{"vulnerability": "CVE-2022-3097", "sightings": [{"uuid": "0f3f0b6c-d651-4d42-9dd7-f46d043b073d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30971", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m4sjqp6codm2", "content": "", "creation_timestamp": "2025-11-04T12:26:04.468944Z"}, {"uuid": "4c616a2a-c547-4856-9c28-18d61b6357c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30975", "type": "seen", "source": "https://t.me/cibsecurity/42885", "content": "\u203c CVE-2022-30975 \u203c\n\nIn Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T14:28:26.000000Z"}, {"uuid": "2a3dde08-e3ff-41ee-a0aa-872f4ab1c507", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30976", "type": "seen", "source": "https://t.me/cibsecurity/42884", "content": "\u203c CVE-2022-30976 \u203c\n\nGPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T14:28:25.000000Z"}, {"uuid": "d346fba8-bf73-4f43-b65f-e3839ba68f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30972", "type": "seen", "source": "https://t.me/cibsecurity/42825", "content": "\u203c CVE-2022-30972 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T18:27:56.000000Z"}, {"uuid": "4fd0e94a-d9c3-4c41-8705-9dd826402c71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30972", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3m4qj3kinrq62", "content": "", "creation_timestamp": "2025-11-03T17:08:45.444085Z"}, {"uuid": "e55ffccd-5c96-4964-a374-8900f6318203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3097", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15405", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3097\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections.\n\ud83d\udccf Published: 2022-10-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-07T20:13:11.951Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/9ebb8318-ebaf-4de7-b337-c91327685a43", "creation_timestamp": "2025-05-07T20:22:43.000000Z"}, {"uuid": "78db494f-f9fb-4bbb-9dbd-c0500d4b99ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30973", "type": "seen", "source": "https://t.me/cibsecurity/45253", "content": "\u203c CVE-2022-33879 \u203c\n\nThe initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T02:35:07.000000Z"}, {"uuid": "dacbb148-7eb5-4ebd-a9ee-90c1bbe3e45a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30970", "type": "seen", "source": "https://t.me/cibsecurity/42808", "content": "\u203c CVE-2022-30970 \u203c\n\nJenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T18:27:31.000000Z"}, {"uuid": "2d139b24-03ee-42f6-8abd-2f6fc204e53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30974", "type": "seen", "source": "https://t.me/cibsecurity/42887", "content": "\u203c CVE-2022-30974 \u203c\n\ncompile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T14:28:28.000000Z"}, {"uuid": "2f83a039-bf27-4e7a-a172-9d0a87326487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30973", "type": "seen", "source": "https://t.me/cibsecurity/43564", "content": "\u203c CVE-2022-30973 \u203c\n\nWe failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-31T18:18:50.000000Z"}]}