{"vulnerability": "CVE-2025-4062", "sightings": [{"uuid": "6b946cd4-6871-442e-b572-39f3c094586a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40626", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loy7dunjgi2t", "content": "", "creation_timestamp": "2025-05-12T14:42:38.851825Z"}, {"uuid": "cb8b000d-1e47-4c57-ad81-67bac92eee0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40627", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loy7duugcy2p", "content": "", "creation_timestamp": "2025-05-12T14:42:40.086512Z"}, {"uuid": "98177e18-2acf-4259-afcf-a82d7d48a18b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2cxi4ge42h", "content": "", "creation_timestamp": "2025-05-13T10:52:37.269381Z"}, {"uuid": "9d1c44b3-e4cb-47af-ac0d-27e5e948070d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114500433170308695", "content": "", "creation_timestamp": "2025-05-13T12:05:57.983041Z"}, {"uuid": "0e62d523-5ced-480c-ad4e-987c8e239a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40629", "type": "published-proof-of-concept", "source": "Telegram/uEOlrUu1_l--1w6IndjXIiiKl78HQvEFFzlmBtSlWW7XloE", "content": "", "creation_timestamp": "2025-11-20T03:00:06.000000Z"}, {"uuid": "cc080f37-b124-4ff5-b191-2100ea39adf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40627", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16033", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40627\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Reflected Cross-Site Scripting (XSS) vulnerability in\u00a0AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through\u00a0\"/eyes?\n\n[XSS_PAYLOAD]\".\n\ud83d\udccf Published: 2025-05-12T11:36:46.597Z\n\ud83d\udccf Modified: 2025-05-12T18:42:35.890Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-abantecart", "creation_timestamp": "2025-05-12T19:29:23.000000Z"}, {"uuid": "97740db9-8c1b-46ae-aff5-7e4207dfc79b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40629", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16687", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40629\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory.\n\ud83d\udccf Published: 2025-05-16T12:40:17.878Z\n\ud83d\udccf Modified: 2025-05-16T12:59:59.664Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-pnetlab", "creation_timestamp": "2025-05-16T13:35:55.000000Z"}, {"uuid": "c59ca6bb-2b25-4a66-8770-2d8a83480eb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://t.me/cvedetector/25182", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40628 - DomainsPRO SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-40628 \nPublished : May 13, 2025, 10:15 a.m. | 51\u00a0minutes ago \nDescription : SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the \u201cd\u201d parameter in the \u201c/article.php\u201d endpoint. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T13:52:17.000000Z"}, {"uuid": "cc177608-2cac-4485-b42d-4c064e26a60f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4062", "type": "seen", "source": "https://t.me/cvedetector/24006", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4062 - Apache Code-Projects Theater Seat Booking System Stack-Based Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4062 \nPublished : April 29, 2025, 2:15 p.m. | 21\u00a0minutes ago \nDescription : A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T16:49:51.000000Z"}, {"uuid": "bb639fc3-277c-4216-b801-798e90452b6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40622", "type": "seen", "source": "Telegram/Z0xWuJVL5KIv8Y3txxIuKntecLAX-t-7jcSbPF5IOO_q_oA", "content": "", "creation_timestamp": "2025-05-06T13:32:41.000000Z"}, {"uuid": "9172fb3d-7952-4373-b191-7eaf9bb85296", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40625", "type": "seen", "source": "Telegram/Z0xWuJVL5KIv8Y3txxIuKntecLAX-t-7jcSbPF5IOO_q_oA", "content": "", "creation_timestamp": "2025-05-06T13:32:41.000000Z"}, {"uuid": "0e5f9013-bdfc-48f9-bf63-038214a9826e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40623", "type": "seen", "source": "Telegram/Z0xWuJVL5KIv8Y3txxIuKntecLAX-t-7jcSbPF5IOO_q_oA", "content": "", "creation_timestamp": "2025-05-06T13:32:41.000000Z"}, {"uuid": "610b62fc-f5b0-4596-ab78-b019adc70c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40625", "type": "seen", "source": "https://t.me/cvedetector/24590", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40625 - TCMAN GIM Unauthenticated File Upload RCE\", \n  \"Content\": \"CVE ID : CVE-2025-40625 \nPublished : May 6, 2025, 11:15 a.m. | 44\u00a0minutes ago \nDescription : Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T14:28:54.000000Z"}, {"uuid": "b74a4502-9870-40fa-b0fc-0f595a2a55c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40621", "type": "seen", "source": "https://t.me/cvedetector/24592", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40621 - TCMAN GIM SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-40621 \nPublished : May 6, 2025, 11:15 a.m. | 44\u00a0minutes ago \nDescription : SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018User\u2019 parameter of the \u2018ValidateUserAndGetData\u2019 endpoint. