{"vulnerability": "cve-2022-3653", "sightings": [{"uuid": "f8f18cf0-ec54-4ab4-ac81-c2122ca3b7ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "1142a1f1-ce73-4eca-84b8-7c5a28e6039c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971771", "content": "", "creation_timestamp": "2024-12-24T20:33:52.114929Z"}, {"uuid": "ea1d67b2-614e-465f-835c-b469ecb12e82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36536", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:48.000000Z"}, {"uuid": "35820132-6e2e-46a7-b466-d0fb62733aad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36534", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "3fd22b18-5495-4668-af0e-f7f83d25f457", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36536", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "f6ebc474-5680-4dc1-af9b-f35820bf6384", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36534", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:47.000000Z"}, {"uuid": "8d9ad9dc-88ef-40b8-a8fd-36e564917a71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:38.000000Z"}, {"uuid": "29801f92-1ad7-491a-8840-a4b7af9549f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "4f6b3dda-99d6-40a7-979b-87502a3da8bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://bsky.app/profile/c1b3r53cur1ty.bsky.social/post/3ln55hailza2b", "content": "", "creation_timestamp": "2025-04-19T03:01:37.564941Z"}, {"uuid": "626584c8-6455-46ff-bc97-093368a22a1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "51fe1482-d8d5-4026-9c1b-78093f012bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "c6e018b4-0e4d-4bf1-b3d8-f18b5db37e62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "ea28fa09-c52f-4126-9d23-a7f918d08621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "3081eca2-5ef0-4a4b-9b3a-704b6ac48d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "f878e76d-f8c6-49a4-a19e-d728ed655368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "dc6fcd4b-dc18-4d59-8bdd-eba54b905f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "541d968d-4d60-4292-b15b-eb9d82739e8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "1b123421-5d76-4504-bb04-14a0a006effb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36534", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb", "content": "", "creation_timestamp": "2022-12-14T13:08:11.000000Z"}, {"uuid": "fb386e39-3817-4520-ab38-cb1dea892361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "2d05d22d-5b50-4e2e-8fce-672ff9fa290c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "cdbb7990-b684-427e-b63c-00515ff2d4a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "f97475c1-393b-40df-88a5-1ede099c3cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "783d2e03-59c1-4d40-8588-8dffec177749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://sploitus.com/exploit?id=E8F714E1-8287-5F9C-B58E-69B886215313&utm_source=rss&utm_medium=rss", "content": "", "creation_timestamp": "2025-09-27T23:11:02.000000Z"}, {"uuid": "b5b3f07a-69d4-4e02-b9e0-edf86ef5b68f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "exploited", "source": "https://t.me/BleepingComputer/15660", "content": "\u200aCISA warns of hackers exploiting ZK Java Framework RCE flaw\n\nThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its \"Known Exploited Vulnerabilities Catalog\" after threat actors began\u00a0actively exploiting the remote code execution (RCE) flaw in attacks. [...]\n\nhttps://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-zk-java-framework-rce-flaw/", "creation_timestamp": "2023-02-28T23:06:03.000000Z"}, {"uuid": "bf90efba-061d-496e-b4f5-c9d472d3c7ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36536", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/syncovery_linux_token_cve_2022_36536.rb", "content": "", "creation_timestamp": "2022-12-14T12:04:56.000000Z"}, {"uuid": "c2d64af2-d808-4d4f-8b52-bd50d884df24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-36537", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/5510a0ae-1519-4965-bf9f-60ccf00a8d0d", "content": "", "creation_timestamp": "2026-02-02T12:27:04.511055Z"}, {"uuid": "b6a56a7e-cfec-4a88-b9fb-50a8841a613c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "published-proof-of-concept", "source": "Telegram/636bdVh62ZVl1LY4YdnSMFOrBMSYBKPt91OO-XzMtes2OkY", "content": "", "creation_timestamp": "2025-09-28T03:00:10.000000Z"}, {"uuid": "fccecedc-e580-4335-828d-0e59eb17a638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3582", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPOC