{"vulnerability": "cve-2022-3591", "sightings": [{"uuid": "4dc46c0e-b8c6-4af9-b51b-451aa8905ab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "2e0d4f98-883c-4157-9528-a1a0f3d870f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971772", "content": "", "creation_timestamp": "2024-12-24T20:33:52.749562Z"}, {"uuid": "5bf5bd7e-95fa-499b-8371-fc7bcc558c23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-31)", "content": "", "creation_timestamp": "2025-01-31T00:00:00.000000Z"}, {"uuid": "abb3859e-26d0-4e4d-936e-2b678665d41f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-29)", "content": "", "creation_timestamp": "2025-03-29T00:00:00.000000Z"}, {"uuid": "6cca2ba8-1144-4a1f-84fa-02c65f964b9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-29)", "content": "", "creation_timestamp": "2024-12-29T00:00:00.000000Z"}, {"uuid": "f780c5e1-6c37-4679-983f-7594e24bc8da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-16)", "content": "", "creation_timestamp": "2024-11-16T00:00:00.000000Z"}, {"uuid": "1a05fabd-928b-44a4-ae73-39fb3b8e7a21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "66705497-176b-457e-a72c-968fdc0d2a3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-01)", "content": "", "creation_timestamp": "2024-12-01T00:00:00.000000Z"}, {"uuid": "78c731f3-0d13-4f0f-97a6-331d7f68b82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://gist.github.com/AssassinUKG/43c3c11309ca52f136097fa0feb76308", "content": "", "creation_timestamp": "2025-03-26T21:55:01.000000Z"}, {"uuid": "beb0cca5-b8fb-41cc-8361-4ec2dd65e447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-28)", "content": "", "creation_timestamp": "2025-01-28T00:00:00.000000Z"}, {"uuid": "795b59dd-bf70-4845-8491-8d80e2ea5f82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "91dbcd89-f680-4e3c-b659-c53315835e53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "7189021d-a61e-458a-be79-08cb28a03141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-10)", "content": "", "creation_timestamp": "2025-02-10T00:00:00.000000Z"}, {"uuid": "8fafc89c-3af6-49ed-9daa-e7a8bb0f44a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-17)", "content": "", "creation_timestamp": "2025-03-17T00:00:00.000000Z"}, {"uuid": "cb475d53-53b6-4088-a1f4-5080ef6d0641", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:47.000000Z"}, {"uuid": "d1c106be-5c9c-4804-8e28-b26b1103179a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:38.000000Z"}, {"uuid": "0c93a5fa-86bd-4fa7-9752-34ea76c23f40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-22)", "content": "", "creation_timestamp": "2025-02-22T00:00:00.000000Z"}, {"uuid": "825d796a-2d6b-4a2e-8c94-3de4eddd2773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://gist.github.com/Magnus1990P/19031910e1b08b4e2d66ec69dfaf3622", "content": "", "creation_timestamp": "2025-03-13T08:06:43.000000Z"}, {"uuid": "f2df6678-faa6-4462-a869-2ea3f2e5c3e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-30)", "content": "", "creation_timestamp": "2025-05-30T00:00:00.000000Z"}, {"uuid": "c31264ed-34e0-4513-b4f8-36714ebffa7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-01)", "content": "", "creation_timestamp": "2025-03-01T00:00:00.000000Z"}, {"uuid": "50ec7b7a-48cf-43ef-ae72-69ce201e679f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-18)", "content": "", "creation_timestamp": "2025-05-18T00:00:00.000000Z"}, {"uuid": "8674fa83-bd4e-4102-a113-6c6fc6a8be6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-11)", "content": "", "creation_timestamp": "2025-06-11T00:00:00.000000Z"}, {"uuid": "e96779a6-0b0b-42cd-be4a-00faad7e7ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://gist.github.com/z0rs/219324ffce9e88bf36782c3cfc1a11c3", "content": "", "creation_timestamp": "2025-04-17T18:41:24.000000Z"}, {"uuid": "309748a9-0b03-4701-9cdf-0d742fdd2849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