T01:56:42.000000Z"} {"uuid": "126a9901-2dd7-40e9-972b-ee4fce80945e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24947", "type": "seen", "source": "https://t.me/arpsyndicate/3156", "content": "#ExploitObserverAlert\n\nCVE-2022-24947\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-24947. Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.\n\nFIRST-EPSS: 0.000910000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T01:56:42.000000Z"} https://vulnerability.circl.lu/sighting/126a9901-2dd7-40e9-972b-ee4fce80945e/export Sun, 28 Jan 2024 01:56:42 +0000 cb532945-b32f-44c7-878d-7e4d1407e327 https://vulnerability.circl.lu/sighting/cb532945-b32f-44c7-878d-7e4d1407e327/export {"uuid": "cb532945-b32f-44c7-878d-7e4d1407e327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24948", "type": "seen", "source": "https://t.me/arpsyndicate/3202", "content": "#ExploitObserverAlert\n\nCVE-2022-24948\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-24948. A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.\n\nFIRST-EPSS: 0.002720000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T04:27:17.000000Z"} {"uuid": "cb532945-b32f-44c7-878d-7e4d1407e327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24948", "type": "seen", "source": "https://t.me/arpsyndicate/3202", "content": "#ExploitObserverAlert\n\nCVE-2022-24948\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-24948. A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.\n\nFIRST-EPSS: 0.002720000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T04:27:17.000000Z"} https://vulnerability.circl.lu/sighting/cb532945-b32f-44c7-878d-7e4d1407e327/export Sun, 28 Jan 2024 04:27:17 +0000 179564ff-8db5-4f5f-818c-88553c4ffc6c https://vulnerability.circl.lu/sighting/179564ff-8db5-4f5f-818c-88553c4ffc6c/export {"uuid": "179564ff-8db5-4f5f-818c-88553c4ffc6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24942", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14873", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-24942\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: \nHeap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.\n\n\n\ud83d\udccf Published: 2022-11-02T21:04:45.822Z\n\ud83d\udccf Modified: 2025-05-05T13:43:26.671Z\n\ud83d\udd17 References:\n1. https://github.com/SiliconLabs/gecko_sdk/blame/v4.1.1/platform/micrium_os/net/source/http/server/http_server_req.c\n2. https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000KlMPOQA3?operationContext=S1", "creation_timestamp": "2025-05-05T14:20:47.000000Z"} {"uuid": "179564ff-8db5-4f5f-818c-88553c4ffc6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24942", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14873", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-24942\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: \nHeap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.\n\n\n\ud83d\udccf Published: 2022-11-02T21:04:45.822Z\n\ud83d\udccf Modified: 2025-05-05T13:43:26.671Z\n\ud83d\udd17 References:\n1. https://github.com/SiliconLabs/gecko_sdk/blame/v4.1.1/platform/micrium_os/net/source/http/server/http_server_req.c\n2. https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000KlMPOQA3?operationContext=S1", "creation_timestamp": "2025-05-05T14:20:47.000000Z"} https://vulnerability.circl.lu/sighting/179564ff-8db5-4f5f-818c-88553c4ffc6c/export Mon, 05 May 2025 14:20:47 +0000