{"vulnerability": "CVE-2025-4300", "sightings": [{"uuid": "d695c34c-2981-4029-9b73-1748bb3c1877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4300", "type": "exploited", "source": "https://t.me/cvedetector/24529", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4300 - iSourcecode Content Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4300 \nPublished : May 6, 2025, 12:15 a.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /search_list.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T04:26:15.000000Z"}, {"uuid": "9418b138-810a-4cea-85ec-0028c4f5ed74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4300", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lohzk2su7j2l", "content": "", "creation_timestamp": "2025-05-06T04:16:07.222423Z"}, {"uuid": "17bbaf1c-6c94-4c10-9975-13515e07fe29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43009", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16127", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43009\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.\n\ud83d\udccf Published: 2025-05-13T00:19:41.795Z\n\ud83d\udccf Modified: 2025-05-13T14:11:47.930Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/2491817\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-05-13T14:30:47.000000Z"}, {"uuid": "dd8ad0eb-b948-4c61-a218-244225f2931e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4300", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4300\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /search_list.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-06T00:00:10.110Z\n\ud83d\udccf Modified: 2025-05-06T00:00:10.110Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.307404\n2. https://vuldb.com/?ctiid.307404\n3. https://vuldb.com/?submit.563623\n4. https://github.com/6BXK6/cve/issues/1\n5. https://itsourcecode.com/", "creation_timestamp": "2025-05-06T00:19:45.000000Z"}, {"uuid": "9572a47c-10b6-48d5-ad11-f647f0ba01a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43002", "type": "seen", "source": "https://t.me/cvedetector/25150", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43002 - SAP S4CORE OData Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-43002 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:25.000000Z"}, {"uuid": "f2d61f66-bdd8-48c4-bc47-6b2182fb6c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43006", "type": "seen", "source": "https://t.me/cvedetector/25143", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43006 - SAP Supplier Relationship Management XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-43006 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:14.000000Z"}, {"uuid": "ab837998-b827-455f-8018-650f9c02c95b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43005", "type": "seen", "source": "https://t.me/cvedetector/25142", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43005 - SAP GUI for Windows Insecure Credential Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-43005 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:13.000000Z"}, {"uuid": "bc1ce425-d164-4130-b02c-3713cf3b4f62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43004", "type": "seen", "source": "https://t.me/cvedetector/25141", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43004 - Apache Cassandra Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-43004 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:12.000000Z"}, {"uuid": "bcdb4912-a61d-4f2e-b887-b0907fd7f482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43000", "type": "seen", "source": "https://t.me/cvedetector/25149", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43000 - Apache Struts Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-43000 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application. \nSeverity: 7.9 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:24.000000Z"}, {"uuid": "96831130-dfbc-4bcb-ab75-055bfc8db932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43003", "type": "seen", "source": "https://t.me/cvedetector/25151", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43003 - SAP S/4 HANA Configuration Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-43003 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:25.000000Z"}, {"uuid": "455282c7-a08b-459e-8e60-ac05d1798736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43009", "type": "seen", "source": "https://t.me/cvedetector/25146", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43009 - SAP Service Parts Management Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-43009 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:19.000000Z"}, {"uuid": "37ea2836-701d-474a-8f67-d2c898933478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43008", "type": "seen", "source": "https://t.me/cvedetector/25145", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43008 - Microsoft SharePoint Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-43008 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:18.000000Z"}, {"uuid": "1be3445e-3f86-4c4d-9a7d-bb1421b44398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43007", "type": "seen", "source": "https://t.me/cvedetector/25144", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-43007 - SAP Service Parts Management Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-43007 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:18.000000Z"}, {"uuid": "d33e1965-4705-4e6b-b359-4b3ae938df49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4300", "type": "published-proof-of-concept", "source": "Telegram/Ex08nW809hfereTxVuzlVNPEWgKV-gkxUk0XTpKZHG8ORKo", "content": "", "creation_timestamp": "2025-05-06T03:01:09.000000Z"}, {"uuid": "61102e1a-a298-4811-b845-883aba053e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43000", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114497943894558300", "content": "", "creation_timestamp": "2025-05-13T01:32:54.848884Z"}, {"uuid": "68eea537-b3ac-4549-98e2-630fc9583387", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43004", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjaazbrv24", "content": "", "creation_timestamp": "2025-05-13T03:12:13.114897Z"}, {"uuid": "128728b9-4364-4faa-bedd-35f4bf41d93e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43000", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjab4ls62e", "content": "", "creation_timestamp": "2025-05-13T03:12:13.732925Z"}, {"uuid": "e1524d49-3b90-4667-ae6c-b860632be53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43007", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjab7vyz2p", "content": "", "creation_timestamp": "2025-05-13T03:12:14.303840Z"}, {"uuid": "89084a80-ea1f-4884-b7e5-2c3d9b4c2236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43002", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjabyxrw2l", "content": "", "creation_timestamp": "2025-05-13T03:12:18.368563Z"}, {"uuid": "29ea8b4e-179f-4dd4-9b6f-3fc452193898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43003", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjac7jit2p", "content": "", "creation_timestamp": "2025-05-13T03:12:19.493624Z"}, {"uuid": "165add67-1a1d-4740-848d-8cf936194305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43006", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjacjexs22", "content": "", "creation_timestamp": "2025-05-13T03:12:21.152800Z"}, {"uuid": "509031d3-9677-41e3-ac8e-ad557f8b5fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43005", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjacmurk2w", "content": "", "creation_timestamp": "2025-05-13T03:12:21.742995Z"}, {"uuid": "a45d5058-b99a-4282-9b08-68909c33d309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43008", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozjacq7jg2r", "content": "", "creation_timestamp": "2025-05-13T03:12:22.341519Z"}]}