{"vulnerability": "cve-2022-3127", "sightings": [{"uuid": "d12df24f-ae40-4ff4-b73a-4d84e887fe30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3127", "type": "seen", "source": "https://t.me/cibsecurity/49284", "content": "\u203c CVE-2022-3127 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-05T16:12:10.000000Z"}, {"uuid": "e8bda294-b265-4da2-bc4f-aeb3eed4c4fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31277", "type": "seen", "source": "https://t.me/cibsecurity/44625", "content": "\u203c CVE-2022-31277 \u203c\n\nXiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T18:26:29.000000Z"}, {"uuid": "911f7fc1-e0bf-4a57-bb10-e550ae9dc4c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31273", "type": "seen", "source": "https://t.me/cibsecurity/44400", "content": "\u203c CVE-2022-31273 \u203c\n\nAn issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T16:20:58.000000Z"}, {"uuid": "76145398-dbeb-4ea5-b847-46b817174117", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31279", "type": "seen", "source": "https://t.me/cibsecurity/43933", "content": "\u203c CVE-2022-31279 \u203c\n\nLaravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\\Broadcasting\\PendingBroadcast.php and __call in Faker\\Generator.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-07T20:31:08.000000Z"}]}