https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 16 Jun 2026 23:21:42 +0000 https://vulnerability.circl.lu/sighting/c497a509-89b1-499a-85c3-97bbd8970c92/export {"uuid": "c497a509-89b1-499a-85c3-97bbd8970c92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43556", "type": "seen", "source": "https://t.me/cibsecurity/54034", "content": "\u203c CVE-2022-43556 \u203c\n\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:27.000000Z"} {"uuid": "c497a509-89b1-499a-85c3-97bbd8970c92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43556", "type": "seen", "source": "https://t.me/cibsecurity/54034", "content": "\u203c CVE-2022-43556 \u203c\n\nConcrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:27.000000Z"} https://vulnerability.circl.lu/sighting/c497a509-89b1-499a-85c3-97bbd8970c92/export Tue, 06 Dec 2022 00:40:27 +0000 https://vulnerability.circl.lu/sighting/612e2483-2e06-444a-b30b-03865f79b657/export {"uuid": "612e2483-2e06-444a-b30b-03865f79b657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43557", "type": "seen", "source": "https://t.me/cibsecurity/54023", "content": "\u203c CVE-2022-43557 \u203c\n\nThe BD BodyGuard\u00e2\u201e\u00a2 infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-24T01:35:29.000000Z"} {"uuid": "612e2483-2e06-444a-b30b-03865f79b657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43557", "type": "seen", "source": "https://t.me/cibsecurity/54023", "content": "\u203c CVE-2022-43557 \u203c\n\nThe BD BodyGuard\u00e2\u201e\u00a2 infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-24T01:35:29.000000Z"} https://vulnerability.circl.lu/sighting/612e2483-2e06-444a-b30b-03865f79b657/export Sat, 24 Dec 2022 01:35:29 +0000 https://vulnerability.circl.lu/sighting/02be18cc-ae4f-4c29-9e18-9c000a37d622/export {"uuid": "02be18cc-ae4f-4c29-9e18-9c000a37d622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43551", "type": "seen", "source": "https://t.me/cibsecurity/55246", "content": "\u203c CVE-2022-43551 \u203c\n\nA vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-01T13:34:42.000000Z"} {"uuid": "02be18cc-ae4f-4c29-9e18-9c000a37d622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43551", "type": "seen", "source": "https://t.me/cibsecurity/55246", "content": "\u203c CVE-2022-43551 \u203c\n\nA vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-01T13:34:42.000000Z"} https://vulnerability.circl.lu/sighting/02be18cc-ae4f-4c29-9e18-9c000a37d622/export Sun, 01 Jan 2023 13:34:42 +0000 https://vulnerability.circl.lu/sighting/20350486-cc5f-42fa-a814-ecec549da6c4/export {"uuid": "20350486-cc5f-42fa-a814-ecec549da6c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4355", "type": "seen", "source": "https://t.me/cibsecurity/55767", "content": "\u203c CVE-2022-4355 \u203c\n\nThe LetsRecover WordPress plugin through 1.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T00:26:40.000000Z"} {"uuid": "20350486-cc5f-42fa-a814-ecec549da6c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4355", "type": "seen", "source": "https://t.me/cibsecurity/55767", "content": "\u203c CVE-2022-4355 \u203c\n\nThe LetsRecover WordPress plugin through 1.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T00:26:40.000000Z"} https://vulnerability.circl.lu/sighting/20350486-cc5f-42fa-a814-ecec549da6c4/export Tue, 03 Jan 2023 00:26:40 +0000 https://vulnerability.circl.lu/sighting/34d98fd7-fbd1-4104-bfbb-e533e2a91141/export {"uuid": "34d98fd7-fbd1-4104-bfbb-e533e2a91141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43551", "type": "seen", "source": "https://t.me/ctinow/91255", "content": "Internet Bug Bounty: CVE-2022-43551: Another HSTS bypass via IDN\n\nhttps://ift.tt/IDwtOEH", "creation_timestamp": "2023-02-03T20:51:56.000000Z"} {"uuid": "34d98fd7-fbd1-4104-bfbb-e533e2a91141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43551", "type": "seen", "source": "https://t.me/ctinow/91255", "content": "Internet Bug Bounty: CVE-2022-43551: Another HSTS bypass via IDN\n\nhttps://ift.tt/IDwtOEH", "creation_timestamp": "2023-02-03T20:51:56.000000Z"} https://vulnerability.circl.lu/sighting/34d98fd7-fbd1-4104-bfbb-e533e2a91141/export Fri, 03 Feb 2023 20:51:56 +0000 https://vulnerability.circl.lu/sighting/d046c772-e64f-449a-8387-25b498d1bfa1/export {"uuid": "d046c772-e64f-449a-8387-25b498d1bfa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43552", "type": "seen", "source": "https://t.me/cibsecurity/57861", "content": "\u203c CVE-2022-43552 \u203c\n\nA use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:12.000000Z"} {"uuid": "d046c772-e64f-449a-8387-25b498d1bfa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43552", "type": "seen", "source": "https://t.me/cibsecurity/57861", "content": "\u203c