<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-07T13:06:41.882097+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9c8c8fc8-2d72-406d-a376-336f66a4e30c/export</id>
    <title>9c8c8fc8-2d72-406d-a376-336f66a4e30c</title>
    <updated>2026-07-07T13:06:41.907485+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9c8c8fc8-2d72-406d-a376-336f66a4e30c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34624", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpx5phn7s723", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-34624 \u0432 Mealie 1.0.0beta3: \u043a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0442 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430\n\n\n\nhttps://kripta.biz/posts/ACFACC45-8FCA-43D3-96A5-DDB384D286F0", "creation_timestamp": "2026-07-06T03:32:01.919225Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9c8c8fc8-2d72-406d-a376-336f66a4e30c/export"/>
    <published>2026-07-06T03:32:01.919225+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2f71b4b0-4093-46e3-bab4-96fa851294ef/export</id>
    <title>2f71b4b0-4093-46e3-bab4-96fa851294ef</title>
    <updated>2026-07-07T13:06:41.909622+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2f71b4b0-4093-46e3-bab4-96fa851294ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34623", "type": "seen", "source": "https://t.me/cibsecurity/48444", "content": "\u203c CVE-2022-34623 \u203c\n\nMealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T18:17:32.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2f71b4b0-4093-46e3-bab4-96fa851294ef/export"/>
    <published>2022-08-19T18:17:32+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/aec0e210-c578-4101-8b00-2e041b011725/export</id>
    <title>aec0e210-c578-4101-8b00-2e041b011725</title>
    <updated>2026-07-07T13:06:41.909751+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "aec0e210-c578-4101-8b00-2e041b011725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34621", "type": "seen", "source": "https://t.me/cibsecurity/48439", "content": "\u203c CVE-2022-34621 \u203c\n\nMealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T18:17:24.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/aec0e210-c578-4101-8b00-2e041b011725/export"/>
    <published>2022-08-19T18:17:24+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b63bb5b2-8a85-419f-94ba-8d89d77e9bb5/export</id>
    <title>b63bb5b2-8a85-419f-94ba-8d89d77e9bb5</title>
    <updated>2026-07-07T13:06:41.909856+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b63bb5b2-8a85-419f-94ba-8d89d77e9bb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34624", "type": "seen", "source": "https://t.me/cibsecurity/48438", "content": "\u203c CVE-2022-34624 \u203c\n\nMealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T18:17:23.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b63bb5b2-8a85-419f-94ba-8d89d77e9bb5/export"/>
    <published>2022-08-19T18:17:23+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cd825308-a2b3-412f-9267-9f21e7d9fb1c/export</id>
    <title>cd825308-a2b3-412f-9267-9f21e7d9fb1c</title>
    <updated>2026-07-07T13:06:41.909955+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cd825308-a2b3-412f-9267-9f21e7d9fb1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34625", "type": "seen", "source": "https://t.me/cibsecurity/47420", "content": "\u203c CVE-2022-34625 \u203c\n\nMealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T20:18:15.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cd825308-a2b3-412f-9267-9f21e7d9fb1c/export"/>
    <published>2022-08-02T20:18:15+00:00</published>
  </entry>
</feed>
