https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 14 Jun 2026 23:12:04 +0000 https://vulnerability.circl.lu/sighting/2fa74487-29a6-4a27-b8ae-7d5bc667d1f8/export {"uuid": "2fa74487-29a6-4a27-b8ae-7d5bc667d1f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4371", "type": "seen", "source": "https://t.me/cibsecurity/55764", "content": "\u203c CVE-2022-4371 \u203c\n\nThe Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T00:17:03.000000Z"} {"uuid": "2fa74487-29a6-4a27-b8ae-7d5bc667d1f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4371", "type": "seen", "source": "https://t.me/cibsecurity/55764", "content": "\u203c CVE-2022-4371 \u203c\n\nThe Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T00:17:03.000000Z"} https://vulnerability.circl.lu/sighting/2fa74487-29a6-4a27-b8ae-7d5bc667d1f8/export Tue, 03 Jan 2023 00:17:03 +0000 https://vulnerability.circl.lu/sighting/ee6ad8b8-05f9-4ff8-ad08-7c9084ca8a67/export {"uuid": "ee6ad8b8-05f9-4ff8-ad08-7c9084ca8a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43716", "type": "seen", "source": "https://t.me/cibsecurity/61843", "content": "\u203c CVE-2022-43716 \u203c\n\nA vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T14:23:24.000000Z"} {"uuid": "ee6ad8b8-05f9-4ff8-ad08-7c9084ca8a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43716", "type": "seen", "source": "https://t.me/cibsecurity/61843", "content": "\u203c CVE-2022-43716 \u203c\n\nA vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T14:23:24.000000Z"} https://vulnerability.circl.lu/sighting/ee6ad8b8-05f9-4ff8-ad08-7c9084ca8a67/export Tue, 11 Apr 2023 14:23:24 +0000 https://vulnerability.circl.lu/sighting/07b1e460-16ec-4cfa-93ce-49e39d40a47e/export {"uuid": "07b1e460-16ec-4cfa-93ce-49e39d40a47e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43717", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10461", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43717\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions.\u00a0This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\ud83d\udccf Published: 2023-01-16T10:08:04.670Z\n\ud83d\udccf Modified: 2025-04-04T13:54:56.210Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl", "creation_timestamp": "2025-04-04T14:36:09.000000Z"} {"uuid": "07b1e460-16ec-4cfa-93ce-49e39d40a47e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43717", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10461", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43717\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions.\u00a0This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n\ud83d\udccf Published: 2023-01-16T10:08:04.670Z\n\ud83d\udccf Modified: 2025-04-04T13:54:56.210Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl", "creation_timestamp": "2025-04-04T14:36:09.000000Z"} https://vulnerability.circl.lu/sighting/07b1e460-16ec-4cfa-93ce-49e39d40a47e/export Fri, 04 Apr 2025 14:36:09 +0000 https://vulnerability.circl.lu/sighting/cb6c2157-05e2-4db6-b664-ef6c4c44600e/export {"uuid": "cb6c2157-05e2-4db6-b664-ef6c4c44600e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4371", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4371\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well\n\ud83d\udccf Published: 2023-01-02T21:49:06.781Z\n\ud83d\udccf Modified: 2025-04-11T13:41:13.522Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/45f43359-98c2-4447-b51b-2d466bad8261\n2. https://bulletin.iese.de/post/web-invoice_2-1-3_1", "creation_timestamp": "2025-04-11T13:51:15.000000Z"} {"uuid": "cb6c2157-05e2-4db6-b664-ef6c4c44600e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4371", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4371\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well\n\ud83d\udccf Published: 2023-01-02T21:49:06.781Z\n\ud83d\udccf Modified: 2025-04-11T13:41:13.522Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/45f43359-98c2-4447-b51b-2d466bad8261\n2. https://bulletin.iese.de/post/web-invoice_2-1-3_1", "creation_timestamp": "2025-04-11T13:51:15.000000Z"} https://vulnerability.circl.lu/sighting/cb6c2157-05e2-4db6-b664-ef6c4c44600e/export Fri, 11 Apr 2025 13:51:15 +0000