{"vulnerability": "CVE-2022-2501", "sightings": [{"uuid": "75917e00-a67a-4aad-96dc-6f08615178ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25017", "type": "seen", "source": "https://t.me/cibsecurity/39989", "content": "\u203c CVE-2022-25017 \u203c\n\nHitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-01T12:19:31.000000Z"}, {"uuid": "68fb65c8-4ce6-4064-b27c-0c0704ef07a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25018", "type": "seen", "source": "https://t.me/cibsecurity/38238", "content": "\u203c CVE-2022-25018 \u203c\n\nPluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T07:23:37.000000Z"}, {"uuid": "ec8a7a4a-9f8f-4851-abcd-433a32a31bda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25012", "type": "published-proof-of-concept", "source": "Telegram/I_VzxJ_9p7O2X7Ih73SweAnkXOR0UHrtYPuU6Dj7KHtUriQ", "content": "", "creation_timestamp": "2025-04-29T11:00:06.000000Z"}, {"uuid": "9f5a2d9f-1fb1-4950-a21a-0bf1d677a729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25016", "type": "seen", "source": "https://t.me/cibsecurity/38312", "content": "\u203c CVE-2022-25016 \u203c\n\nHome Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-03T04:35:40.000000Z"}, {"uuid": "05f12eab-403b-4a26-b1d8-bcc78b143e3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25015", "type": "seen", "source": "https://t.me/cibsecurity/38201", "content": "\u203c CVE-2022-25015 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-28T22:23:36.000000Z"}, {"uuid": "2891224e-e506-4fe4-9174-96d9636f7cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25014", "type": "seen", "source": "https://t.me/cibsecurity/38199", "content": "\u203c CVE-2022-25014 \u203c\n\nIce Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the \"m\" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-28T22:23:32.000000Z"}, {"uuid": "a2325e30-4a87-4f61-acbe-802049fb3f0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25013", "type": "seen", "source": "https://t.me/cibsecurity/38197", "content": "\u203c CVE-2022-25013 \u203c\n\nIce Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the \"key\" and \"fm\" parameters in the component login.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-28T22:23:29.000000Z"}]}