{"vulnerability": "CVE-2022-2631", "sightings": [{"uuid": "01dc8d50-f2b1-48fc-a947-f8bc3119ba0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "c8241c95-e732-477e-85ce-bdd9dff52e0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971454", "content": "", "creation_timestamp": "2024-12-24T20:29:34.836803Z"}, {"uuid": "53925a58-4392-43e5-be7e-13dda8084bb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "03a056e7-c171-469b-bcc6-65031bb43f3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/watchguard_firebox_unauth_rce_cve_2022_26318.rb", "content": "", "creation_timestamp": "2024-03-28T17:56:24.000000Z"}, {"uuid": "5ea0a873-dc32-4425-a4aa-ab20be611ca1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:44.000000Z"}, {"uuid": "a6840768-de96-4ca3-974b-5e149c687e61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:36.000000Z"}, {"uuid": "2c766e34-6f2f-4775-85a8-1b918f67f245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "3d02cfab-24d4-440c-a3f2-f789c67c8a91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1727", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aWatchguard RCE POC CVE-2022-26318\nURL\uff1ahttps://github.com/Throns1956/watchguard_cve-2022-26318\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-03-27T12:55:05.000000Z"}, {"uuid": "d45260ec-3e3d-4599-b625-2a3b5f66dc72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-26318", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3254e210-422f-468b-a9f3-72ec8d6a9f83", "content": "", "creation_timestamp": "2026-02-02T12:27:58.641851Z"}, {"uuid": "a87e4bf9-9620-4f7b-9342-217a98c33d4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1976", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aWatchguard RCE POC CVE-2022-26318\nURL\uff1ahttps://github.com/h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-18T15:26:03.000000Z"}, {"uuid": "2f753547-7e2e-4804-90a7-dfd90d8b56d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26314", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/129", "content": "Active Exploitation of Confluence CVE-2022-26134 \n\n\ud83d\udc64 by Rapid7\n\nOn June 2, 2022, Atlassian published a\u00a0security advisory\u00a0for CVE-2022-26134, a critical unauthenticated remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability was unpatched when it was published on June 2. As of June 3, both patches and a temporary workaround are available.\nCVE-2022-26314 is an unauthenticated and remote OGNL injection vulnerability resulting in code execution in the context of the Confluence server (typically the confluence user on Linux installations). Given the nature of the vulnerability, internet-facing Confluence servers are at very high risk.\n\n\ud83d\udcdd Contents:\n\u2022 Technical analysis\n\u2022\u2022 The vulnerability\n\u2022\u2022 Root cause\n\u2022\u2022 The patch\n\u2022\u2022 Payloads\n\u2022 Mitigation guidance\n\nhttps://www.rapid7.com/ja/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/", "creation_timestamp": "2022-06-04T05:59:39.000000Z"}, {"uuid": "752c0791-75a7-4ef2-8972-070287521246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "seen", "source": "https://t.me/arpsyndicate/1086", "content": "#ExploitObserverAlert\n\nCVE-2022-26318\n\nDESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-26318. On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.\n\nFIRST-EPSS: 0.089690000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T01:56:51.000000Z"}, {"uuid": "d6d96a34-f9fa-47c3-9a68-f5b176174365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/119", "content": "CVE-2022-26318 : Diving Deeper into WatchGuard Pre-Auth RCE\nhttps://blog.assetnote.io/2022/04/13/watchguard-firebox-rce", "creation_timestamp": "2022-04-17T15:07:00.000000Z"}, {"uuid": "68cc8725-3354-433c-9b09-ef35898cfaf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26314", "type": "published-proof-of-concept", "source": "https://t.me/zero_day_uz/167", "content": "Active Exploitation of Confluence CVE-2022-26134 \n\n\ud83d\udc64 by Rapid7\n\nOn June 2, 2022, Atlassian published a\u00a0security advisory\u00a0for CVE-2022-26134, a critical unauthenticated remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability was unpatched when it was published on June 2. As of June 3, both patches and a temporary workaround are available.\nCVE-2022-26314 is an unauthenticated and remote OGNL injection vulnerability resulting in code execution in the context of the Confluence server (typically the confluence user on Linux installations). Given the nature of the vulnerability, internet-facing Confluence servers are at very high risk.\n\n\ud83d\udcdd Contents:\n\u2022 Technical analysis\n\u2022\u2022 The vulnerability\n\u2022\u2022 Root cause\n\u2022\u2022 The patch\n\u2022\u2022 Payloads\n\u2022 Mitigation guidance\n\nhttps://www.rapid7.com/ja/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/", "creation_timestamp": "2022-06-25T14:45:42.000000Z"}, {"uuid": "d4182890-6499-4e4b-87f7-e92509dcff67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "published-proof-of-concept", "source": "https://t.me/ARC15INFO/580", "content": "Watchguard-RCE-POC-CVE-2022-26318", "creation_timestamp": "2024-08-29T06:24:30.000000Z"}, {"uuid": "bdb3c15d-7c82-4090-8236-a95d7ea1ffce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2631", "type": "seen", "source": "https://t.me/cibsecurity/47431", "content": "\u203c CVE-2022-2631 \u203c\n\nImproper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T20:18:35.000000Z"}, {"uuid": "4fb9b4e2-a59d-42aa-9897-b689fb9055ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26319", "type": "seen", "source": "https://t.me/cibsecurity/38561", "content": "\u203c CVE-2022-26319 \u203c\n\nAn installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-09T00:41:03.000000Z"}, {"uuid": "b5f88498-75c5-484d-bac5-382b0cdb2cda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "seen", "source": "https://t.me/cibsecurity/38451", "content": "\u203c CVE-2022-26318 \u203c\n\nOn WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T20:30:20.000000Z"}, {"uuid": "b7450377-199e-474d-8f3f-02d77559a786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6169", "content": "Diving Deeper into WatchGuard Pre-Auth RCE - CVE-2022-26318\n\nhttps://blog.assetnote.io/2022/04/13/watchguard-firebox-rce/", "creation_timestamp": "2022-04-15T00:32:33.000000Z"}, {"uuid": "f5232fbb-6be1-4783-a7dc-78c0aee796bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26311", "type": "seen", "source": "https://t.me/cibsecurity/38690", "content": "\u203c CVE-2022-26311 \u203c\n\nCouchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:19:22.000000Z"}, {"uuid": "7bc967b5-739a-43fe-bc0c-89a0f5870c6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26315", "type": "seen", "source": "https://t.me/cibsecurity/38195", "content": "\u203c CVE-2022-26315 \u203c\n\nqrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-28T22:23:26.000000Z"}, {"uuid": "ad058b5f-a275-4abb-917a-6fd6a6826ca5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26318", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/48", "content": "https://github.com/h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318", "creation_timestamp": "2022-04-19T02:59:50.000000Z"}]}