{"vulnerability": "CVE-2022-2551", "sightings": [{"uuid": "9388b00c-8b5e-476f-b5ed-9f3c4cf67b7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25518", "type": "seen", "source": "https://t.me/cibsecurity/39396", "content": "\u203c CVE-2022-25518 \u203c\n\nIn CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-23T01:27:56.000000Z"}, {"uuid": "90a2983b-94c4-40ed-b31d-b98e6b0f5cca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25512", "type": "seen", "source": "https://t.me/cibsecurity/38750", "content": "\u203c CVE-2022-25512 \u203c\n\nFreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-11T02:14:00.000000Z"}, {"uuid": "9f62a8dd-5598-482e-9140-836120bdaf11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25510", "type": "seen", "source": "https://t.me/cibsecurity/38758", "content": "\u203c CVE-2022-25510 \u203c\n\nFreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-11T02:14:10.000000Z"}, {"uuid": "c4d07da0-60fb-4c5b-ad6d-0dcfde8ddb22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25511", "type": "seen", "source": "https://t.me/cibsecurity/38751", "content": "\u203c CVE-2022-25511 \u203c\n\nAn issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-11T02:14:01.000000Z"}]}