<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 06:20:49 +0000</lastBuildDate>
    <item>
      <title>e2f90fea-4940-4e8a-b10c-c0f7d9eaaa06</title>
      <link>https://vulnerability.circl.lu/sighting/e2f90fea-4940-4e8a-b10c-c0f7d9eaaa06/export</link>
      <description>{"uuid": "e2f90fea-4940-4e8a-b10c-c0f7d9eaaa06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20832", "type": "seen", "source": "https://t.me/cibsecurity/52972", "content": "\u203c CVE-2022-20832 \u203c\n\nMultiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-16T07:51:39.000000Z"}</description>
      <content:encoded>{"uuid": "e2f90fea-4940-4e8a-b10c-c0f7d9eaaa06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20832", "type": "seen", "source": "https://t.me/cibsecurity/52972", "content": "\u203c CVE-2022-20832 \u203c\n\nMultiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-16T07:51:39.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e2f90fea-4940-4e8a-b10c-c0f7d9eaaa06/export</guid>
      <pubDate>Wed, 16 Nov 2022 07:51:39 +0000</pubDate>
    </item>
    <item>
      <title>06f6c2ee-0f41-4e05-b070-393553d840df</title>
      <link>https://vulnerability.circl.lu/sighting/06f6c2ee-0f41-4e05-b070-393553d840df/export</link>
      <description>{"uuid": "06f6c2ee-0f41-4e05-b070-393553d840df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20830", "type": "seen", "source": "https://t.me/cibsecurity/51072", "content": "\u203c CVE-2022-20830 \u203c\n\nA vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:14.000000Z"}</description>
      <content:encoded>{"uuid": "06f6c2ee-0f41-4e05-b070-393553d840df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20830", "type": "seen", "source": "https://t.me/cibsecurity/51072", "content": "\u203c CVE-2022-20830 \u203c\n\nA vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:14.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/06f6c2ee-0f41-4e05-b070-393553d840df/export</guid>
      <pubDate>Tue, 11 Oct 2022 00:25:14 +0000</pubDate>
    </item>
    <item>
      <title>70104d70-1141-464d-9177-54aad6d26a63</title>
      <link>https://vulnerability.circl.lu/sighting/70104d70-1141-464d-9177-54aad6d26a63/export</link>
      <description>{"uuid": "70104d70-1141-464d-9177-54aad6d26a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20837", "type": "seen", "source": "https://t.me/cibsecurity/51070", "content": "\u203c CVE-2022-20837 \u203c\n\nA vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:12.000000Z"}</description>
      <content:encoded>{"uuid": "70104d70-1141-464d-9177-54aad6d26a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20837", "type": "seen", "source": "https://t.me/cibsecurity/51070", "content": "\u203c CVE-2022-20837 \u203c\n\nA vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Note: This vulnerability can be exploited only by sending IPv4 TCP packets through an affected device. This vulnerability cannot be exploited by sending IPv6 traffic.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:12.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/70104d70-1141-464d-9177-54aad6d26a63/export</guid>
      <pubDate>Tue, 11 Oct 2022 00:25:12 +0000</pubDate>
    </item>
    <item>
      <title>16b0e5cb-c67e-4ce9-8664-6c29ff01f7e8</title>
      <link>https://vulnerability.circl.lu/sighting/16b0e5cb-c67e-4ce9-8664-6c29ff01f7e8/export</link>
      <description>{"uuid": "16b0e5cb-c67e-4ce9-8664-6c29ff01f7e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2083", "type": "seen", "source": "https://t.me/cibsecurity/49289", "content": "\u203c CVE-2022-2083 \u203c\n\nThe Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-05T16:12:15.000000Z"}</description>
      <content:encoded>{"uuid": "16b0e5cb-c67e-4ce9-8664-6c29ff01f7e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2083", "type": "seen", "source": "https://t.me/cibsecurity/49289", "content": "\u203c CVE-2022-2083 \u203c\n\nThe Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-05T16:12:15.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/16b0e5cb-c67e-4ce9-8664-6c29ff01f7e8/export</guid>
      <pubDate>Mon, 05 Sep 2022 16:12:15 +0000</pubDate>
    </item>
  </channel>
</rss>
