https://db.gcve.eu/sightings/feed 2026-04-30T23:33:30.024342+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/90f5e592-f2e3-4743-8f22-70f4cc1b3032/export 2026-04-30T23:33:30.389769+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "90f5e592-f2e3-4743-8f22-70f4cc1b3032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22146", "type": "seen", "source": "https://t.me/cibsecurity/36987", "content": "\u203c CVE-2022-22146 \u203c\n\nCross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-08T14:36:55.000000Z"} 2022-02-08T14:36:55+00:00 https://db.gcve.eu/sighting/a9851ac4-159b-4d62-bd54-435665f72bbb/export 2026-04-30T23:33:30.389717+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "a9851ac4-159b-4d62-bd54-435665f72bbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22142", "type": "seen", "source": "https://t.me/cibsecurity/36992", "content": "\u203c CVE-2022-22142 \u203c\n\nReflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-08T14:37:03.000000Z"} 2022-02-08T14:37:03+00:00 https://db.gcve.eu/sighting/2dfd22eb-5d47-41db-906a-b410beb9480c/export 2026-04-30T23:33:30.389666+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "2dfd22eb-5d47-41db-906a-b410beb9480c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22141", "type": "seen", "source": "https://t.me/cibsecurity/38769", "content": "\u203c CVE-2022-22141 \u203c\n\n'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-11T12:14:39.000000Z"} 2022-03-11T12:14:39+00:00 https://db.gcve.eu/sighting/fba2d481-ba72-4012-91d8-f6b38d83c7ac/export 2026-04-30T23:33:30.389606+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "fba2d481-ba72-4012-91d8-f6b38d83c7ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22145", "type": "seen", "source": "https://t.me/cibsecurity/38770", "content": "\u203c CVE-2022-22145 \u203c\n\nCAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-11T12:14:41.000000Z"} 2022-03-11T12:14:41+00:00 https://db.gcve.eu/sighting/48a43cd2-1d8f-4e13-bd8d-523eb6b6d6e6/export 2026-04-30T23:33:30.389543+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "48a43cd2-1d8f-4e13-bd8d-523eb6b6d6e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22148", "type": "seen", "source": "https://t.me/cibsecurity/38777", "content": "\u203c CVE-2022-22148 \u203c\n\n'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-11T12:14:50.000000Z"} 2022-03-11T12:14:50+00:00 https://db.gcve.eu/sighting/e129f9d0-6c08-4f0b-bd47-f1c56beb75bf/export 2026-04-30T23:33:30.389476+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "e129f9d0-6c08-4f0b-bd47-f1c56beb75bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22143", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/42698", "content": "\u203c CVE-2022-21190 \u203c\n\nThis affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The [fix](https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889d45da7fe3ad9cd880) introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with __proto__ or this.constructor.prototype. To bypass this check it's possible to prepend the dangerous paths with any string value followed by a dot, like for example foo.__proto__ or foo.this.constructor.prototype.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-14T00:27:24.000000Z"} 2022-05-14T00:27:24+00:00 https://db.gcve.eu/sighting/d14f8497-d034-4043-ac18-f20bc6fb1182/export 2026-04-30T23:33:30.389387+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "d14f8497-d034-4043-ac18-f20bc6fb1182", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22140", "type": "seen", "source": "https://t.me/cibsecurity/47671", "content": "\u203c CVE-2022-22140 \u203c\n\nAn os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-06T02:21:12.000000Z"} 2022-08-06T02:21:12+00:00 https://db.gcve.eu/sighting/7a8ac6e3-485e-4e3c-a644-2bb58ee85100/export 2026-04-30T23:33:30.388170+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "7a8ac6e3-485e-4e3c-a644-2bb58ee85100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22144", "type": "seen", "source": "https://t.me/cibsecurity/47677", "content": "\u203c CVE-2022-22144 \u203c\n\nA hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-06T02:21:21.000000Z"} 2022-08-06T02:21:21+00:00