{"vulnerability": "CVE-2022-3562", "sightings": [{"uuid": "09ec3900-8259-420f-94e2-51b680fbc7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35621", "type": "seen", "source": "https://t.me/cibsecurity/50229", "content": "\u203c CVE-2022-35621 \u203c\n\nAccess control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T22:41:26.000000Z"}, {"uuid": "277f7d76-3788-44bb-9e9c-e5292936dee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3562", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13714", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3562\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.\n\ud83d\udccf Published: 2022-11-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T18:08:57.905Z\n\ud83d\udd17 References:\n1. https://huntr.dev/bounties/bb9f76db-1314-44ae-9ccc-2b69679aa657\n2. https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645", "creation_timestamp": "2025-04-28T18:10:52.000000Z"}, {"uuid": "e416226f-3652-47dc-b050-397c5d6e23f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3562", "type": "seen", "source": "https://t.me/cibsecurity/53208", "content": "\u203c CVE-2022-3562 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-20T07:30:54.000000Z"}, {"uuid": "1706c791-9202-4e62-b66d-237c51a8c5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35628", "type": "seen", "source": "https://t.me/cibsecurity/46146", "content": "\u203c CVE-2022-35628 \u203c\n\nA SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T02:32:00.000000Z"}, {"uuid": "1cea7dcc-0640-4fdf-9ccd-523d222547ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35623", "type": "seen", "source": "https://t.me/cibsecurity/48162", "content": "\u203c CVE-2022-35623 \u203c\n\nIn Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T20:47:21.000000Z"}, {"uuid": "ab4fa955-b87a-4dd4-96f1-a6dd89677bbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35624", "type": "seen", "source": "https://t.me/cibsecurity/48166", "content": "\u203c CVE-2022-35624 \u203c\n\nIn Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T20:47:27.000000Z"}, {"uuid": "bb7537a8-9673-47b0-9938-745325ae2c79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35620", "type": "seen", "source": "https://t.me/cibsecurity/47491", "content": "\u203c CVE-2022-35620 \u203c\n\nD-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T18:18:44.000000Z"}, {"uuid": "983aa25f-1e26-4cc3-bdd3-8c16e066d931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-35629", "type": "seen", "source": "https://t.me/cibsecurity/47275", "content": "\u203c CVE-2022-35629 \u203c\n\nDue to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-29T20:13:52.000000Z"}]}