{"vulnerability": "CVE-2022-2525", "sightings": [{"uuid": "72706b3d-21e9-438b-b8bc-06fcbb1c191a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2525", "type": "seen", "source": "https://t.me/cibsecurity/62229", "content": "\u203c CVE-2022-2525 \u203c\n\nImproper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T16:26:45.000000Z"}, {"uuid": "e9f1752b-47e9-47ac-987d-414d7e64c4f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25255", "type": "seen", "source": "https://t.me/cibsecurity/37622", "content": "\u203c CVE-2022-25255 \u203c\n\nIn Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-16T22:36:23.000000Z"}, {"uuid": "b12518aa-9bb8-4b8a-8b91-52c578950323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25258", "type": "seen", "source": "https://t.me/cibsecurity/37620", "content": "\u203c CVE-2022-25258 \u203c\n\nAn issue was discovered in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-16T22:36:18.000000Z"}, {"uuid": "f5e7a5c5-8987-4d5c-b261-a89a3aac32fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25251", "type": "seen", "source": "https://t.me/cibsecurity/39063", "content": "\u203c CVE-2022-25251 \u203c\n\nWhen connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product\u00e2\u20ac\u2122s configuration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T17:26:51.000000Z"}, {"uuid": "47a0a3f6-5b03-458b-b58e-ff92b215313e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25256", "type": "seen", "source": "https://t.me/cibsecurity/37820", "content": "\u203c CVE-2022-25256 \u203c\n\nSAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T07:38:52.000000Z"}]}