https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 20 Jun 2026 03:10:56 +0000 https://vulnerability.circl.lu/sighting/0dd245ab-525c-44a8-926c-74a393212765/export {"uuid": "0dd245ab-525c-44a8-926c-74a393212765", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42985", "type": "seen", "source": "https://t.me/cibsecurity/53029", "content": "\u203c CVE-2022-42985 \u203c\n\nThe ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T15:52:42.000000Z"} {"uuid": "0dd245ab-525c-44a8-926c-74a393212765", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42985", "type": "seen", "source": "https://t.me/cibsecurity/53029", "content": "\u203c CVE-2022-42985 \u203c\n\nThe ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T15:52:42.000000Z"} https://vulnerability.circl.lu/sighting/0dd245ab-525c-44a8-926c-74a393212765/export Thu, 17 Nov 2022 15:52:42 +0000 https://vulnerability.circl.lu/sighting/22fa7ce2-bc34-4155-87f7-6f357a94565a/export {"uuid": "22fa7ce2-bc34-4155-87f7-6f357a94565a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42982", "type": "seen", "source": "https://t.me/cibsecurity/53050", "content": "\u203c CVE-2022-42982 \u203c\n\nBKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T15:58:43.000000Z"} {"uuid": "22fa7ce2-bc34-4155-87f7-6f357a94565a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42982", "type": "seen", "source": "https://t.me/cibsecurity/53050", "content": "\u203c CVE-2022-42982 \u203c\n\nBKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T15:58:43.000000Z"} https://vulnerability.circl.lu/sighting/22fa7ce2-bc34-4155-87f7-6f357a94565a/export Thu, 17 Nov 2022 15:58:43 +0000 https://vulnerability.circl.lu/sighting/0e7ed2f6-2125-415d-9588-c4040a04712c/export {"uuid": "0e7ed2f6-2125-415d-9588-c4040a04712c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42989", "type": "seen", "source": "https://t.me/cibsecurity/53327", "content": "\u203c CVE-2022-42989 \u203c\n\nERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T16:12:59.000000Z"} {"uuid": "0e7ed2f6-2125-415d-9588-c4040a04712c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42989", "type": "seen", "source": "https://t.me/cibsecurity/53327", "content": "\u203c CVE-2022-42989 \u203c\n\nERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T16:12:59.000000Z"} https://vulnerability.circl.lu/sighting/0e7ed2f6-2125-415d-9588-c4040a04712c/export Tue, 22 Nov 2022 16:12:59 +0000 https://vulnerability.circl.lu/sighting/99f7f938-8036-4ca2-ac5b-30d51651fc57/export {"uuid": "99f7f938-8036-4ca2-ac5b-30d51651fc57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4298", "type": "seen", "source": "https://t.me/cibsecurity/55751", "content": "\u203c CVE-2022-4298 \u203c\n\nThe Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T11:55:23.000000Z"} {"uuid": "99f7f938-8036-4ca2-ac5b-30d51651fc57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4298", "type": "seen", "source": "https://t.me/cibsecurity/55751", "content": "\u203c CVE-2022-4298 \u203c\n\nThe Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T11:55:23.000000Z"} https://vulnerability.circl.lu/sighting/99f7f938-8036-4ca2-ac5b-30d51651fc57/export Wed, 04 Jan 2023 11:55:23 +0000 https://vulnerability.circl.lu/sighting/b17a8626-5b1b-4a8a-8630-43a933eb7624/export {"uuid": "b17a8626-5b1b-4a8a-8630-43a933eb7624", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4298", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11306", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4298\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.\n\ud83d\udccf Published: 2023-01-02T21:49:31.907Z\n\ud83d\udccf Modified: 2025-04-10T18:40:15.104Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/7485ad23-6ea4-4018-88b1-174312a0a478", "creation_timestamp": "2025-04-10T18:49:20.000000Z"} {"uuid": "b17a8626-5b1b-4a8a-8630-43a933eb7624", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4298", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11306", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4298\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.\n\ud83d\udccf Published: 2023-01-02T21:49:31.907Z\n\ud83d\udccf Modified: 2025-04-10T18:40:15.104Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/7485ad23-6ea4-4018-88b1-174312a0a478", "creation_timestamp": "2025-04-10T18:49:20.000000Z"} https://vulnerability.circl.lu/sighting/b17a8626-5b1b-4a8a-8630-43a933eb7624/export Thu, 10 Apr 2025 18:49:20 +0000 https://vulnerability.circl.lu/sighting/52d9daa2-b311-431b-ac8b-0ae84ecd75db/export {"uuid": "52d9daa2-b311-431b-ac8b-0ae84ecd75db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42985", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13546", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42985\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R)\n\ud83d\udd39 Description: The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).\n\ud83d\udccf Published: 2022-11-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T20:42:03.569Z\n\ud83d\udd17 References:\n1. https://github.com/InternationalScratchWiki/mediawiki-scratch-login/pull/22\n2. https://github.com/InternationalScratchWiki/mediawiki-scratch-login/blob/4d2c1229b558b9cd685961274f20b621d114f4db/ScratchLogin.common.php#L104", "creation_timestamp": "2025-04-25T21:08:31.000000Z"} {"uuid": "52d9daa2-b311-431b-ac8b-0ae84ecd75db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42985", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13546", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42985\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R)\n\ud83d\udd39 Description: The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).