{"vulnerability": "cve-2022-2696", "sightings": [{"uuid": "31fbe92d-7a37-43e8-b92d-6a1470813e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26964", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11636", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-26964\n\ud83d\udd25 CVSS Score: 7.4 (cvssV3_1, Vector: CVSS:3.1/AC:H/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N)\n\ud83d\udd39 Description: Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T15:44:42.674Z\n\ud83d\udd17 References:\n1. https://devolutions.net/security/advisories/DEVO-2022-0002", "creation_timestamp": "2025-04-14T15:53:37.000000Z"}, {"uuid": "093fe172-e357-4096-bb55-daf3deb5a574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26960", "type": "seen", "source": "https://t.me/cibsecurity/39316", "content": "\u203c CVE-2022-26960 \u203c\n\nconnector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-21T19:26:20.000000Z"}, {"uuid": "01bb22c1-3061-450a-ab59-8bfd523b6817", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26966", "type": "seen", "source": "https://t.me/cibsecurity/38840", "content": "\u203c CVE-2022-26966 \u203c\n\nAn issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-13T00:16:15.000000Z"}, {"uuid": "df8139fd-48ad-46af-bade-257f79bdba62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26967", "type": "seen", "source": "https://t.me/cibsecurity/38839", "content": "\u203c CVE-2022-26967 \u203c\n\nGPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-13T00:16:14.000000Z"}, {"uuid": "a13faccb-b8de-4e9b-9962-45e0cbd50a03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26965", "type": "seen", "source": "https://t.me/cibsecurity/39186", "content": "\u203c CVE-2022-26965 \u203c\n\nIn Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T11:22:21.000000Z"}]}