-05)", "content": "", "creation_timestamp": "2025-06-05T00:00:00.000000Z"}, {"uuid": "5ec0f9fa-6f84-4cac-8ca7-2d5981945e26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-16)", "content": "", "creation_timestamp": "2025-05-16T00:00:00.000000Z"}, {"uuid": "3a0c7ff5-9a90-4abe-ad61-0fcc78cd079c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-26)", "content": "", "creation_timestamp": "2025-04-26T00:00:00.000000Z"}, {"uuid": "bd33a9ba-cd8f-4246-aeb4-8b5a33913f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-08)", "content": "", "creation_timestamp": "2025-06-08T00:00:00.000000Z"}, {"uuid": "531ca8ad-fcc4-42d9-88a3-be18c9d96a96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-26)", "content": "", "creation_timestamp": "2025-04-26T00:00:00.000000Z"}, {"uuid": "8622f9ea-1013-4a97-aab1-65c6c706926d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-16)", "content": "", "creation_timestamp": "2025-07-16T00:00:00.000000Z"}, {"uuid": "713c6eff-fce3-4938-aec8-6322bc148484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-04)", "content": "", "creation_timestamp": "2025-05-04T00:00:00.000000Z"}, {"uuid": "b3a5a502-6eca-49fc-9c0d-8a2cf6519f64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "d7bf60a2-71e2-4469-98fd-332e74efa22c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-24)", "content": "", "creation_timestamp": "2025-05-24T00:00:00.000000Z"}, {"uuid": "846329fd-75fd-4014-974f-8f07f04a87ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-27)", "content": "", "creation_timestamp": "2025-04-27T00:00:00.000000Z"}, {"uuid": "60de578f-e9ee-4813-8f7c-1b4e15d6e4b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "14b839ed-6869-4b07-a971-2a09b9e15157", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-27)", "content": "", "creation_timestamp": "2025-05-27T00:00:00.000000Z"}, {"uuid": "2bedf906-7178-473c-bdab-518a4184ef55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-19)", "content": "", "creation_timestamp": "2025-09-19T00:00:00.000000Z"}, {"uuid": "129db3ba-7d3d-4424-b9ba-d41902037300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-25)", "content": "", "creation_timestamp": "2025-07-25T00:00:00.000000Z"}, {"uuid": "02c4e740-8f72-430b-ac86-9c413360acfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-21)", "content": "", "creation_timestamp": "2025-07-21T00:00:00.000000Z"}, {"uuid": "bbf62083-bcbc-4483-ae77-4574f64a8c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-26)", "content": "", "creation_timestamp": "2025-07-26T00:00:00.000000Z"}, {"uuid": "1932ed78-7bf8-40df-b6ab-9735fc994a78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-20)", "content": "", "creation_timestamp": "2025-09-20T00:00:00.000000Z"}, {"uuid": "23adbe76-2b72-4561-96dd-1a15465abf1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-25)", "content": "", "creation_timestamp": "2025-09-25T00:00:00.000000Z"}, {"uuid": "8f2cc816-bc53-47bf-83f6-6ee76eb86a0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-28)", "content": "", "creation_timestamp": "2025-09-28T00:00:00.000000Z"}, {"uuid": "e4b455e6-dd9b-4b5e-ad75-ece05c762f1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-04)", "content": "", "creation_timestamp": "2025-10-04T00:00:00.000000Z"}, {"uuid": "36e7cc78-0a16-4d7f-add0-cc8cb3322029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-09)", "content": "", "creation_timestamp": "2025-11-09T00:00:00.000000Z"}, {"uuid": "f7d06cf9-aaf8-4f3d-97ac-53f31328dc41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-29)", "content": "", "creation_timestamp": "2025-11-29T00:00:00.000000Z"}, {"uuid": "5d02dd55-becc-496d-a7c6-77186b15ff0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-30)", "content": "", "creation_timestamp": "2025-11-30T00:00:00.000000Z"}, {"uuid": "f2192b7a-c2e3-4027-8863-d5707bff7c01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