{"vulnerability": "CVE-2022-2529", "sightings": [{"uuid": "466577c6-ace1-45fc-b489-01396009aaca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2529", "type": "seen", "source": "https://t.me/cibsecurity/50761", "content": "\u203c CVE-2022-2529 \u203c\n\nsflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-30T14:35:56.000000Z"}, {"uuid": "b29b8845-e8fe-4e7b-87e5-be9c57256825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25296", "type": "seen", "source": "https://t.me/cibsecurity/39138", "content": "\u203c CVE-2022-25296 \u203c\n\nThe package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-17T15:21:39.000000Z"}, {"uuid": "317c5671-1135-44e3-957f-af6b5a53adc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25298", "type": "seen", "source": "https://t.me/cibsecurity/37699", "content": "\u203c CVE-2022-25298 \u203c\n\nThis affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T16:39:59.000000Z"}, {"uuid": "de90582e-2439-41b5-aed4-29e87ad0a995", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25299", "type": "seen", "source": "https://t.me/cibsecurity/37698", "content": "\u203c CVE-2022-25299 \u203c\n\nThis affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T16:39:58.000000Z"}, {"uuid": "7a7100d1-84a9-4390-98c6-5e189d904224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2529", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17015", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2529\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.\n\ud83d\udccf Published: 2022-09-30T10:45:11.000Z\n\ud83d\udccf Modified: 2025-05-20T16:03:07.474Z\n\ud83d\udd17 References:\n1. https://github.com/cloudflare/goflow/security/advisories/GHSA-9rpw-2h95-666c", "creation_timestamp": "2025-05-20T16:41:08.000000Z"}, {"uuid": "1f2ec522-0a6c-4afe-a3db-060b774fc555", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25297", "type": "seen", "source": "https://t.me/cibsecurity/37854", "content": "\u203c CVE-2022-25297 \u203c\n\nThis affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-21T12:41:03.000000Z"}, {"uuid": "f1aaec0d-78c9-46a9-95ca-bc0a8e773621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25292", "type": "seen", "source": "https://t.me/cibsecurity/38007", "content": "\u203c CVE-2022-25292 \u203c\n\nA wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T18:15:04.000000Z"}]}