Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 15 Jun 2026 08:04:56 +0000 c0c599c3-c39c-4d26-aeb6-4de2b79dbacd https://vulnerability.circl.lu/sighting/c0c599c3-c39c-4d26-aeb6-4de2b79dbacd/export {"uuid": "c0c599c3-c39c-4d26-aeb6-4de2b79dbacd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43709", "type": "seen", "source": "https://t.me/cibsecurity/53296", "content": "\u203c CVE-2022-43709 \u203c\n\nMyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T02:56:25.000000Z"} {"uuid": "c0c599c3-c39c-4d26-aeb6-4de2b79dbacd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43709", "type": "seen", "source": "https://t.me/cibsecurity/53296", "content": "\u203c CVE-2022-43709 \u203c\n\nMyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T02:56:25.000000Z"} https://vulnerability.circl.lu/sighting/c0c599c3-c39c-4d26-aeb6-4de2b79dbacd/export Tue, 22 Nov 2022 02:56:25 +0000 02fb216b-6873-4a54-99d4-f975532b2534 https://vulnerability.circl.lu/sighting/02fb216b-6873-4a54-99d4-f975532b2534/export {"uuid": "02fb216b-6873-4a54-99d4-f975532b2534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43704", "type": "seen", "source": "https://t.me/cibsecurity/56779", "content": "\u203c CVE-2022-43704 \u203c\n\nThe Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-20T20:22:57.000000Z"} {"uuid": "02fb216b-6873-4a54-99d4-f975532b2534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43704", "type": "seen", "source": "https://t.me/cibsecurity/56779", "content": "\u203c CVE-2022-43704 \u203c\n\nThe Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-20T20:22:57.000000Z"} https://vulnerability.circl.lu/sighting/02fb216b-6873-4a54-99d4-f975532b2534/export Fri, 20 Jan 2023 20:22:57 +0000 f0566060-7ccb-4b94-9418-8d347f6b9a27 https://vulnerability.circl.lu/sighting/f0566060-7ccb-4b94-9418-8d347f6b9a27/export {"uuid": "f0566060-7ccb-4b94-9418-8d347f6b9a27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43707", "type": "seen", "source": "MISP/fc233a3d-51a7-48a0-a25a-637324062854", "content": "", "creation_timestamp": "2023-03-16T11:15:01.000000Z"} {"uuid": "f0566060-7ccb-4b94-9418-8d347f6b9a27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43707", "type": "seen", "source": "MISP/fc233a3d-51a7-48a0-a25a-637324062854", "content": "", "creation_timestamp": "2023-03-16T11:15:01.000000Z"} https://vulnerability.circl.lu/sighting/f0566060-7ccb-4b94-9418-8d347f6b9a27/export Thu, 16 Mar 2023 11:15:01 +0000 53f5ad7e-2700-4704-a657-837340ddb272 https://vulnerability.circl.lu/sighting/53f5ad7e-2700-4704-a657-837340ddb272/export {"uuid": "53f5ad7e-2700-4704-a657-837340ddb272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43702", "type": "seen", "source": "https://t.me/cibsecurity/67354", "content": "\u203c CVE-2022-43702 \u203c\n\nWhen the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T02:28:54.000000Z"} {"uuid": "53f5ad7e-2700-4704-a657-837340ddb272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43702", "type": "seen", "source": "https://t.me/cibsecurity/67354", "content": "\u203c CVE-2022-43702 \u203c\n\nWhen the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T02:28:54.000000Z"} https://vulnerability.circl.lu/sighting/53f5ad7e-2700-4704-a657-837340ddb272/export Fri, 28 Jul 2023 02:28:54 +0000 490dd200-b91a-4c4c-93d8-1bd4b20bd9db https://vulnerability.circl.lu/sighting/490dd200-b91a-4c4c-93d8-1bd4b20bd9db/export {"uuid": "490dd200-b91a-4c4c-93d8-1bd4b20bd9db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43701", "type": "seen", "source": "https://t.me/cibsecurity/67353", "content": "\u203c CVE-2022-43701 \u203c\n\nWhen the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T02:40:11.000000Z"} {"uuid": "490dd200-b91a-4c4c-93d8-1bd4b20bd9db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43701", "type": "seen", "source": "https://t.me/cibsecurity/67353", "content": "\u203c