https://vulnerability.circl.lu/sightings/feed 2026-06-12T03:56:46.461051+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/92e2fc85-b94a-414f-80ad-830654d976b1/export 2026-06-12T03:56:46.761358+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "92e2fc85-b94a-414f-80ad-830654d976b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39298", "type": "seen", "source": "https://t.me/cibsecurity/51291", "content": "\u203c CVE-2022-39298 \u203c\n\nMelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T02:27:08.000000Z"} 2022-10-13T02:27:08+00:00 https://vulnerability.circl.lu/sighting/da01d7e6-3ddd-4cfe-8059-6501a0bfe684/export 2026-06-12T03:56:46.761279+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "da01d7e6-3ddd-4cfe-8059-6501a0bfe684", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39297", "type": "seen", "source": "https://t.me/cibsecurity/51295", "content": "\u203c CVE-2022-39297 \u203c\n\nMelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T02:27:13.000000Z"} 2022-10-13T02:27:13+00:00 https://vulnerability.circl.lu/sighting/f1bc9bdd-2239-4c1a-a036-3c0ea69085e4/export 2026-06-12T03:56:46.761208+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "f1bc9bdd-2239-4c1a-a036-3c0ea69085e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39295", "type": "seen", "source": "https://t.me/cibsecurity/51380", "content": "\u203c CVE-2022-39295 \u203c\n\nKnowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T02:28:24.000000Z"} 2022-10-14T02:28:24+00:00 https://vulnerability.circl.lu/sighting/0427d2c8-097d-4679-832b-7d26a027abe9/export 2026-06-12T03:56:46.761132+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "0427d2c8-097d-4679-832b-7d26a027abe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39299", "type": "seen", "source": "https://t.me/cibsecurity/52483", "content": "\u203c CVE-2022-39353 \u203c\n\nxmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T19:19:48.000000Z"} 2022-11-02T19:19:48+00:00 https://vulnerability.circl.lu/sighting/35e98df7-90bd-4078-a938-c26e9be20812/export 2026-06-12T03:56:46.761045+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "35e98df7-90bd-4078-a938-c26e9be20812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3929", "type": "seen", "source": "https://t.me/cibsecurity/56021", "content": "\u203c CVE-2022-3929 \u203c\n\nCommunication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-06T00:19:26.000000Z"} 2023-01-06T00:19:26+00:00 https://vulnerability.circl.lu/sighting/e8040012-4f9d-4dfa-a348-2795426aaaa0/export 2026-06-12T03:56:46.760973+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "e8040012-4f9d-4dfa-a348-2795426aaaa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39291", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51071", "content": "", "creation_timestamp": "2023-03-27T00:00:00.000000Z"} 2023-03-27T00:00:00+00:00 https://vulnerability.circl.lu/sighting/3fa0d79a-0cc0-400e-b848-32ea1bd1e995/export 2026-06-12T03:56:46.760903+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "3fa0d79a-0cc0-400e-b848-32ea1bd1e995", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39290", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51071", "content": "", "creation_timestamp": "2023-03-27T00:00:00.000000Z"} 2023-03-27T00:00:00+00:00 https://vulnerability.circl.lu/sighting/b751a7d3-4556-4c75-828f-34aff4e800ea/export 2026-06-12T03:56:46.760822+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "b751a7d3-4556-4c75-828f-34aff4e800ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39299", "type": "seen", "source": "https://t.me/arpsyndicate/2660", "content": "#ExploitObserverAlert\n\nCVE-2022-39299\n\nDESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-39299. Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.\n\nFIRST-EPSS: 0.007470000\nNVD-IS: 5.9\nNVD-ES: 2.2", "creation_timestamp": "2024-01-08T17:25:59.000000Z"} 2024-01-08T17:25:59+00:00 https://vulnerability.circl.lu/sighting/b6b7a877-683e-4acd-92dd-ba74d9dcf970/export 2026-06-12T03:56:46.760720+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "b6b7a877-683e-4acd-92dd-ba74d9dcf970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39299", "type": "published-proof-of-concept", "source": "Telegram/xcGRNH_EwORElMZ3bAgEoqPH6J5Y6svZZQkqCrYpVnROx_w", "content": "", "creation_timestamp": "2025-03-30T11:00:06.000000Z"} 2025-03-30T11:00:06+00:00 https://vulnerability.circl.lu/sighting/15e1bbf2-86f3-4a01-ba5f-62a388fed3f5/export 2026-06-12T03:56:46.757774+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "15e1bbf2-86f3-4a01-ba5f-62a388fed3f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39290", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lti75juill2f", "content": "", "creation_timestamp": "2025-07-08T21:02:43.005299Z"} 2025-07-08T21:02:43.005299+00:00