{"vulnerability": "cve-2022-2936", "sightings": [{"uuid": "74587923-64b8-4496-87f4-5f1d39184c58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29360", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9407", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 Unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users\u2019 emails.\n\nhttps://securityaffairs.co/wordpress/130488/hacking/unpatched-xss-rainloop.html", "creation_timestamp": "2022-04-22T14:37:26.000000Z"}, {"uuid": "a49b817a-ced1-45c5-af8c-6765b656f2f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29361", "type": "seen", "source": "https://t.me/cibsecurity/43314", "content": "\u203c CVE-2022-29361 \u203c\n\nImproper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-25T07:37:42.000000Z"}, {"uuid": "4c636d5a-c66f-455e-8fd0-4b5cee4de1c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29360", "type": "seen", "source": "https://t.me/cibsecurity/47247", "content": "\u203c CVE-2022-29360 \u203c\n\nThe Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-29T00:12:49.000000Z"}, {"uuid": "55c65047-3f0f-4d0d-895b-10a323ebb89f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29362", "type": "seen", "source": "https://t.me/cibsecurity/43313", "content": "\u203c CVE-2022-29362 \u203c\n\nA cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-25T07:37:41.000000Z"}, {"uuid": "86bc97e0-90ae-4aec-a7be-a3888080a4a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29369", "type": "seen", "source": "https://t.me/cibsecurity/42549", "content": "\u203c CVE-2022-29369 \u203c\n\nNginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T22:36:38.000000Z"}, {"uuid": "1747f724-89b2-42d5-94e6-f455f816cf40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29363", "type": "seen", "source": "https://t.me/cibsecurity/42535", "content": "\u203c CVE-2022-29363 \u203c\n\nPhpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T22:36:22.000000Z"}, {"uuid": "d953c629-4321-4dba-a4f0-0ba4108581cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29368", "type": "seen", "source": "https://t.me/cibsecurity/42545", "content": "\u203c CVE-2022-29368 \u203c\n\nModdable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T22:36:33.000000Z"}]}