https://vulnerability.circl.lu/sightings/feed 2026-06-14T14:32:38.111185+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/3f551860-3870-43ff-8e7a-c17158f1c7be/export 2026-06-14T14:32:38.434437+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "3f551860-3870-43ff-8e7a-c17158f1c7be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "seen", "source": "https://t.me/cibsecurity/56535", "content": "\u203c CVE-2022-4060 \u203c\n\nThe User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-16T18:24:03.000000Z"} 2023-01-16T18:24:03+00:00 https://vulnerability.circl.lu/sighting/f4bbc2db-3f17-45a4-b93f-e4cdd3fd1c72/export 2026-06-14T14:32:38.434369+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "f4bbc2db-3f17-45a4-b93f-e4cdd3fd1c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40609", "type": "seen", "source": "https://t.me/cibsecurity/67592", "content": "\u203c CVE-2022-40609 \u203c\n\nIBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T20:48:00.000000Z"} 2023-08-02T20:48:00+00:00 https://vulnerability.circl.lu/sighting/f817b75a-e456-40d9-84bc-698338b74a45/export 2026-06-14T14:32:38.434305+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "f817b75a-e456-40d9-84bc-698338b74a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1158", "content": "", "creation_timestamp": "2023-09-13T02:18:15.000000Z"} 2023-09-13T02:18:15+00:00 https://vulnerability.circl.lu/sighting/f5f2ed6b-fa02-4310-b269-68ede3e62de1/export 2026-06-14T14:32:38.434237+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "f5f2ed6b-fa02-4310-b269-68ede3e62de1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "published-proof-of-concept", "source": "https://t.me/v3n0mhack/280", "content": "WordPress RCE \n\nAutomatic Mass Tool for checking vulnerability in CVE-2022-4060 - WordPress Plugin : User Post Gallery <= 2.19 - Unauthenticated RCE\n\nLink: https://github.com/im-hanzou/UPGer\n\n\u2764\ufe0f", "creation_timestamp": "2023-09-16T11:53:50.000000Z"} 2023-09-16T11:53:50+00:00 https://vulnerability.circl.lu/sighting/c5224afd-966e-4188-afc4-8af626b27d9b/export 2026-06-14T14:32:38.434166+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "c5224afd-966e-4188-afc4-8af626b27d9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "published-proof-of-concept", "source": "Telegram/L0OHMinpfsBq5D28j79O71SwWui-pIwDdJhh8Em30YtM", "content": "", "creation_timestamp": "2023-10-22T18:26:56.000000Z"} 2023-10-22T18:26:56+00:00 https://vulnerability.circl.lu/sighting/158fcf79-761c-4c7a-894d-c53587f9906f/export 2026-06-14T14:32:38.434091+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "158fcf79-761c-4c7a-894d-c53587f9906f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40602", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7426", "content": "#exploit\n1. CVE-2022-40309, CVE-2022-40308:\nApache Archiva <2.2.9 - Arbitrary Directory Delete / Arbitrary File Read\nhttps://xz.aliyun.com/t/11979\n\n2. CVE-2022-40602:\nZyXEL LTE3301-M209 - \"Backdoor\" credentials\nhttps://resolverblog.blogspot.com/2022/12/cve-2022-40602-zyxel-lte3301-m209.html\n]-> D-Link DWR-921/925/118 Hardcoded backdoor implemented by vendor:\nhttps://resolverblog.blogspot.com/2022/12/d-link-dwr-921-dwr-925-dwr-118.html\n\n3. DirtyCred Remastered: how to turn an UAF into Privilege Escalation\nhttps://exploiter.dev/blog/2022/CVE-2022-2602.html", "creation_timestamp": "2024-10-10T19:09:53.000000Z"} 2024-10-10T19:09:53+00:00 https://vulnerability.circl.lu/sighting/20b9ddb9-7c9c-4818-821f-fe7e0dcbd524/export 2026-06-14T14:32:38.434021+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "20b9ddb9-7c9c-4818-821f-fe7e0dcbd524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40604", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lfzsdzfmqo2v", "content": "", "creation_timestamp": "2025-01-18T17:08:37.776928Z"} 2025-01-18T17:08:37.776928+00:00 https://vulnerability.circl.lu/sighting/8360b7c9-7219-41c3-a438-0586021c40ae/export 2026-06-14T14:32:38.433943+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "8360b7c9-7219-41c3-a438-0586021c40ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40607", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12228", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40607\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: \nIBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.\n\n\n\ud83d\udccf Published: 2022-12-19T19:36:28.395Z\n\ud83d\udccf Modified: 2025-04-17T13:40:06.251Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6848231\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/235740", "creation_timestamp": "2025-04-17T13:57:56.000000Z"} 2025-04-17T13:57:56+00:00 https://vulnerability.circl.lu/sighting/a88c20b1-6cac-4565-95a7-8e23a0a151dc/export 2026-06-14T14:32:38.433837+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "a88c20b1-6cac-4565-95a7-8e23a0a151dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40603", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13131", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40603\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim\u2019s browser.\n\ud83d\udccf Published: 2022-12-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T20:00:23.891Z\n\ud83d\udd17 References:\n1. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-in-firewalls", "creation_timestamp": "2025-04-23T20:04:40.000000Z"} 2025-04-23T20:04:40+00:00 https://vulnerability.circl.lu/sighting/23d31911-4384-4e87-9ba6-34c550899512/export 2026-06-14T14:32:38.431902+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "23d31911-4384-4e87-9ba6-34c550899512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40602", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13692", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40602\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.\n\ud83d\udccf Published: 2022-11-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T14:24:37.801Z\n\ud83d\udd17 References:\n1. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-configured-password-vulnerability-of-lte3301-m209", "creation_timestamp": "2025-04-28T15:10:58.000000Z"} 2025-04-28T15:10:58+00:00