{"vulnerability": "CVE-2025-2947", "sightings": [{"uuid": "3c78e299-ba26-426c-b704-585317ef7265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29479", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10772", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29479\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Buffer Overflow in hiredis 1.2.0 allows a local attacker to cause a denial of service via the sdscatlen function.\n\ud83d\udccf Published: 2025-04-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-07T19:30:00.626Z\n\ud83d\udd17 References:\n1. https://github.com/lmarch2/poc/blob/main/hiredis/hiredis.md", "creation_timestamp": "2025-04-07T19:45:40.000000Z"}, {"uuid": "0c2fb9f3-2b31-4dec-8a49-acecf98e2d60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29477", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10533", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29477\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.\n\ud83d\udccf Published: 2025-04-04T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-04T18:04:00.518Z\n\ud83d\udd17 References:\n1. https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md", "creation_timestamp": "2025-04-04T18:36:32.000000Z"}, {"uuid": "4b441f0e-c7c0-48b0-8546-361eda42170d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29471", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11952", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29471\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.\n\ud83d\udccf Published: 2025-04-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-15T21:56:33.209Z\n\ud83d\udd17 References:\n1. https://youtu.be/MvJuIkdTSQg\n2. https://www.nagios.com/changelog/#log-server\n3. https://www.exploit-db.com/exploits/52117", "creation_timestamp": "2025-04-15T22:55:56.000000Z"}, {"uuid": "009a0b74-20f0-4567-92a0-c7b40567a734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2947", "type": "seen", "source": "https://t.me/cvedetector/23245", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2947 - IBM i Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2947 \nPublished : April 17, 2025, 5:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : IBM i 7.6\u00a0  \n  \ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T20:30:15.000000Z"}, {"uuid": "9a34377a-8fa9-42e5-8cc9-ec193de15a0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29479", "type": "seen", "source": "https://t.me/cvedetector/22346", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29479 - Redis Buffer Overflow Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-29479 \nPublished : April 7, 2025, 8:15 p.m. | 35\u00a0minutes ago \nDescription : Buffer Overflow in hiredis 1.2.0 allows a local attacker to cause a denial of service via the sdscatlen function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T22:55:48.000000Z"}, {"uuid": "4532b9ec-3223-4ab3-87de-285d7d9c4cd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29478", "type": "seen", "source": "https://t.me/cvedetector/22345", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29478 - Apache Fluent-bit Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-29478 \nPublished : April 7, 2025, 8:15 p.m. | 35\u00a0minutes ago \nDescription : An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T22:55:44.000000Z"}, {"uuid": "58feb1f0-82e8-43aa-bd30-173d1112307f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29471", "type": "published-proof-of-concept", "source": "https://t.me/CybNux/7833", "content": "\ud83d\udea8CVE-2025-29471: Stored XSS PoC\n\n\u062a\u0633\u0645\u062d \u062b\u063a\u0631\u0629 Cross Site Scripting \u0641\u064a Nagios Log Server v.2024R1.3.1 \u0644\u0645\u0647\u0627\u062c\u0645 \u0639\u0646 \u0628\u0639\u062f \u0628\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0634\u0648\u0627\u0626\u064a\u0629 \u0639\u0628\u0631 \u062d\u0645\u0648\u0644\u0629 \u0641\u064a \u062d\u0642\u0644 \u0627\u0644\u0628\u0631\u064a\u062f \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a.", "creation_timestamp": "2025-04-16T02:06:11.000000Z"}, {"uuid": "eb3bf03a-3819-405e-987b-e8844df3f1b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29476", "type": "seen", "source": "https://t.me/cvedetector/22169", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29476 - OSS-Fuzz c-blosc2 Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2025-29476 \nPublished : April 4, 2025, 6:15 p.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : Buffer Overflow vulnerability in compress_chunk_fuzzer with oss-fuzz on commit 16450518afddcb3139de627157208e49bfef6987 in c-blosc2 v.2.17.0 and before. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T22:12:43.000000Z"}, {"uuid": "2c820905-964a-4150-ae22-f425f0522a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29477", "type": "seen", "source": "https://t.me/cvedetector/22167", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29477 - Fluent-Bit Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29477 \nPublished : April 4, 2025, 6:15 p.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T22:12:41.000000Z"}, {"uuid": "652366b7-b368-4515-b5c2-8df781decc20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29471", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/16127", "content": "\ud83d\udea8CVE-2025-29471: Stored XSS PoC\n\nCross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.\n\nCredit: youtube.com/@organics000", "creation_timestamp": "2025-04-16T01:01:37.000000Z"}, {"uuid": "addac4ad-2028-4bcc-8327-cf05a5dd3a7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29471", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmv5meqk2t2r", "content": "", "creation_timestamp": "2025-04-15T22:43:12.274418Z"}, {"uuid": "45e0e1d8-87ef-4646-b643-e50bec8a1db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29471", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:57.000000Z"}, {"uuid": "f72535f1-ad75-470a-9e33-86dc4f7d93fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29471", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:41.000000Z"}, {"uuid": "6ea5a04e-7a23-473b-8254-68ea04bcb486", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29478", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10769", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29478\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.\n\ud83d\udccf Published: 2025-04-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-07T19:31:59.501Z\n\ud83d\udd17 References:\n1. https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md", "creation_timestamp": "2025-04-07T19:45:36.000000Z"}, {"uuid": "f65a4a6d-bc7a-41df-9b31-3ce07387bdcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2947", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12380", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2947\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: IBM i 7.6\u00a0\n\ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system.\n\ud83d\udccf Published: 2025-04-17T17:10:52.646Z\n\ud83d\udccf Modified: 2025-04-18T01:52:16.646Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7231025", "creation_timestamp": "2025-04-18T02:58:02.000000Z"}]}