Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 11:14:45 +0000 dc0903d1-f033-4596-9551-695249a8295f https://vulnerability.circl.lu/sighting/dc0903d1-f033-4596-9551-695249a8295f/export {"uuid": "dc0903d1-f033-4596-9551-695249a8295f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34171", "type": "seen", "source": "https://t.me/cibsecurity/45009", "content": "\u203c CVE-2022-34171 \u203c\n\nIn Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:35:51.000000Z"} {"uuid": "dc0903d1-f033-4596-9551-695249a8295f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34171", "type": "seen", "source": "https://t.me/cibsecurity/45009", "content": "\u203c CVE-2022-34171 \u203c\n\nIn Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:35:51.000000Z"} https://vulnerability.circl.lu/sighting/dc0903d1-f033-4596-9551-695249a8295f/export Thu, 23 Jun 2022 20:35:51 +0000 24c3d698-75f1-4eef-a09e-c7d2564a37a6 https://vulnerability.circl.lu/sighting/24c3d698-75f1-4eef-a09e-c7d2564a37a6/export {"uuid": "24c3d698-75f1-4eef-a09e-c7d2564a37a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34178", "type": "seen", "source": "https://t.me/cibsecurity/45011", "content": "\u203c CVE-2022-34178 \u203c\n\nJenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:35:56.000000Z"} {"uuid": "24c3d698-75f1-4eef-a09e-c7d2564a37a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34178", "type": "seen", "source": "https://t.me/cibsecurity/45011", "content": "\u203c CVE-2022-34178 \u203c\n\nJenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:35:56.000000Z"} https://vulnerability.circl.lu/sighting/24c3d698-75f1-4eef-a09e-c7d2564a37a6/export Thu, 23 Jun 2022 20:35:56 +0000 a9494c16-e0b1-4458-8c38-61d70f96caa1 https://vulnerability.circl.lu/sighting/a9494c16-e0b1-4458-8c38-61d70f96caa1/export {"uuid": "a9494c16-e0b1-4458-8c38-61d70f96caa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34172", "type": "seen", "source": "https://t.me/cibsecurity/45024", "content": "\u203c CVE-2022-34172 \u203c\n\nIn Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:39:47.000000Z"} {"uuid": "a9494c16-e0b1-4458-8c38-61d70f96caa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34172", "type": "seen", "source": "https://t.me/cibsecurity/45024", "content": "\u203c CVE-2022-34172 \u203c\n\nIn Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:39:47.000000Z"} https://vulnerability.circl.lu/sighting/a9494c16-e0b1-4458-8c38-61d70f96caa1/export Thu, 23 Jun 2022 20:39:47 +0000 edba5f40-f41a-4492-a8b7-c86bfaaaddaf https://vulnerability.circl.lu/sighting/edba5f40-f41a-4492-a8b7-c86bfaaaddaf/export {"uuid": "edba5f40-f41a-4492-a8b7-c86bfaaaddaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34173", "type": "seen", "source": "https://t.me/cibsecurity/45035", "content": "\u203c CVE-2022-34173 \u203c\n\nIn Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:42:53.000000Z"} {"uuid": "edba5f40-f41a-4492-a8b7-c86bfaaaddaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34173", "type": "seen", "source": "https://t.me/cibsecurity/45035", "content": "\u203c CVE-2022-34173 \u203c\n\nIn Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:42:53.000000Z"} https://vulnerability.circl.lu/sighting/edba5f40-f41a-4492-a8b7-c86bfaaaddaf/export Thu, 23 Jun 2022 20:42:53 +0000 9909cb9c-3fe3-4318-9f64-aa8c8dbcc23f https://vulnerability.circl.lu/sighting/9909cb9c-3fe3-4318-9f64-aa8c8dbcc23f/export {"uuid": "9909cb9c-3fe3-4318-9f64-aa8c8dbcc23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34177", "type": "seen", "source": "https://t.me/cibsecurity/45037", "content": "\u203c CVE-2022-34177 \u203c\n\nJenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:45:48.000000Z"} {"uuid": "9909cb9c-3fe3-4318-9f64-aa8c8dbcc23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34177", "type": "seen", "source": "https://t.me/cibsecurity/45037", "content": "\u203c CVE-2022-34177 \u203c\n\nJenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:45:48.000000Z"} https://vulnerability.circl.lu/sighting/9909cb9c-3fe3-4318-9f64-aa8c8dbcc23f/export