https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 29 Jun 2026 17:22:07 +0000 https://vulnerability.circl.lu/sighting/0e527101-dbed-4d63-93df-2a3866f3f122/export {"uuid": "0e527101-dbed-4d63-93df-2a3866f3f122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46907", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrsq274uc2m", "content": "", "creation_timestamp": "2025-08-19T21:02:29.409974Z"} {"uuid": "0e527101-dbed-4d63-93df-2a3866f3f122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46907", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrsq274uc2m", "content": "", "creation_timestamp": "2025-08-19T21:02:29.409974Z"} https://vulnerability.circl.lu/sighting/0e527101-dbed-4d63-93df-2a3866f3f122/export Tue, 19 Aug 2025 21:02:29 +0000 https://vulnerability.circl.lu/sighting/c82004bf-560e-4e05-952c-b110dbf94d2a/export {"uuid": "c82004bf-560e-4e05-952c-b110dbf94d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46908", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3lupieut7fr22", "content": "", "creation_timestamp": "2025-07-24T12:01:26.340853Z"} {"uuid": "c82004bf-560e-4e05-952c-b110dbf94d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46908", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3lupieut7fr22", "content": "", "creation_timestamp": "2025-07-24T12:01:26.340853Z"} https://vulnerability.circl.lu/sighting/c82004bf-560e-4e05-952c-b110dbf94d2a/export Thu, 24 Jul 2025 12:01:26 +0000 https://vulnerability.circl.lu/sighting/de39fc4b-4560-45e9-be77-d14a08f1d599/export {"uuid": "de39fc4b-4560-45e9-be77-d14a08f1d599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46908", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14909", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46908\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.\n\ud83d\udccf Published: 2022-12-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T16:11:57.403Z\n\ud83d\udd17 References:\n1. https://news.ycombinator.com/item?id=33948588\n2. https://sqlite.org/forum/forumpost/07beac8056151b2f\n3. https://sqlite.org/src/info/cefc032473ac5ad2\n4. https://security.netapp.com/advisory/ntap-20230203-0005/\n5. https://security.gentoo.org/glsa/202311-03", "creation_timestamp": "2025-05-05T16:20:01.000000Z"} {"uuid": "de39fc4b-4560-45e9-be77-d14a08f1d599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46908", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14909", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46908\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.\n\ud83d\udccf Published: 2022-12-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T16:11:57.403Z\n\ud83d\udd17 References:\n1. https://news.ycombinator.com/item?id=33948588\n2. https://sqlite.org/forum/forumpost/07beac8056151b2f\n3. https://sqlite.org/src/info/cefc032473ac5ad2\n4. https://security.netapp.com/advisory/ntap-20230203-0005/\n5. https://security.gentoo.org/glsa/202311-03", "creation_timestamp": "2025-05-05T16:20:01.000000Z"} https://vulnerability.circl.lu/sighting/de39fc4b-4560-45e9-be77-d14a08f1d599/export Mon, 05 May 2025 16:20:01 +0000 https://vulnerability.circl.lu/sighting/b0cfb6ac-1747-4df9-a97f-872b17a875e8/export {"uuid": "b0cfb6ac-1747-4df9-a97f-872b17a875e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46903", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12943", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46903\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS.\n\ud83d\udccf Published: 2022-12-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T18:41:47.445Z\n\ud83d\udd17 References:\n1. https://news.websoft.ru/_wt/wiki_base/7175851369410989446", "creation_timestamp": "2025-04-22T19:03:35.000000Z"} {"uuid": "b0cfb6ac-1747-4df9-a97f-872b17a875e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46903", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12943", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46903\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS.