{"vulnerability": "cve-2022-4586", "sightings": [{"uuid": "316e86cf-3be1-44ea-80cd-0463f7f35116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqsoeqak2x", "content": "", "creation_timestamp": "2025-07-23T09:54:21.308493Z"}, {"uuid": "0fa00269-2721-447d-970e-db684aed4a0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqsp7xdk2x", "content": "", "creation_timestamp": "2025-07-23T09:54:21.822897Z"}, {"uuid": "a687e2e5-d3d7-4faa-a56a-6a9665b87b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqsp7zc22x", "content": "", "creation_timestamp": "2025-07-23T09:54:22.370901Z"}, {"uuid": "380cfb6f-e2de-4d10-a4ed-1f3407acea25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqspa2bc2x", "content": "", "creation_timestamp": "2025-07-23T09:54:22.897155Z"}, {"uuid": "4e7611e5-777a-42de-bbed-7dbdd28296c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqspa47s2x", "content": "", "creation_timestamp": "2025-07-23T09:54:23.550647Z"}, {"uuid": "aa05f964-4fe4-4b04-8204-a05dffe4d9c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqspa5722x", "content": "", "creation_timestamp": "2025-07-23T09:54:24.082063Z"}, {"uuid": "7dfe0ec0-7b84-4bb2-8079-ceb4997082d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqspa66c2x", "content": "", "creation_timestamp": "2025-07-23T09:54:24.595676Z"}, {"uuid": "7003a53d-5936-4ca3-aff7-4bbc50762986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqspa75k2x", "content": "", "creation_timestamp": "2025-07-23T09:54:25.143359Z"}, {"uuid": "900d88bd-a011-4a4b-915f-b0100757d2f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqspaa4s2x", "content": "", "creation_timestamp": "2025-07-23T09:54:25.663022Z"}, {"uuid": "3264dbcd-e758-4d40-8359-9d8fcf8a118c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "seen", "source": "https://bsky.app/profile/alysia.au/post/3lumqspab422x", "content": "", "creation_timestamp": "2025-07-23T09:54:26.217696Z"}, {"uuid": "8543eb4d-3ab3-4cd4-b7b0-59f5ced44b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45867", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11264", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45867\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.\n\ud83d\udccf Published: 2023-01-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T15:24:04.427Z\n\ud83d\udd17 References:\n1. https://github.com/mybb/mybb/security/advisories/GHSA-cpfv-6f8w-759r", "creation_timestamp": "2025-04-10T15:49:11.000000Z"}, {"uuid": "20ed30b6-ae31-4719-ba2e-874ec503a28e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45868", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-04", "content": "", "creation_timestamp": "2025-09-18T10:00:00.000000Z"}, {"uuid": "80a1ea0b-2531-4b07-8bb7-f20e2fdabc4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45869", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13307", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45869\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.\n\ud83d\udccf Published: 2022-11-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T18:57:20.580Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47b0c2e4c220f2251fd8dcfbb44479819c715e15", "creation_timestamp": "2025-04-24T19:06:34.000000Z"}, {"uuid": "e9f869cb-3353-43a2-a5d0-462e2575a52d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45862", "type": "seen", "source": "https://t.me/cvedetector/3031", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-45862 - FortiOS/ FortiProxy/ FortiPAM/ FortiSwitchManager Session Reuse Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-45862 \nPublished : Aug. 13, 2024, 4:15 p.m. | 23\u00a0minutes ago \nDescription : An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T18:47:38.000000Z"}, {"uuid": "b73f5e38-210b-46a9-8c64-6d59ea0fb32a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45866", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13504", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45866\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.\n\ud83d\udccf Published: 2022-11-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T18:35:51.761Z\n\ud83d\udd17 References:\n1. https://pkgs.org/download/qpress\n2. https://github.com/PierreLvx/qpress/pull/6\n3. https://github.com/EvgeniyPatlan/qpress/commit/ddb312090ebd5794e81bc6fb1dfb4e79eda48761\n4. https://github.com/PierreLvx/qpress/compare/20170415...20220819\n5. https://github.com/percona/percona-xtrabackup/pull/1366\n6. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQWF7635AJSDKEIGLB73XAH643POGTFY/\n7. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4RXO3VYIFRTNIFHWIAZWND6ZXQ5OYOB/\n8. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUZ73XT2FXLHC7I4ODLOVB4O4QN7Q7JB/", "creation_timestamp": "2025-04-25T19:07:26.000000Z"}, {"uuid": "49f0d07e-c639-4d54-9617-29c5801074ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45869", "type": "seen", "source": "https://t.me/cibsecurity/53701", "content": "\u203c CVE-2022-45869 \u203c\n\nA race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T07:29:29.000000Z"}, {"uuid": "18acad81-1704-408b-bf96-faa1b4268338", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45860", "type": "seen", "source": "https://t.me/cibsecurity/63273", "content": "\u203c CVE-2022-45860 \u203c\n\nA weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-04T02:36:41.000000Z"}, {"uuid": "7a1d6858-ded1-4bf0-8bf5-9f32ebdafb57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45861", "type": "seen", "source": "https://t.me/cibsecurity/59598", "content": "\u203c CVE-2022-45861 \u203c\n\nAn access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:37.000000Z"}, {"uuid": "4615113c-84f4-4ec0-a3dd-39bf8d96e359", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45867", "type": "seen", "source": "https://t.me/cibsecurity/55821", "content": "\u203c CVE-2022-45867 \u203c\n\nMyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T22:17:22.000000Z"}, {"uuid": "0c4057ce-ce01-4e6a-8322-6f3335dd29e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45868", "type": "seen", "source": "https://t.me/cibsecurity/53459", "content": "\u203c CVE-2022-45868 \u203c\n\nThe web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states \"This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-24T00:14:04.000000Z"}, {"uuid": "359987fd-cf13-4d4c-bc57-cb3321275996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4586", "type": "seen", "source": "https://t.me/cibsecurity/54800", "content": "\u203c CVE-2022-4586 \u203c\n\nA vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs/templates2/ocstyle/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument name_filter/by_filter leads to cross site scripting. The attack can be initiated remotely. The name of the patch is a9f79c7da78cd24a7ef1d298e6bc86006972ea73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216172.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-17T16:30:37.000000Z"}]}