{"vulnerability": "cve-2022-2459", "sightings": [{"uuid": "d37be3e0-d598-4e31-84ce-8c2505ba1f85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24595", "type": "seen", "source": "https://t.me/cibsecurity/39198", "content": "\u203c CVE-2022-24595 \u203c\n\nAutomotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T15:22:27.000000Z"}, {"uuid": "8ad2a951-58ac-456a-ac5f-d779a496d0d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2459", "type": "seen", "source": "https://t.me/cibsecurity/47654", "content": "\u203c CVE-2022-2459 \u203c\n\nAn issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-05T20:27:04.000000Z"}, {"uuid": "3899758e-6b0c-40af-b301-bd565a736225", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24594", "type": "seen", "source": "https://t.me/cibsecurity/38084", "content": "\u203c CVE-2022-24594 \u203c\n\nIn waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T14:20:38.000000Z"}, {"uuid": "9282b37b-1fe7-4540-b27f-8235dc1e8f71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24599", "type": "seen", "source": "https://t.me/cibsecurity/37990", "content": "\u203c CVE-2022-24599 \u203c\n\nIn autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T18:14:39.000000Z"}, {"uuid": "56d1acf5-ea85-4b8b-98ad-58f5283fd8bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24590", "type": "seen", "source": "https://t.me/cibsecurity/37500", "content": "\u203c CVE-2022-24590 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T18:34:36.000000Z"}, {"uuid": "fb087977-d7db-45dc-a5f6-66d4d5c2bfd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24599", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lriwmg2oz226", "content": "", "creation_timestamp": "2025-06-13T17:12:01.212475Z"}]}