\n\ud83d\udccf Published: 2022-12-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T18:41:47.445Z\n\ud83d\udd17 References:\n1. https://news.websoft.ru/_wt/wiki_base/7175851369410989446", "creation_timestamp": "2025-04-22T19:03:35.000000Z"} https://vulnerability.circl.lu/sighting/b0cfb6ac-1747-4df9-a97f-872b17a875e8/export Tue, 22 Apr 2025 19:03:35 +0000 https://vulnerability.circl.lu/sighting/dfc23ca6-7047-4bfa-8a68-b3649d449dfe/export {"uuid": "dfc23ca6-7047-4bfa-8a68-b3649d449dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46908", "type": "seen", "source": "https://t.me/ctinow/182326", "content": "https://ift.tt/Pgc4kOh\nCVE-2022-46908 | Oracle MySQL Workbench 8.0.34 and prior Local Privilege Escalation", "creation_timestamp": "2024-02-09T23:26:47.000000Z"} {"uuid": "dfc23ca6-7047-4bfa-8a68-b3649d449dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46908", "type": "seen", "source": "https://t.me/ctinow/182326", "content": "https://ift.tt/Pgc4kOh\nCVE-2022-46908 | Oracle MySQL Workbench 8.0.34 and prior Local Privilege Escalation", "creation_timestamp": "2024-02-09T23:26:47.000000Z"} https://vulnerability.circl.lu/sighting/dfc23ca6-7047-4bfa-8a68-b3649d449dfe/export Fri, 09 Feb 2024 23:26:47 +0000 https://vulnerability.circl.lu/sighting/4b1474b4-64a5-4f61-adbb-0073a8442736/export {"uuid": "4b1474b4-64a5-4f61-adbb-0073a8442736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46907", "type": "seen", "source": "https://t.me/arpsyndicate/3133", "content": "#ExploitObserverAlert\n\nCVE-2022-46907\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-46907. A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.\n\nFIRST-EPSS: 0.001850000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T00:34:02.000000Z"} {"uuid": "4b1474b4-64a5-4f61-adbb-0073a8442736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46907", "type": "seen", "source": "https://t.me/arpsyndicate/3133", "content": "#ExploitObserverAlert\n\nCVE-2022-46907\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-46907. A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.\n\nFIRST-EPSS: 0.001850000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2024-01-28T00:34:02.000000Z"} https://vulnerability.circl.lu/sighting/4b1474b4-64a5-4f61-adbb-0073a8442736/export Sun, 28 Jan 2024 00:34:02 +0000 https://vulnerability.circl.lu/sighting/89376a19-651e-451a-afb1-0b426011582e/export {"uuid": "89376a19-651e-451a-afb1-0b426011582e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46900", "type": "seen", "source": "https://t.me/cibsecurity/67271", "content": "\u203c CVE-2022-46900 \u203c\n\nAn issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:31.000000Z"} {"uuid": "89376a19-651e-451a-afb1-0b426011582e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46900", "type": "seen", "source": "https://t.me/cibsecurity/67271", "content": "\u203c CVE-2022-46900 \u203c\n\nAn issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:31.000000Z"} https://vulnerability.circl.lu/sighting/89376a19-651e-451a-afb1-0b426011582e/export Wed, 26 Jul 2023 00:27:31 +0000 https://vulnerability.circl.lu/sighting/e2641faa-e6dc-4728-889e-915300d9910e/export {"uuid": "e2641faa-e6dc-4728-889e-915300d9910e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46902", "type": "seen", "source": "https://t.me/cibsecurity/67268", "content": "\u203c CVE-2022-46902 \u203c\n\nAn issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:25.000000Z"} {"uuid": "e2641faa-e6dc-4728-889e-915300d9910e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46902", "type": "seen", "source": "https://t.me/cibsecurity/67268", "content": "\u203c CVE-2022-46902 \u203c\n\nAn issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:25.000000Z"} https://vulnerability.circl.lu/sighting/e2641faa-e6dc-4728-889e-915300d9910e/export Wed, 26 Jul 2023 00:27:25 +0000 https://vulnerability.circl.lu/sighting/2010fc05-678f-4b1d-a1fb-ca2e33113c65/export {"uuid": "2010fc05-678f-4b1d-a1fb-ca2e33113c65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46901", "type": "seen", "source": "https://t.me/cibsecurity/67256", "content": "\u203c CVE-2022-46901 \u203c\n\nAn issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:08.000000Z"} {"uuid": "2010fc05-678f-4b1d-a1fb-ca2e33113c65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46901", "type": "seen", "source": "https://t.me/cibsecurity/67256", "content": "\u203c CVE-2022-46901 \u203c\n\nAn issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:08.000000Z"} https://vulnerability.circl.lu/sighting/2010fc05-678f-4b1d-a1fb-ca2e33113c65/export Wed, 26 Jul 2023 00:27:08 +0000 https://vulnerability.circl.lu/sighting/6c46a7b6-8fcb-4c68-8105-372a06577a04/export {"uuid": "6c46a7b6-8fcb-4c68-8105-372a06577a04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4690", "type": "seen", "source": "https://t.me/cibsecurity/55239", "content": "\u203c CVE-2022-4690 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T14:14:33.000000Z"} {"uuid": "6c46a7b6-8fcb-4c68-8105-372a06577a04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4690", "type": "seen", "source": "https://t.me/cibsecurity/55239", "content": "\u203c CVE-2022-4690 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T14:14:33.000000Z"} https://vulnerability.circl.lu/sighting/6c46a7b6-8fcb-4c68-8105-372a06577a04/export Fri, 23 Dec 2022 14:14:33 +0000