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T14:28:59.000000Z"}, {"uuid": "4bc02693-ef2c-4342-a901-099fbfc023dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40622", "type": "seen", "source": "https://t.me/cvedetector/24593", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40622 - TCMAN GIM SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-40622 \nPublished : May 6, 2025, 11:15 a.m. | 44\u00a0minutes ago \nDescription : SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018username\u2019 parameter of the \u2018GetLastDatePasswordChange\u2019 endpoint. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T14:29:00.000000Z"}, {"uuid": "3af93e31-67f1-4f1a-b1d4-1ab8db3139cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40620", "type": "seen", "source": "https://t.me/cvedetector/24594", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40620 - TCMAN's GIM SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-40620 \nPublished : May 6, 2025, 11:15 a.m. | 44\u00a0minutes ago \nDescription : SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018User\u2019 parameter of the \u2018ValidateUserAndWS\u2019 endpoint. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T14:29:00.000000Z"}, {"uuid": "ea7b87fe-2463-440b-897c-c497ab02bd27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4062", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnxn326fee2j", "content": "", "creation_timestamp": "2025-04-29T15:50:22.371969Z"}, {"uuid": "6dc21a4d-75a5-4055-93d5-3323e1c9adbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40622", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15089", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40622\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018username\u2019 parameter of the \u2018GetLastDatePasswordChange\u2019 endpoint.\n\ud83d\udccf Published: 2025-05-06T10:40:28.916Z\n\ud83d\udccf Modified: 2025-05-06T10:40:28.916Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim", "creation_timestamp": "2025-05-06T11:21:43.000000Z"}, {"uuid": "22df868c-81db-4d02-ad5f-d13122dfbeee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40623", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15088", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40623\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018Sender\u2019 and \u201cemail\u201d parameters of the \u2018createNotificationAndroid\u2019 endpoint.\n\ud83d\udccf Published: 2025-05-06T10:41:04.724Z\n\ud83d\udccf Modified: 2025-05-06T10:41:04.724Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim", "creation_timestamp": "2025-05-06T11:21:42.000000Z"}, {"uuid": "07cd3225-af32-4bdb-862c-9af83c44d9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40624", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15087", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40624\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018User\u2019 and \u201cemail\u201d parameters of the \u2018updatePassword\u2019 endpoint.\n\ud83d\udccf Published: 2025-05-06T10:41:39.095Z\n\ud83d\udccf Modified: 2025-05-06T10:41:39.095Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim", "creation_timestamp": "2025-05-06T11:21:41.000000Z"}, {"uuid": "8da72817-2b93-4688-88f3-0c32afaca38f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40625", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15086", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40625\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).\n\ud83d\udccf Published: 2025-05-06T10:43:01.296Z\n\ud83d\udccf Modified: 2025-05-06T10:43:01.296Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim", "creation_timestamp": "2025-05-06T11:21:40.000000Z"}, {"uuid": "dbf06f16-3c38-4dae-94da-553ecb21de83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40620", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15091", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40620\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018User\u2019 parameter of the \u2018ValidateUserAndWS\u2019 endpoint.\n\ud83d\udccf Published: 2025-05-06T10:39:11.267Z\n\ud83d\udccf Modified: 2025-05-06T10:39:11.267Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim", "creation_timestamp": "2025-05-06T11:21:48.000000Z"}, {"uuid": "0ffbb6b1-1840-4cf7-b6ee-f3affd51b28f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40621", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15090", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40621\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018User\u2019 parameter of the \u2018ValidateUserAndGetData\u2019 endpoint.\n\ud83d\udccf Published: 2025-05-06T10:39:53.671Z\n\ud83d\udccf Modified: 2025-05-06T10:39:53.671Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim", "creation_timestamp": "2025-05-06T11:21:47.000000Z"}, {"uuid": "b961457a-7cf9-473c-9ebc-62887e524c43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16216", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40628\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the \u201cd\u201d parameter in the \u201c/article.php\u201d endpoint.