{"vulnerability": "CVE-2022-4431", "sightings": [{"uuid": "b2d46824-bbc2-4245-9639-f5cf42ca0f66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44317", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14300", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-44317\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.\n\ud83d\udccf Published: 2022-11-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T15:12:13.372Z\n\ud83d\udd17 References:\n1. https://github.com/jpoirier/picoc/issues/37\n2. https://gitlab.com/zsaleeba/picoc/-/issues/48", "creation_timestamp": "2025-05-01T15:15:19.000000Z"}, {"uuid": "904fcf23-cbb3-4381-8472-21701568b058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44319", "type": "seen", "source": "https://t.me/cibsecurity/52646", "content": "\u203c CVE-2022-44319 \u203c\n\nPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T18:35:21.000000Z"}, {"uuid": "d9338ada-8725-461d-88c0-ebb4eda003d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44310", "type": "seen", "source": "https://t.me/cibsecurity/58889", "content": "\u203c CVE-2022-44310 \u203c\n\nIn Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-24T22:19:23.000000Z"}, {"uuid": "58021d41-3052-4f97-9ecc-d24b0c0d431e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44318", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14302", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-44318\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall.\n\ud83d\udccf Published: 2022-11-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T15:10:32.735Z\n\ud83d\udd17 References:\n1. https://github.com/jpoirier/picoc/issues/37\n2. https://gitlab.com/zsaleeba/picoc/-/issues/48", "creation_timestamp": "2025-05-01T15:15:21.000000Z"}, {"uuid": "d64e88c7-8f21-4d50-b926-751f25adece6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4431", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10547", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4431\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\ud83d\udccf Published: 2023-01-16T15:38:11.306Z\n\ud83d\udccf Modified: 2025-04-04T20:27:19.326Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/c7d12fd4-7346-4727-9f6c-7e7e5524a932\n2. https://wpscan.com/vulnerability/860b882b-983c-44b5-8c09-b6890df8a0da", "creation_timestamp": "2025-04-04T20:36:21.000000Z"}, {"uuid": "8351bfca-60a9-416a-861c-556cbf5f61c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44318", "type": "seen", "source": "https://t.me/cibsecurity/52644", "content": "\u203c CVE-2022-44318 \u203c\n\nPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T18:35:16.000000Z"}, {"uuid": "99a0043d-c2bc-46fb-8224-94c0e906a637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44317", "type": "seen", "source": "https://t.me/cibsecurity/52652", "content": "\u203c CVE-2022-44317 \u203c\n\nPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T18:35:30.000000Z"}, {"uuid": "b03c2373-426c-421c-b0dd-bc2c653410d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44314", "type": "seen", "source": "https://t.me/cibsecurity/52647", "content": "\u203c CVE-2022-44314 \u203c\n\nPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T18:35:22.000000Z"}, {"uuid": "deee6139-8dd9-40b2-b6a0-d5508f7cbc7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44316", "type": "seen", "source": "https://t.me/cibsecurity/52643", "content": "\u203c CVE-2022-44316 \u203c\n\nPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T18:35:15.000000Z"}, {"uuid": "14eb6b57-e670-4c9b-9cda-01127952a0e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44312", "type": "seen", "source": "https://t.me/cibsecurity/52642", "content": "\u203c CVE-2022-44312 \u203c\n\nPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T18:35:14.000000Z"}, {"uuid": "829cc9d3-4a40-4c27-9e58-0e6b4c07608c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44313", "type": "seen", "source": "https://t.me/cibsecurity/52641", "content": "\u203c CVE-2022-44313 \u203c\n\nPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T18:35:13.000000Z"}, {"uuid": "996addc6-ca51-4b5d-984e-05ddc15ab553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44315", "type": "seen", "source": "https://t.me/cibsecurity/52640", "content": "\u203c CVE-2022-44315 \u203c\n\nPicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T18:35:12.000000Z"}, {"uuid": "fdc1d954-cc97-4483-b479-c10fc9e57db0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44311", "type": "seen", "source": "https://t.me/cibsecurity/52649", "content": "\u203c CVE-2022-44311 \u203c\n\nhtml2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service (DoS) via a crafted html file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T18:35:24.000000Z"}]}