:11.000000Z"}, {"uuid": "d0c3cac9-ddc7-43cd-bbb6-38b6c033c6c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/glpi_htmlawed_php_injection.rb", "content": "", "creation_timestamp": "2022-10-24T16:49:00.000000Z"}, {"uuid": "6ac37ce6-233d-4d82-9505-58b5dc139b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-11)", "content": "", "creation_timestamp": "2026-03-11T00:00:00.000000Z"}, {"uuid": "faf52790-0d84-4910-8793-4dfd3ac910f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-13)", "content": "", "creation_timestamp": "2026-02-13T00:00:00.000000Z"}, {"uuid": "65ff97ef-7560-4fc7-8b37-f32a516f7206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-16)", "content": "", "creation_timestamp": "2025-12-16T00:00:00.000000Z"}, {"uuid": "a1573dc4-79ed-49be-9103-779419abff44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-09)", "content": "", "creation_timestamp": "2025-12-09T00:00:00.000000Z"}, {"uuid": "e38bd372-cbfa-4c23-9254-f626a9b6f443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-30)", "content": "", "creation_timestamp": "2026-01-30T00:00:00.000000Z"}, {"uuid": "696d4fdb-2f1e-457c-8591-7a5545b6baf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/562", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-35914\n\ud83d\udd39 Description: /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.\n\ud83d\udccf Published: 2022-09-19T00:00:00\n\ud83d\udccf Modified: 2025-01-07T19:34:04.621940Z\n\ud83d\udd17 References:\n1. http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed\n2. https://github.com/glpi-project/glpi/releases\n3. https://glpi-project.org/fr/glpi-10-0-3-disponible/\n4. http://packetstormsecurity.com/files/169501/GLPI-10.0.2-Command-Injection.html\n5. https://github.com/Orange-Cyberdefense/CVE-repository/\n6. https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/POC_2022-35914.sh\n7. https://mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914/", "creation_timestamp": "2025-01-07T20:40:16.000000Z"}, {"uuid": "7f6f15db-7664-4676-a14e-0fe12f802712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/6216c5cf-6f5b-4086-8b14-7157d3d3b5d5", "content": "", "creation_timestamp": "2026-02-02T12:27:04.370526Z"}, {"uuid": "0a0d79f8-557a-4226-89dd-9187ec54dc46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/tuxbotandtoolshop/85", "content": "GLPI <=10.0.2 - RCE Vulnerability Checker                    \n#CVE-2022-35914\nOpen Source\nPlease Share Our Channel", "creation_timestamp": "2022-11-02T18:59:47.000000Z"}, {"uuid": "3071e4be-3533-4731-9935-5391ea6dcb04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "Telegram/g3_T-KnoIOz0pUrIHIL_bOuX5pt1k7y5h1SteIjIPm2pWQ", "content": "", "creation_timestamp": "2023-10-04T17:15:38.000000Z"}, {"uuid": "922a8574-781b-4815-ba55-80b2cc381014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-25)", "content": "", "creation_timestamp": "2026-04-25T00:00:00.000000Z"}, {"uuid": "3c1f8ceb-445e-43e3-befe-69202e51115b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://t.me/arpsyndicate/1460", "content": "#ExploitObserverAlert\n\nCVE-2022-35914\n\nDESCRIPTION: Exploit Observer has 38 entries related to CVE-2022-35914. /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.\n\nFIRST-EPSS: 0.968630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T10:53:39.000000Z"}, {"uuid": "e9045e24-46fc-4dfd-85c4-9e503da03a97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "Telegram/jnL18d3PegnC8FPQiJU_eGrU92uG_tStHPpH-7KpwY-uRtM", "content": "", "creation_timestamp": "2023-03-08T22:48:21.000000Z"}, {"uuid": "14663ba1-6479-4cea-b0b6-24eec20d88c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://t.me/legendscrewch/2789", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:48.000000Z"}, {"uuid": "02346495-ba11-4564-9783-e5262f42ac12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "https://t.me/KomunitiSiber/30", "content": "CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems\nhttps://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has\u00a0added\u00a0three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nThe