Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 09:11:56 +0000 978b03d1-242a-4609-a4ff-a1eb794f3402 https://vulnerability.circl.lu/sighting/978b03d1-242a-4609-a4ff-a1eb794f3402/export {"uuid": "978b03d1-242a-4609-a4ff-a1eb794f3402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29935", "type": "seen", "source": "https://t.me/cibsecurity/41661", "content": "\u203c CVE-2022-29935 \u203c\n\nUSU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T20:24:53.000000Z"} {"uuid": "978b03d1-242a-4609-a4ff-a1eb794f3402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29935", "type": "seen", "source": "https://t.me/cibsecurity/41661", "content": "\u203c CVE-2022-29935 \u203c\n\nUSU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T20:24:53.000000Z"} https://vulnerability.circl.lu/sighting/978b03d1-242a-4609-a4ff-a1eb794f3402/export Fri, 29 Apr 2022 20:24:53 +0000 d65952d0-2817-41bb-bbc9-cd58657f69c6 https://vulnerability.circl.lu/sighting/d65952d0-2817-41bb-bbc9-cd58657f69c6/export {"uuid": "d65952d0-2817-41bb-bbc9-cd58657f69c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29937", "type": "seen", "source": "https://t.me/cibsecurity/41663", "content": "\u203c CVE-2022-29937 \u203c\n\nUSU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T20:24:55.000000Z"} {"uuid": "d65952d0-2817-41bb-bbc9-cd58657f69c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29937", "type": "seen", "source": "https://t.me/cibsecurity/41663", "content": "\u203c CVE-2022-29937 \u203c\n\nUSU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T20:24:55.000000Z"} https://vulnerability.circl.lu/sighting/d65952d0-2817-41bb-bbc9-cd58657f69c6/export Fri, 29 Apr 2022 20:24:55 +0000 cd3e74e5-6acb-4f7e-9e21-49a05ba9f7cc https://vulnerability.circl.lu/sighting/cd3e74e5-6acb-4f7e-9e21-49a05ba9f7cc/export {"uuid": "cd3e74e5-6acb-4f7e-9e21-49a05ba9f7cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29934", "type": "seen", "source": "https://t.me/cibsecurity/41674", "content": "\u203c CVE-2022-29934 \u203c\n\nUSU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T20:25:07.000000Z"} {"uuid": "cd3e74e5-6acb-4f7e-9e21-49a05ba9f7cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29934", "type": "seen", "source": "https://t.me/cibsecurity/41674", "content": "\u203c CVE-2022-29934 \u203c\n\nUSU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T20:25:07.000000Z"} https://vulnerability.circl.lu/sighting/cd3e74e5-6acb-4f7e-9e21-49a05ba9f7cc/export Fri, 29 Apr 2022 20:25:07 +0000 4f4ab101-a330-4346-8914-146fb6528eea https://vulnerability.circl.lu/sighting/4f4ab101-a330-4346-8914-146fb6528eea/export {"uuid": "4f4ab101-a330-4346-8914-146fb6528eea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29939", "type": "seen", "source": "https://t.me/cibsecurity/41980", "content": "\u203c CVE-2022-29939 \u203c\n\nIn LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\\billing\\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T16:54:53.000000Z"} {"uuid": "4f4ab101-a330-4346-8914-146fb6528eea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29939", "type": "seen", "source": "https://t.me/cibsecurity/41980", "content": "\u203c CVE-2022-29939 \u203c\n\nIn LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\\billing\\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T16:54:53.000000Z"} https://vulnerability.circl.lu/sighting/4f4ab101-a330-4346-8914-146fb6528eea/export Thu, 05 May 2022 16:54:53 +0000 e3467135-6029-4287-bca9-6db01edf60d6 https://vulnerability.circl.lu/sighting/e3467135-6029-4287-bca9-6db01edf60d6/export {"uuid": "e3467135-6029-4287-bca9-6db01edf60d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29938", "type": "seen", "source": "https://t.me/cibsecurity/41981", "content": "\u203c CVE-2022-29938 \u203c\n\nIn LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\\billing\\new_payment.php via interface\\billing\\payment_master.inc.php leads to SQL injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T16:54:54.000000Z"} {"uuid": "e3467135-6029-4287-bca9-6db01edf60d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29938", "type": "seen", "source": "https://t.me/cibsecurity/41981", "content": "\u203c CVE-2022-29938 \u203c\n\nIn LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\\billing\\new_payment.php via interface\\billing\\payment_master.inc.php leads to SQL injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T16:54:54.000000Z"} https://vulnerability.circl.lu/sighting/e3467135-6029-4287-bca9-6db01edf60d6/export Thu, 05 May 2022 16:54:54 +0000 d840dd87-8676-40ad-ae6b-92f9289ad856 https://vulnerability.circl.lu/sighting/d840dd87-8676-40ad-ae6b-92f9289ad856/export {"uuid": "d840dd87-8676-40ad-ae6b-92f9289ad856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29933", "type": "seen", "source": "https://t.me/cibsecurity/42207", "content": "\u203c CVE-2022-29933 \u203c\n\nCraft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-09T22:33:10.000000Z"} {"uuid": "d840dd87-8676-40ad-ae6b-92f9289ad856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29933", "type": "seen", "source": "https://t.me/cibsecurity/42207", "content": "\u203c CVE-2022-29933 \u203c\n\nCraft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-09T22:33:10.000000Z"} https://vulnerability.circl.lu/sighting/d840dd87-8676-40ad-ae6b-92f9289ad856/export Mon, 09 May 2022 22:33:10 +0000 ed9a3861-433e-4f16-ba1d-b68efc5edfde https://vulnerability.circl.lu/sighting/ed9a3861-433e-4f16-ba1d-b68efc5edfde/export {"uuid": "ed9a3861-433e-4f16-ba1d-b68efc5edfde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29932", "type": "seen", "source": "https://t.me/cibsecurity/42366", "content": "\u203c CVE-2022-29932 \u203c\n\nThe HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T18:35:43.000000Z"} {"uuid": "ed9a3861-433e-4f16-ba1d-b68efc5edfde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29932", "type": "seen", "source": "https://t.me/cibsecurity/42366", "content": "\u203c CVE-2022-29932 \u203c\n\nThe HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T18:35:43.000000Z"} https://vulnerability.circl.lu/sighting/ed9a3861-433e-4f16-ba1d-b68efc5edfde/export Wed, 11 May 2022 18:35:43 +0000