https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 05 Jun 2026 06:15:15 +0000 https://vulnerability.circl.lu/sighting/1175174d-d37f-41f7-b1b9-262f2b63b43a/export {"uuid": "1175174d-d37f-41f7-b1b9-262f2b63b43a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46180", "type": "seen", "source": "https://t.me/cibsecurity/55911", "content": "\u203c CVE-2022-46180 \u203c\n\nDiscourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T20:18:21.000000Z"} {"uuid": "1175174d-d37f-41f7-b1b9-262f2b63b43a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46180", "type": "seen", "source": "https://t.me/cibsecurity/55911", "content": "\u203c CVE-2022-46180 \u203c\n\nDiscourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T20:18:21.000000Z"} https://vulnerability.circl.lu/sighting/1175174d-d37f-41f7-b1b9-262f2b63b43a/export Wed, 04 Jan 2023 20:18:21 +0000 https://vulnerability.circl.lu/sighting/70be1cd9-05d0-4888-b623-b75259512ae5/export {"uuid": "70be1cd9-05d0-4888-b623-b75259512ae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46180", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7064", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46180\n\ud83d\udd25 CVSS Score: 5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.\n\ud83d\udccf Published: 2023-01-04T16:44:54.487Z\n\ud83d\udccf Modified: 2025-03-10T21:32:39.201Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse-mermaid-theme-component/security/advisories/GHSA-8437-hgcm-p3q3\n2. https://github.com/discourse/discourse-mermaid-theme-component/pull/14\n3. https://github.com/discourse/discourse-mermaid-theme-component/commit/c10bc4a08bf865cee20e5d5dffba535762813f0f", "creation_timestamp": "2025-03-10T21:39:19.000000Z"} {"uuid": "70be1cd9-05d0-4888-b623-b75259512ae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46180", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7064", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46180\n\ud83d\udd25 CVSS Score: 5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.\n\ud83d\udccf Published: 2023-01-04T16:44:54.487Z\n\ud83d\udccf Modified: 2025-03-10T21:32:39.201Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse-mermaid-theme-component/security/advisories/GHSA-8437-hgcm-p3q3\n2. https://github.com/discourse/discourse-mermaid-theme-component/pull/14\n3. https://github.com/discourse/discourse-mermaid-theme-component/commit/c10bc4a08bf865cee20e5d5dffba535762813f0f", "creation_timestamp": "2025-03-10T21:39:19.000000Z"} https://vulnerability.circl.lu/sighting/70be1cd9-05d0-4888-b623-b75259512ae5/export Mon, 10 Mar 2025 21:39:19 +0000