{"vulnerability": "cve-2022-2559", "sightings": [{"uuid": "cb185ddc-3080-4cb7-bac6-55079d5cc88c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2559", "type": "seen", "source": "https://t.me/cibsecurity/49009", "content": "\u203c CVE-2022-2559 \u203c\n\nThe Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T22:34:32.000000Z"}, {"uuid": "d1cd5bcc-baed-45f0-9708-a2cef1c8098a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25594", "type": "seen", "source": "https://t.me/cibsecurity/40311", "content": "\u203c CVE-2022-25594 \u203c\n\nMicroprogram\u00e2\u20ac\u2122s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-07T22:50:05.000000Z"}, {"uuid": "e299aded-36f1-44d2-8dc0-33c6999e10a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25597", "type": "seen", "source": "https://t.me/cibsecurity/40313", "content": "\u203c CVE-2022-25597 \u203c\n\nASUS RT-AC86U\u00e2\u20ac\u2122s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-07T22:36:38.000000Z"}, {"uuid": "dd63d57a-9a1a-4e06-93ad-a3b5e138b525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25595", "type": "seen", "source": "https://t.me/cibsecurity/40309", "content": "\u203c CVE-2022-25595 \u203c\n\nASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-07T22:36:33.000000Z"}, {"uuid": "77856935-cc68-4db6-a2bd-33f7a0b41bb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25596", "type": "seen", "source": "https://t.me/cibsecurity/40319", "content": "\u203c CVE-2022-25596 \u203c\n\nASUS RT-AC56U\u00e2\u20ac\u2122s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-07T22:36:45.000000Z"}, {"uuid": "2d437164-c10c-46eb-be5a-d9bc50fd493b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25598", "type": "seen", "source": "https://t.me/cibsecurity/39801", "content": "\u203c CVE-2022-25598 \u203c\n\nApache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-30T14:12:13.000000Z"}, {"uuid": "a68867ad-b9a4-412a-a7ba-c951a336145f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25599", "type": "seen", "source": "https://t.me/cibsecurity/37867", "content": "\u203c CVE-2022-25599 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-21T20:11:34.000000Z"}]}