{"vulnerability": "CVE-2022-4008", "sightings": [{"uuid": "70baea94-6541-4aa9-a4c0-d7e602082240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40082", "type": "seen", "source": "https://t.me/cibsecurity/50589", "content": "\u203c CVE-2022-40082 \u203c\n\nHertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T18:34:18.000000Z"}, {"uuid": "7ab3caca-4a07-46c8-b24f-4ccd30424db9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40080", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8068", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40080\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.\n\ud83d\udccf Published: 2023-02-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T14:49:41.570Z\n\ud83d\udd17 References:\n1. https://acer.com/\n2. https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-40080/CVE-2022-40080.md", "creation_timestamp": "2025-03-19T15:17:52.000000Z"}, {"uuid": "0c4a7d27-25a9-440c-8f1f-c78d9a668103", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40083", "type": "seen", "source": "https://t.me/cibsecurity/50583", "content": "\u203c CVE-2022-40083 \u203c\n\nLabstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T18:34:12.000000Z"}, {"uuid": "b3a51444-3d70-49b2-988f-8c1d707723a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40084", "type": "seen", "source": "https://t.me/cibsecurity/51887", "content": "\u203c CVE-2022-40084 \u203c\n\nOpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-20T18:21:17.000000Z"}]}