https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 20 Jun 2026 17:40:45 +0000 https://vulnerability.circl.lu/sighting/ee3a8ac2-cf78-4fb9-b301-d27b68f34291/export {"uuid": "ee3a8ac2-cf78-4fb9-b301-d27b68f34291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "seen", "source": "https://t.me/arpsyndicate/3157", "content": "#ExploitObserverAlert\n\nCVE-2022-46364\n\nDESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2022-46364. A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\n\nFIRST-EPSS: 0.028500000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T02:00:33.000000Z"} {"uuid": "ee3a8ac2-cf78-4fb9-b301-d27b68f34291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "seen", "source": "https://t.me/arpsyndicate/3157", "content": "#ExploitObserverAlert\n\nCVE-2022-46364\n\nDESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2022-46364. A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\n\nFIRST-EPSS: 0.028500000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T02:00:33.000000Z"} https://vulnerability.circl.lu/sighting/ee3a8ac2-cf78-4fb9-b301-d27b68f34291/export Sun, 28 Jan 2024 02:00:33 +0000 https://vulnerability.circl.lu/sighting/92a1b0b0-ef6c-4e0d-b576-1d517c194f72/export {"uuid": "92a1b0b0-ef6c-4e0d-b576-1d517c194f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46369", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10900", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46369\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) \u2013 vulnerability may allow inserting scripts into unspecified input fields.\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T13:40:44.402Z\n\ud83d\udd17 References:\n1. https://www.gov.il/en/Departments/faq/cve_advisories", "creation_timestamp": "2025-04-08T13:46:29.000000Z"} {"uuid": "92a1b0b0-ef6c-4e0d-b576-1d517c194f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46369", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10900", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46369\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) \u2013 vulnerability may allow inserting scripts into unspecified input fields.\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T13:40:44.402Z\n\ud83d\udd17 References:\n1. https://www.gov.il/en/Departments/faq/cve_advisories", "creation_timestamp": "2025-04-08T13:46:29.000000Z"} https://vulnerability.circl.lu/sighting/92a1b0b0-ef6c-4e0d-b576-1d517c194f72/export Tue, 08 Apr 2025 13:46:29 +0000 https://vulnerability.circl.lu/sighting/25722070-fb31-44e2-b9cf-0c7255309efe/export {"uuid": "25722070-fb31-44e2-b9cf-0c7255309efe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46368", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10947", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46368\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) \u2013 vulnerability may allow unauthorized action on behalf of authenticated users.\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T16:20:50.387Z\n\ud83d\udd17 References:\n1. https://www.gov.il/en/Departments/faq/cve_advisories", "creation_timestamp": "2025-04-08T16:46:39.000000Z"} {"uuid": "25722070-fb31-44e2-b9cf-0c7255309efe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46368", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10947", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46368\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) \u2013 vulnerability may allow unauthorized action on behalf of authenticated users.\n\ud83d\udccf Published: 2023-01-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T16:20:50.387Z\n\ud83d\udd17 References:\n1. https://www.gov.il/en/Departments/faq/cve_advisories", "creation_timestamp": "2025-04-08T16:46:39.000000Z"} https://vulnerability.circl.lu/sighting/25722070-fb31-44e2-b9cf-0c7255309efe/export Tue, 08 Apr 2025 16:46:39 +0000 https://vulnerability.circl.lu/sighting/e75be6a3-016b-462b-b2b7-d7282f6c7180/export {"uuid": "e75be6a3-016b-462b-b2b7-d7282f6c7180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46360", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11279", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46360\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.\n\ud83d\udccf Published: 2023-01-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T16:24:48.372Z\n\ud83d\udd17 References:\n1. https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php\n2. https://jvn.jp/en/vu/JVNVU90679513/index.html", "creation_timestamp": "2025-04-10T16:49:35.000000Z"} {"uuid": "e75be6a3-016b-462b-b2b7-d7282f6c7180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46360", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11279", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46360\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.