list of vulnerabilities is below -\n\nCVE-2022-35914\u00a0(CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability\nCVE-2022-33891\u00a0(CVSS score: 8.8) - Apache Spark Command Injection Vulnerability", "creation_timestamp": "2023-03-08T18:01:32.000000Z"}, {"uuid": "bf745aa8-773e-43ea-8f31-37d749c585b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://t.me/dilagrafie/2401", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-08T09:30:41.000000Z"}, {"uuid": "1ccab7d0-e81b-4c00-978c-56a3da4bc726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://t.me/anonhamz/2690", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:49.000000Z"}, {"uuid": "67ac5754-0896-4ac3-850f-7d723a621f98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/DEATHSHOPOFFICIAL/11", "content": "GLPI <=10.0.2 - RCE Vulnerability Checker                    \n#CVE-2022-35914\nOpen Source\nPlease Share Our Channel", "creation_timestamp": "2022-11-02T18:58:50.000000Z"}, {"uuid": "2d04d297-7490-4b7b-9643-999a930a97f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/915", "content": "", "creation_timestamp": "2023-07-23T05:36:22.000000Z"}, {"uuid": "eead0b28-c205-42c5-8177-4a1f6642ff5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://t.me/lcmysecteamch/4527", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:51.000000Z"}, {"uuid": "bf131ebd-12bf-49da-966e-550bdb413746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://t.me/lcmysecteamch/12978", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:51.000000Z"}, {"uuid": "6784c658-7a5c-470e-bb30-407a1f0778ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3591", "type": "seen", "source": "https://t.me/cibsecurity/53828", "content": "\u203c CVE-2022-3591 \u203c\n\nUse After Free in GitHub repository vim/vim prior to 9.0.0789.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-02T20:37:34.000000Z"}, {"uuid": "c37bee7f-437f-4754-9480-401df606fed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/559", "content": "CVE-2022-35914 : GLPI >= 9.5.4 & < 10.0.3 {htmlawed module /htmLawedTest.php} PHP code injection ( POC 1,2 TESTED IN APT)\nPOC : https://github.com/cosad3s/CVE-2022-35914-poc\nPOC : https://github.com/AruiBlog/CVE-2022-35914-GUI", "creation_timestamp": "2022-10-11T16:30:21.000000Z"}, {"uuid": "2ec666ff-fe5c-41c4-a1c1-4fdf82b633f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/553", "content": "CVE-2022-35914 : GLPI >= 9.5.4 & < 10.0.3 - Command injection\nPOC:https://github.com/cosad3s/CVE-2022-35914-poc", "creation_timestamp": "2022-10-10T16:30:23.000000Z"}, {"uuid": "bdb8802f-962d-4011-89d0-130b9cfc1a6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/DailyToolz/576", "content": "GLPI - Commands Injection\nhttps://github.com/cosad3s/CVE-2022-35914-poc", "creation_timestamp": "2023-01-09T02:48:33.000000Z"}, {"uuid": "28327df8-c5be-4967-9d69-03704ea3b725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "Telegram/ywQI8LJdK5tqDXJQlRWTC1DeT6Wc8oKddbg055hoMKYN7dg", "content": "", "creation_timestamp": "2022-12-12T23:04:15.000000Z"}, {"uuid": "67057f2d-ee4f-47ee-a424-cdbe122edec5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/619", "content": "CVE-2022-35914\n\nUrl : glpi-project.org\n\nType : Remote Code Execution/Command Injection\n\n\"htmlawed module for GLPI through 10.0.2 allows PHP code injection.