{"vulnerability": "CVE-2022-2591", "sightings": [{"uuid": "b468bbfd-aaac-412e-86ea-bdd4f92750f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25912", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mkchtcprif2e", "content": "", "creation_timestamp": "2026-04-25T07:01:16.607645Z"}, {"uuid": "501382db-8ff3-4812-a912-ec46ed9da553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25916", "type": "seen", "source": "https://t.me/cibsecurity/57246", "content": "\u203c CVE-2022-25916 \u203c\n\nVersions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T07:14:01.000000Z"}, {"uuid": "f57ce184-ee7f-473b-9c42-3a7b6a8e1b97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25912", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9917", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25860\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P)\n\ud83d\udd39 Description: Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization.This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).\n\ud83d\udccf Published: 2023-01-24T05:00:02.399Z\n\ud83d\udccf Modified: 2025-04-01T15:29:18.377Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391\n2. https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13\n3. https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951", "creation_timestamp": "2025-04-01T15:32:31.000000Z"}, {"uuid": "d30ec08c-3f44-457b-ac5e-78ab664a0d62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25912", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12991", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25912\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P)\n\ud83d\udd39 Description: The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).\n\ud83d\udccf Published: 2022-12-12T01:49:10.008Z\n\ud83d\udccf Modified: 2025-04-22T20:15:14.996Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221\n2. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532\n3. https://github.com/steveukx/git-js/commit/774648049eb3e628379e292ea172dccaba610504\n4. https://github.com/steveukx/git-js/releases/tag/simple-git%403.15.0\n5. https://github.com/steveukx/git-js/blob/main/docs/PLUGIN-UNSAFE-ACTIONS.md%23overriding-allowed-protocols", "creation_timestamp": "2025-04-22T21:04:34.000000Z"}, {"uuid": "282f77c0-38ec-4236-9ec3-765294f8046c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25917", "type": "seen", "source": "Telegram/NAKY-kS9nlErISgthi0OlhhXXUYunO5H2pUQU0F5_F0iGCTw", "content": "", "creation_timestamp": "2025-02-06T02:43:29.000000Z"}, {"uuid": "2bb4edd5-9b9d-4b92-823c-9da95bc4bac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2591", "type": "seen", "source": "https://t.me/ctinow/181487", "content": "https://ift.tt/d492UJv\nCVE-2022-2591 Exploit", "creation_timestamp": "2024-02-08T17:17:00.000000Z"}, {"uuid": "a48ed87c-99f2-4ea3-8203-0150b131a748", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25914", "type": "seen", "source": "https://t.me/cibsecurity/49438", "content": "\u203c CVE-2022-25914 \u203c\n\nThe package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-08T12:14:57.000000Z"}, {"uuid": "0703b91b-745a-433d-8ea6-c48460669c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25912", "type": "seen", "source": "https://t.me/cibsecurity/56953", "content": "\u203c CVE-2022-25860 \u203c\n\nVersions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:34:06.000000Z"}, {"uuid": "f030cada-25e8-448c-9fd5-990c3a0a2a7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25918", "type": "seen", "source": "https://t.me/cibsecurity/52138", "content": "\u203c CVE-2022-25918 \u203c\n\nThe package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-27T14:28:19.000000Z"}, {"uuid": "9773ffb8-575f-4f04-b697-0c8e94c7e3a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25912", "type": "seen", "source": "https://t.me/cibsecurity/54044", "content": "\u203c CVE-2022-25912 \u203c\n\nThe package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T10:12:41.000000Z"}, {"uuid": "48419c88-17c9-4fc1-84e7-beb4a39d26f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25915", "type": "seen", "source": "https://t.me/cibsecurity/39906", "content": "\u203c CVE-2022-25915 \u203c\n\nImproper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-31T12:18:31.000000Z"}, {"uuid": "21b16894-3041-4d25-8a94-d9d30a35cca4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25917", "type": "seen", "source": "https://t.me/cibsecurity/52899", "content": "\u203c CVE-2022-25917 \u203c\n\nUncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:49:00.000000Z"}]}