of CVE-2022-36537\nURL\uff1ahttps://github.com/Malwareman007/CVE-2022-36537\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-09T14:25:09.000000Z"}, {"uuid": "47dead01-75b1-422f-a7a3-d0dcc9071c98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3580", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-36537\nURL\uff1ahttps://github.com/agnihackers/CVE-2022-36537-EXPLOIT\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-09T12:28:21.000000Z"}, {"uuid": "38523cf6-d82b-416e-bc26-e3b96d1a97b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3653", "type": "published-proof-of-concept", "source": "Telegram/WoG_z2IzAGINpPEDHqGR9MSmsjpXo4h5yA1ILuUmCvpNFAI", "content": "", "creation_timestamp": "2026-01-09T21:00:05.000000Z"}, {"uuid": "96e618f0-f100-47bd-be33-4c7d18a1e552", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "exploited", "source": "https://t.me/BleepingComputer/15661", "content": "Latest news and stories from BleepingComputer.com\nCISA warns of hackers exploiting ZK Java Framework RCE flaw\n\nThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its \"Known Exploited Vulnerabilities Catalog\" after threat actors began\u00a0actively exploiting the remote code execution (RCE) flaw in attacks. [...]", "creation_timestamp": "2023-03-01T00:50:07.000000Z"}, {"uuid": "8233a769-ddf9-4b5c-9b60-cef3bec7e8ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/627", "content": "CVE-2022-36537 : ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 & 8.6.4.1- Authentication Bypass\nConnectWise Recover <= v2.9.7 & R1Soft Server Backup Manager <=  v6.16.3 - Remote Code Execution\nPOC : https://github.com/agnihackers/CVE-2022-36537-EXPLOIT", "creation_timestamp": "2022-12-17T21:29:02.000000Z"}, {"uuid": "3b1623f8-2036-47b3-ae85-6c7f0fefbc39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://t.me/arpsyndicate/1395", "content": "#ExploitObserverAlert\n\nCVE-2022-36537\n\nDESCRIPTION: Exploit Observer has 28 entries related to CVE-2022-36537. ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.\n\nFIRST-EPSS: 0.928620000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T05:06:35.000000Z"}, {"uuid": "d6303c59-d7c4-4834-b080-bc6fde89120a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/3436", "content": "\u200b\u200bCVE-2022-25765 \n\npdfkit Exploit Reverse Shell\n\npdfkit <0.8.6 command injection shell. The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. (Tested on ver 0.8.6) - CVE-2022-25765\n\nhttps://github.com/CyberArchitect1/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell\n\n\u200b\u200bCVE-2022-45025\n\nCommand injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)\n\nhttps://github.com/yuriisanin/CVE-2022-45025\n\n\u200b\u200bCVE-2022-36537\n\nZK Framework - Exposure of Sensitive Information to an Unauthorized Actor\n\nhttps://github.com/agnihackers/CVE-2022-36537-EXPLOIT\n\n\u200b\u200bCVE-2022-39066\n\nSQL Injection Vulnerability in ZTE MF286R\n\nhttps://github.com/v0lp3/CVE-2022-39066\n\n\u200b\u200bCVE-2022-46381\n\nYou can scan this vulnerability on your company's subdomains using the nuclei scanner with the template specified in this repo \"CVE-2022-46381.yaml\"\n\nhttps://github.com/omarhashem123/Security-Research/tree/main/CVE-2022-46381\n\n\u200b\u200bCVE-2022-45771 - Pwndoc LFI to RCE\n\nPwndoc local file inclusion to remote code execution of Node.js code on the server.\n\nhttps://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE\n\n\u200b\u200bCVE-2022-46169\n\nCacti remote_agent.php Unauthenticated Command Injection.\n\nhttps://github.com/0xf4n9x/CVE-2022-46169\n\n\u200b\u200bCVE-2022-45451\n\nPoC for CVE-2022-45451 Acronis Arbitrary File Read\n\nhttps://github.com/alfarom256/CVE-2022-45451\n\nCVE-2022-28672\n\nThis bug was Use after Free caused by improper handling of javascript object memory references.\n\nhttps://github.com/hacksysteam/CVE-2022-28672\n\nUse after Free - RCE Exploit: https://hacksys.io/blogs/foxit-reader-uaf-rce-jit-spraying-cve-2022-28672\n\n\u200b\u200bCVE-2003-0358\n\nBuffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges > via a long -s command line option.