https://vulnerability.circl.lu/sightings/feed 2026-06-20T23:32:18.189312+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/ee3a8ac2-cf78-4fb9-b301-d27b68f34291/export 2026-06-20T23:32:18.500736+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "ee3a8ac2-cf78-4fb9-b301-d27b68f34291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "seen", "source": "https://t.me/arpsyndicate/3157", "content": "#ExploitObserverAlert\n\nCVE-2022-46364\n\nDESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2022-46364. A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\n\nFIRST-EPSS: 0.028500000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T02:00:33.000000Z"} 2024-01-28T02:00:33+00:00 https://vulnerability.circl.lu/sighting/92a1b0b0-ef6c-4e0d-b576-1d517c194f72/export 2026-06-20T23:32:18.500599+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "92a1b0b0-ef6c-4e0d-b576-1d517c194f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46369", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10900", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46369\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) \u2013 vulnerability may allow inserting scripts into unspecified input fields.\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T13:40:44.402Z\n\ud83d\udd17 References:\n1. https://www.gov.il/en/Departments/faq/cve_advisories", "creation_timestamp": "2025-04-08T13:46:29.000000Z"} 2025-04-08T13:46:29+00:00 https://vulnerability.circl.lu/sighting/25722070-fb31-44e2-b9cf-0c7255309efe/export 2026-06-20T23:32:18.500459+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "25722070-fb31-44e2-b9cf-0c7255309efe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46368", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10947", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46368\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) \u2013 vulnerability may allow unauthorized action on behalf of authenticated users.\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T16:20:50.387Z\n\ud83d\udd17 References:\n1. https://www.gov.il/en/Departments/faq/cve_advisories", "creation_timestamp": "2025-04-08T16:46:39.000000Z"} 2025-04-08T16:46:39+00:00 https://vulnerability.circl.lu/sighting/e75be6a3-016b-462b-b2b7-d7282f6c7180/export 2026-06-20T23:32:18.500321+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "e75be6a3-016b-462b-b2b7-d7282f6c7180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46360", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11279", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46360\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.\n\ud83d\udccf Published: 2023-01-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T16:24:48.372Z\n\ud83d\udd17 References:\n1. https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php\n2. https://jvn.jp/en/vu/JVNVU90679513/index.html", "creation_timestamp": "2025-04-10T16:49:35.000000Z"} 2025-04-10T16:49:35+00:00 https://vulnerability.circl.lu/sighting/638414da-0684-4a62-b9cc-827e18d03a23/export 2026-06-20T23:32:18.500177+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "638414da-0684-4a62-b9cc-827e18d03a23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12778", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46364\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0\n\ud83d\udccf Published: 2022-12-13T16:20:26.765Z\n\ud83d\udccf Modified: 2025-04-22T02:48:36.211Z\n\ud83d\udd17 References:\n1. https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", "creation_timestamp": "2025-04-22T03:02:36.000000Z"} 2025-04-22T03:02:36+00:00 https://vulnerability.circl.lu/sighting/97f04c0c-fa60-4f06-9765-daf0fddee55c/export 2026-06-20T23:32:18.500042+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "97f04c0c-fa60-4f06-9765-daf0fddee55c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/KKi08pVtUDaCAJkb9047w9y4w-ZBtgxVmflDXmeWCTkhF9g", "content": "", "creation_timestamp": "2026-03-29T03:00:06.000000Z"} 2026-03-29T03:00:06+00:00 https://vulnerability.circl.lu/sighting/390260e4-48c4-4d67-a432-3285a865fe39/export 2026-06-20T23:32:18.499895+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "390260e4-48c4-4d67-a432-3285a865fe39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/77722", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #SSRF\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2022-46364-Proof-of-the-concept\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a cybermaksxx\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-03-29 03:00:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThis vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-03-29T03:02:31.000000Z"} 2026-03-29T03:02:31+00:00 https://vulnerability.circl.lu/sighting/d380db4b-14ce-4a65-830b-619ad442f1dc/export 2026-06-20T23:32:18.499749+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "d380db4b-14ce-4a65-830b-619ad442f1dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/_RteshKRLDCQ4RAmweF2blRppm4mSQiC8GB-jXpC1s6eNw8", "content": "", "creation_timestamp": "2026-03-29T09:00:04.000000Z"} 2026-03-29T09:00:04+00:00 https://vulnerability.circl.lu/sighting/628ca782-2c38-46d5-9188-e458e367366b/export 2026-06-20T23:32:18.499570+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "628ca782-2c38-46d5-9188-e458e367366b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/JLhJQ7n8NYWxmD11_3t0g_ZRcR3DzIiGQT-gwDA9cmtWa00", "content": "", "creation_timestamp": "2026-04-01T03:00:06.000000Z"} 2026-04-01T03:00:06+00:00 https://vulnerability.circl.lu/sighting/9b3f7eac-1208-4442-b042-5bba872ebf89/export 2026-06-20T23:32:18.497243+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "9b3f7eac-1208-4442-b042-5bba872ebf89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/TImB4WLg9m4sLGXOfrFfePfJsw5eV9JDphaGTzdqtpQzKI4", "content": "", "creation_timestamp": "2026-04-03T21:00:05.000000Z"} 2026-04-03T21:00:05+00:00