https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 06 May 2026 11:26:50 +0000 https://vulnerability.circl.lu/sighting/e22b7b8f-039b-4377-92af-aac15bc4c4c4/export {"uuid": "e22b7b8f-039b-4377-92af-aac15bc4c4c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38791", "type": "seen", "source": "https://t.me/cibsecurity/48938", "content": "\u203c CVE-2022-38791 \u203c\n\nIn MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-28T00:31:37.000000Z"} {"uuid": "e22b7b8f-039b-4377-92af-aac15bc4c4c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38791", "type": "seen", "source": "https://t.me/cibsecurity/48938", "content": "\u203c CVE-2022-38791 \u203c\n\nIn MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-28T00:31:37.000000Z"} https://vulnerability.circl.lu/sighting/e22b7b8f-039b-4377-92af-aac15bc4c4c4/export Sun, 28 Aug 2022 00:31:37 +0000 https://vulnerability.circl.lu/sighting/23937be1-bc75-4f42-8039-af7bb6355889/export {"uuid": "23937be1-bc75-4f42-8039-af7bb6355889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38792", "type": "seen", "source": "https://t.me/cibsecurity/48939", "content": "\u203c CVE-2022-38792 \u203c\n\nThe exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-28T00:31:38.000000Z"} {"uuid": "23937be1-bc75-4f42-8039-af7bb6355889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38792", "type": "seen", "source": "https://t.me/cibsecurity/48939", "content": "\u203c CVE-2022-38792 \u203c\n\nThe exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-28T00:31:38.000000Z"} https://vulnerability.circl.lu/sighting/23937be1-bc75-4f42-8039-af7bb6355889/export Sun, 28 Aug 2022 00:31:38 +0000 https://vulnerability.circl.lu/sighting/6ea8612b-0f61-4dc0-8daf-dd6454344e22/export {"uuid": "6ea8612b-0f61-4dc0-8daf-dd6454344e22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38794", "type": "seen", "source": "https://t.me/cibsecurity/48940", "content": "\u203c CVE-2022-38794 \u203c\n\nZaver through 2020-12-15 allows directory traversal via the GET /.. substring.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-28T00:31:39.000000Z"} {"uuid": "6ea8612b-0f61-4dc0-8daf-dd6454344e22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38794", "type": "seen", "source": "https://t.me/cibsecurity/48940", "content": "\u203c CVE-2022-38794 \u203c\n\nZaver through 2020-12-15 allows directory traversal via the GET /.. substring.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-28T00:31:39.000000Z"} https://vulnerability.circl.lu/sighting/6ea8612b-0f61-4dc0-8daf-dd6454344e22/export Sun, 28 Aug 2022 00:31:39 +0000 https://vulnerability.circl.lu/sighting/79c1e3ff-023f-43c1-b921-d86349b763b4/export {"uuid": "79c1e3ff-023f-43c1-b921-d86349b763b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38790", "type": "seen", "source": "https://t.me/cibsecurity/49160", "content": "\u203c CVE-2022-38790 \u203c\n\nWeave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-01T16:38:00.000000Z"} {"uuid": "79c1e3ff-023f-43c1-b921-d86349b763b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38790", "type": "seen", "source": "https://t.me/cibsecurity/49160", "content": "\u203c CVE-2022-38790 \u203c\n\nWeave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-01T16:38:00.000000Z"} https://vulnerability.circl.lu/sighting/79c1e3ff-023f-43c1-b921-d86349b763b4/export Thu, 01 Sep 2022 16:38:00 +0000 https://vulnerability.circl.lu/sighting/a0d920ca-4e6f-4ad4-ac2e-fdfe83f5d9f0/export {"uuid": "a0d920ca-4e6f-4ad4-ac2e-fdfe83f5d9f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38796", "type": "seen", "source": "https://t.me/cibsecurity/49778", "content": "\u203c CVE-2022-38796 \u203c\n\nA Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T18:26:30.000000Z"} {"uuid": "a0d920ca-4e6f-4ad4-ac2e-fdfe83f5d9f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38796", "type": "seen", "source": "https://t.me/cibsecurity/49778", "content": "\u203c CVE-2022-38796 \u203c\n\nA Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T18:26:30.000000Z"} https://vulnerability.circl.lu/sighting/a0d920ca-4e6f-4ad4-ac2e-fdfe83f5d9f0/export Wed, 14 Sep 2022 18:26:30 +0000 https://vulnerability.circl.lu/sighting/0b95d09e-cf6d-4a88-8053-dfe9963a5ab6/export {"uuid": "0b95d09e-cf6d-4a88-8053-dfe9963a5ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3879", "type": "seen", "source": "https://t.me/cibsecurity/54351", "content": "\u203c CVE-2022-3879 \u203c\n\nThe Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T20:21:17.000000Z"} {"uuid": "0b95d09e-cf6d-4a88-8053-dfe9963a5ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3879", "type": "seen", "source": "https://t.me/cibsecurity/54351", "content": "\u203c CVE-2022-3879 \u203c\n\nThe Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T20:21:17.000000Z"} https://vulnerability.circl.lu/sighting/0b95d09e-cf6d-4a88-8053-dfe9963a5ab6/export Mon, 12 Dec 2022 20:21:17 +0000 https://vulnerability.circl.lu/sighting/095d6012-1abb-4d73-b934-5e8ffdf132c9/export {"uuid": "095d6012-1abb-4d73-b934-5e8ffdf132c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38795", "type": "seen", "source": "https://t.me/cibsecurity/67888", "content": "\u203c CVE-2022-38795 \u203c\n\nIn Gitea through 1.17.1, repo cloning can occur in the migration function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T18:14:04.000000Z"} {"uuid": "095d6012-1abb-4d73-b934-5e8ffdf132c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38795", "type": "seen", "source": "https://t.me/cibsecurity/67888", "content": "\u203c CVE-2022-38795 \u203c\n\nIn Gitea through 1.17.1, repo cloning can occur in the migration function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T18:14:04.000000Z"} https://vulnerability.circl.lu/sighting/095d6012-1abb-4d73-b934-5e8ffdf132c9/export Mon, 07 Aug 2023 18:14:04 +0000 https://vulnerability.circl.lu/sighting/57854deb-c337-4861-8792-abec9de1f3e3/export {"uuid": "57854deb-c337-4861-8792-abec9de1f3e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3879", "type": "seen", "source": "https://t.me/arpsyndicate/1644", "content": "#ExploitObserverAlert\n\nCVE-2022-3879\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-3879. The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org\n\nFIRST-EPSS: 0.000510000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2023-12-10T15:18:35.000000Z"} {"uuid": "57854deb-c337-4861-8792-abec9de1f3e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3879", "type": "seen", "source": "https://t.me/arpsyndicate/1644", "content": "#ExploitObserverAlert\n\nCVE-2022-3879\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-3879. The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org\n\nFIRST-EPSS: 0.000510000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2023-12-10T15:18:35.000000Z"} https://vulnerability.circl.lu/sighting/57854deb-c337-4861-8792-abec9de1f3e3/export Sun, 10 Dec 2023 15:18:35 +0000