{"vulnerability": "CVE-2022-2629", "sightings": [{"uuid": "f05a207e-f124-4c8e-b8d9-e0e11413f436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26293", "type": "seen", "source": "https://t.me/cibsecurity/39109", "content": "\u203c CVE-2022-26293 \u203c\n\nOnline Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T23:20:45.000000Z"}, {"uuid": "016c46e0-0ee6-43dc-9e24-14c38ac84ce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2629", "type": "seen", "source": "https://t.me/cibsecurity/51088", "content": "\u203c CVE-2022-2629 \u203c\n\nThe Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T00:25:32.000000Z"}, {"uuid": "8e2328f7-a9ec-43ec-9d59-f94b1f37cd65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26295", "type": "seen", "source": "https://t.me/cibsecurity/39108", "content": "\u203c CVE-2022-26295 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T23:20:44.000000Z"}, {"uuid": "616b6aba-f736-4900-9299-c7bf120fc016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26296", "type": "seen", "source": "https://t.me/cibsecurity/39704", "content": "\u203c CVE-2022-26296 \u203c\n\nBOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T02:40:53.000000Z"}, {"uuid": "5cd61431-dd12-4764-a248-460f6d94ed4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26291", "type": "seen", "source": "https://t.me/cibsecurity/39699", "content": "\u203c CVE-2022-26291 \u203c\n\nlrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T02:40:45.000000Z"}]}