{"vulnerability": "CVE-2025-2743", "sightings": [{"uuid": "ba000691-ac4c-4fe5-9674-23cecb1f885e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114145527753674355", "content": "", "creation_timestamp": "2025-03-11T19:48:51.391358Z"}, {"uuid": "50f26bcf-fad0-4347-b6d9-2657476f252e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27432", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk3625csfo2m", "content": "", "creation_timestamp": "2025-03-11T03:51:17.597068Z"}, {"uuid": "6395aed1-4d1e-4719-a2e3-97e4c0ec4c69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lkn6qje7xfi2", "content": "", "creation_timestamp": "2025-03-18T08:00:11.319256Z"}, {"uuid": "2b6beabf-e5cc-4c1d-a4c5-f140c9bdafe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/ripjyr.bsky.social/post/3lk3xm7z3fs2n", "content": "", "creation_timestamp": "2025-03-11T11:28:47.568228Z"}, {"uuid": "280d5a76-13d4-4ad7-94cf-6d7665d1f1a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lkkwsf3rpgk2", "content": "", "creation_timestamp": "2025-03-17T10:25:37.338512Z"}, {"uuid": "4a62ef18-54cd-415f-8391-8a1c3d346a29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27435", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5ecpojo2z", "content": "", "creation_timestamp": "2025-04-08T09:18:08.259414Z"}, {"uuid": "59ce518f-bcde-4041-a8bd-b5105384e8e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27437", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5edx3km2i", "content": "", "creation_timestamp": "2025-04-08T09:18:14.647796Z"}, {"uuid": "130e431f-6c4a-4e93-ae7c-7b382cbcaae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27438", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:35.000000Z"}, {"uuid": "a750d835-8604-40f7-8807-c184172b0a48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27434", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-16T01:45:14.000000Z"}, {"uuid": "5f8c1d25-e3e7-44b0-8b7f-63ab998f618b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27430", "type": "seen", "source": "https://t.me/cvedetector/20007", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27430 - SAP CRM and SAP S/4HANA Interaction Center SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-27430 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:27.000000Z"}, {"uuid": "f55c6861-e22a-4579-b651-9954a6bb8460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://t.me/cvedetector/20131", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27439 - Zoom Workplace Apps Buffer Underflow Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27439 \nPublished : March 11, 2025, 6:15 p.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T21:49:02.000000Z"}, {"uuid": "097a134c-4211-40b2-9196-d8a3cb45122d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27436", "type": "seen", "source": "https://t.me/cvedetector/20012", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27436 - SAP S/4HANA Access Control Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27436 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:33.000000Z"}, {"uuid": "ba8e3075-42b7-4271-995a-6e6d645952d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27434", "type": "seen", "source": "https://t.me/cvedetector/20011", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27434 - SAP Commerce Swagger UI Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-27434 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack. This could lead to a high impact on the confidentiality, integrity, and availability of data in SAP Commerce. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:29.000000Z"}, {"uuid": "47e0ed1b-57f3-48de-89ac-0f3bf9bece30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27433", "type": "seen", "source": "https://t.me/cvedetector/20010", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27433 - SAP S/4HANA File Upload Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-27433 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and availability of the application. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:29.000000Z"}, {"uuid": "fa8befec-110e-40e3-aa6e-2513ad65a662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27432", "type": "seen", "source": "https://t.me/cvedetector/20009", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27432 - SAP Electronic Invoicing for Brazil Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-27432 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:28.000000Z"}, {"uuid": "a89ce80a-4b11-4f6a-989a-12399d82ad9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27431", "type": "seen", "source": "https://t.me/cvedetector/20008", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27431 - SAP NetWeaver Application Server Java Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-27431 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or unauthorized data modifications within the scope of victim\ufffds browser. There is no impact on availability. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:27.000000Z"}, {"uuid": "477f0b18-4164-43f2-b7dd-339e0d521955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27431", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7084", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27431\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or unauthorized data modifications within the scope of victim\ufffds browser. There is no impact on availability.\n\ud83d\udccf Published: 2025-03-11T00:37:35.111Z\n\ud83d\udccf Modified: 2025-03-11T00:37:35.111Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3567246\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:22.000000Z"}, {"uuid": "e0e92bc1-0536-497d-a060-6cc7cfd1c129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27433", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7082", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27433\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and availability of the application.\n\ud83d\udccf Published: 2025-03-11T00:38:50.716Z\n\ud83d\udccf Modified: 2025-03-11T00:38:51.032Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3565835\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:20.000000Z"}, {"uuid": "f4e7f7c2-1537-4342-83f8-d22d21dbc7e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27434", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7081", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27434\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack. This could lead to a high impact on the confidentiality, integrity, and availability of data in SAP Commerce.\n\ud83d\udccf Published: 2025-03-11T00:39:01.831Z\n\ud83d\udccf Modified: 2025-03-11T00:39:01.831Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3569602\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:16.000000Z"}, {"uuid": "8267d091-da1f-4e65-a32a-4a83dc3d68b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27436", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7080", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27436\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application.\n\ud83d\udccf Published: 2025-03-11T00:39:14.372Z\n\ud83d\udccf Modified: 2025-03-11T00:39:14.372Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3565835\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:15.000000Z"}, {"uuid": "038961fb-e54b-48f0-b96c-3b2a6cb1d40f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27430", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7085", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27430\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability\n\ud83d\udccf Published: 2025-03-11T00:37:24.590Z\n\ud83d\udccf Modified: 2025-03-11T00:37:24.590Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3561861\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:22.000000Z"}, {"uuid": "e6262a7b-79ef-4a98-8bc4-e4769a8d2859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2743", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8622", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2743\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-25T07:00:10.362Z\n\ud83d\udccf Modified: 2025-03-25T07:00:10.362Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.300845\n2. https://vuldb.com/?ctiid.300845\n3. https://vuldb.com/?submit.519692\n4. https://github.com/uglory-gll/javasec/blob/main/ruoyi-vue-pro.md#6arbitrary-file-deletion-vulnerability---uploadtemporarymaterial", "creation_timestamp": "2025-03-25T07:23:58.000000Z"}, {"uuid": "a25ac3c7-5b09-437b-9306-3d45fe0e6c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27434", "type": "seen", "source": "Telegram/5dlNa934cDbv4j3j3lQCc40yS4J_bdTpn_glqzNig4nu0Ps", "content": "", "creation_timestamp": "2025-03-11T02:00:59.000000Z"}, {"uuid": "d21cb592-d44c-448c-9b99-b0b5dd802a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lkek3hf4ks2o", "content": "", "creation_timestamp": "2025-03-14T21:20:49.963023Z"}, {"uuid": "f8123808-2b14-43ae-8558-470c0fbf8b5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lko33crjlor2", "content": "", "creation_timestamp": "2025-03-18T16:21:03.658133Z"}, {"uuid": "6e235b66-d7da-444c-98ae-f98f18ea460c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk4wra7obo2h", "content": "", "creation_timestamp": "2025-03-11T20:46:22.657516Z"}, {"uuid": "0d59e389-1643-4215-8856-7a81c1b7431e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lkltylcgjjf2", "content": "", "creation_timestamp": "2025-03-17T19:06:52.069017Z"}, {"uuid": "10c79f7c-b997-4445-acb5-79c37b4f234e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lkkqhqiuj7l2", "content": "", "creation_timestamp": "2025-03-17T08:31:08.173484Z"}, {"uuid": "deda2fa6-53ea-47f1-ba59-b6795058deaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27434", "type": "seen", "source": "https://threatintel.cc/2025/03/11/sap-patches-highseverity-vulnerabilities-in.html", "content": "", "creation_timestamp": "2025-03-11T22:41:02.000000Z"}, {"uuid": "1bbbaeba-9cfc-42d6-8e79-b96c6d4a12c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lknfaiywy7i2", "content": "", "creation_timestamp": "2025-03-18T09:53:26.139972Z"}, {"uuid": "c2d661c0-ecbc-40ed-991b-54ba3f8f7b6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27438", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-01", "content": "", "creation_timestamp": "2025-03-13T11:00:00.000000Z"}, {"uuid": "06485634-7e96-4e65-8283-8e0fe58d1d55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27434", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-19T04:06:31.000000Z"}, {"uuid": "0d2e836b-3838-40ff-a737-474bedd0b90b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27438", "type": "seen", "source": "https://t.me/cvedetector/20065", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27438 - \"Siemens Teamcenter Visualization and Tecnomatix Plant Simulation Out-of-Bounds Read\"\", \n  \"Content\": \"CVE ID : CVE-2025-27438 \nPublished : March 11, 2025, 10:15 a.m. | 1\u00a0hour, 55\u00a0minutes ago \nDescription : A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.  \nThis could allow an attacker to execute code in the context of the current process. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T13:26:38.000000Z"}, {"uuid": "8f9b55b0-e2a1-4afb-b6a2-db27c92b0dfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27435", "type": "seen", "source": "https://t.me/cvedetector/22429", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27435 - SAP Commerce Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27435 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:19.000000Z"}, {"uuid": "8b9248cd-b5a8-4836-b104-0850e64be396", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27437", "type": "seen", "source": "https://t.me/cvedetector/22426", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27437 - SAP NetWeaver Application Server ABAP Missing Authorization Check Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27437 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:14.000000Z"}, {"uuid": "094adbb0-8bfb-47e9-b7c9-8c1adfd8adf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lkedbskiuq42", "content": "", "creation_timestamp": "2025-03-14T19:19:44.641344Z"}, {"uuid": "3184c58b-53ce-4043-b4b3-e72b4a52026a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27434", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114141278894705682", "content": "", "creation_timestamp": "2025-03-11T01:48:20.585449Z"}, {"uuid": "21396317-e988-44ed-b038-c95b118d65e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27434", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lkrkmbmk6s23", "content": "", "creation_timestamp": "2025-03-20T01:34:46.261061Z"}, {"uuid": "40688263-26ac-4687-b46f-8119c5fd54d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27439", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lknnjkip4di2", "content": "", "creation_timestamp": "2025-03-18T12:16:28.914854Z"}, {"uuid": "27280741-7cdd-4fae-875b-0085546d47fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27437", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10866", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27437\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability.\n\ud83d\udccf Published: 2025-04-08T07:13:58.049Z\n\ud83d\udccf Modified: 2025-04-08T07:13:58.049Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3568778\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:29.000000Z"}, {"uuid": "6d313f52-0792-4e41-b857-005de91aab7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27435", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10867", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27435\n\ud83d\udd25 CVSS Score: 4.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application.\n\ud83d\udccf Published: 2025-04-08T07:13:49.402Z\n\ud83d\udccf Modified: 2025-04-08T07:13:49.402Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3539465\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:30.000000Z"}, {"uuid": "f9a234ee-473e-471a-bb27-de9e53eae3b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27432", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7083", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27432\n\ud83d\udd25 CVSS Score: 2.4 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.\n\ud83d\udccf Published: 2025-03-11T00:38:36.886Z\n\ud83d\udccf Modified: 2025-03-11T00:38:36.886Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3568865\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:21.000000Z"}, {"uuid": "460cdc68-3ddf-453f-8155-a6abf47a8ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2743", "type": "seen", "source": "https://t.me/cvedetector/21056", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2743 - Zhijiantianya Ruoyi-Vue-Pro Remote Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2743 \nPublished : March 25, 2025, 7:15 a.m. | 32\u00a0minutes ago \nDescription : A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T09:27:32.000000Z"}, {"uuid": "e01ce50a-2477-46b2-9605-5c2ef8b83697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27438", "type": "seen", "source": "Telegram/BUC-F_pXySBJlIgXgQmiFYagG3wm0MhpRzVS07GXFjNvPGc", "content": "", "creation_timestamp": "2025-03-11T11:35:11.000000Z"}]}