CVE-2022-43552 \u203c\n\nA use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:12.000000Z"} https://vulnerability.circl.lu/sighting/d046c772-e64f-449a-8387-25b498d1bfa1/export Thu, 09 Feb 2023 22:26:12 +0000 https://vulnerability.circl.lu/sighting/1b2f9b70-3b74-4b84-ab5c-436421dda9d9/export {"uuid": "1b2f9b70-3b74-4b84-ab5c-436421dda9d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43555", "type": "seen", "source": "https://t.me/cibsecurity/73541", "content": "\u203c CVE-2022-43555 \u203c\n\nIvanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-03T23:23:33.000000Z"} {"uuid": "1b2f9b70-3b74-4b84-ab5c-436421dda9d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43555", "type": "seen", "source": "https://t.me/cibsecurity/73541", "content": "\u203c CVE-2022-43555 \u203c\n\nIvanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-03T23:23:33.000000Z"} https://vulnerability.circl.lu/sighting/1b2f9b70-3b74-4b84-ab5c-436421dda9d9/export Fri, 03 Nov 2023 23:23:33 +0000 https://vulnerability.circl.lu/sighting/a288c942-61ab-4c01-b8fa-396782a92a2a/export {"uuid": "a288c942-61ab-4c01-b8fa-396782a92a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43554", "type": "seen", "source": "https://t.me/cibsecurity/73542", "content": "\u203c CVE-2022-43554 \u203c\n\nIvanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-03T23:23:34.000000Z"} {"uuid": "a288c942-61ab-4c01-b8fa-396782a92a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43554", "type": "seen", "source": "https://t.me/cibsecurity/73542", "content": "\u203c CVE-2022-43554 \u203c\n\nIvanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-03T23:23:34.000000Z"} https://vulnerability.circl.lu/sighting/a288c942-61ab-4c01-b8fa-396782a92a2a/export Fri, 03 Nov 2023 23:23:34 +0000 https://vulnerability.circl.lu/sighting/72dfb481-db2f-48d4-acfa-18367cd9c5e2/export {"uuid": "72dfb481-db2f-48d4-acfa-18367cd9c5e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43553", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13222", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43553\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.\n\ud83d\udccf Published: 2022-12-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T14:00:28.595Z\n\ud83d\udd17 References:\n1. https://community.ui.com/releases/Security-Advisory-Bulletin-026-026/07697c65-30b3-4c06-a158-35e06534480d", "creation_timestamp": "2025-04-24T14:05:35.000000Z"} {"uuid": "72dfb481-db2f-48d4-acfa-18367cd9c5e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43553", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13222", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43553\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.\n\ud83d\udccf Published: 2022-12-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T14:00:28.595Z\n\ud83d\udd17 References:\n1. https://community.ui.com/releases/Security-Advisory-Bulletin-026-026/07697c65-30b3-4c06-a158-35e06534480d", "creation_timestamp": "2025-04-24T14:05:35.000000Z"} https://vulnerability.circl.lu/sighting/72dfb481-db2f-48d4-acfa-18367cd9c5e2/export Thu, 24 Apr 2025 14:05:35 +0000 https://vulnerability.circl.lu/sighting/d04b69ce-431b-4555-a133-0e1ffbbc7b26/export {"uuid": "d04b69ce-431b-4555-a133-0e1ffbbc7b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43556", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13223", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43556\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.\n\ud83d\udccf Published: 2022-12-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T13:59:08.743Z\n\ud83d\udd17 References:\n1. https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes\n2. https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes\n3. https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "creation_timestamp": "2025-04-24T14:05:36.000000Z"} {"uuid": "d04b69ce-431b-4555-a133-0e1ffbbc7b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43556", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13223", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43556\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3.\n\ud83d\udccf Published: 2022-12-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T13:59:08.743Z\n\ud83d\udd17 References:\n1. https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes\n2. https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes\n3. https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31", "creation_timestamp": "2025-04-24T14:05:36.000000Z"} https://vulnerability.circl.lu/sighting/d04b69ce-431b-4555-a133-0e1ffbbc7b26/export Thu, 24 Apr 2025 14:05:36 +0000