https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 09:48:18 +0000 https://vulnerability.circl.lu/sighting/28ef31b4-30f6-44ff-a3ee-0c1bef90273d/export {"uuid": "28ef31b4-30f6-44ff-a3ee-0c1bef90273d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4675", "type": "seen", "source": "https://t.me/cibsecurity/56850", "content": "\u203c CVE-2022-4675 \u203c\n\nThe Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:25:22.000000Z"} {"uuid": "28ef31b4-30f6-44ff-a3ee-0c1bef90273d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4675", "type": "seen", "source": "https://t.me/cibsecurity/56850", "content": "\u203c CVE-2022-4675 \u203c\n\nThe Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:25:22.000000Z"} https://vulnerability.circl.lu/sighting/28ef31b4-30f6-44ff-a3ee-0c1bef90273d/export Mon, 23 Jan 2023 18:25:22 +0000 https://vulnerability.circl.lu/sighting/d44d3629-ffbe-499e-a8d9-e8d22b8728b1/export {"uuid": "d44d3629-ffbe-499e-a8d9-e8d22b8728b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46752", "type": "seen", "source": "https://t.me/cibsecurity/59680", "content": "\u203c CVE-2022-46752 \u203c\n\nDell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-08T20:23:19.000000Z"} {"uuid": "d44d3629-ffbe-499e-a8d9-e8d22b8728b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46752", "type": "seen", "source": "https://t.me/cibsecurity/59680", "content": "\u203c CVE-2022-46752 \u203c\n\nDell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-08T20:23:19.000000Z"} https://vulnerability.circl.lu/sighting/d44d3629-ffbe-499e-a8d9-e8d22b8728b1/export Wed, 08 Mar 2023 20:23:19 +0000 https://vulnerability.circl.lu/sighting/a458ed26-808c-4e52-b981-315c1dc48ef6/export {"uuid": "a458ed26-808c-4e52-b981-315c1dc48ef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://t.me/cibsecurity/68874", "content": "\u203c CVE-2022-46751 \u203c\n\nImproper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle's \"Java API for XML Processing (JAXP) Security Guide\".\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-21T12:40:52.000000Z"} {"uuid": "a458ed26-808c-4e52-b981-315c1dc48ef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://t.me/cibsecurity/68874", "content": "\u203c CVE-2022-46751 \u203c\n\nImproper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle's \"Java API for XML Processing (JAXP) Security Guide\".\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-21T12:40:52.000000Z"} https://vulnerability.circl.lu/sighting/a458ed26-808c-4e52-b981-315c1dc48ef6/export Mon, 21 Aug 2023 12:40:52 +0000 https://vulnerability.circl.lu/sighting/84b90dba-83a1-4ce7-ab4f-8e6ae884882d/export {"uuid": "84b90dba-83a1-4ce7-ab4f-8e6ae884882d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46756", "type": "seen", "source": "https://t.me/cibsecurity/57268", "content": "\u203c CVE-2022-46756 \u203c\n\nDell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-25T12:34:50.000000Z"} {"uuid": "84b90dba-83a1-4ce7-ab4f-8e6ae884882d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46756", "type": "seen", "source": "https://t.me/cibsecurity/57268", "content": "\u203c CVE-2022-46756 \u203c\n\nDell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-25T12:34:50.000000Z"} https://vulnerability.circl.lu/sighting/84b90dba-83a1-4ce7-ab4f-8e6ae884882d/export Mon, 25 Sep 2023 12:34:50 +0000 https://vulnerability.circl.lu/sighting/8ac9c6b4-4a60-4ece-ae27-3ee2ca7e0819/export {"uuid": "8ac9c6b4-4a60-4ece-ae27-3ee2ca7e0819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://t.me/ctinow/180780", "content": "https://ift.tt/bgjioMx\nCVE-2022-46751 | Oracle Communications Cloud Native Core Automated Test Suite ATS Framework xml injection", "creation_timestamp": "2024-02-07T16:16:43.000000Z"} {"uuid": "8ac9c6b4-4a60-4ece-ae27-3ee2ca7e0819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://t.me/ctinow/180780", "content": "https://ift.tt/bgjioMx\nCVE-2022-46751 | Oracle Communications Cloud Native Core Automated Test Suite ATS Framework xml injection", "creation_timestamp": "2024-02-07T16:16:43.000000Z"} https://vulnerability.circl.lu/sighting/8ac9c6b4-4a60-4ece-ae27-3ee2ca7e0819/export Wed, 07 Feb 2024 16:16:43 +0000 