https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 09 May 2026 13:27:27 +0000 https://vulnerability.circl.lu/sighting/e2c38f0a-f5e0-42f2-a899-95bfcc2d9730/export {"uuid": "e2c38f0a-f5e0-42f2-a899-95bfcc2d9730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43772", "type": "seen", "source": "https://t.me/cibsecurity/61347", "content": "\u203c CVE-2022-43772 \u203c\n\nHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-03T22:24:53.000000Z"} {"uuid": "e2c38f0a-f5e0-42f2-a899-95bfcc2d9730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43772", "type": "seen", "source": "https://t.me/cibsecurity/61347", "content": "\u203c CVE-2022-43772 \u203c\n\nHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-03T22:24:53.000000Z"} https://vulnerability.circl.lu/sighting/e2c38f0a-f5e0-42f2-a899-95bfcc2d9730/export Mon, 03 Apr 2023 22:24:53 +0000 https://vulnerability.circl.lu/sighting/14800493-bac7-405b-862b-2b735899b9c6/export {"uuid": "14800493-bac7-405b-862b-2b735899b9c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43773", "type": "seen", "source": "https://t.me/cibsecurity/61352", "content": "\u203c CVE-2022-43773 \u203c\n\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-03T22:25:00.000000Z"} {"uuid": "14800493-bac7-405b-862b-2b735899b9c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43773", "type": "seen", "source": "https://t.me/cibsecurity/61352", "content": "\u203c CVE-2022-43773 \u203c\n\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-03T22:25:00.000000Z"} https://vulnerability.circl.lu/sighting/14800493-bac7-405b-862b-2b735899b9c6/export Mon, 03 Apr 2023 22:25:00 +0000 https://vulnerability.circl.lu/sighting/5496e4eb-4e01-4aff-9c49-a0de904eac81/export {"uuid": "5496e4eb-4e01-4aff-9c49-a0de904eac81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43771", "type": "seen", "source": "https://t.me/cibsecurity/61343", "content": "\u203c CVE-2022-43771 \u203c\n\nHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-06T13:44:11.000000Z"} {"uuid": "5496e4eb-4e01-4aff-9c49-a0de904eac81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43771", "type": "seen", "source": "https://t.me/cibsecurity/61343", "content": "\u203c CVE-2022-43771 \u203c\n\nHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-06T13:44:11.000000Z"} https://vulnerability.circl.lu/sighting/5496e4eb-4e01-4aff-9c49-a0de904eac81/export Thu, 06 Apr 2023 13:44:11 +0000 https://vulnerability.circl.lu/sighting/e6928330-fb86-4e93-86a0-0452a0501c8a/export {"uuid": "e6928330-fb86-4e93-86a0-0452a0501c8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43773", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8078", "content": "#exploit\n1. CVE-2022-43769, CVE-2022-43939, \nCVE-2022-43773, CVE-2022-43938:\nPentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server\nhttps://research.aurainfosec.io/pentest/pentah0wnage\n\n2. CVE-2022-44675:\nWindows bluetooth vulnerability exploit\nhttps://vul.360.net/archives/690\n\n3. CVE-2023-29017:\nVM2 Sandbox Escape] Vulnerability\nhttps://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d", "creation_timestamp": "2023-04-08T20:04:44.000000Z"} {"uuid": "e6928330-fb86-4e93-86a0-0452a0501c8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43773", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8078", "content": "#exploit\n1. CVE-2022-43769, CVE-2022-43939, \nCVE-2022-43773, CVE-2022-43938:\nPentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server\nhttps://research.aurainfosec.io/pentest/pentah0wnage\n\n2. CVE-2022-44675:\nWindows bluetooth vulnerability exploit\nhttps://vul.360.net/archives/690\n\n3. CVE-2023-29017:\nVM2 Sandbox Escape] Vulnerability\nhttps://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d", "creation_timestamp": "2023-04-08T20:04:44.000000Z"} https://vulnerability.circl.lu/sighting/e6928330-fb86-4e93-86a0-0452a0501c8a/export Sat, 08 Apr 2023 20:04:44 +0000 https://vulnerability.circl.lu/sighting/03a55739-51f0-4cdf-b2bd-b369994b19de/export {"uuid": "03a55739-51f0-4cdf-b2bd-b369994b19de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43770", "type": "seen", "source": "https://t.me/cibsecurity/61896", "content": "\u203c CVE-2022-43770 \u203c\n\nHitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API. \u00c2\u00a0\u00c2\u00a0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T20:23:37.000000Z"} {"uuid": "03a55739-51f0-4cdf-b2bd-b369994b19de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43770", "type": "seen", "source": "https://t.me/cibsecurity/61896", "content": "\u203c CVE-2022-43770 \u203c\n\nHitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API. \u00c2\u00a0\u00c2\u00a0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T20:23:37.000000Z"} https://vulnerability.circl.lu/sighting/03a55739-51f0-4cdf-b2bd-b369994b19de/export Tue, 11 Apr 2023 20:23:37 +0000 https://vulnerability.circl.lu/sighting/62d97784-7595-4045-b268-9bd954407913/export {"uuid": "62d97784-7595-4045-b268-9bd954407913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43779", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8779", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43779\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.\n\ud83d\udccf Published: 2023-02-03T16:42:10.283Z\n\ud83d\udccf Modified: 2025-03-25T20:44:42.683Z\n\ud83d\udd17 References:\n1. https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829", "creation_timestamp": "2025-03-25T21:25:28.000000Z"} {"uuid": "62d97784-7595-4045-b268-9bd954407913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43779", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8779", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43779\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.\n\ud83d\udccf Published: 2023-02-03T16:42:10.283Z\n\ud83d\udccf Modified: 2025-03-25T20:44:42.683Z\n\ud83d\udd17 References:\n1. https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829", "creation_timestamp": "2025-03-25T21:25:28.000000Z"} https://vulnerability.circl.lu/sighting/62d97784-7595-4045-b268-9bd954407913/export Tue, 25 Mar 2025 21:25:28 +0000