{"vulnerability": "cve-2022-2743", "sightings": [{"uuid": "596fe6d8-f4f6-440f-ac9f-28bf15236617", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2743", "type": "seen", "source": "https://t.me/cibsecurity/55796", "content": "\u203c CVE-2022-2743 \u203c\n\nInteger overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T11:58:14.000000Z"}, {"uuid": "91faa4d0-a751-48a6-9125-a814b38c6594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27438", "type": "seen", "source": "https://t.me/cibsecurity/43900", "content": "\u203c CVE-2022-27438 \u203c\n\nCaphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE) vulnerability via the Update Check function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-07T02:30:21.000000Z"}, {"uuid": "0e1fb267-f33e-4464-8fe0-9cc1d5f51a35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27438", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6121", "content": "#exploit\n#Whitepaper\nCVE-2022-27438:\nCaphyon Advanced Installer 19.3 - \"CustomDetection\" Update Check RCE", "creation_timestamp": "2024-05-08T21:31:57.000000Z"}, {"uuid": "64dc6dd1-b953-4bb8-962c-cbd7d6e7ed4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27436", "type": "seen", "source": "https://t.me/cibsecurity/40105", "content": "\u203c CVE-2022-27436 \u203c\n\nA cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-04T18:27:51.000000Z"}, {"uuid": "9f1e4b0f-6b3c-49ff-b4d9-b98115204eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27435", "type": "seen", "source": "https://t.me/cibsecurity/40103", "content": "\u203c CVE-2022-27435 \u203c\n\nAn unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-04T18:27:46.000000Z"}, {"uuid": "8c13ec49-1399-46f2-a92e-5421c29e4316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27432", "type": "seen", "source": "https://t.me/cibsecurity/39796", "content": "\u203c CVE-2022-27432 \u203c\n\nA Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T07:12:08.000000Z"}]}