\"\n\nDetails:\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35914\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-35914\n\nFor any problem @uncodeboss", "creation_timestamp": "2023-01-25T15:53:18.000000Z"}, {"uuid": "2f8d6188-8a0f-4422-b9c0-5d38b2f200ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35918", "type": "seen", "source": "https://t.me/ctinow/167429", "content": "https://ift.tt/pWNHzks\n[GHSA-8qw9-gf7w-42x5] Minor fix to previous patch for CVE-2022-35918", "creation_timestamp": "2024-01-12T18:46:48.000000Z"}, {"uuid": "c59648e6-91c8-41b8-bbfd-3758ac67d9ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35911", "type": "seen", "source": "https://t.me/cibsecurity/47130", "content": "\u203c CVE-2022-35911 \u203c\n\nOn Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T00:36:42.000000Z"}, {"uuid": "7c146ce7-263e-4d7a-9c68-f11312b699b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35910", "type": "seen", "source": "https://t.me/cibsecurity/48430", "content": "\u203c CVE-2022-35910 \u203c\n\nIn Jellyfin before 10.8, stored XSS allows theft of an admin access token.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T16:17:21.000000Z"}, {"uuid": "67ee4fd5-6217-457e-9b28-348b62d335a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35918", "type": "seen", "source": "https://t.me/cibsecurity/47391", "content": "\u203c CVE-2022-35918 \u203c\n\nStreamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T02:17:16.000000Z"}, {"uuid": "31b4704b-ba3d-4745-978a-ff365569fa18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35919", "type": "seen", "source": "https://t.me/cibsecurity/47396", "content": "\u203c CVE-2022-35919 \u203c\n\nMinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T07:55:43.000000Z"}, {"uuid": "502ab60d-2d72-4829-a7c2-57f6ab28d2fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35917", "type": "seen", "source": "https://t.me/cibsecurity/47390", "content": "\u203c CVE-2022-35917 \u203c\n\nSolana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T02:17:15.000000Z"}, {"uuid": "ae50ec0b-bd31-496c-8376-7fb01b95b20b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35916", "type": "seen", "source": "https://t.me/cibsecurity/47389", "content": "\u203c CVE-2022-35916 \u203c\n\nOpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:34.000000Z"}, {"uuid": "3238a64b-00f7-4c92-bb25-cf4f39864b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35915", "type": "seen", "source": "https://t.me/cibsecurity/47387", "content": "\u203c CVE-2022-35915 \u203c\n\nOpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T00:17:32.000000Z"}, {"uuid": "afbe8a29-df78-4785-8e1b-2e904d02f44e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "exploited", "source": "https://t.me/thehackernews/3125", "content": "CISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-08T09:01:39.000000Z"}, {"uuid": "9dbda93b-edd5-4b92-ba59-a2493826b5f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35912", "type": "seen", "source": "https://t.me/cibsecurity/46568", "content": "\u203c CVE-2022-35912 \u203c\n\nIn grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T20:40:58.000000Z"}, {"uuid": "62418165-a544-49f8-ac50-1900e1b563a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/382", "content": "title=\"GLPI - \u767b\u9646\u5165\u53e3\"\nPython \u811a\u672c.py\uff08\u811a\u672c20\u884c\u4fee\u6539\u4e0b\u8f7d\u547d\u4ee4\uff09", "creation_timestamp": "2022-12-21T12:47:11.000000Z"}, {"uuid": "1af295ab-805f-4c53-96e7-dd0dc8632cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "seen", "source": "https://t.me/legendscrewmy/2772", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:50.000000Z"}, {"uuid": "3ee862b9-9f14-4403-a62d-4634d577d91c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35914", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6910", "content": "#exploit\n1. CVE-2022-35914:\nGLPI <10.0.2 - PHP code injection\nhttps://github.com/cosad3s/CVE-2022-35914-poc\n\n2. CVE-2022-28282:\nFirefox - heap-use-after-free in DocumentL10n::TranslateDocument\nhttps://github.com/Pwnrin/CVE-2022-28282", "creation_timestamp": "2022-10-04T11:01:01.000000Z"}]}