Thu, 23 Jun 2022 20:45:48 +0000 8bb1720f-181a-4b8f-9d9c-3cc6e099e58c https://vulnerability.circl.lu/sighting/8bb1720f-181a-4b8f-9d9c-3cc6e099e58c/export {"uuid": "8bb1720f-181a-4b8f-9d9c-3cc6e099e58c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34174", "type": "seen", "source": "https://t.me/cibsecurity/45038", "content": "\u203c CVE-2022-34174 \u203c\n\nIn Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:45:50.000000Z"} {"uuid": "8bb1720f-181a-4b8f-9d9c-3cc6e099e58c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34174", "type": "seen", "source": "https://t.me/cibsecurity/45038", "content": "\u203c CVE-2022-34174 \u203c\n\nIn Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:45:50.000000Z"} https://vulnerability.circl.lu/sighting/8bb1720f-181a-4b8f-9d9c-3cc6e099e58c/export Thu, 23 Jun 2022 20:45:50 +0000 2ce975d2-c7e4-4d1a-bdf3-d9e16c44e492 https://vulnerability.circl.lu/sighting/2ce975d2-c7e4-4d1a-bdf3-d9e16c44e492/export {"uuid": "2ce975d2-c7e4-4d1a-bdf3-d9e16c44e492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34170", "type": "seen", "source": "https://t.me/cibsecurity/45041", "content": "\u203c CVE-2022-34170 \u203c\n\nIn Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:45:53.000000Z"} {"uuid": "2ce975d2-c7e4-4d1a-bdf3-d9e16c44e492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34170", "type": "seen", "source": "https://t.me/cibsecurity/45041", "content": "\u203c CVE-2022-34170 \u203c\n\nIn Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:45:53.000000Z"} https://vulnerability.circl.lu/sighting/2ce975d2-c7e4-4d1a-bdf3-d9e16c44e492/export Thu, 23 Jun 2022 20:45:53 +0000 3229d202-3fcc-44c8-a1df-868c0e525eb9 https://vulnerability.circl.lu/sighting/3229d202-3fcc-44c8-a1df-868c0e525eb9/export {"uuid": "3229d202-3fcc-44c8-a1df-868c0e525eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3417", "type": "seen", "source": "https://t.me/cibsecurity/56196", "content": "\u203c CVE-2022-3417 \u203c\n\nThe WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T02:28:08.000000Z"} {"uuid": "3229d202-3fcc-44c8-a1df-868c0e525eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3417", "type": "seen", "source": "https://t.me/cibsecurity/56196", "content": "\u203c CVE-2022-3417 \u203c\n\nThe WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T02:28:08.000000Z"} https://vulnerability.circl.lu/sighting/3229d202-3fcc-44c8-a1df-868c0e525eb9/export Tue, 10 Jan 2023 02:28:08 +0000 f0b4877d-fd48-422f-933b-e3d2498e6d15 https://vulnerability.circl.lu/sighting/f0b4877d-fd48-422f-933b-e3d2498e6d15/export {"uuid": "f0b4877d-fd48-422f-933b-e3d2498e6d15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34174", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m4k5dywykyc2", "content": "", "creation_timestamp": "2025-11-01T11:41:12.246403Z"} {"uuid": "f0b4877d-fd48-422f-933b-e3d2498e6d15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34174", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m4k5dywykyc2", "content": "", "creation_timestamp": "2025-11-01T11:41:12.246403Z"} https://vulnerability.circl.lu/sighting/f0b4877d-fd48-422f-933b-e3d2498e6d15/export Sat, 01 Nov 2025 11:41:12 +0000 f8666c54-8426-41dd-b27a-11ddab6d51a6 https://vulnerability.circl.lu/sighting/f8666c54-8426-41dd-b27a-11ddab6d51a6/export {"uuid": "f8666c54-8426-41dd-b27a-11ddab6d51a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34179", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m4m3h5p7zhk2", "content": "", "creation_timestamp": "2025-11-01T22:54:10.775299Z"} {"uuid": "f8666c54-8426-41dd-b27a-11ddab6d51a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34179", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m4m3h5p7zhk2", "content": "", "creation_timestamp": "2025-11-01T22:54:10.775299Z"} https://vulnerability.circl.lu/sighting/f8666c54-8426-41dd-b27a-11ddab6d51a6/export Sat, 01 Nov 2025 22:54:10 +0000