https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 09:48:13 +0000 https://vulnerability.circl.lu/sighting/1e53caba-6de6-48c7-929f-ed9e0ff5b54b/export {"uuid": "1e53caba-6de6-48c7-929f-ed9e0ff5b54b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38732", "type": "seen", "source": "https://t.me/cibsecurity/50735", "content": "\u203c CVE-2022-38732 \u203c\n\nSnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-29T18:35:09.000000Z"} {"uuid": "1e53caba-6de6-48c7-929f-ed9e0ff5b54b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38732", "type": "seen", "source": "https://t.me/cibsecurity/50735", "content": "\u203c CVE-2022-38732 \u203c\n\nSnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-29T18:35:09.000000Z"} https://vulnerability.circl.lu/sighting/1e53caba-6de6-48c7-929f-ed9e0ff5b54b/export Thu, 29 Sep 2022 18:35:09 +0000 https://vulnerability.circl.lu/sighting/1db00c1b-730d-400a-a43a-d961408bde59/export {"uuid": "1db00c1b-730d-400a-a43a-d961408bde59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38733", "type": "seen", "source": "https://t.me/cibsecurity/55025", "content": "\u203c CVE-2022-38733 \u203c\n\nOnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T00:12:43.000000Z"} {"uuid": "1db00c1b-730d-400a-a43a-d961408bde59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38733", "type": "seen", "source": "https://t.me/cibsecurity/55025", "content": "\u203c CVE-2022-38733 \u203c\n\nOnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T00:12:43.000000Z"} https://vulnerability.circl.lu/sighting/1db00c1b-730d-400a-a43a-d961408bde59/export Wed, 21 Dec 2022 00:12:43 +0000 https://vulnerability.circl.lu/sighting/ec37fa5e-ecfd-475d-8f43-99057ee0af6d/export {"uuid": "ec37fa5e-ecfd-475d-8f43-99057ee0af6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38731", "type": "seen", "source": "https://t.me/cKure/10672", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-38731: A blind arbitrary file read, that could also be used for authentication coercion via a mechanism known as a Universal Naming Convention (UNC) path.\n\nQaelum DOSE Zero-Day. \n\nhttps://www.pwc.co.uk/issues/cyber-security-services/research/ethical-hacking-team-discovered-zero-day-vulnerability.html", "creation_timestamp": "2023-02-15T05:27:59.000000Z"} {"uuid": "ec37fa5e-ecfd-475d-8f43-99057ee0af6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38731", "type": "seen", "source": "https://t.me/cKure/10672", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-38731: A blind arbitrary file read, that could also be used for authentication coercion via a mechanism known as a Universal Naming Convention (UNC) path.\n\nQaelum DOSE Zero-Day. \n\nhttps://www.pwc.co.uk/issues/cyber-security-services/research/ethical-hacking-team-discovered-zero-day-vulnerability.html", "creation_timestamp": "2023-02-15T05:27:59.000000Z"} https://vulnerability.circl.lu/sighting/ec37fa5e-ecfd-475d-8f43-99057ee0af6d/export Wed, 15 Feb 2023 05:27:59 +0000 https://vulnerability.circl.lu/sighting/a43f97cb-4cd6-47ca-bf48-27473215c0f2/export {"uuid": "a43f97cb-4cd6-47ca-bf48-27473215c0f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38731", "type": "seen", "source": "https://t.me/cibsecurity/58311", "content": "\u203c CVE-2022-38731 \u203c\n\nQaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T16:12:17.000000Z"} {"uuid": "a43f97cb-4cd6-47ca-bf48-27473215c0f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38731", "type": "seen", "source": "https://t.me/cibsecurity/58311", "content": "\u203c CVE-2022-38731 \u203c\n\nQaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T16:12:17.000000Z"} https://vulnerability.circl.lu/sighting/a43f97cb-4cd6-47ca-bf48-27473215c0f2/export Thu, 16 Feb 2023 16:12:17 +0000 https://vulnerability.circl.lu/sighting/a669d875-7fd2-4d95-9ec4-ba3ec6b4b3d7/export {"uuid": "a669d875-7fd2-4d95-9ec4-ba3ec6b4b3d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38734", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6863", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38734\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service.\n\ud83d\udccf Published: 2023-03-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T17:31:03.400Z\n\ud83d\udd17 References:\n1. https://security.netapp.com/advisory/ntap-20230228-0001/", "creation_timestamp": "2025-03-07T17:35:14.000000Z"} {"uuid": "a669d875-7fd2-4d95-9ec4-ba3ec6b4b3d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38734", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6863", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38734\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service.