https://db.gcve.eu/sightings/feed 2026-05-26T02:39:36.485231+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/ed35d0ba-5bfc-4792-8964-b93b7bbb667f/export 2026-05-26T02:39:36.867101+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "ed35d0ba-5bfc-4792-8964-b93b7bbb667f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42463", "type": "seen", "source": "https://t.me/cibsecurity/51429", "content": "\u203c CVE-2022-42463 \u203c\n\nOpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T18:29:03.000000Z"} 2022-10-14T18:29:03+00:00 https://db.gcve.eu/sighting/b8272774-9e8d-4448-b281-c441cd6a75aa/export 2026-05-26T02:39:36.867027+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "b8272774-9e8d-4448-b281-c441cd6a75aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42464", "type": "seen", "source": "https://t.me/cibsecurity/51432", "content": "\u203c CVE-2022-42464 \u203c\n\nOpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T18:29:06.000000Z"} 2022-10-14T18:29:06+00:00 https://db.gcve.eu/sighting/19734880-928c-40cb-a6cc-5bc1d6c1e81a/export 2026-05-26T02:39:36.866956+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "19734880-928c-40cb-a6cc-5bc1d6c1e81a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42466", "type": "seen", "source": "https://t.me/cibsecurity/51746", "content": "\u203c CVE-2022-42466 \u203c\n\nPrior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T12:15:00.000000Z"} 2022-10-19T12:15:00+00:00 https://db.gcve.eu/sighting/f19c6c68-3408-4270-b67c-953b0cf7dcc8/export 2026-05-26T02:39:36.866875+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "f19c6c68-3408-4270-b67c-953b0cf7dcc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42467", "type": "seen", "source": "https://t.me/cibsecurity/51747", "content": "\u203c CVE-2022-42467 \u203c\n\nWhen running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be done using the 'isis.prototyping.h2-console.web-allow-remote-access' configuration property; the web console will be unavailable without setting this configuration. As an additional safeguard, the new 'isis.prototyping.h2-console.generate-random-web-admin-password' configuration parameter (enabled by default) requires that the administrator use a randomly generated password to use the console. The password is printed to the log, as \"webAdminPass: xxx\" (where \"xxx\") is the password. To revert to the original behaviour, the administrator would therefore need to set these configuration parameter: isis.prototyping.h2-console.web-allow-remote-access=true isis.prototyping.h2-console.generate-random-web-admin-password=false Note also that the h2 webconsole is never available in production mode, so these safeguards are only to ensure that the webconsole is secured by default also in prototype mode.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T12:15:02.000000Z"} 2022-10-19T12:15:02+00:00 https://db.gcve.eu/sighting/944cde77-b3cd-4af3-bae9-388ca1aa01f4/export 2026-05-26T02:39:36.866770+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "944cde77-b3cd-4af3-bae9-388ca1aa01f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42461", "type": "seen", "source": "https://t.me/cibsecurity/53168", "content": "\u203c CVE-2022-42461 \u203c\n\nBroken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T22:29:42.000000Z"} 2022-11-18T22:29:42+00:00 https://db.gcve.eu/sighting/a3d3a483-f04f-405d-b136-27a2450f86c7/export 2026-05-26T02:39:36.865520+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "a3d3a483-f04f-405d-b136-27a2450f86c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42466", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15622", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42466\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T19:54:09.104Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/83ftj5jgtv3mbm28w3trjyvd591jztrz\n2. http://www.openwall.com/lists/oss-security/2022/10/19/2", "creation_timestamp": "2025-05-08T20:24:04.000000Z"} 2025-05-08T20:24:04+00:00