{"metadata": {"count": 3, "page": 1, "per_page": 100}, "data": [{"uuid": "dc369f6f-e555-44c2-a22c-61a821894ae4", "vulnerability": {"vulnId": "CVE-2022-22948", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "dc369f6f-e555-44c2-a22c-61a821894ae4"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-17T00:00:00+00:00"}, "timestamps": {"asserted_at": "2024-07-17T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2024-07-17T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative... | Affected: VMware / VMware vCenter Server and VMware Cloud Foundation | CVSS: 6.5 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative...", "vendor": "VMware", "product": "VMware vCenter Server and VMware Cloud Foundation", "added_date": "2024-07-17T00:00:00.000Z", "cvss_score": 6.5, "epss_score": null, "cvss_severity": "MEDIUM", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2022-22948", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22948"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22948"}]}, {"uuid": "e5622667-4260-49c0-b760-7c030178efae", "vulnerability": {"vulnId": "CVE-2022-2294", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "e5622667-4260-49c0-b760-7c030178efae"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "timestamps": {"asserted_at": "2022-08-25T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-08-25T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a... | Affected: Google / Chrome | CVSS: 8.8 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "confirmed_compromise", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a...", "vendor": "Google", "product": "Chrome", "added_date": "2022-08-25T00:00:00.000Z", "cvss_score": 8.8, "epss_score": null, "cvss_severity": "HIGH", "epss_percentile": null, "used_in_malware": "yes", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2022-2294", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2294"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-2294"}]}, {"uuid": "38a9cf2a-e97a-4c5f-97fa-5ae389852240", "vulnerability": {"vulnId": "CVE-2022-22947", "altId": []}, "gcve": {"origin_uuid": "caeb2787-0d58-4236-9039-7c86c3e566f3", "object_uuid": "38a9cf2a-e97a-4c5f-97fa-5ae389852240"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-16T00:00:00+00:00"}, "timestamps": {"asserted_at": "2022-05-16T00:00:00+00:00", "recorded_at": "2026-06-23T11:11:17+00:00", "first_seen_at": "2022-05-16T00:00:00+00:00"}, "scope": {"notes": "KEVIntel entry: In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator... | Affected: VMware / Spring Cloud Gateway | CVSS: 10.0 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False"}, "evidence": [{"type": "public_report", "source": "kevintel", "signal": "successful_exploitation", "confidence": 0.7, "details": {"feed": "KEVIntel (kevintel.com)", "title": "In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator...", "vendor": "VMware", "product": "Spring Cloud Gateway", "added_date": "2022-05-16T00:00:00.000Z", "cvss_score": 10.0, "epss_score": null, "cvss_severity": "CRITICAL", "epss_percentile": null, "used_in_malware": "unknown", "ahead_of_cisa_kev": null, "not_yet_in_cisa_kev": false}}], "references": [{"id": "CVE-2022-22947", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22947"}, {"id": "kevintel", "url": "https://kevintel.com/vuln/CVE-2022-22947"}]}]}