\n\ud83d\udccf Published: 2025-05-13T09:37:39.081Z\n\ud83d\udccf Modified: 2025-05-13T19:05:44.423Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-domainspro", "creation_timestamp": "2025-05-13T19:31:13.000000Z"}, {"uuid": "54de448d-844c-470d-9df2-ac87c52a7991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40626", "type": "seen", "source": "https://t.me/cvedetector/25080", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40626 - AbanteCart Reflected Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-40626 \nPublished : May 12, 2025, 12:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : Reflected Cross-Site Scripting (XSS) vulnerability in\u00a0AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through\u00a0\"/about_us?[XSS_PAYLOAD]\". \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T16:56:56.000000Z"}, {"uuid": "85d399bd-4e86-4d28-bbf4-961ca4f0147e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40627", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/25079", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40627 - AbanteCart Reflected Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-40627 \nPublished : May 12, 2025, 12:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : Reflected Cross-Site Scripting (XSS) vulnerability in\u00a0AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through\u00a0\"/eyes?  \n  \n[XSS_PAYLOAD]\". \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T16:56:55.000000Z"}, {"uuid": "6a97f0ff-b613-4077-93a6-1360f9f41c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40620", "type": "seen", "source": "Telegram/Z0xWuJVL5KIv8Y3txxIuKntecLAX-t-7jcSbPF5IOO_q_oA", "content": "", "creation_timestamp": "2025-05-06T13:32:41.000000Z"}, {"uuid": "47b08862-3257-48b2-9763-90ae4eb17aab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40621", "type": "seen", "source": "Telegram/Z0xWuJVL5KIv8Y3txxIuKntecLAX-t-7jcSbPF5IOO_q_oA", "content": "", "creation_timestamp": "2025-05-06T13:32:41.000000Z"}, {"uuid": "bd9d3e7f-544a-4294-9bf8-0128c7fbc1c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40624", "type": "seen", "source": "Telegram/Z0xWuJVL5KIv8Y3txxIuKntecLAX-t-7jcSbPF5IOO_q_oA", "content": "", "creation_timestamp": "2025-05-06T13:32:41.000000Z"}, {"uuid": "4fface2f-62a4-4aec-8be3-b5bfeef9fcd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40623", "type": "seen", "source": "https://t.me/cvedetector/24587", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40623 - TCMAN GIM SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-40623 \nPublished : May 6, 2025, 11:15 a.m. | 44\u00a0minutes ago \nDescription : SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018Sender\u2019 and \u201cemail\u201d parameters of the \u2018createNotificationAndroid\u2019 endpoint. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T14:28:52.000000Z"}, {"uuid": "39efc0b5-db65-4022-a7f6-feac47b38987", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40624", "type": "seen", "source": "https://t.me/cvedetector/24589", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-40624 - TCMAN's GIM SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-40624 \nPublished : May 6, 2025, 11:15 a.m. | 44\u00a0minutes ago \nDescription : SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018User\u2019 and \u201cemail\u201d parameters of the \u2018updatePassword\u2019 endpoint. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T14:28:53.000000Z"}, {"uuid": "c0464dbf-8545-4c89-9bb5-a926f54fc96c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40629", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcizn6iij2p", "content": "", "creation_timestamp": "2025-05-16T17:02:27.935350Z"}, {"uuid": "48db1ea8-9a03-479e-849f-b484f47320a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40622", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loj3emwhtr2p", "content": "", "creation_timestamp": "2025-05-06T14:21:30.827917Z"}, {"uuid": "fe533eb2-54bf-4ce8-903e-dad824e682d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40623", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loj3en7jto2l", "content": "", "creation_timestamp": "2025-05-06T14:21:31.446531Z"}, {"uuid": "e0e47cd6-765c-47b3-9cf5-a4e59cb27b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40620", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loj3encxkp2t", "content": "", "creation_timestamp": "2025-05-06T14:21:32.063750Z"}, {"uuid": "ded1d421-2683-42cf-8aa7-732651fcf2df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40624", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loj3ennebb2p", "content": "", "creation_timestamp": "2025-05-06T14:21:33.815682Z"}, {"uuid": "944d6173-5262-4cb3-8e89-6d44a4111837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40621", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loj3enqoga2h", "content": "", "creation_timestamp": "2025-05-06T14:21:34.456306Z"}, {"uuid": "87cbaa66-5a22-432d-881e-d10b220fba00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40625", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loj3entyi72t", "content": "", "creation_timestamp": "2025-05-06T14:21:35.100171Z"}]}