{"vulnerability": "CVE-2022-4519", "sightings": [{"uuid": "7cfba26d-0cb8-4e95-8503-ed893ebadbf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45192", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8683", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45192\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.\n\ud83d\udccf Published: 2023-02-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-25T15:13:09.700Z\n\ud83d\udd17 References:\n1. https://blediff.github.io/", "creation_timestamp": "2025-03-25T15:24:03.000000Z"}, {"uuid": "46b0ff3a-c0b0-4648-a8b1-b347474c97ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45198", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-04", "content": "", "creation_timestamp": "2025-07-22T10:00:00.000000Z"}, {"uuid": "03db9d68-7c22-4463-abdd-cd8a4a8e5d7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45190", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8681", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45190\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.\n\ud83d\udccf Published: 2023-02-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-25T15:17:15.305Z\n\ud83d\udd17 References:\n1. https://blediff.github.io/", "creation_timestamp": "2025-03-25T15:23:58.000000Z"}, {"uuid": "6c3e1661-9068-4a71-82fb-6b7f1d6f2973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45196", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14377", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45196\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.\n\ud83d\udccf Published: 2022-11-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T18:59:54.349Z\n\ud83d\udd17 References:\n1. https://github.com/SmartBFT-Go/fabric/issues/286\n2. https://github.com/hyperledger/fabric/pull/2934", "creation_timestamp": "2025-05-01T19:15:00.000000Z"}, {"uuid": "4b2bd785-3af7-4f14-9cd2-683040e5b86c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45194", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14290", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45194\n\ud83d\udd25 CVSS Score: 3.8 (cvssV3_1, Vector: CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:N/S:C/UI:R)\n\ud83d\udd39 Description: CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.\n\ud83d\udccf Published: 2022-11-11T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T13:59:27.887Z\n\ud83d\udd17 References:\n1. https://zigrin.com/advisories/cbrn-analysis-external-xml-entity-injection/", "creation_timestamp": "2025-05-01T14:15:28.000000Z"}, {"uuid": "066e56da-198c-45fd-b5ba-b835bd639e23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45191", "type": "seen", "source": "https://t.me/cibsecurity/57728", "content": "\u203c CVE-2022-45191 \u203c\n\nAn issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T02:23:30.000000Z"}, {"uuid": "dfb40c39-c488-4a50-96ab-57ec8ba850b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45190", "type": "seen", "source": "https://t.me/cibsecurity/57726", "content": "\u203c CVE-2022-45190 \u203c\n\nAn issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T02:23:28.000000Z"}, {"uuid": "af9f8728-27e5-4cec-ab14-08012f43b9ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45197", "type": "seen", "source": "https://t.me/cibsecurity/55303", "content": "\u203c CVE-2022-45197 \u203c\n\nSlixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T07:40:01.000000Z"}, {"uuid": "f22ff971-4eaf-486f-92e3-f1b274212578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4519", "type": "seen", "source": "https://t.me/cibsecurity/54648", "content": "\u203c CVE-2022-4519 \u203c\n\nThe WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T00:23:44.000000Z"}, {"uuid": "f78fddc8-e2a9-47db-a287-bd0f986f0ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45196", "type": "seen", "source": "https://t.me/cibsecurity/52932", "content": "\u203c CVE-2022-45196 \u203c\n\nHyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:52:32.000000Z"}]}