{"vulnerability": "cve-2022-3035", "sightings": [{"uuid": "3cb84a9a-336e-4684-92ae-3e5d01a764bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30354", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7391", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-30354\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers.\n\ud83d\udccf Published: 2024-10-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-13T00:55:23.288Z\n\ud83d\udd17 References:\n1. https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30354", "creation_timestamp": "2025-03-13T01:42:36.000000Z"}, {"uuid": "1999bbd9-446a-4f4f-9345-8f9384aaf20c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30359", "type": "seen", "source": "https://t.me/cvedetector/8965", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-30359 - OvalEdge Authentication Bypass: Sensitive User Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2022-30359 \nPublished : Oct. 25, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T20:25:53.000000Z"}, {"uuid": "a9ad9282-505e-4017-8968-6417d60c52d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30358", "type": "seen", "source": "https://t.me/cvedetector/8964", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-30358 - OvalEdge Account Takeover Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-30358 \nPublished : Oct. 25, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T20:25:52.000000Z"}, {"uuid": "295f50b3-9255-4bd2-84d5-b6c53ed7d9f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30357", "type": "seen", "source": "https://t.me/cvedetector/8963", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-30357 - OvalEdge Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-30357 \nPublished : Oct. 25, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T20:25:51.000000Z"}, {"uuid": "999537c3-a61c-4586-91ef-fe7a04dd8fc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30355", "type": "seen", "source": "https://t.me/cvedetector/8956", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-30355 - OvalEdge Account Takeover Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-30355 \nPublished : Oct. 25, 2024, 4:15 p.m. | 23\u00a0minutes ago \nDescription : OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T18:45:29.000000Z"}, {"uuid": "b6dd95c3-41a8-4b0c-aa85-3fa2da9c613d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30354", "type": "seen", "source": "https://t.me/cvedetector/8955", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-30354 - OvalEdge User Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2022-30354 \nPublished : Oct. 25, 2024, 4:15 p.m. | 23\u00a0minutes ago \nDescription : OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T18:45:28.000000Z"}, {"uuid": "191f5658-3a84-4a87-8bf4-db5b6b836a99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30351", "type": "seen", "source": "https://t.me/cibsecurity/61186", "content": "\u203c CVE-2022-30351 \u203c\n\nPDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is \"locked\" and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-30T20:35:55.000000Z"}, {"uuid": "57efcf7a-89a1-46e6-bb61-453e03702471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30350", "type": "seen", "source": "https://t.me/cibsecurity/61184", "content": "\u203c CVE-2022-30350 \u203c\n\nAvanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a \"white out\" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-30T20:35:53.000000Z"}, {"uuid": "18a579a9-484b-4553-a087-0437ac386081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30356", "type": "seen", "source": "https://t.me/cvedetector/8969", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-30356 - OvalEdge Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-30356 \nPublished : Oct. 25, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T20:25:59.000000Z"}]}