https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 14 Jun 2026 23:10:20 +0000 https://vulnerability.circl.lu/sighting/169467ca-9156-48d2-b8e5-1115c7d4f2a0/export {"uuid": "169467ca-9156-48d2-b8e5-1115c7d4f2a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38808", "type": "seen", "source": "https://t.me/cibsecurity/49913", "content": "\u203c CVE-2022-38808 \u203c\n\nywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T18:28:53.000000Z"} {"uuid": "169467ca-9156-48d2-b8e5-1115c7d4f2a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38808", "type": "seen", "source": "https://t.me/cibsecurity/49913", "content": "\u203c CVE-2022-38808 \u203c\n\nywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T18:28:53.000000Z"} https://vulnerability.circl.lu/sighting/169467ca-9156-48d2-b8e5-1115c7d4f2a0/export Fri, 16 Sep 2022 18:28:53 +0000 https://vulnerability.circl.lu/sighting/2b543c3a-4c02-49b2-a8be-5764b2c9d0ca/export {"uuid": "2b543c3a-4c02-49b2-a8be-5764b2c9d0ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38801", "type": "seen", "source": "https://t.me/cibsecurity/53719", "content": "\u203c CVE-2022-38801 \u203c\n\nIn Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:14.000000Z"} {"uuid": "2b543c3a-4c02-49b2-a8be-5764b2c9d0ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38801", "type": "seen", "source": "https://t.me/cibsecurity/53719", "content": "\u203c CVE-2022-38801 \u203c\n\nIn Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:14.000000Z"} https://vulnerability.circl.lu/sighting/2b543c3a-4c02-49b2-a8be-5764b2c9d0ca/export Wed, 30 Nov 2022 16:29:14 +0000 https://vulnerability.circl.lu/sighting/0b8e993f-aefe-44eb-9783-f70fb45fe0d3/export {"uuid": "0b8e993f-aefe-44eb-9783-f70fb45fe0d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38803", "type": "seen", "source": "https://t.me/cibsecurity/53720", "content": "\u203c CVE-2022-38803 \u203c\n\nZkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:15.000000Z"} {"uuid": "0b8e993f-aefe-44eb-9783-f70fb45fe0d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38803", "type": "seen", "source": "https://t.me/cibsecurity/53720", "content": "\u203c CVE-2022-38803 \u203c\n\nZkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:15.000000Z"} https://vulnerability.circl.lu/sighting/0b8e993f-aefe-44eb-9783-f70fb45fe0d3/export Wed, 30 Nov 2022 16:29:15 +0000 https://vulnerability.circl.lu/sighting/a8edd829-6aba-4d60-a3e0-cc8ccecf4bd1/export {"uuid": "a8edd829-6aba-4d60-a3e0-cc8ccecf4bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38802", "type": "seen", "source": "https://t.me/cibsecurity/53721", "content": "\u203c CVE-2022-38802 \u203c\n\nZkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:16.000000Z"} {"uuid": "a8edd829-6aba-4d60-a3e0-cc8ccecf4bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38802", "type": "seen", "source": "https://t.me/cibsecurity/53721", "content": "\u203c CVE-2022-38802 \u203c\n\nZkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:16.000000Z"} https://vulnerability.circl.lu/sighting/a8edd829-6aba-4d60-a3e0-cc8ccecf4bd1/export Wed, 30 Nov 2022 16:29:16 +0000 https://vulnerability.circl.lu/sighting/7e683210-0f46-4bda-8fb0-fae84b3d1dfb/export {"uuid": "7e683210-0f46-4bda-8fb0-fae84b3d1dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3880", "type": "seen", "source": "https://t.me/cibsecurity/54339", "content": "\u203c CVE-2022-3880 \u203c\n\nThe Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T13:16:23.000000Z"} {"uuid": "7e683210-0f46-4bda-8fb0-fae84b3d1dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3880", "type": "seen", "source": "https://t.me/cibsecurity/54339", "content": "\u203c CVE-2022-3880 \u203c\n\nThe Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T13:16:23.000000Z"} https://vulnerability.circl.lu/sighting/7e683210-0f46-4bda-8fb0-fae84b3d1dfb/export Tue, 20 Dec 2022 13:16:23 +0000