{"vulnerability": "CVE-2022-4861", "sightings": [{"uuid": "34436100-ac6c-40b8-b3fc-7edbe71a84cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-01-31T18:10:03.000000Z"}, {"uuid": "7331a8bd-6e1e-4812-b834-661836f861bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48610", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk2qmojmc32h", "content": "", "creation_timestamp": "2025-03-10T23:51:08.669509Z"}, {"uuid": "abbb7706-9422-4ecd-a670-408fcacb3b62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:52.000000Z"}, {"uuid": "6c2ad465-55ab-49ad-9610-bba5c7ba8134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48610", "type": "seen", "source": "https://t.me/cvedetector/19989", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48610 - Apple macOS Ventura/WatchOS/iOS/iPadOS State Management Data Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-48610 \nPublished : March 10, 2025, 8:15 p.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T23:13:43.000000Z"}, {"uuid": "9606c23d-1986-43f0-a97a-1287b97eb9ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-48618", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4cbf88f4-8601-41f4-b34e-d8e335575a8b", "content": "", "creation_timestamp": "2026-02-02T12:26:41.828526Z"}, {"uuid": "0bdf856e-68c7-47f2-8393-00b530e7e873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48610", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7052", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48610\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.\n\ud83d\udccf Published: 2025-03-10T19:37:48.949Z\n\ud83d\udccf Modified: 2025-03-10T19:37:48.949Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/102808\n2. https://support.apple.com/en-us/102741\n3. https://support.apple.com/en-us/102807", "creation_timestamp": "2025-03-10T20:38:58.000000Z"}, {"uuid": "ec5f88db-886b-46b5-9d1e-6b6017204c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48612", "type": "seen", "source": "https://t.me/cibsecurity/72299", "content": "\u203c CVE-2022-48612 \u203c\n\nA Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-16T07:41:23.000000Z"}, {"uuid": "a95e95f0-1f8e-44ab-a933-9bebdd86efd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48610", "type": "seen", "source": "Telegram/rTyqeSgyH6_YJt3M7PzpYmjKrWgN75J6JZhOcSxLJSe7KkF3", "content": "", "creation_timestamp": "2025-03-11T04:41:13.000000Z"}, {"uuid": "0bdfcb4f-1ce1-430c-897f-80265b007742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48610", "type": "seen", "source": "Telegram/aIDgoo-5E-0EsGwsPss6gkU4z6kI-LmaLObfDRlwkJ9SXKNH", "content": "", "creation_timestamp": "2025-03-11T04:41:14.000000Z"}, {"uuid": "0d1fad62-140b-4b03-8bc4-c1ca4038b1e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "exploited", "source": "Telegram/HHHLpj5UJ-Hchza2jGNrPuJutW81PjjfEkaVA0hvlVbZDA", "content": "", "creation_timestamp": "2024-02-01T06:24:18.000000Z"}, {"uuid": "1c03677b-15c1-4010-bca5-6c31ab3dea71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "exploited", "source": "https://t.me/KomunitiSiber/1425", "content": "CISA Warns of Active Exploitation of Critical Vulnerability in iOS, iPadOS, and macOS\nhttps://thehackernews.com/2024/02/cisa-warns-of-active-exploitation-of.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday\u00a0added\u00a0a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.\nThe vulnerability, tracked as\u00a0CVE-2022-48618\u00a0(CVSS score: 7.8), concerns a bug in the kernel component.\n\"An attacker with", "creation_timestamp": "2024-02-01T07:14:12.000000Z"}, {"uuid": "542b2594-2de2-473a-b0bd-4d9c5e69b56d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "seen", "source": "https://t.me/ctinow/177091", "content": "https://ift.tt/pU6P3GO\nCVE-2022-48618 Exploitation", "creation_timestamp": "2024-01-31T21:17:14.000000Z"}, {"uuid": "8e48e228-3a94-4549-8e24-54c3f0a31442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "seen", "source": "https://t.me/ctinow/174596", "content": "https://ift.tt/ubcR64G\nCVE-2022-48618 | Apple macOS improper authentication", "creation_timestamp": "2024-01-27T03:06:22.000000Z"}, {"uuid": "afd6fff8-d320-46da-90ff-64ef63b50524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "seen", "source": "https://t.me/ctinow/174595", "content": "https://ift.tt/BzqUenE\nCVE-2022-48618 | Apple tvOS improper authentication", "creation_timestamp": "2024-01-27T03:06:21.000000Z"}, {"uuid": "f8c57696-dca7-4cf1-a9bb-8d5a80eb9425", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "seen", "source": "https://t.me/ctinow/174590", "content": "https://ift.tt/tA2f6xF\nCVE-2022-48618 | Apple iOS/iPadOS improper authentication", "creation_timestamp": "2024-01-27T02:31:56.000000Z"}, {"uuid": "52070f9b-64ab-45a1-a67d-2b8aa3838ca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "seen", "source": "https://t.me/ctinow/174594", "content": "https://ift.tt/I9u6QWo\nCVE-2022-48618 | Apple watchOS improper authentication", "creation_timestamp": "2024-01-27T03:06:20.000000Z"}, {"uuid": "fd9c1d88-9087-494d-9d03-89f27ae0efef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48619", "type": "seen", "source": "https://t.me/ctinow/167052", "content": "https://ift.tt/jaKW6wy\nCVE-2022-48619", "creation_timestamp": "2024-01-12T04:21:29.000000Z"}, {"uuid": "f1235932-6715-4e11-9ea6-23af86861817", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48614", "type": "seen", "source": "https://t.me/ctinow/161296", "content": "https://ift.tt/HJoIAX1\nCVE-2022-48614 | Semantic MediaWiki up to 4.0.1 Special:Ask cross site scripting (Issue 5262)", "creation_timestamp": "2024-01-01T12:36:50.000000Z"}, {"uuid": "93f32071-2668-4706-b085-f16daca8aaae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48619", "type": "seen", "source": "https://t.me/ctinow/167106", "content": "https://ift.tt/TwJivta\nCVE-2022-48619", "creation_timestamp": "2024-01-12T07:41:35.000000Z"}, {"uuid": "37b21ff1-dce7-4c66-a08c-0e8655cbc5e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48612", "type": "seen", "source": "https://t.me/ctinow/186874", "content": "https://ift.tt/0NxGKwT\nCVE-2023-45889 | ClassLink OneClick Extension up to 10.8 Incomplete Fix CVE-2022-48612 cross site scripting", "creation_timestamp": "2024-02-17T11:36:39.000000Z"}, {"uuid": "963145a0-2a55-4836-8a7d-b84c3093c05f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48618", "type": "seen", "source": "https://t.me/ctinow/165252", "content": "https://ift.tt/rmC6qal\nCVE-2022-48618", "creation_timestamp": "2024-01-09T19:26:26.000000Z"}, {"uuid": "fafef2bb-ee80-4aa8-8be4-ef49a8684e93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48616", "type": "seen", "source": "https://t.me/ctinow/161632", "content": "https://ift.tt/HR6fweq\nCVE-2022-48616 | Huawei AR6000 os command injection", "creation_timestamp": "2024-01-02T10:06:52.000000Z"}, {"uuid": "9b9359e7-eeeb-458e-8421-a5b12aef6131", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4861", "type": "seen", "source": "https://t.me/cibsecurity/55566", "content": "\u203c CVE-2022-4861 \u203c\n\nIncorrect implementation in authentication protocol in M-Files Server before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-30T16:13:49.000000Z"}]}