\n\ud83d\udccf Published: 2022-11-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T20:42:03.569Z\n\ud83d\udd17 References:\n1. https://github.com/InternationalScratchWiki/mediawiki-scratch-login/pull/22\n2. https://github.com/InternationalScratchWiki/mediawiki-scratch-login/blob/4d2c1229b558b9cd685961274f20b621d114f4db/ScratchLogin.common.php#L104", "creation_timestamp": "2025-04-25T21:08:31.000000Z"} https://vulnerability.circl.lu/sighting/52d9daa2-b311-431b-ac8b-0ae84ecd75db/export Fri, 25 Apr 2025 21:08:31 +0000 https://vulnerability.circl.lu/sighting/a8d6e2f1-d766-42af-a52b-a756970a148a/export {"uuid": "a8d6e2f1-d766-42af-a52b-a756970a148a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42982", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14044", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42982\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.\n\ud83d\udccf Published: 2022-11-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T13:55:22.894Z\n\ud83d\udd17 References:\n1. https://cve.mahi.be/bkg_ntrip_udp/\n2. https://igs.bkg.bund.de/ntrip/bkgcaster", "creation_timestamp": "2025-04-30T14:13:12.000000Z"} {"uuid": "a8d6e2f1-d766-42af-a52b-a756970a148a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42982", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14044", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42982\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.\n\ud83d\udccf Published: 2022-11-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T13:55:22.894Z\n\ud83d\udd17 References:\n1. https://cve.mahi.be/bkg_ntrip_udp/\n2. https://igs.bkg.bund.de/ntrip/bkgcaster", "creation_timestamp": "2025-04-30T14:13:12.000000Z"} https://vulnerability.circl.lu/sighting/a8d6e2f1-d766-42af-a52b-a756970a148a/export Wed, 30 Apr 2025 14:13:12 +0000 https://vulnerability.circl.lu/sighting/32a61ba0-df6b-48de-9063-24a84b04bb36/export {"uuid": "32a61ba0-df6b-48de-9063-24a84b04bb36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42984", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14126", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42984\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients.\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T19:03:23.815Z\n\ud83d\udd17 References:\n1. https://github.com/nhiephon/Research\n2. https://www.wowonder.com/", "creation_timestamp": "2025-04-30T19:13:36.000000Z"} {"uuid": "32a61ba0-df6b-48de-9063-24a84b04bb36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42984", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14126", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42984\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients.\n\ud83d\udccf Published: 2022-11-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T19:03:23.815Z\n\ud83d\udd17 References:\n1. https://github.com/nhiephon/Research\n2. https://www.wowonder.com/", "creation_timestamp": "2025-04-30T19:13:36.000000Z"} https://vulnerability.circl.lu/sighting/32a61ba0-df6b-48de-9063-24a84b04bb36/export Wed, 30 Apr 2025 19:13:36 +0000 https://vulnerability.circl.lu/sighting/216e5aa4-2bce-426e-9da9-0544a806a877/export {"uuid": "216e5aa4-2bce-426e-9da9-0544a806a877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42980", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15865", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42980\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-10T03:01:36.779Z\n\ud83d\udd17 References:\n1. https://github.com/go-admin-team/go-admin/issues/716", "creation_timestamp": "2025-05-10T03:25:52.000000Z"} {"uuid": "216e5aa4-2bce-426e-9da9-0544a806a877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42980", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15865", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42980\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-10T03:01:36.779Z\n\ud83d\udd17 References:\n1. https://github.com/go-admin-team/go-admin/issues/716", "creation_timestamp": "2025-05-10T03:25:52.000000Z"} https://vulnerability.circl.lu/sighting/216e5aa4-2bce-426e-9da9-0544a806a877/export Sat, 10 May 2025 03:25:52 +0000 https://vulnerability.circl.lu/sighting/1a64155a-85ba-4851-8efd-a0f2c62911c9/export {"uuid": "1a64155a-85ba-4851-8efd-a0f2c62911c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42983", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15866", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42983\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-10T02:59:28.347Z\n\ud83d\udd17 References:\n1. https://github.com/anji-plus/report/issues/7\n2. https://gitee.com/anji-plus/report/issues/I5VVZ0", "creation_timestamp": "2025-05-10T03:25:53.000000Z"} {"uuid": "1a64155a-85ba-4851-8efd-a0f2c62911c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42983", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15866", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42983\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-10T02:59:28.347Z\n\ud83d\udd17 References:\n1. https://github.com/anji-plus/report/issues/7\n2. https://gitee.com/anji-plus/report/issues/I5VVZ0", "creation_timestamp": "2025-05-10T03:25:53.000000Z"} https://vulnerability.circl.lu/sighting/1a64155a-85ba-4851-8efd-a0f2c62911c9/export Sat, 10 May 2025 03:25:53 +0000