https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 02 Jun 2026 22:22:52 +0000 https://vulnerability.circl.lu/sighting/e1cac3e3-f54b-4d32-9051-6aa78cad6a54/export {"uuid": "e1cac3e3-f54b-4d32-9051-6aa78cad6a54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38654", "type": "seen", "source": "https://t.me/cibsecurity/52574", "content": "\u203c CVE-2022-38654 \u203c\n\nHCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-04T23:31:44.000000Z"} {"uuid": "e1cac3e3-f54b-4d32-9051-6aa78cad6a54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38654", "type": "seen", "source": "https://t.me/cibsecurity/52574", "content": "\u203c CVE-2022-38654 \u203c\n\nHCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-04T23:31:44.000000Z"} https://vulnerability.circl.lu/sighting/e1cac3e3-f54b-4d32-9051-6aa78cad6a54/export Fri, 04 Nov 2022 23:31:44 +0000 https://vulnerability.circl.lu/sighting/aec6da76-3d87-446d-883c-a06a481850ba/export {"uuid": "aec6da76-3d87-446d-883c-a06a481850ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38650", "type": "seen", "source": "https://t.me/cibsecurity/52900", "content": "\u203c CVE-2022-38650 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:49:01.000000Z"} {"uuid": "aec6da76-3d87-446d-883c-a06a481850ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38650", "type": "seen", "source": "https://t.me/cibsecurity/52900", "content": "\u203c CVE-2022-38650 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:49:01.000000Z"} https://vulnerability.circl.lu/sighting/aec6da76-3d87-446d-883c-a06a481850ba/export Sun, 13 Nov 2022 05:49:01 +0000 https://vulnerability.circl.lu/sighting/5b785032-7ad8-4b96-ac99-68ae54e1b6c9/export {"uuid": "5b785032-7ad8-4b96-ac99-68ae54e1b6c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38656", "type": "seen", "source": "https://t.me/cibsecurity/54303", "content": "\u203c CVE-2022-38656 \u203c\n\nHCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T16:25:41.000000Z"} {"uuid": "5b785032-7ad8-4b96-ac99-68ae54e1b6c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38656", "type": "seen", "source": "https://t.me/cibsecurity/54303", "content": "\u203c CVE-2022-38656 \u203c\n\nHCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T16:25:41.000000Z"} https://vulnerability.circl.lu/sighting/5b785032-7ad8-4b96-ac99-68ae54e1b6c9/export Mon, 12 Dec 2022 16:25:41 +0000 https://vulnerability.circl.lu/sighting/0ff3169c-aabd-4de2-99c8-b66aeb16eecb/export {"uuid": "0ff3169c-aabd-4de2-99c8-b66aeb16eecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38653", "type": "seen", "source": "https://t.me/cibsecurity/54851", "content": "\u203c CVE-2022-38653 \u203c\n\nIn HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T14:25:37.000000Z"} {"uuid": "0ff3169c-aabd-4de2-99c8-b66aeb16eecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38653", "type": "seen", "source": "https://t.me/cibsecurity/54851", "content": "\u203c CVE-2022-38653 \u203c\n\nIn HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T14:25:37.000000Z"} https://vulnerability.circl.lu/sighting/0ff3169c-aabd-4de2-99c8-b66aeb16eecb/export Mon, 19 Dec 2022 14:25:37 +0000 https://vulnerability.circl.lu/sighting/24deb0cf-8663-43b9-ae6c-161450688e1b/export {"uuid": "24deb0cf-8663-43b9-ae6c-161450688e1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38655", "type": "seen", "source": "https://t.me/cibsecurity/55065", "content": "\u203c CVE-2022-38655 \u203c\n\nBigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T20:12:56.000000Z"} {"uuid": "24deb0cf-8663-43b9-ae6c-161450688e1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38655", "type": "seen", "source": "https://t.me/cibsecurity/55065", "content": "\u203c CVE-2022-38655 \u203c\n\nBigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T20:12:56.000000Z"} https://vulnerability.circl.lu/sighting/24deb0cf-8663-43b9-ae6c-161450688e1b/export Wed, 21 Dec 2022 20:12:56 +0000 https://vulnerability.circl.lu/sighting/0f9e0e22-714a-4447-905b-82506d379488/export {"uuid": "0f9e0e22-714a-4447-905b-82506d379488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38658", "type": "seen", "source": "https://t.me/cibsecurity/55271", "content": "\u203c CVE-2022-38658 \u203c\n\nBigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-24T02:14:47.000000Z"} {"uuid": "0f9e0e22-714a-4447-905b-82506d379488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38658", "type": "seen", "source": "https://t.me/cibsecurity/55271", "content": "\u203c CVE-2022-38658 \u203c\n\nBigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-24T02:14:47.000000Z"} https://vulnerability.circl.lu/sighting/0f9e0e22-714a-4447-905b-82506d379488/export Sat, 24 Dec 2022 02:14:47 +0000 https://vulnerability.circl.lu/sighting/902e7255-4c02-4aac-8562-1c39ecf2c9d0/export {"uuid": "902e7255-4c02-4aac-8562-1c39ecf2c9d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38653", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12447", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38653\n\ud83d\udd25 CVSS Score: 2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.\n\n\ud83d\udccf Published: 2022-12-15T20:56:55.103Z\n\ud83d\udccf Modified: 2025-04-18T14:56:02.038Z\n\ud83d\udd17 References:\n1. https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141", "creation_timestamp": "2025-04-18T14:58:50.000000Z"} {"uuid": "902e7255-4c02-4aac-8562-1c39ecf2c9d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38653", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12447", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38653\n\ud83d\udd25 CVSS Score: 2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.\n\n\ud83d\udccf Published: 2022-12-15T20:56:55.103Z\n\ud83d\udccf Modified: 2025-04-18T14:56:02.038Z\n\ud83d\udd17 References:\n1. https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141", "creation_timestamp": "2025-04-18T14:58:50.000000Z"} https://vulnerability.circl.lu/sighting/902e7255-4c02-4aac-8562-1c39ecf2c9d0/export Fri, 18 Apr 2025 14:58:50 +0000