{"vulnerability": "CVE-2022-4346", "sightings": [{"uuid": "f3045f7f-9f79-426e-ba20-3c63686956fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43463", "type": "seen", "source": "https://t.me/cibsecurity/53166", "content": "\u203c CVE-2022-43463 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T22:29:41.000000Z"}, {"uuid": "9b16a4fc-7e5b-4b69-974e-8ae90de96fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43466", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12241", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43466\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.\n\ud83d\udccf Published: 2022-12-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-17T14:36:40.144Z\n\ud83d\udd17 References:\n1. https://www.buffalo.jp/news/detail/20240131-01.html\n2. https://jvn.jp/en/vu/JVNVU97099584/", "creation_timestamp": "2025-04-17T14:58:25.000000Z"}, {"uuid": "474ac0eb-075e-45f2-a8a6-41f6f2caeeae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43465", "type": "seen", "source": "https://t.me/cibsecurity/63770", "content": "\u203c CVE-2022-43465 \u203c\n\nImproper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T18:24:18.000000Z"}, {"uuid": "4811a6a0-4804-448d-a3d1-73a3f187a996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43461", "type": "seen", "source": "https://t.me/cibsecurity/60250", "content": "\u203c CVE-2022-43461 \u203c\n\nStored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T18:15:08.000000Z"}, {"uuid": "158f4390-ba74-416c-a876-de0b47d238d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43460", "type": "seen", "source": "https://t.me/cibsecurity/57992", "content": "\u203c CVE-2022-43460 \u203c\n\nDriver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-13T07:29:42.000000Z"}]}