https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 12:42:36 +0000 https://vulnerability.circl.lu/sighting/a8b18c71-6727-4b18-b08c-fbf5a8eafd8c/export {"uuid": "a8b18c71-6727-4b18-b08c-fbf5a8eafd8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42753", "type": "seen", "source": "https://t.me/cibsecurity/52522", "content": "\u203c CVE-2022-42753 \u203c\n\nSalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T21:20:49.000000Z"} {"uuid": "a8b18c71-6727-4b18-b08c-fbf5a8eafd8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42753", "type": "seen", "source": "https://t.me/cibsecurity/52522", "content": "\u203c CVE-2022-42753 \u203c\n\nSalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T21:20:49.000000Z"} https://vulnerability.circl.lu/sighting/a8b18c71-6727-4b18-b08c-fbf5a8eafd8c/export Thu, 03 Nov 2022 21:20:49 +0000 https://vulnerability.circl.lu/sighting/7a659654-4816-42de-bd95-ac8c9dfab5bc/export {"uuid": "7a659654-4816-42de-bd95-ac8c9dfab5bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42750", "type": "seen", "source": "https://t.me/cibsecurity/52526", "content": "\u203c CVE-2022-42750 \u203c\n\nCandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T21:20:53.000000Z"} {"uuid": "7a659654-4816-42de-bd95-ac8c9dfab5bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42750", "type": "seen", "source": "https://t.me/cibsecurity/52526", "content": "\u203c CVE-2022-42750 \u203c\n\nCandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T21:20:53.000000Z"} https://vulnerability.circl.lu/sighting/7a659654-4816-42de-bd95-ac8c9dfab5bc/export Thu, 03 Nov 2022 21:20:53 +0000 https://vulnerability.circl.lu/sighting/e763becb-3a1a-4f84-8fcd-48363ec0462a/export {"uuid": "e763becb-3a1a-4f84-8fcd-48363ec0462a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42751", "type": "seen", "source": "https://t.me/cibsecurity/52528", "content": "\u203c CVE-2022-42751 \u203c\n\nCandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T21:20:58.000000Z"} {"uuid": "e763becb-3a1a-4f84-8fcd-48363ec0462a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42751", "type": "seen", "source": "https://t.me/cibsecurity/52528", "content": "\u203c CVE-2022-42751 \u203c\n\nCandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T21:20:58.000000Z"} https://vulnerability.circl.lu/sighting/e763becb-3a1a-4f84-8fcd-48363ec0462a/export Thu, 03 Nov 2022 21:20:58 +0000 https://vulnerability.circl.lu/sighting/72708781-ff34-4ca7-8d8d-ad48e1f7d0ad/export {"uuid": "72708781-ff34-4ca7-8d8d-ad48e1f7d0ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4275", "type": "seen", "source": "https://t.me/cibsecurity/53951", "content": "\u203c CVE-2022-4275 \u203c\n\nA vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-03T18:37:59.000000Z"} {"uuid": "72708781-ff34-4ca7-8d8d-ad48e1f7d0ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4275", "type": "seen", "source": "https://t.me/cibsecurity/53951", "content": "\u203c CVE-2022-4275 \u203c\n\nA vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-03T18:37:59.000000Z"} https://vulnerability.circl.lu/sighting/72708781-ff34-4ca7-8d8d-ad48e1f7d0ad/export Sat, 03 Dec 2022 18:37:59 +0000