CVE-2022-43701 \u203c\n\nWhen the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T02:40:11.000000Z"} https://vulnerability.circl.lu/sighting/490dd200-b91a-4c4c-93d8-1bd4b20bd9db/export Fri, 28 Jul 2023 02:40:11 +0000 960b944e-71fd-4757-8ee4-d3ac465fe126 https://vulnerability.circl.lu/sighting/960b944e-71fd-4757-8ee4-d3ac465fe126/export {"uuid": "960b944e-71fd-4757-8ee4-d3ac465fe126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43703", "type": "seen", "source": "https://t.me/cibsecurity/67352", "content": "\u203c CVE-2022-43703 \u203c\n\nAn installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-31T20:37:57.000000Z"} {"uuid": "960b944e-71fd-4757-8ee4-d3ac465fe126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43703", "type": "seen", "source": "https://t.me/cibsecurity/67352", "content": "\u203c CVE-2022-43703 \u203c\n\nAn installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-31T20:37:57.000000Z"} https://vulnerability.circl.lu/sighting/960b944e-71fd-4757-8ee4-d3ac465fe126/export Mon, 31 Jul 2023 20:37:57 +0000 4bdfa002-e615-40f5-9f0a-83a7efceb15c https://vulnerability.circl.lu/sighting/4bdfa002-e615-40f5-9f0a-83a7efceb15c/export {"uuid": "4bdfa002-e615-40f5-9f0a-83a7efceb15c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4370", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11426", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4370\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.\n\ud83d\udccf Published: 2023-01-02T21:49:09.194Z\n\ud83d\udccf Modified: 2025-04-11T13:39:14.137Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/cf336783-9959-413d-a5d7-73c7087426d8\n2. https://bulletin.iese.de/post/multimedial-images_1-0b", "creation_timestamp": "2025-04-11T13:51:21.000000Z"} {"uuid": "4bdfa002-e615-40f5-9f0a-83a7efceb15c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4370", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11426", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4370\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.\n\ud83d\udccf Published: 2023-01-02T21:49:09.194Z\n\ud83d\udccf Modified: 2025-04-11T13:39:14.137Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/cf336783-9959-413d-a5d7-73c7087426d8\n2. https://bulletin.iese.de/post/multimedial-images_1-0b", "creation_timestamp": "2025-04-11T13:51:21.000000Z"} https://vulnerability.circl.lu/sighting/4bdfa002-e615-40f5-9f0a-83a7efceb15c/export Fri, 11 Apr 2025 13:51:21 +0000 258a957b-771c-4a20-973a-30f2d78600fc https://vulnerability.circl.lu/sighting/258a957b-771c-4a20-973a-30f2d78600fc/export {"uuid": "258a957b-771c-4a20-973a-30f2d78600fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43706", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13225", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43706\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.\n\ud83d\udccf Published: 2022-12-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T13:57:41.968Z\n\ud83d\udd17 References:\n1. https://stackstorm.com/2022/12/v3-8-0-released/", "creation_timestamp": "2025-04-24T14:05:41.000000Z"} {"uuid": "258a957b-771c-4a20-973a-30f2d78600fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43706", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13225", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43706\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.\n\ud83d\udccf Published: 2022-12-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T13:57:41.968Z\n\ud83d\udd17 References:\n1. https://stackstorm.com/2022/12/v3-8-0-released/", "creation_timestamp": "2025-04-24T14:05:41.000000Z"} https://vulnerability.circl.lu/sighting/258a957b-771c-4a20-973a-30f2d78600fc/export Thu, 24 Apr 2025 14:05:41 +0000