\n\nhttps://github.com/snowcra5h/CVE-2003-0358\n\n\u200b\u200bCVE-2022-39253\n\nDocker host file read\n\nhttps://github.com/ssst0n3/docker-cve-2022-39253-poc\n\n\u200b\u200bCVE-2022-48870\n\nmaccms admin+ xss attacks\n\nhttps://github.com/Cedric1314/CVE-2022-48870\n\n\u200b\u200bCVE-2022-2602\n\nPoC Kernel Privilege Escalation Linux\n\nhttps://github.com/kiks7/CVE-2022-2602-Kernel-Exploit\n\n\u200b\u200bEvilWfshbr\n\nCVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation\n\nhttps://github.com/kkent030315/CVE-2022-42046\n\n\u200b\u200bCVE-2022-2602\n\nThis repository contains exploits for CVE-2022-2602. There are two versions of it:\n\n\u25ab\ufe0f Exploit using userfaultfd technique.\n\u25ab\ufe0f Exploit using inode locking technique.\n\nhttps://github.com/LukeGix/CVE-2022-2602\n\n#cve #poc \n@pfkgit", "creation_timestamp": "2023-01-28T19:14:38.000000Z"}, {"uuid": "6fe357b4-d646-4629-97ec-6b542bc073a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3653", "type": "seen", "source": "https://t.me/true_secator/3629", "content": "Google \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Chrome 107 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c 14 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0442\u0440\u0438 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043e \u0434\u0435\u0441\u044f\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0430\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438.\n\n\u0427\u0442\u043e\u0431\u044b \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u0438\u043c\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043c\u0430\u043d\u043e\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0445\u0430\u043a\u0435\u0440\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c RCE \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0415\u0441\u043b\u0438 \u0441\u0443\u0434\u0438\u0442\u044c \u043f\u043e \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f\u043c \u0437\u0430 \u043e\u0448\u0438\u0431\u043a\u0438, \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u0438\u0437 \u044d\u0442\u0438\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2022-3652.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430 \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript \u0438 WebAssembly \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c V8.\n\n\u0417\u0430 \u044d\u0442\u043e\u0442 \u0431\u0430\u0433 Google \u043f\u043e\u043e\u0449\u0440\u0438\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0432\u0448\u0435\u0433\u043e \u043e\u0442\u0447\u0435\u0442, \u0430\u0436 \u043d\u0430 20 \u0442\u044b\u0441. \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432.\n\n\u0414\u0440\u0443\u0433\u043e\u0439, \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0431\u0430\u0433\u043e\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2022-3653 - \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0443\u0441\u043a\u043e\u0440\u0435\u043d\u0438\u044f Vulkan. Google \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430, \u0447\u0442\u043e \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0433\u043e\u043d\u043e\u0440\u0430\u0440 \u0432 17 \u0442\u044b\u0441 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432.\n\n\u0422\u0440\u0435\u0442\u044c\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 Layout - CVE-2022-3654, \u043d\u043e \u043f\u043e\u043a\u0430 \u0418\u0422-\u0433\u0438\u0433\u0430\u043d\u0442 \u043d\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u043b \u0441\u0443\u043c\u043c\u0443, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u0430 \u043d\u0435\u0433\u043e \u0437\u0430\u043f\u043b\u0430\u0442\u0438\u0442.\n\n17 \u0442\u044b\u0441. \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u043f\u043b\u0430\u0442\u0438\u043b\u0438 \u0437\u0430 \u0448\u0435\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041a \u043d\u0438\u043c \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043c\u0435\u0434\u0438\u0430\u0433\u0430\u043b\u0435\u0440\u0435\u044f\u0445 (CVE-2022-3655), \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 (CVE-2022-3656), \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0432 \u043f\u043e\u043b\u043d\u043e\u044d\u043a\u0440\u0430\u043d\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 (CVE-2022-3660), \u043e\u0448\u0438\u0431\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f\u0445 (CVE-2022-3657), \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0439 \u0441\u0432\u044f\u0437\u0438 \u0432 Chrome OS (CVE-2022-3658) \u0438 \"\u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u0445\" (CVE-2022-3659).