{"vulnerability": "CVE-2025-2805", "sightings": [{"uuid": "0fba1e69-2f2c-465b-a8ca-ae18107032fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2805", "type": "seen", "source": "Telegram/YDvcAPdlvLvCcoAwvz9gU9VvCprHDRzeT4kOSIV0t5J2ank", "content": "", "creation_timestamp": "2025-04-10T10:31:20.000000Z"}, {"uuid": "076e58db-d831-40b6-a50a-e38dc81dbb42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28055", "type": "seen", "source": "https://t.me/cvedetector/25210", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28055 - GalWeb Arbitrary File Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28055 \nPublished : May 13, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T19:43:55.000000Z"}, {"uuid": "850852d3-8576-4b5c-8957-e1f20f09ed38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28056", "type": "seen", "source": "https://t.me/cvedetector/25208", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28056 - Apache Rebuild SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28056 \nPublished : May 13, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T19:43:50.000000Z"}, {"uuid": "6b70d627-a909-4f3f-8bc9-28b30d562c43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2805", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmh73txgjl2q", "content": "", "creation_timestamp": "2025-04-10T09:32:31.747515Z"}, {"uuid": "4673e9c9-3599-435e-a9f1-dcb869e3f2ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28055", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2wssslwk24", "content": "", "creation_timestamp": "2025-05-13T16:47:54.819353Z"}, {"uuid": "ea4d4811-dd76-46df-b822-098915fa4302", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28056", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2wstxzqn2h", "content": "", "creation_timestamp": "2025-05-13T16:48:01.624988Z"}, {"uuid": "7e8238c5-dab9-4fff-a455-5665faa359cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28059", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:56.000000Z"}, {"uuid": "d5d62755-7ae3-4e9b-a14c-cd4ef485de58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28059", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12486", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28059\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions.\n\ud83d\udccf Published: 2025-04-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-18T16:44:25.506Z\n\ud83d\udd17 References:\n1. https://github.com/aakashtyal/Residual-Data-Access-Post-User-Deletion-in-Nagios-Network-Analyzer-Version-2024R1\n2. https://www.nagios.com/changelog/#network-analyze", "creation_timestamp": "2025-04-18T16:58:57.000000Z"}, {"uuid": "b7565db5-8b97-47a5-a017-004d29b4f69c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28057", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16146", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28057\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order.\n\ud83d\udccf Published: 2025-05-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-13T15:08:50.707Z\n\ud83d\udd17 References:\n1. https://github.com/slowlyo/owl-admin/issues/182\n2. https://gist.github.com/LTLTLXEY/8f8ea23290f45fbc5cb2191a39cc74e8", "creation_timestamp": "2025-05-13T15:31:20.000000Z"}, {"uuid": "80825d40-825c-458d-abb3-1bb8be049b7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28056", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16139", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28056\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component.\n\ud83d\udccf Published: 2025-05-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-13T15:17:41.243Z\n\ud83d\udd17 References:\n1. https://github.com/getrebuild/rebuild/issues/866\n2. https://gist.github.com/LTLTLXEY/c34dc785fc24f4cbb026e2ef3d7660c4", "creation_timestamp": "2025-05-13T15:31:12.000000Z"}, {"uuid": "60b724a2-e2f8-44f6-803d-59b69c89f1cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28059", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3lysxplf5nj2f", "content": "", "creation_timestamp": "2025-09-14T18:54:38.032543Z"}, {"uuid": "b2eef884-f899-47d1-b512-e0d3a2ab3d6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28059", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:39.000000Z"}, {"uuid": "9194bd77-7139-423f-8c67-24ba56456aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28059", "type": "seen", "source": "https://t.me/cvedetector/23340", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28059 - Nagios Network Analyzer Session Hijacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28059 \nPublished : April 18, 2025, 5:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T20:45:45.000000Z"}]}