diff --git a/2022/28xxx/CVE-2022-28888.json b/2022/28xxx/CVE-2022-28888.json
index 67cd012c51f..d77f712bc8d 100644
--- a/2022/28xxx/CVE-2022-28888.json
+++ b/2022/28xxx/CVE-2022-28888.json
@@ -61,6 +61,11 @@
                 "refsource": "MISC",
                 "name": "https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/",
                 "url": "https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/"
+            },
+            {
+                "refsource": "FULLDISC",
+                "name": "20220718 SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS",
+                "url": "http://seclists.org/fulldisclosure/2022/Jul/4"
             }
         ]
     }
diff --git a/2022/35xxx/CVE-2022-35741.json b/2022/35xxx/CVE-2022-35741.json
index 896f67e65aa..45111517c2c 100644
--- a/2022/35xxx/CVE-2022-35741.json
+++ b/2022/35xxx/CVE-2022-35741.json
@@ -71,6 +71,11 @@
                 "refsource": "MISC",
                 "url": "https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f",
                 "name": "https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20220718 [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)",
+                "url": "http://www.openwall.com/lists/oss-security/2022/07/18/2"
             }
         ]
     },