https://db.gcve.eu/sightings/feed 2026-06-01T12:16:43.818578+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/1cc2d5f8-c6f1-4548-a4e5-64297db364f4/export 2026-06-01T12:16:44.087958+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "1cc2d5f8-c6f1-4548-a4e5-64297db364f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "Telegram/EX6V4w5SpHpAfIZcExR4z1wZdtm4BIFDlin1KmbFoWap", "content": "", "creation_timestamp": "2022-06-22T22:24:39.000000Z"} 2022-06-22T22:24:39+00:00 https://db.gcve.eu/sighting/fbb94fe8-b5af-459b-96ce-0da5b3a747cb/export 2026-06-01T12:16:44.087900+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "fbb94fe8-b5af-459b-96ce-0da5b3a747cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22980", "type": "seen", "source": "https://t.me/cibsecurity/45025", "content": "\u203c CVE-2022-22980 \u203c\n\nA Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:39:48.000000Z"} 2022-06-23T20:39:48+00:00 https://db.gcve.eu/sighting/34088506-0434-41da-b267-f041a1722f84/export 2026-06-01T12:16:44.087842+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "34088506-0434-41da-b267-f041a1722f84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22980", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6263", "content": "#exploit\n1. CVE-2021-30983:\nThe curious tale of a fake Carrier app\nhttps://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html\n\n2. CVE-2022-22980:\nSpring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods\nhttps://github.com/trganda/CVE-2022-22980", "creation_timestamp": "2022-06-24T12:31:59.000000Z"} 2022-06-24T12:31:59+00:00 https://db.gcve.eu/sighting/3cc72d62-0793-4ebc-b58d-f8c09edbc5a5/export 2026-06-01T12:16:44.087788+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "3cc72d62-0793-4ebc-b58d-f8c09edbc5a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6291", "content": "#Threat_Research\n1. Analyzing CVE-2022-22980 to discover a real exploitable path in the source code review process with CodeQL\nhttps://infosecwriteups.com/analyzing-cve-2022-22980-to-discover-a-real-exploitable-path-in-the-source-code-review-process-with-145d97717656\n2. Commonly existing PLC Supply Chain Threats: Multiple critical vulnerabilities in Codesys Runtime (CVE-2022-31805, CVE-2022-31806, CVE-2022-32137)\nhttps://github.com/ic3sw0rd/Codesys_V2_Vulnerability", "creation_timestamp": "2022-06-29T02:51:42.000000Z"} 2022-06-29T02:51:42+00:00 https://db.gcve.eu/sighting/d74ed5ae-81f3-429c-b0a2-054674672537/export 2026-06-01T12:16:44.087736+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "d74ed5ae-81f3-429c-b0a2-054674672537", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "https://t.me/malwar3s/13", "content": "https://github.com/trganda/CVE-2022-22980", "creation_timestamp": "2022-06-29T07:55:23.000000Z"} 2022-06-29T07:55:23+00:00 https://db.gcve.eu/sighting/b79209ff-cad3-441c-b9e8-1fd6d4944b8f/export 2026-06-01T12:16:44.087679+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "b79209ff-cad3-441c-b9e8-1fd6d4944b8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2298", "type": "seen", "source": "https://t.me/cibsecurity/46071", "content": "\u203c CVE-2022-2298 \u203c\n\nA vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument user_name with the input admin' or '1'='1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-12T20:25:16.000000Z"} 2022-07-12T20:25:16+00:00 https://db.gcve.eu/sighting/f6ccc375-bd53-4aa4-8a07-07165a54671c/export 2026-06-01T12:16:44.087625+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "f6ccc375-bd53-4aa4-8a07-07165a54671c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22982", "type": "seen", "source": "https://t.me/cibsecurity/46187", "content": "\u203c CVE-2022-22982 \u203c\n\nThe vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T22:40:08.000000Z"} 2022-07-13T22:40:08+00:00 https://db.gcve.eu/sighting/00cacb61-ec95-4d7b-8143-466f42420565/export 2026-06-01T12:16:44.087557+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "00cacb61-ec95-4d7b-8143-466f42420565", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22984", "type": "seen", "source": "https://t.me/cibsecurity/53717", "content": "\u203c CVE-2022-22984 \u203c\n\nThe package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T16:29:12.000000Z"} 2022-11-30T16:29:12+00:00 https://db.gcve.eu/sighting/99146f94-9b07-4200-b9cb-8c893825ecb9/export 2026-06-01T12:16:44.087472+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "99146f94-9b07-4200-b9cb-8c893825ecb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22980", "type": "seen", "source": "https://t.me/arpsyndicate/614", "content": "#ExploitObserverAlert\n\nCVE-2022-22980\n\nDESCRIPTION: Exploit Observer has 27 entries related to CVE-2022-22980. A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.\n\nFIRST-EPSS: 0.010400000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-27T23:55:37.000000Z"} 2023-11-27T23:55:37+00:00 https://db.gcve.eu/sighting/db74ea14-b7d1-4cd1-8120-0c3c0c4cd040/export 2026-06-01T12:16:44.083461+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "db74ea14-b7d1-4cd1-8120-0c3c0c4cd040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22987", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12101", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-22987\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.\n\ud83d\udccf Published: 2022-02-04T22:29:29.468Z\n\ud83d\udccf Modified: 2025-04-16T16:46:12.102Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsa-22-032-02", "creation_timestamp": "2025-04-16T16:56:14.000000Z"} 2025-04-16T16:56:14+00:00