https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 08 Jun 2026 01:56:07 +0000 https://vulnerability.circl.lu/sighting/29a62045-06bd-44b9-83da-c52ee9cb502b/export {"uuid": "29a62045-06bd-44b9-83da-c52ee9cb502b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35257", "type": "seen", "source": "https://t.me/cibsecurity/50343", "content": "\u203c CVE-2022-35257 \u203c\n\nA local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:19:36.000000Z"} {"uuid": "29a62045-06bd-44b9-83da-c52ee9cb502b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35257", "type": "seen", "source": "https://t.me/cibsecurity/50343", "content": "\u203c CVE-2022-35257 \u203c\n\nA local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:19:36.000000Z"} https://vulnerability.circl.lu/sighting/29a62045-06bd-44b9-83da-c52ee9cb502b/export Fri, 23 Sep 2022 18:19:36 +0000 https://vulnerability.circl.lu/sighting/332de588-6ff9-4efb-840b-393c4636d23e/export {"uuid": "332de588-6ff9-4efb-840b-393c4636d23e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35253", "type": "seen", "source": "https://t.me/cibsecurity/50344", "content": "\u203c CVE-2022-35253 \u203c\n\nA vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:19:37.000000Z"} {"uuid": "332de588-6ff9-4efb-840b-393c4636d23e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35253", "type": "seen", "source": "https://t.me/cibsecurity/50344", "content": "\u203c CVE-2022-35253 \u203c\n\nA vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:19:37.000000Z"} https://vulnerability.circl.lu/sighting/332de588-6ff9-4efb-840b-393c4636d23e/export Fri, 23 Sep 2022 18:19:37 +0000 https://vulnerability.circl.lu/sighting/a3f129bb-c2f7-4134-b721-4af6cdb4e01b/export {"uuid": "a3f129bb-c2f7-4134-b721-4af6cdb4e01b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35250", "type": "seen", "source": "https://t.me/cibsecurity/50375", "content": "\u203c CVE-2022-35250 \u203c\n\nA privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:13:49.000000Z"} {"uuid": "a3f129bb-c2f7-4134-b721-4af6cdb4e01b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35250", "type": "seen", "source": "https://t.me/cibsecurity/50375", "content": "\u203c CVE-2022-35250 \u203c\n\nA privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:13:49.000000Z"} https://vulnerability.circl.lu/sighting/a3f129bb-c2f7-4134-b721-4af6cdb4e01b/export Fri, 23 Sep 2022 22:13:49 +0000 https://vulnerability.circl.lu/sighting/f85697f2-c1f3-4bc7-bfea-ba05bd373d1c/export {"uuid": "f85697f2-c1f3-4bc7-bfea-ba05bd373d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35256", "type": "seen", "source": "https://t.me/ctinow/67061", "content": "HTTP request smuggling vulnerability in Node.js (CVE-2022-35256)\n\nhttps://ift.tt/DqcajPB", "creation_timestamp": "2022-10-04T06:02:24.000000Z"} {"uuid": "f85697f2-c1f3-4bc7-bfea-ba05bd373d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35256", "type": "seen", "source": "https://t.me/ctinow/67061", "content": "HTTP request smuggling vulnerability in Node.js (CVE-2022-35256)\n\nhttps://ift.tt/DqcajPB", "creation_timestamp": "2022-10-04T06:02:24.000000Z"} https://vulnerability.circl.lu/sighting/f85697f2-c1f3-4bc7-bfea-ba05bd373d1c/export Tue, 04 Oct 2022 06:02:24 +0000 https://vulnerability.circl.lu/sighting/7014d961-3456-4a23-8018-95b8febabb22/export {"uuid": "7014d961-3456-4a23-8018-95b8febabb22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35256", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1296", "content": "CVE-2022-35256: HTTP Request Smuggling in NodeJS https://feed.prelude.org/p/cve-2022-35256", "creation_timestamp": "2022-10-26T17:44:59.000000Z"} {"uuid": "7014d961-3456-4a23-8018-95b8febabb22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35256", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1296", "content": "CVE-2022-35256: HTTP Request Smuggling in NodeJS https://feed.prelude.org/p/cve-2022-35256", "creation_timestamp": "2022-10-26T17:44:59.000000Z"} https://vulnerability.circl.lu/sighting/7014d961-3456-4a23-8018-95b8febabb22/export Wed, 26 Oct 2022 17:44:59 +0000 https://vulnerability.circl.lu/sighting/8dd2e8ac-3fa9-44e5-b0c0-8f536bf3e276/export {"uuid": "8dd2e8ac-3fa9-44e5-b0c0-8f536bf3e276", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3525", "type": "seen", "source": "https://t.me/cibsecurity/53206", "content": "\u203c