\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Chrome \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Mac, Linux \u0438 Windows \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 107.0.5304.62, 107.0.5304.68 \u0438 107.0.5304.62/63 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e.", "creation_timestamp": "2022-10-27T18:40:05.000000Z"}, {"uuid": "ecccd333-e82e-47f1-943b-0191615b70aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1744", "content": "#exploit\n1. Exploiting CVE-2022-42703 - Bringing back the stack attack\nhttps://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html\n\n2. CVE-2022-36537:\nZK Framework - Exposure of Sensitive Information to an Unauthorized Actor\nhttps://github.com/agnihackers/CVE-2022-36537-EXPLOIT", "creation_timestamp": "2022-12-13T04:12:35.000000Z"}, {"uuid": "132a9560-968f-483b-a1f5-bf91ecc2868b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3653", "type": "seen", "source": "https://t.me/cibsecurity/52455", "content": "\u203c CVE-2022-3653 \u203c\n\nHeap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T03:13:22.000000Z"}, {"uuid": "978f2e8f-6b3f-4111-bbd5-1cfccac36900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36530", "type": "seen", "source": "https://t.me/cibsecurity/48214", "content": "\u203c CVE-2022-36530 \u203c\n\nAn issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T16:39:04.000000Z"}, {"uuid": "4e7114af-7adb-4a51-857f-9d6432db17af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36539", "type": "seen", "source": "https://t.me/cibsecurity/49399", "content": "\u203c CVE-2022-36539 \u203c\n\nWeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-07T20:14:18.000000Z"}, {"uuid": "0809d49b-fe0c-42dc-812a-62f0f6ce2d2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://t.me/cibsecurity/48923", "content": "\u203c CVE-2022-36537 \u203c\n\nZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-27T00:30:26.000000Z"}, {"uuid": "e4980f31-833b-40b4-92fc-2b36c063480e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "exploited", "source": "https://t.me/hackprotectsi/460", "content": "https://www.rapid7.com/blog/post/2023/03/01/etr-active-exploitation-of-zk-framework-cve-2022-36537/?utm_campaign=sm-blog-etr&utm_source=twitter&utm_medium=organic-social", "creation_timestamp": "2023-03-02T08:51:53.000000Z"}, {"uuid": "fbab4f5c-d22c-48c7-bc2d-5f1f2eea6053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "exploited", "source": "https://t.me/information_security_channel/49612", "content": "R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor\nhttps://www.securityweek.com/r1soft-server-backup-manager-vulnerability-exploited-to-deploy-backdoor/\n\nHackers have been exploiting a vulnerability tracked as CVE-2022-36537 to hack hundreds of R1Soft servers. \nThe post R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor (https://www.securityweek.com/r1soft-server-backup-manager-vulnerability-exploited-to-deploy-backdoor/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2023-02-22T21:19:18.000000Z"}, {"uuid": "5a83fff3-41f9-45ed-a11e-c10d23dac1e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "seen", "source": "https://t.me/thehackernews/2720", "content": "A critical vulnerability (CVE-2022-36537) has been reported and patched in ConnectWise R1Soft Server Backup Manager software that could lead to remote code execution and supply chain attacks.\n\nRead: https://thehackernews.com/2022/11/critical-rce-vulnerability-reported-in.html", "creation_timestamp": "2022-11-01T12:31:11.000000Z"}, {"uuid": "1f30d043-9c81-48b0-b897-5e0e4948d885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36537", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7335", "content": "#exploit\n1. Exploiting CVE-2022-42703 - Bringing back the stack attack\nhttps://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html\n\n2. CVE-2022-36537:\nZK Framework - Exposure of Sensitive Information to an Unauthorized Actor\nhttps://github.com/agnihackers/CVE-2022-36537-EXPLOIT", "creation_timestamp": "2022-12-12T05:57:24.000000Z"}]}