{"vulnerability": "cve-2022-2896", "sightings": [{"uuid": "77d4d9bb-87c3-4f49-97d8-11dcf5b028cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28960", "type": "seen", "source": "https://t.me/cibsecurity/43010", "content": "\u203c CVE-2022-28960 \u203c\n\nA PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T00:29:55.000000Z"}, {"uuid": "e5c1a8af-1d16-4833-ac4c-edca39e0e3ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28961", "type": "seen", "source": "https://t.me/cibsecurity/43009", "content": "\u203c CVE-2022-28961 \u203c\n\nSpip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T00:29:54.000000Z"}, {"uuid": "75a38128-2a18-4b4f-b1db-3507847deb89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28964", "type": "seen", "source": "https://t.me/cibsecurity/43020", "content": "\u203c CVE-2022-28964 \u203c\n\nAn arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T07:30:20.000000Z"}, {"uuid": "50aacc1c-ca84-4422-a1e2-89edc9a534f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28966", "type": "seen", "source": "https://t.me/cibsecurity/41000", "content": "\u203c CVE-2022-28966 \u203c\n\nWasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T23:59:22.000000Z"}, {"uuid": "710651bc-83fb-47bd-ac0e-0122bd8219b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2896", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12127", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2896\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.\n\ud83d\udccf Published: 2022-08-31T20:54:55.401Z\n\ud83d\udccf Modified: 2025-04-16T17:48:01.170Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06", "creation_timestamp": "2025-04-16T17:57:01.000000Z"}, {"uuid": "e1b9c62c-8073-495c-9a52-b33deffbae2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28962", "type": "seen", "source": "https://t.me/cibsecurity/43008", "content": "\u203c CVE-2022-28962 \u203c\n\nOnline Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T00:29:53.000000Z"}, {"uuid": "cb91c6bd-a074-4aab-96e3-6291d74b86fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28965", "type": "seen", "source": "https://t.me/cibsecurity/43016", "content": "\u203c CVE-2022-28965 \u203c\n\nMultiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-20T07:30:13.000000Z"}, {"uuid": "aa2429b8-5be4-4f5c-93f6-92b28e3c11df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28969", "type": "seen", "source": "https://t.me/cibsecurity/42112", "content": "\u203c CVE-2022-28969 \u203c\n\nTenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-06T18:27:56.000000Z"}]}