{"vulnerability": "CVE-2022-3641", "sightings": [{"uuid": "1a8a189a-5c56-452b-9aa6-1d7994c3f984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36418", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17430", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36418\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.\n\n\n\ud83d\udccf Published: 2024-01-17T15:51:15.793Z\n\ud83d\udccf Modified: 2025-05-23T16:02:09.543Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/vulnerability/hreflang-tags-by-dcgws/wordpress-hreflang-tags-lite-plugin-2-0-0-unauthenticated-plugin-data-reset-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T16:46:59.000000Z"}, {"uuid": "7ae4e04f-5c20-4cfe-b038-dc0c480b435d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36416", "type": "seen", "source": "https://t.me/cibsecurity/58396", "content": "\u203c CVE-2022-36416 \u203c\n\nProtection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-17T00:12:43.000000Z"}, {"uuid": "2b1a154c-c079-4f24-875b-0b0bd509dc64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36417", "type": "seen", "source": "https://t.me/cibsecurity/50365", "content": "\u203c CVE-2022-36417 \u203c\n\nMultiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T20:43:53.000000Z"}, {"uuid": "a832a80f-58cf-4779-9a79-7388147f58a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3641", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13039", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3641\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.\n\n\ud83d\udccf Published: 2022-12-07T14:35:18.529Z\n\ud83d\udccf Modified: 2025-04-23T13:43:54.866Z\n\ud83d\udd17 References:\n1. https://devolutions.net/security/advisories/DEVO-2022-0010", "creation_timestamp": "2025-04-23T14:05:19.000000Z"}, {"uuid": "19d02696-6275-419a-8019-94742b5e81aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36413", "type": "seen", "source": "https://t.me/cibsecurity/60624", "content": "\u203c CVE-2022-36413 \u203c\n\nZoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T23:37:04.000000Z"}, {"uuid": "a5f0ccec-0e17-4c60-b5ae-b7aa17ae499f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36414", "type": "seen", "source": "https://t.me/cibsecurity/46852", "content": "\u203c CVE-2022-36414 \u203c\n\nThere is an elevation of privilege breakout vulnerability in the Windows EXE installer in Scooter Beyond Compare 4.2.0 through 4.4.2 before 4.4.3. Affected versions allow a logged-in user to run applications with elevated privileges via the Clipboard Compare tray app after installation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-23T07:24:09.000000Z"}, {"uuid": "258fc44b-52ca-4c37-b11d-5ad2a1454938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36415", "type": "seen", "source": "https://t.me/cibsecurity/46851", "content": "\u203c CVE-2022-36415 \u203c\n\nA DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a Windows Temp folder. If a standard user places malicious DLLs in the C:\\Windows\\Temp\\ folder, and then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-23T07:24:08.000000Z"}, {"uuid": "f06816d6-9645-42a4-99a7-f73b7866e01c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-36412", "type": "seen", "source": "https://t.me/cibsecurity/46998", "content": "\u203c CVE-2022-36412 \u203c\n\nIn Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-26T18:35:02.000000Z"}]}