https://vulnerability.circl.lu/sightings/feed 2026-05-07T06:53:54.325905+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/8cfae392-4ed2-43c3-bf62-44eb8718e322/export 2026-05-07T06:53:54.664564+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "8cfae392-4ed2-43c3-bf62-44eb8718e322", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45224", "type": "seen", "source": "https://t.me/cibsecurity/53602", "content": "\u203c CVE-2022-45224 \u203c\n\nWeb-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T00:28:15.000000Z"} 2022-11-29T00:28:15+00:00 https://vulnerability.circl.lu/sighting/599c4bf8-b6e4-43ac-ab53-7bb8803cf215/export 2026-05-07T06:53:54.664470+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "599c4bf8-b6e4-43ac-ab53-7bb8803cf215", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45223", "type": "seen", "source": "https://t.me/cibsecurity/53603", "content": "\u203c CVE-2022-45223 \u203c\n\nWeb-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T00:28:16.000000Z"} 2022-11-29T00:28:16+00:00 https://vulnerability.circl.lu/sighting/7d886ee9-6633-46db-832c-a68f3e7feef4/export 2026-05-07T06:53:54.664381+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "7d886ee9-6633-46db-832c-a68f3e7feef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45227", "type": "seen", "source": "https://t.me/cibsecurity/54270", "content": "\u203c CVE-2022-45227 \u203c\n\nThe web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T07:20:41.000000Z"} 2022-12-12T07:20:41+00:00 https://vulnerability.circl.lu/sighting/38a69e4a-693e-44fb-8e65-a5b6ce583e9f/export 2026-05-07T06:53:54.664289+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "38a69e4a-693e-44fb-8e65-a5b6ce583e9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4522", "type": "seen", "source": "https://t.me/cibsecurity/54649", "content": "\u203c CVE-2022-4522 \u203c\n\nA vulnerability classified as problematic was found in CalendarXP up to 10.0.1. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 10.0.2 is able to address this issue. The name of the patch is e3715b2228ddefe00113296069969f9e184836da. It is recommended to upgrade the affected component. VDB-215902 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T00:23:45.000000Z"} 2022-12-16T00:23:45+00:00 https://vulnerability.circl.lu/sighting/51e0f678-edd4-4bce-8105-f6cd0cdfe74a/export 2026-05-07T06:53:54.664192+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "51e0f678-edd4-4bce-8105-f6cd0cdfe74a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45228", "type": "seen", "source": "https://t.me/cibsecurity/54274", "content": "\u203c CVE-2022-45228 \u203c\n\nDragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-07T04:37:31.000000Z"} 2023-01-07T04:37:31+00:00 https://vulnerability.circl.lu/sighting/74b881a1-b074-432e-a2cd-fc7fe2942607/export 2026-05-07T06:53:54.664104+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "74b881a1-b074-432e-a2cd-fc7fe2942607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45221", "type": "seen", "source": "https://t.me/cibsecurity/53610", "content": "\u203c CVE-2022-45221 \u203c\n\nWeb-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T17:22:59.000000Z"} 2023-02-08T17:22:59+00:00 https://vulnerability.circl.lu/sighting/ed77d1b7-7a18-403e-a132-155e605ea9f5/export 2026-05-07T06:53:54.664008+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "ed77d1b7-7a18-403e-a132-155e605ea9f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45227", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13036", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45227\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.\n\ud83d\udccf Published: 2022-12-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T13:45:11.292Z\n\ud83d\udd17 References:\n1. https://sectrio.com/vulnerability-research/cve-2022-45227/", "creation_timestamp": "2025-04-23T14:05:16.000000Z"} 2025-04-23T14:05:16+00:00 https://vulnerability.circl.lu/sighting/00f6034d-d1f6-43fd-ab32-065ff9db1fcc/export 2026-05-07T06:53:54.663867+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "00f6034d-d1f6-43fd-ab32-065ff9db1fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45228", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13038", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45228\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.\n\ud83d\udccf Published: 2022-12-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T13:43:59.995Z\n\ud83d\udd17 References:\n1. https://sectrio.com/vulnerability-research/cve-2022-45228/", "creation_timestamp": "2025-04-23T14:05:18.000000Z"} 2025-04-23T14:05:18+00:00 https://vulnerability.circl.lu/sighting/afd22122-dbba-46ec-8c90-df73c1b8f0c0/export 2026-05-07T06:53:54.659961+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "afd22122-dbba-46ec-8c90-df73c1b8f0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45221", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13526", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45221\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter.\n\ud83d\udccf Published: 2022-11-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T19:49:04.372Z\n\ud83d\udd17 References:\n1. https://medium.com/%40just0rg/web-based-student-clearance-system-in-php-free-source-code-v1-0-unrestricted-input-leads-to-xss-5802ead12124", "creation_timestamp": "2025-04-25T20:08:08.000000Z"} 2025-04-25T20:08:08+00:00