{"vulnerability": "CVE-2022-4295", "sightings": [{"uuid": "0d5ced50-f138-4fe9-b764-9fcb747a23c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4295", "type": "seen", "source": "https://t.me/cibsecurity/56544", "content": "\u203c CVE-2022-4295 \u203c\n\nThe Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-16T18:24:17.000000Z"}, {"uuid": "712c98aa-5307-406b-9a60-93e29cdad642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42950", "type": "seen", "source": "https://t.me/cibsecurity/57629", "content": "\u203c CVE-2022-42950 \u203c\n\nAn issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T00:23:37.000000Z"}, {"uuid": "42aefcd9-117c-4fca-880b-abe23ab8b047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42951", "type": "seen", "source": "https://t.me/cibsecurity/57620", "content": "\u203c CVE-2022-42951 \u203c\n\nAn issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T00:23:28.000000Z"}, {"uuid": "b9e486fb-b3b9-412e-826d-6879783cabb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42953", "type": "seen", "source": "https://t.me/cibsecurity/55297", "content": "\u203c CVE-2022-42953 \u203c\n\nCertain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T07:39:50.000000Z"}, {"uuid": "21cfa792-d81b-4c9a-aaf3-c71ce6d95259", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42955", "type": "seen", "source": "https://t.me/cibsecurity/52589", "content": "\u203c CVE-2022-42955 \u203c\n\nThe PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T16:34:17.000000Z"}, {"uuid": "ecaa9dbc-ac5c-4304-bad5-26b9ac86439f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42956", "type": "seen", "source": "https://t.me/cibsecurity/52591", "content": "\u203c CVE-2022-42956 \u203c\n\nThe PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T16:34:18.000000Z"}]}