{"vulnerability": "CVE-2022-2581", "sightings": [{"uuid": "7333a512-2fac-4e17-aa58-b1d93fcc03b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25812", "type": "seen", "source": "https://t.me/cibsecurity/48501", "content": "\u203c CVE-2022-25812 \u203c\n\nThe Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T18:26:40.000000Z"}, {"uuid": "fba270a8-0863-4312-8964-107af1b7d190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25813", "type": "seen", "source": "https://t.me/arpsyndicate/2041", "content": "#ExploitObserverAlert\n\nCVE-2022-25813\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-25813. In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message \u201cSubject\u201d field from the \"Contact us\" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.\n\nFIRST-EPSS: 0.004820000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-20T15:42:12.000000Z"}, {"uuid": "70e99954-c06d-4249-839c-2d4b8b1c5bec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25816", "type": "seen", "source": "https://t.me/cibsecurity/38719", "content": "\u203c CVE-2022-25816 \u203c\n\nImproper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:26:07.000000Z"}, {"uuid": "43f1b2c4-94ac-4c43-9407-5b94a89ca20c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25814", "type": "seen", "source": "https://t.me/cibsecurity/38685", "content": "\u203c CVE-2022-25814 \u203c\n\nPendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:19:15.000000Z"}, {"uuid": "1197c2e0-01ea-4e4f-bd7f-0f134854d135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2581", "type": "seen", "source": "https://t.me/cibsecurity/47347", "content": "\u203c CVE-2022-2581 \u203c\n\nOut-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-01T18:17:13.000000Z"}]}