{"vulnerability": "CVE-2022-2522", "sightings": [{"uuid": "0c94d2bd-b520-4cb3-99b2-8ac15c989534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25226", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-25226.yaml", "content": "", "creation_timestamp": "2025-02-11T16:54:10.000000Z"}, {"uuid": "45c188f3-dd9b-4062-9b80-bc7c4835a6db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25226", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lhz32d2fux23", "content": "", "creation_timestamp": "2025-02-12T21:02:00.401139Z"}, {"uuid": "939b5b5a-4c14-4b83-b33d-88bf677fa5aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25226", "type": "published-proof-of-concept", "source": "Telegram/-eVtmnn41aX142EGm4PDd1vAvsYrV5qccUCeh8-YPAmHevg", "content": "", "creation_timestamp": "2025-07-16T15:00:06.000000Z"}, {"uuid": "a5d24875-8d3b-48ff-a6e6-0bebe9f78593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25226", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlb7wrv22a", "content": "", "creation_timestamp": "2025-08-03T21:02:32.182977Z"}, {"uuid": "feb0eac2-9c82-4643-86de-1c16f8e39de7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25226", "type": "published-proof-of-concept", "source": "Telegram/NdPZSTtIE4NWYgzkW1qGVgsu1ozTh6WtjvXjKsyPnGPQPvY", "content": "", "creation_timestamp": "2025-07-16T09:00:04.000000Z"}, {"uuid": "3dd592e4-e54e-459d-be54-895bbc078d84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2522", "type": "seen", "source": "https://t.me/cibsecurity/46909", "content": "\u203c CVE-2022-2522 \u203c\n\nHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T18:33:09.000000Z"}, {"uuid": "fb1a0fd0-7f37-4a9c-ba88-e962fc820be8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25226", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/44188", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aThinVNC 1.0b1 - Authentication Bypass to RCE\nURL\uff1ahttps://github.com/krill-x7/CVE-2022-25226\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-07-16T02:58:51.000000Z"}, {"uuid": "e81b7014-af56-4477-8e4d-66bd1fff668b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25226", "type": "published-proof-of-concept", "source": "Telegram/Zn-MrGH2EZw9krb9LK_B7CZ2NwqA9UnK4k-IFktRqyAhV2A", "content": "", "creation_timestamp": "2025-07-16T15:00:12.000000Z"}, {"uuid": "e9c6ef78-8744-4a55-991e-e362a3b99d61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25222", "type": "seen", "source": "https://t.me/cibsecurity/39444", "content": "\u203c CVE-2022-25222 \u203c\n\nMoney Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-23T23:29:00.000000Z"}, {"uuid": "e084cf38-da6c-4963-90d3-48a96a6c9956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25224", "type": "seen", "source": "https://t.me/cibsecurity/43054", "content": "\u203c CVE-2022-25224 \u203c\n\nProton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T16:36:46.000000Z"}, {"uuid": "14464ffc-257c-4bb7-8b1d-5119c06b5f42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25229", "type": "seen", "source": "https://t.me/cibsecurity/43022", "content": "\u203c CVE-2022-25229 \u203c\n\nPopcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)'' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the webpage to use 'NodeJs' features, an attacker can leverage this to run OS commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T14:30:29.000000Z"}, {"uuid": "bee4db83-cef5-4ac2-be94-225c1994f9be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25227", "type": "seen", "source": "https://t.me/cibsecurity/43040", "content": "\u203c CVE-2022-25227 \u203c\n\nThinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T16:30:48.000000Z"}, {"uuid": "f4f9da95-79f7-45cb-b373-0eb2b186b617", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25226", "type": "seen", "source": "https://t.me/cibsecurity/41035", "content": "\u203c CVE-2022-25226 \u203c\n\nThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-18T20:29:32.000000Z"}, {"uuid": "2c19a082-d14c-416e-bb6e-056c340f917c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25223", "type": "seen", "source": "https://t.me/cibsecurity/39437", "content": "\u203c CVE-2022-25223 \u203c\n\nMoney Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-23T23:28:53.000000Z"}, {"uuid": "5c82a706-e76b-4721-ae80-d8a8e3bcd40b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25225", "type": "seen", "source": "https://t.me/cibsecurity/38708", "content": "\u203c CVE-2022-25225 \u203c\n\nNetwork Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:23:17.000000Z"}]}