\n\ud83d\udccf Published: 2023-01-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T16:24:48.372Z\n\ud83d\udd17 References:\n1. https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/index.php\n2. https://jvn.jp/en/vu/JVNVU90679513/index.html", "creation_timestamp": "2025-04-10T16:49:35.000000Z"} https://vulnerability.circl.lu/sighting/e75be6a3-016b-462b-b2b7-d7282f6c7180/export Thu, 10 Apr 2025 16:49:35 +0000 https://vulnerability.circl.lu/sighting/638414da-0684-4a62-b9cc-827e18d03a23/export {"uuid": "638414da-0684-4a62-b9cc-827e18d03a23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12778", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46364\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0\n\ud83d\udccf Published: 2022-12-13T16:20:26.765Z\n\ud83d\udccf Modified: 2025-04-22T02:48:36.211Z\n\ud83d\udd17 References:\n1. https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", "creation_timestamp": "2025-04-22T03:02:36.000000Z"} {"uuid": "638414da-0684-4a62-b9cc-827e18d03a23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12778", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46364\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0\n\ud83d\udccf Published: 2022-12-13T16:20:26.765Z\n\ud83d\udccf Modified: 2025-04-22T02:48:36.211Z\n\ud83d\udd17 References:\n1. https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", "creation_timestamp": "2025-04-22T03:02:36.000000Z"} https://vulnerability.circl.lu/sighting/638414da-0684-4a62-b9cc-827e18d03a23/export Tue, 22 Apr 2025 03:02:36 +0000 https://vulnerability.circl.lu/sighting/97f04c0c-fa60-4f06-9765-daf0fddee55c/export {"uuid": "97f04c0c-fa60-4f06-9765-daf0fddee55c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/KKi08pVtUDaCAJkb9047w9y4w-ZBtgxVmflDXmeWCTkhF9g", "content": "", "creation_timestamp": "2026-03-29T03:00:06.000000Z"} {"uuid": "97f04c0c-fa60-4f06-9765-daf0fddee55c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/KKi08pVtUDaCAJkb9047w9y4w-ZBtgxVmflDXmeWCTkhF9g", "content": "", "creation_timestamp": "2026-03-29T03:00:06.000000Z"} https://vulnerability.circl.lu/sighting/97f04c0c-fa60-4f06-9765-daf0fddee55c/export Sun, 29 Mar 2026 03:00:06 +0000 https://vulnerability.circl.lu/sighting/390260e4-48c4-4d67-a432-3285a865fe39/export {"uuid": "390260e4-48c4-4d67-a432-3285a865fe39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/77722", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #SSRF\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2022-46364-Proof-of-the-concept\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a cybermaksxx\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-03-29 03:00:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThis vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-03-29T03:02:31.000000Z"} {"uuid": "390260e4-48c4-4d67-a432-3285a865fe39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/77722", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #SSRF\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2022-46364-Proof-of-the-concept\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a cybermaksxx\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-03-29 03:00:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThis vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-03-29T03:02:31.000000Z"} https://vulnerability.circl.lu/sighting/390260e4-48c4-4d67-a432-3285a865fe39/export Sun, 29 Mar 2026 03:02:31 +0000 https://vulnerability.circl.lu/sighting/d380db4b-14ce-4a65-830b-619ad442f1dc/export {"uuid": "d380db4b-14ce-4a65-830b-619ad442f1dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/_RteshKRLDCQ4RAmweF2blRppm4mSQiC8GB-jXpC1s6eNw8", "content": "", "creation_timestamp": "2026-03-29T09:00:04.000000Z"} {"uuid": "d380db4b-14ce-4a65-830b-619ad442f1dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/_RteshKRLDCQ4RAmweF2blRppm4mSQiC8GB-jXpC1s6eNw8", "content": "", "creation_timestamp": "2026-03-29T09:00:04.000000Z"} https://vulnerability.circl.lu/sighting/d380db4b-14ce-4a65-830b-619ad442f1dc/export Sun, 29 Mar 2026 09:00:04 +0000 https://vulnerability.circl.lu/sighting/628ca782-2c38-46d5-9188-e458e367366b/export {"uuid": "628ca782-2c38-46d5-9188-e458e367366b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/JLhJQ7n8NYWxmD11_3t0g_ZRcR3DzIiGQT-gwDA9cmtWa00", "content": "", "creation_timestamp": "2026-04-01T03:00:06.000000Z"} {"uuid": "628ca782-2c38-46d5-9188-e458e367366b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/JLhJQ7n8NYWxmD11_3t0g_ZRcR3DzIiGQT-gwDA9cmtWa00", "content": "", "creation_timestamp": "2026-04-01T03:00:06.000000Z"} https://vulnerability.circl.lu/sighting/628ca782-2c38-46d5-9188-e458e367366b/export Wed, 01 Apr 2026 03:00:06 +0000 https://vulnerability.circl.lu/sighting/9b3f7eac-1208-4442-b042-5bba872ebf89/export {"uuid": "9b3f7eac-1208-4442-b042-5bba872ebf89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/TImB4WLg9m4sLGXOfrFfePfJsw5eV9JDphaGTzdqtpQzKI4", "content": "", "creation_timestamp": "2026-04-03T21:00:05.000000Z"} {"uuid": "9b3f7eac-1208-4442-b042-5bba872ebf89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/TImB4WLg9m4sLGXOfrFfePfJsw5eV9JDphaGTzdqtpQzKI4", "content": "", "creation_timestamp": "2026-04-03T21:00:05.000000Z"} https://vulnerability.circl.lu/sighting/9b3f7eac-1208-4442-b042-5bba872ebf89/export Fri, 03 Apr 2026 21:00:05 +0000