https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 08 May 2026 20:56:12 +0000 https://vulnerability.circl.lu/sighting/7fe02795-d2a0-4b3f-9dd1-c7a89a0c2d00/export {"uuid": "7fe02795-d2a0-4b3f-9dd1-c7a89a0c2d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24370", "type": "seen", "source": "https://t.me/cibsecurity/37732", "content": "\u203c CVE-2022-24370 \u203c\n\nThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14819.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T22:37:23.000000Z"} {"uuid": "7fe02795-d2a0-4b3f-9dd1-c7a89a0c2d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24370", "type": "seen", "source": "https://t.me/cibsecurity/37732", "content": "\u203c CVE-2022-24370 \u203c\n\nThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14819.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T22:37:23.000000Z"} https://vulnerability.circl.lu/sighting/7fe02795-d2a0-4b3f-9dd1-c7a89a0c2d00/export Fri, 18 Feb 2022 22:37:23 +0000 https://vulnerability.circl.lu/sighting/986b17a3-bffa-4f73-8289-ecbb1ded93bd/export {"uuid": "986b17a3-bffa-4f73-8289-ecbb1ded93bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24374", "type": "seen", "source": "https://t.me/cibsecurity/38014", "content": "\u203c CVE-2022-23916 \u203c\n\nCross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T18:21:10.000000Z"} {"uuid": "986b17a3-bffa-4f73-8289-ecbb1ded93bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24374", "type": "seen", "source": "https://t.me/cibsecurity/38014", "content": "\u203c CVE-2022-23916 \u203c\n\nCross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T18:21:10.000000Z"} https://vulnerability.circl.lu/sighting/986b17a3-bffa-4f73-8289-ecbb1ded93bd/export Thu, 24 Feb 2022 18:21:10 +0000 https://vulnerability.circl.lu/sighting/e5061461-8a6c-4520-99c2-86b40c40b806/export {"uuid": "e5061461-8a6c-4520-99c2-86b40c40b806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24372", "type": "seen", "source": "https://t.me/cibsecurity/41532", "content": "\u203c CVE-2022-24372 \u203c\n\nLinksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T22:13:26.000000Z"} {"uuid": "e5061461-8a6c-4520-99c2-86b40c40b806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24372", "type": "seen", "source": "https://t.me/cibsecurity/41532", "content": "\u203c CVE-2022-24372 \u203c\n\nLinksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T22:13:26.000000Z"} https://vulnerability.circl.lu/sighting/e5061461-8a6c-4520-99c2-86b40c40b806/export Wed, 27 Apr 2022 22:13:26 +0000 https://vulnerability.circl.lu/sighting/5278c58c-91c9-44c7-b8fa-81fee6f80c24/export {"uuid": "5278c58c-91c9-44c7-b8fa-81fee6f80c24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24376", "type": "seen", "source": "https://t.me/cibsecurity/44224", "content": "\u203c CVE-2022-24376 \u203c\n\nAll versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-11T00:34:53.000000Z"} {"uuid": "5278c58c-91c9-44c7-b8fa-81fee6f80c24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24376", "type": "seen", "source": "https://t.me/cibsecurity/44224", "content": "\u203c CVE-2022-24376 \u203c\n\nAll versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-11T00:34:53.000000Z"} https://vulnerability.circl.lu/sighting/5278c58c-91c9-44c7-b8fa-81fee6f80c24/export Sat, 11 Jun 2022 00:34:53 +0000 https://vulnerability.circl.lu/sighting/f3c96854-d388-447b-8bda-65bd533b2d00/export {"uuid": "f3c96854-d388-447b-8bda-65bd533b2d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2437", "type": "seen", "source": "https://t.me/cibsecurity/46467", "content": "\u203c CVE-2022-2437 \u203c\n\nThe Feed Them Social \u00e2\u20ac\u201c for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T20:39:40.000000Z"} {"uuid": "f3c96854-d388-447b-8bda-65bd533b2d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2437", "type": "seen", "source": "https://t.me/cibsecurity/46467", "content": "\u203c CVE-2022-2437 \u203c\n\nThe Feed Them Social \u00e2\u20ac\u201c for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T20:39:40.000000Z"} https://vulnerability.circl.lu/sighting/f3c96854-d388-447b-8bda-65bd533b2d00/export Mon, 18 Jul 2022 20:39:40 +0000 https://vulnerability.circl.lu/sighting/41e301dd-8e4b-4487-90e0-715b711443c4/export {"uuid": "41e301dd-8e4b-4487-90e0-715b711443c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24378", "type": "seen", "source": "https://t.me/cibsecurity/48390", "content": "\u203c CVE-2022-24378 \u203c\n\nImproper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T00:16:51.000000Z"} {"uuid": "41e301dd-8e4b-4487-90e0-715b711443c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24378", "type": "seen", "source": "https://t.me/cibsecurity/48390", "content": "\u203c CVE-2022-24378 \u203c\n\nImproper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T00:16:51.000000Z"} https://vulnerability.circl.lu/sighting/41e301dd-8e4b-4487-90e0-715b711443c4/export Fri, 19 Aug 2022 00:16:51 +0000 https://vulnerability.circl.lu/sighting/4743f16e-8318-46ea-b623-0e8df9ad81ef/export {"uuid": "4743f16e-8318-46ea-b623-0e8df9ad81ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24375", "type": "seen", "source": "https://t.me/cibsecurity/48629", "content": "\u203c CVE-2022-24375 \u203c\n\nThe package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T12:22:23.000000Z"} {"uuid": "4743f16e-8318-46ea-b623-0e8df9ad81ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24375", "type": "seen", "source": "https://t.me/cibsecurity/48629", "content": "\u203c CVE-2022-24375 \u203c\n\nThe package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T12:22:23.000000Z"} https://vulnerability.circl.lu/sighting/4743f16e-8318-46ea-b623-0e8df9ad81ef/export Wed, 24 Aug 2022 12:22:23 +0000