{"vulnerability": "cve-2022-2115", "sightings": [{"uuid": "e23a9023-dd1c-46cb-afe8-bd19b703717d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21154", "type": "seen", "source": "https://t.me/cibsecurity/40832", "content": "\u203c CVE-2022-21154 \u203c\n\nAn integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T00:23:45.000000Z"}, {"uuid": "ef42e7a0-9810-461e-8ef5-706a0dfe6054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21152", "type": "seen", "source": "https://t.me/cibsecurity/48394", "content": "\u203c CVE-2022-21152 \u203c\n\nImproper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T00:16:58.000000Z"}, {"uuid": "507afd47-a007-4ad7-8c97-5e7f7537fd79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21150", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq7azqqca72j", "content": "", "creation_timestamp": "2025-05-28T03:26:34.082428Z"}, {"uuid": "3d2aa01e-539c-496a-a763-e753e9770a3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2115", "type": "seen", "source": "https://t.me/cibsecurity/46893", "content": "\u203c CVE-2022-2115 \u203c\n\nThe Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T16:32:59.000000Z"}, {"uuid": "8c86e901-bd87-4b5c-bb2d-d106c8b5b48a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21159", "type": "seen", "source": "https://t.me/cibsecurity/40878", "content": "\u203c CVE-2022-21159 \u203c\n\nA denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T20:20:13.000000Z"}, {"uuid": "cf49334b-2b0e-4fcc-b1ba-46ebb8bd3dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21156", "type": "seen", "source": "https://t.me/cibsecurity/37196", "content": "\u203c CVE-2022-21156 \u203c\n\nAccess of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T02:26:25.000000Z"}, {"uuid": "4ff254b3-86d6-4925-8c05-11736e85db32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21158", "type": "seen", "source": "https://t.me/cibsecurity/38715", "content": "\u203c CVE-2022-21158 \u203c\n\nA stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:25:59.000000Z"}]}