CVE-2022-3525 \u203c\n\nDeserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-20T07:30:53.000000Z"} {"uuid": "8dd2e8ac-3fa9-44e5-b0c0-8f536bf3e276", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3525", "type": "seen", "source": "https://t.me/cibsecurity/53206", "content": "\u203c CVE-2022-3525 \u203c\n\nDeserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-20T07:30:53.000000Z"} https://vulnerability.circl.lu/sighting/8dd2e8ac-3fa9-44e5-b0c0-8f536bf3e276/export Sun, 20 Nov 2022 07:30:53 +0000 https://vulnerability.circl.lu/sighting/82318b10-140a-4920-a8a6-9dbfaf4c9abc/export {"uuid": "82318b10-140a-4920-a8a6-9dbfaf4c9abc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35254", "type": "seen", "source": "https://t.me/cibsecurity/54026", "content": "\u203c CVE-2022-35254 \u203c\n\nAn unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:12.000000Z"} {"uuid": "82318b10-140a-4920-a8a6-9dbfaf4c9abc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35254", "type": "seen", "source": "https://t.me/cibsecurity/54026", "content": "\u203c CVE-2022-35254 \u203c\n\nAn unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:12.000000Z"} https://vulnerability.circl.lu/sighting/82318b10-140a-4920-a8a6-9dbfaf4c9abc/export Tue, 06 Dec 2022 00:40:12 +0000 https://vulnerability.circl.lu/sighting/3a1fe92b-ca63-4400-afc8-3d5f59b4c877/export {"uuid": "3a1fe92b-ca63-4400-afc8-3d5f59b4c877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35258", "type": "seen", "source": "https://t.me/cibsecurity/54028", "content": "\u203c CVE-2022-35258 \u203c\n\nAn unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:17.000000Z"} {"uuid": "3a1fe92b-ca63-4400-afc8-3d5f59b4c877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35258", "type": "seen", "source": "https://t.me/cibsecurity/54028", "content": "\u203c CVE-2022-35258 \u203c\n\nAn unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:17.000000Z"} https://vulnerability.circl.lu/sighting/3a1fe92b-ca63-4400-afc8-3d5f59b4c877/export Tue, 06 Dec 2022 00:40:17 +0000 https://vulnerability.circl.lu/sighting/40cb79d8-fd3a-45dd-a785-7d66bb6c2c62/export {"uuid": "40cb79d8-fd3a-45dd-a785-7d66bb6c2c62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35252", "type": "seen", "source": "https://daniel.haxx.se/blog/2024/12/12/a-twenty-five-years-old-curl-bug/", "content": "", "creation_timestamp": "2024-12-12T08:18:34.000000Z"} {"uuid": "40cb79d8-fd3a-45dd-a785-7d66bb6c2c62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35252", "type": "seen", "source": "https://daniel.haxx.se/blog/2024/12/12/a-twenty-five-years-old-curl-bug/", "content": "", "creation_timestamp": "2024-12-12T08:18:34.000000Z"} https://vulnerability.circl.lu/sighting/40cb79d8-fd3a-45dd-a785-7d66bb6c2c62/export Thu, 12 Dec 2024 08:18:34 +0000 https://vulnerability.circl.lu/sighting/9877c383-d5d3-467c-9bd6-5e291fa673a6/export {"uuid": "9877c383-d5d3-467c-9bd6-5e291fa673a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35255", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13985", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-35255\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.\n\ud83d\udccf Published: 2022-12-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T05:48:45.486Z\n\ud83d\udd17 References:\n1. https://hackerone.com/reports/1690000\n2. https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\n3. https://security.netapp.com/advisory/ntap-20230113-0002/\n4. https://www.debian.org/security/2023/dsa-5326", "creation_timestamp": "2025-04-30T06:14:19.000000Z"} {"uuid": "9877c383-d5d3-467c-9bd6-5e291fa673a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35255", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13985", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-35255\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.\n\ud83d\udccf Published: 2022-12-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T05:48:45.486Z\n\ud83d\udd17 References:\n1. https://hackerone.com/reports/1690000\n2. https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\n3. https://security.netapp.com/advisory/ntap-20230113-0002/\n4. https://www.debian.org/security/2023/dsa-5326", "creation_timestamp": "2025-04-30T06:14:19.000000Z"} https://vulnerability.circl.lu/sighting/9877c383-d5d3-467c-9bd6-5e291fa673a6/export Wed, 30 Apr 2025 06:14:19 +0000