https://vulnerability.circl.lu/sightings/feed 2026-05-08T06:08:33.759430+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/e6bf08f8-775d-4863-999e-ca34fbb439c5/export 2026-05-08T06:08:34.185460+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "e6bf08f8-775d-4863-999e-ca34fbb439c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35890", "type": "seen", "source": "https://t.me/cibsecurity/46377", "content": "\u203c CVE-2022-35890 \u203c\n\nAn issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-16T00:20:42.000000Z"} 2022-07-16T00:20:42+00:00 https://vulnerability.circl.lu/sighting/c36e86da-9c3b-468d-a098-adeb81824c2e/export 2026-05-08T06:08:34.185382+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "c36e86da-9c3b-468d-a098-adeb81824c2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35899", "type": "seen", "source": "https://t.me/cibsecurity/46761", "content": "\u203c CVE-2022-35899 \u203c\n\nThere is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\\ASUS\\GameSDK.exe file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-22T05:58:55.000000Z"} 2022-07-22T05:58:55+00:00 https://vulnerability.circl.lu/sighting/ec4afe53-b601-4140-b6fc-1330ccfa4a93/export 2026-05-08T06:08:34.185298+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "ec4afe53-b601-4140-b6fc-1330ccfa4a93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35895", "type": "seen", "source": "https://t.me/cibsecurity/50243", "content": "\u203c CVE-2022-35895 \u203c\n\nAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T00:46:17.000000Z"} 2022-09-22T00:46:17+00:00 https://vulnerability.circl.lu/sighting/b89470e8-c7f8-4c4b-8578-f08122b38f96/export 2026-05-08T06:08:34.185217+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "b89470e8-c7f8-4c4b-8578-f08122b38f96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35896", "type": "seen", "source": "https://t.me/cibsecurity/50251", "content": "\u203c CVE-2022-35896 \u203c\n\nAn issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T07:11:44.000000Z"} 2022-09-22T07:11:44+00:00 https://vulnerability.circl.lu/sighting/bff4e482-504e-4ced-990f-318b56ca3cf4/export 2026-05-08T06:08:34.185131+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "bff4e482-504e-4ced-990f-318b56ca3cf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35893", "type": "seen", "source": "https://t.me/cibsecurity/50370", "content": "\u203c CVE-2022-35893 \u203c\n\nAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:13:43.000000Z"} 2022-09-23T22:13:43+00:00 https://vulnerability.circl.lu/sighting/19aa0a9f-22ec-4f26-be2a-175326440d21/export 2026-05-08T06:08:34.185029+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "19aa0a9f-22ec-4f26-be2a-175326440d21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3589", "type": "seen", "source": "https://t.me/cibsecurity/53233", "content": "\u203c CVE-2022-3589 \u203c\n\nAn API Endpoint used by Miele's \"AppWash\" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or changing the password of another user was not possible, thus no impact to Availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-21T12:37:04.000000Z"} 2022-11-21T12:37:04+00:00 https://vulnerability.circl.lu/sighting/65e43e5a-ca0b-404f-b70f-f26d92b50ea3/export 2026-05-08T06:08:34.184890+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "65e43e5a-ca0b-404f-b70f-f26d92b50ea3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35897", "type": "seen", "source": "https://t.me/cibsecurity/53269", "content": "\u203c CVE-2022-35897 \u203c\n\nAn stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-21T20:37:23.000000Z"} 2022-11-21T20:37:23+00:00 https://vulnerability.circl.lu/sighting/a4ae370b-aa72-4007-b360-62d99864c323/export 2026-05-08T06:08:34.181361+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "a4ae370b-aa72-4007-b360-62d99864c323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35898", "type": "seen", "source": "https://t.me/cibsecurity/63146", "content": "\u203c CVE-2022-35898 \u203c\n\nOpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-02T00:29:40.000000Z"} 2023-05-02T00:29:40+00:00