https://vulnerability.circl.lu/sighting/ec77a7fc-05a9-4d51-9681-6a4518a7e9e8/export {"uuid": "ec77a7fc-05a9-4d51-9681-6a4518a7e9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://t.me/ctinow/181952", "content": "https://ift.tt/8yTgdRn\nCVE-2022-46751 | Oracle Business Intelligence Enterprise Edition 6.4.0.0.0 Visual Analyzer unknown vulnerability", "creation_timestamp": "2024-02-09T10:51:22.000000Z"} {"uuid": "ec77a7fc-05a9-4d51-9681-6a4518a7e9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://t.me/ctinow/181952", "content": "https://ift.tt/8yTgdRn\nCVE-2022-46751 | Oracle Business Intelligence Enterprise Edition 6.4.0.0.0 Visual Analyzer unknown vulnerability", "creation_timestamp": "2024-02-09T10:51:22.000000Z"} https://vulnerability.circl.lu/sighting/ec77a7fc-05a9-4d51-9681-6a4518a7e9e8/export Fri, 09 Feb 2024 10:51:22 +0000 https://vulnerability.circl.lu/sighting/fdbf1c2f-93e9-4f7a-a5db-d20e0d9d9c19/export {"uuid": "fdbf1c2f-93e9-4f7a-a5db-d20e0d9d9c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113477970956610756", "content": "", "creation_timestamp": "2024-11-13T22:20:22.951664Z"} {"uuid": "fdbf1c2f-93e9-4f7a-a5db-d20e0d9d9c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46751", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113477970956610756", "content": "", "creation_timestamp": "2024-11-13T22:20:22.951664Z"} https://vulnerability.circl.lu/sighting/fdbf1c2f-93e9-4f7a-a5db-d20e0d9d9c19/export Wed, 13 Nov 2024 22:20:22 +0000 https://vulnerability.circl.lu/sighting/13caf5b4-3505-4500-a9bc-61d53cf525e4/export {"uuid": "13caf5b4-3505-4500-a9bc-61d53cf525e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46752", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5967", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46752\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: \nDell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.\n\n\n\ud83d\udccf Published: 2023-03-08T16:51:55.033Z\n\ud83d\udccf Modified: 2025-02-28T18:32:37.203Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000207928/dsa-2023-011-dell-client-platform-security-update-for-a-bios-vulnerability", "creation_timestamp": "2025-02-28T19:27:15.000000Z"} {"uuid": "13caf5b4-3505-4500-a9bc-61d53cf525e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46752", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5967", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46752\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: \nDell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.\n\n\n\ud83d\udccf Published: 2023-03-08T16:51:55.033Z\n\ud83d\udccf Modified: 2025-02-28T18:32:37.203Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000207928/dsa-2023-011-dell-client-platform-security-update-for-a-bios-vulnerability", "creation_timestamp": "2025-02-28T19:27:15.000000Z"} https://vulnerability.circl.lu/sighting/13caf5b4-3505-4500-a9bc-61d53cf525e4/export Fri, 28 Feb 2025 19:27:15 +0000 https://vulnerability.circl.lu/sighting/bf08f7b9-3451-48c8-a48b-5226ae3f6ef2/export {"uuid": "bf08f7b9-3451-48c8-a48b-5226ae3f6ef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46754", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46754\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: \nWyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-10T21:25:19.476Z\n\ud83d\udccf Modified: 2025-03-21T19:49:50.393Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000206134/dsa-2022-329-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities", "creation_timestamp": "2025-03-21T20:24:52.000000Z"} {"uuid": "bf08f7b9-3451-48c8-a48b-5226ae3f6ef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46754", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46754\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: \nWyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-10T21:25:19.476Z\n\ud83d\udccf Modified: 2025-03-21T19:49:50.393Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000206134/dsa-2022-329-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities", "creation_timestamp": "2025-03-21T20:24:52.000000Z"} https://vulnerability.circl.lu/sighting/bf08f7b9-3451-48c8-a48b-5226ae3f6ef2/export Fri, 21 Mar 2025 20:24:52 +0000