\n\ud83d\udccf Published: 2023-03-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T17:31:03.400Z\n\ud83d\udd17 References:\n1. https://security.netapp.com/advisory/ntap-20230228-0001/", "creation_timestamp": "2025-03-07T17:35:14.000000Z"} https://vulnerability.circl.lu/sighting/a669d875-7fd2-4d95-9ec4-ba3ec6b4b3d7/export Fri, 07 Mar 2025 17:35:14 +0000 https://vulnerability.circl.lu/sighting/4739f78c-32a0-4ab4-a2b1-19401f2e1c19/export {"uuid": "4739f78c-32a0-4ab4-a2b1-19401f2e1c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38734", "type": "seen", "source": "Telegram/HqVZrl08ts1ueAe8w4pM3nvHtFdAMoEQruFqJJUzvIYKlWTg", "content": "", "creation_timestamp": "2025-03-08T04:35:52.000000Z"} {"uuid": "4739f78c-32a0-4ab4-a2b1-19401f2e1c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38734", "type": "seen", "source": "Telegram/HqVZrl08ts1ueAe8w4pM3nvHtFdAMoEQruFqJJUzvIYKlWTg", "content": "", "creation_timestamp": "2025-03-08T04:35:52.000000Z"} https://vulnerability.circl.lu/sighting/4739f78c-32a0-4ab4-a2b1-19401f2e1c19/export Sat, 08 Mar 2025 04:35:52 +0000 https://vulnerability.circl.lu/sighting/1c7fe71e-dbd7-4987-9eb0-5c4484564e7f/export {"uuid": "1c7fe71e-dbd7-4987-9eb0-5c4484564e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38731", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8067", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38731\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.\n\ud83d\udccf Published: 2023-02-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T14:51:05.923Z\n\ud83d\udd17 References:\n1. https://qaelum.com/solutions/dose\n2. https://www.pwc.co.uk/issues/cyber-security-services/research/ethical-hacking-team-discovered-zero-day-vulnerability.html", "creation_timestamp": "2025-03-19T15:17:51.000000Z"} {"uuid": "1c7fe71e-dbd7-4987-9eb0-5c4484564e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38731", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8067", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38731\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.\n\ud83d\udccf Published: 2023-02-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T14:51:05.923Z\n\ud83d\udd17 References:\n1. https://qaelum.com/solutions/dose\n2. https://www.pwc.co.uk/issues/cyber-security-services/research/ethical-hacking-team-discovered-zero-day-vulnerability.html", "creation_timestamp": "2025-03-19T15:17:51.000000Z"} https://vulnerability.circl.lu/sighting/1c7fe71e-dbd7-4987-9eb0-5c4484564e7f/export Wed, 19 Mar 2025 15:17:51 +0000 https://vulnerability.circl.lu/sighting/8323be6a-9cdd-4c68-ab6f-d643cb127851/export {"uuid": "8323be6a-9cdd-4c68-ab6f-d643cb127851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38733", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12133", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38733\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.\n\ud83d\udccf Published: 2022-12-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-16T18:35:31.486Z\n\ud83d\udd17 References:\n1. https://security.netapp.com/advisory/NTAP-20221220-0001/", "creation_timestamp": "2025-04-16T18:56:10.000000Z"} {"uuid": "8323be6a-9cdd-4c68-ab6f-d643cb127851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38733", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12133", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38733\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.\n\ud83d\udccf Published: 2022-12-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-16T18:35:31.486Z\n\ud83d\udd17 References:\n1. https://security.netapp.com/advisory/NTAP-20221220-0001/", "creation_timestamp": "2025-04-16T18:56:10.000000Z"} https://vulnerability.circl.lu/sighting/8323be6a-9cdd-4c68-ab6f-d643cb127851/export Wed, 16 Apr 2025 18:56:10 +0000 https://vulnerability.circl.lu/sighting/c358ba0b-27cd-455f-89fc-2f55b0f9f8cc/export {"uuid": "c358ba0b-27cd-455f-89fc-2f55b0f9f8cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3873", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14351", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3873\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T17:59:19.909Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/52a4085e-b687-489b-9ed6-f0987583ed77\n2. https://github.com/jgraph/drawio/commit/d37894baf125430e85840c2635563b10d1a6523d", "creation_timestamp": "2025-05-01T18:15:46.000000Z"} {"uuid": "c358ba0b-27cd-455f-89fc-2f55b0f9f8cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3873", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14351", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3873\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T17:59:19.909Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/52a4085e-b687-489b-9ed6-f0987583ed77\n2. https://github.com/jgraph/drawio/commit/d37894baf125430e85840c2635563b10d1a6523d", "creation_timestamp": "2025-05-01T18:15:46.000000Z"} https://vulnerability.circl.lu/sighting/c358ba0b-27cd-455f-89fc-2f55b0f9f8cc/export Thu, 01 May 2025 18:15:46 +0000