https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 14 Jun 2026 14:32:39 +0000 https://vulnerability.circl.lu/sighting/3f551860-3870-43ff-8e7a-c17158f1c7be/export {"uuid": "3f551860-3870-43ff-8e7a-c17158f1c7be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "seen", "source": "https://t.me/cibsecurity/56535", "content": "\u203c CVE-2022-4060 \u203c\n\nThe User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-16T18:24:03.000000Z"} {"uuid": "3f551860-3870-43ff-8e7a-c17158f1c7be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "seen", "source": "https://t.me/cibsecurity/56535", "content": "\u203c CVE-2022-4060 \u203c\n\nThe User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-16T18:24:03.000000Z"} https://vulnerability.circl.lu/sighting/3f551860-3870-43ff-8e7a-c17158f1c7be/export Mon, 16 Jan 2023 18:24:03 +0000 https://vulnerability.circl.lu/sighting/f4bbc2db-3f17-45a4-b93f-e4cdd3fd1c72/export {"uuid": "f4bbc2db-3f17-45a4-b93f-e4cdd3fd1c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40609", "type": "seen", "source": "https://t.me/cibsecurity/67592", "content": "\u203c CVE-2022-40609 \u203c\n\nIBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T20:48:00.000000Z"} {"uuid": "f4bbc2db-3f17-45a4-b93f-e4cdd3fd1c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40609", "type": "seen", "source": "https://t.me/cibsecurity/67592", "content": "\u203c CVE-2022-40609 \u203c\n\nIBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T20:48:00.000000Z"} https://vulnerability.circl.lu/sighting/f4bbc2db-3f17-45a4-b93f-e4cdd3fd1c72/export Wed, 02 Aug 2023 20:48:00 +0000 https://vulnerability.circl.lu/sighting/f817b75a-e456-40d9-84bc-698338b74a45/export {"uuid": "f817b75a-e456-40d9-84bc-698338b74a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1158", "content": "", "creation_timestamp": "2023-09-13T02:18:15.000000Z"} {"uuid": "f817b75a-e456-40d9-84bc-698338b74a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1158", "content": "", "creation_timestamp": "2023-09-13T02:18:15.000000Z"} https://vulnerability.circl.lu/sighting/f817b75a-e456-40d9-84bc-698338b74a45/export Wed, 13 Sep 2023 02:18:15 +0000 https://vulnerability.circl.lu/sighting/f5f2ed6b-fa02-4310-b269-68ede3e62de1/export {"uuid": "f5f2ed6b-fa02-4310-b269-68ede3e62de1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "published-proof-of-concept", "source": "https://t.me/v3n0mhack/280", "content": "WordPress RCE \n\nAutomatic Mass Tool for checking vulnerability in CVE-2022-4060 - WordPress Plugin : User Post Gallery <= 2.19 - Unauthenticated RCE\n\nLink: https://github.com/im-hanzou/UPGer\n\n\u2764\ufe0f", "creation_timestamp": "2023-09-16T11:53:50.000000Z"} {"uuid": "f5f2ed6b-fa02-4310-b269-68ede3e62de1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "published-proof-of-concept", "source": "https://t.me/v3n0mhack/280", "content": "WordPress RCE \n\nAutomatic Mass Tool for checking vulnerability in CVE-2022-4060 - WordPress Plugin : User Post Gallery <= 2.19 - Unauthenticated RCE\n\nLink: https://github.com/im-hanzou/UPGer\n\n\u2764\ufe0f", "creation_timestamp": "2023-09-16T11:53:50.000000Z"} https://vulnerability.circl.lu/sighting/f5f2ed6b-fa02-4310-b269-68ede3e62de1/export Sat, 16 Sep 2023 11:53:50 +0000 https://vulnerability.circl.lu/sighting/c5224afd-966e-4188-afc4-8af626b27d9b/export {"uuid": "c5224afd-966e-4188-afc4-8af626b27d9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "published-proof-of-concept", "source": "Telegram/L0OHMinpfsBq5D28j79O71SwWui-pIwDdJhh8Em30YtM", "content": "", "creation_timestamp": "2023-10-22T18:26:56.000000Z"} {"uuid": "c5224afd-966e-4188-afc4-8af626b27d9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4060", "type": "published-proof-of-concept", "source": "Telegram/L0OHMinpfsBq5D28j79O71SwWui-pIwDdJhh8Em30YtM", "content": "", "creation_timestamp": "2023-10-22T18:26:56.000000Z"} https://vulnerability.circl.lu/sighting/c5224afd-966e-4188-afc4-8af626b27d9b/export Sun, 22 Oct 2023 18:26:56 +0000 https://vulnerability.circl.lu/sighting/158fcf79-761c-4c7a-894d-c53587f9906f/export {"uuid": "158fcf79-761c-4c7a-894d-c53587f9906f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40602", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7426", "content": "#exploit\n1. CVE-2022-40309, CVE-2022-40308:\nApache Archiva <2.2.9 - Arbitrary Directory Delete / Arbitrary File Read\nhttps://xz.aliyun.com/t/11979\n\n2. CVE-2022-40602:\nZyXEL LTE3301-M209 - \"Backdoor\" credentials\nhttps://resolverblog.blogspot.com/2022/12/cve-2022-40602-zyxel-lte3301-m209.html\n]-> D-Link DWR-921/925/118 Hardcoded backdoor implemented by vendor:\nhttps://resolverblog.blogspot.com/2022/12/d-link-dwr-921-dwr-925-dwr-118.html\n\n3. DirtyCred Remastered: how to turn an UAF into Privilege Escalation\nhttps://exploiter.dev/blog/2022/CVE-2022-2602.html", "creation_timestamp": "2024-10-10T19:09:53.000000Z"} {"uuid": "158fcf79-761c-4c7a-894d-c53587f9906f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40602", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7426", "content": "#exploit\n1. CVE-2022-40309, CVE-2022-40308:\nApache Archiva <2.2.9 - Arbitrary Directory Delete / Arbitrary File Read\nhttps://xz.aliyun.com/t/11979\n\n2. CVE-2022-40602:\nZyXEL LTE3301-M209 - \"Backdoor\" credentials\nhttps://resolverblog.blogspot.com/2022/12/cve-2022-40602-zyxel-lte3301-m209.html\n]-> D-Link DWR-921/925/118 Hardcoded backdoor implemented by vendor:\nhttps://resolverblog.blogspot.com/2022/12/d-link-dwr-921-dwr-925-dwr-118.html\n\n3. DirtyCred Remastered: how to turn an UAF into Privilege Escalation\nhttps://exploiter.dev/blog/2022/CVE-2022-2602.html", "creation_timestamp": "2024-10-10T19:09:53.000000Z"} https://vulnerability.circl.lu/sighting/158fcf79-761c-4c7a-894d-c53587f9906f/export Thu, 10 Oct 2024 19:09:53 +0000 https://vulnerability.circl.lu/sighting/20b9ddb9-7c9c-4818-821f-fe7e0dcbd524/export {"uuid": "20b9ddb9-7c9c-4818-821f-fe7e0dcbd524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40604", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lfzsdzfmqo2v", "content": "", "creation_timestamp": "2025-01-18T17:08:37.776928Z"} {"uuid": "20b9ddb9-7c9c-4818-821f-fe7e0dcbd524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40604", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lfzsdzfmqo2v", "content": "", "creation_timestamp": "2025-01-18T17:08:37.776928Z"} https://vulnerability.circl.lu/sighting/20b9ddb9-7c9c-4818-821f-fe7e0dcbd524/export Sat, 18 Jan 2025 17:08:37 +0000 https://vulnerability.circl.lu/sighting/8360b7c9-7219-41c3-a438-0586021c40ae/export {"uuid": "8360b7c9-7219-41c3-a438-0586021c40ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40607", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12228", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40607\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: \nIBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.\n\n\n\ud83d\udccf Published: 2022-12-19T19:36:28.395Z\n\ud83d\udccf Modified: 2025-04-17T13:40:06.251Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6848231\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/235740", "creation_timestamp": "2025-04-17T13:57:56.000000Z"} {"uuid": "8360b7c9-7219-41c3-a438-0586021c40ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40607", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12228", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40607\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: \nIBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.\n\n\n\ud83d\udccf Published: 2022-12-19T19:36:28.395Z\n\ud83d\udccf Modified: 2025-04-17T13:40:06.251Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/6848231\n2. https://exchange.xforce.ibmcloud.com/vulnerabilities/235740", "creation_timestamp": "2025-04-17T13:57:56.000000Z"} https://vulnerability.circl.lu/sighting/8360b7c9-7219-41c3-a438-0586021c40ae/export Thu, 17 Apr 2025 13:57:56 +0000 https://vulnerability.circl.lu/sighting/a88c20b1-6cac-4565-95a7-8e23a0a151dc/export {"uuid": "a88c20b1-6cac-4565-95a7-8e23a0a151dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40603", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13131", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40603\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim\u2019s browser.\n\ud83d\udccf Published: 2022-12-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T20:00:23.891Z\n\ud83d\udd17 References:\n1. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-in-firewalls", "creation_timestamp": "2025-04-23T20:04:40.000000Z"} {"uuid": "a88c20b1-6cac-4565-95a7-8e23a0a151dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40603", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13131", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40603\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim\u2019s browser.\n\ud83d\udccf Published: 2022-12-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T20:00:23.891Z\n\ud83d\udd17 References:\n1. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-in-firewalls", "creation_timestamp": "2025-04-23T20:04:40.000000Z"} https://vulnerability.circl.lu/sighting/a88c20b1-6cac-4565-95a7-8e23a0a151dc/export Wed, 23 Apr 2025 20:04:40 +0000 https://vulnerability.circl.lu/sighting/23d31911-4384-4e87-9ba6-34c550899512/export {"uuid": "23d31911-4384-4e87-9ba6-34c550899512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40602", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13692", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40602\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.\n\ud83d\udccf Published: 2022-11-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T14:24:37.801Z\n\ud83d\udd17 References:\n1. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-configured-password-vulnerability-of-lte3301-m209", "creation_timestamp": "2025-04-28T15:10:58.000000Z"} {"uuid": "23d31911-4384-4e87-9ba6-34c550899512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40602", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13692", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40602\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.\n\ud83d\udccf Published: 2022-11-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T14:24:37.801Z\n\ud83d\udd17 References:\n1. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-configured-password-vulnerability-of-lte3301-m209", "creation_timestamp": "2025-04-28T15:10:58.000000Z"} https://vulnerability.circl.lu/sighting/23d31911-4384-4e87-9ba6-34c550899512/export Mon, 28 Apr 2025 15:10:58 +0000