{"vulnerability": "CVE-2025-2684", "sightings": [{"uuid": "dddd3db4-b0e8-468d-867d-d121c7a0aa70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2684", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114218899300766094", "content": "", "creation_timestamp": "2025-03-24T18:48:15.579439Z"}, {"uuid": "ac28f9f2-b6fc-4054-954e-5e24e97d7f9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2684", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114210666701137966", "content": "", "creation_timestamp": "2025-03-23T07:54:32.356915Z"}, {"uuid": "d8d5aa51-dc51-4e97-a19a-0a70dfb56dc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26844", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loodjcdwzzj2", "content": "", "creation_timestamp": "2025-05-08T16:48:44.567640Z"}, {"uuid": "38f72e2d-c2b7-4ef4-969b-2221e354667b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26842", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loodjbrfyh22", "content": "", "creation_timestamp": "2025-05-08T16:48:45.526773Z"}, {"uuid": "112cc784-d18b-4287-a0a6-44aefa5a011e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26849", "type": "seen", "source": "https://t.me/cvedetector/19491", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26849 - Docusnap Hard-Coded Cryptographic Key Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26849 \nPublished : March 4, 2025, 9:15 a.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T12:30:09.000000Z"}, {"uuid": "b3708aa9-d5a1-44f6-a22e-bfdcc05c4e89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26845", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15561", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26845\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.\n\ud83d\udccf Published: 2025-05-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T16:53:39.055Z\n\ud83d\udd17 References:\n1. https://www.znuny.com\n2. https://www.znuny.org/en/advisories/zsa-2025-03", "creation_timestamp": "2025-05-08T17:24:16.000000Z"}, {"uuid": "0e4d5f1a-5cc7-4288-9ba0-d45740847bc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26847", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15562", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26847\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.\n\ud83d\udccf Published: 2025-05-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T16:50:37.504Z\n\ud83d\udd17 References:\n1. https://www.znuny.com\n2. https://www.znuny.org/en/advisories/zsa-2025-06", "creation_timestamp": "2025-05-08T17:24:17.000000Z"}, {"uuid": "943f1141-044e-4f40-8594-ccf56056026b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26849", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljkcp3ey7n2p", "content": "", "creation_timestamp": "2025-03-04T10:59:22.553388Z"}, {"uuid": "f2e97da0-22bd-4003-b6bf-05706939581f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26849", "type": "seen", "source": "MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7", "content": "", "creation_timestamp": "2025-08-18T18:31:00.000000Z"}, {"uuid": "fc925672-1a9a-439a-a895-68753beea7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26846", "type": "seen", "source": "https://t.me/cvedetector/25087", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26846 - Znuny Generic Interface Unauthenticated Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-26846 \nPublished : May 12, 2025, 3:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T18:37:20.000000Z"}, {"uuid": "9532c147-05d2-4cfa-985c-4ac949afaad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26841", "type": "seen", "source": "https://t.me/cvedetector/25086", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26841 - WPEverest Everest Forms Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-26841 \nPublished : May 12, 2025, 3:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T18:37:19.000000Z"}, {"uuid": "d64b1667-2b5b-44ed-a388-e8f1ac171a35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2684", "type": "published-proof-of-concept", "source": "Telegram/kP9yqiAKfxVbjZsANaRhvdiBWIlMgbAXRpD9R63SjOi8KOg", "content": "", "creation_timestamp": "2025-03-24T06:30:52.000000Z"}, {"uuid": "7334686e-7022-4430-9b67-47136e70dec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2684", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll4de2iztf2m", "content": "", "creation_timestamp": "2025-03-24T08:24:11.109483Z"}, {"uuid": "3e436243-dd7a-4401-acdf-328631df12cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26846", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozb4r5mzo2e", "content": "", "creation_timestamp": "2025-05-13T00:47:06.128258Z"}, {"uuid": "5d02b646-8470-419e-b971-1cf27bf1fa43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26849", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6358", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26849\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions.\n\ud83d\udccf Published: 2025-03-04T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-04T09:03:15.430Z\n\ud83d\udd17 References:\n1. https://docs.docusnap.com/en/release-notes/changelog/\n2. https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-012/", "creation_timestamp": "2025-03-04T09:31:54.000000Z"}, {"uuid": "eb11ee90-98d1-4ada-a84c-1387fa3eeebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26846", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16054", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26846\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.\n\ud83d\udccf Published: 2025-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-12T22:07:40.208Z\n\ud83d\udd17 References:\n1. https://www.znuny.com\n2. https://www.znuny.org/en/advisories/zsa-2025-02", "creation_timestamp": "2025-05-12T22:29:04.000000Z"}, {"uuid": "2e21e298-9a03-4c01-b919-dc029bd19ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26841", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16053", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26841\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload.\n\ud83d\udccf Published: 2025-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-12T22:07:45.969Z\n\ud83d\udd17 References:\n1. https://everestforms.net\n2. https://gist.github.com/knilkantha/71458e9a787157653d5603fe6880bc05", "creation_timestamp": "2025-05-12T22:29:03.000000Z"}, {"uuid": "d3a3e6a4-4fa8-44b5-80f5-9b7607cce956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26845", "type": "seen", "source": "https://t.me/cvedetector/24856", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26845 - Znuny Eval Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26845 \nPublished : May 8, 2025, 5:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T21:48:27.000000Z"}, {"uuid": "380e7cea-db4c-406e-8b03-431a2787a08b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26847", "type": "seen", "source": "https://t.me/cvedetector/24854", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26847 - Znuny Support Bundle Password Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26847 \nPublished : May 8, 2025, 5:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T21:48:26.000000Z"}, {"uuid": "e3dfd70a-bab8-4323-bdb1-893b90edce9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26844", "type": "seen", "source": "https://t.me/cvedetector/24837", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26844 - Znuny Cookie Without HttpOnly Flag Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26844 \nPublished : May 8, 2025, 4:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T20:07:46.000000Z"}, {"uuid": "1339953b-79c9-4396-85c1-616b7d131f64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26842", "type": "seen", "source": "https://t.me/cvedetector/24836", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26842 - Znuny S/MIME Encryption Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26842 \nPublished : May 8, 2025, 4:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T20:07:42.000000Z"}, {"uuid": "f88cd9ac-e7c3-4115-92b2-186229e7ed97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2684", "type": "seen", "source": "https://t.me/cvedetector/20943", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2684 - PHPGurukul Bank Locker Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-2684 \nPublished : March 24, 2025, 5:15 a.m. | 1\u00a0hour, 43\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. This issue affects some unknown processing of the file /search-report-details.php. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T08:22:08.000000Z"}, {"uuid": "8c970beb-4733-4491-80b9-440597b0fa3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26849", "type": "seen", "source": "Telegram/VotpFA3l5Fe6ShpdT69IQbHRG4vjG2N2Pri12GyiqilMfHZS", "content": "", "creation_timestamp": "2025-03-06T02:16:23.000000Z"}]}