{"vulnerability": "cve-2025-2809", "sightings": [{"uuid": "55b85c05-6cf0-4f3f-8160-e0eddcbb8c82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28097", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9490", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28097\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.\n\ud83d\udccf Published: 2025-03-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T21:33:12.314Z\n\ud83d\udd17 References:\n1. https://www.yuque.com/morysummer/vx41bz/oqi6pyv26gci6465", "creation_timestamp": "2025-03-28T22:28:32.000000Z"}, {"uuid": "d7052351-fec5-43a9-98f2-c80c2e209ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28091", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9465", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28091\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.\n\ud83d\udccf Published: 2025-03-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T21:23:21.110Z\n\ud83d\udd17 References:\n1. https://www.yuque.com/morysummer/vx41bz/ax55rxv4u3our1ic", "creation_timestamp": "2025-03-28T21:28:55.000000Z"}, {"uuid": "d8b24339-b849-43cb-8b77-a2bfc785258d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28093", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9743", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28093\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.\n\ud83d\udccf Published: 2025-03-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-31T19:13:57.416Z\n\ud83d\udd17 References:\n1. https://www.yuque.com/morysummer/vx41bz/he2hb8ic8an8h07f", "creation_timestamp": "2025-03-31T19:31:02.000000Z"}, {"uuid": "e0b5321e-433c-4e77-97af-9616a4bd50f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2809", "type": "seen", "source": "Telegram/YDvcAPdlvLvCcoAwvz9gU9VvCprHDRzeT4kOSIV0t5J2ank", "content": "", "creation_timestamp": "2025-04-10T10:31:20.000000Z"}, {"uuid": "615eda33-62bc-465e-a961-dd14b8c0fc81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28091", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114259717545642363", "content": "", "creation_timestamp": "2025-03-31T23:48:49.041581Z"}, {"uuid": "45d7b7c9-684d-440f-ae5b-3121a6bfe8b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28094", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9492", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28094\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.\n\ud83d\udccf Published: 2025-03-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T21:31:10.545Z\n\ud83d\udd17 References:\n1. https://www.yuque.com/morysummer/vx41bz/echzollcdlmllgqo", "creation_timestamp": "2025-03-28T22:28:33.000000Z"}, {"uuid": "bf8b4efe-1844-4c82-b9a8-3b668c4b7931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28096", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9491", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28096\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.\n\ud83d\udccf Published: 2025-03-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T21:32:44.520Z\n\ud83d\udd17 References:\n1. https://www.yuque.com/morysummer/vx41bz/oqi6pyv26gci6465", "creation_timestamp": "2025-03-28T22:28:33.000000Z"}, {"uuid": "d82f8c9a-9f37-4cad-9e10-ec67dc8eea38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28092", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9742", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28092\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.\n\ud83d\udccf Published: 2025-03-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-31T19:16:22.199Z\n\ud83d\udd17 References:\n1. https://www.yuque.com/morysummer/vx41bz/stggvmlxs9ewqlvu", "creation_timestamp": "2025-03-31T19:31:02.000000Z"}, {"uuid": "6204a0ad-1fb7-4596-9ac9-2708b411a40b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28090", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9741", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28090\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.\n\ud83d\udccf Published: 2025-03-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-31T19:25:59.534Z\n\ud83d\udd17 References:\n1. https://www.yuque.com/morysummer/vx41bz/xo5w1euakvtgenex", "creation_timestamp": "2025-03-31T19:31:01.000000Z"}, {"uuid": "2998bc74-b042-497a-ad6e-11f2ed766585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28099", "type": "seen", "source": "https://t.me/cvedetector/23450", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28099 - Opencms Arbitrary File Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28099 \nPublished : April 21, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T19:49:35.000000Z"}, {"uuid": "d3b2b532-c3ea-4bd4-ba1a-5311e2c55953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28094", "type": "seen", "source": "https://t.me/cvedetector/21471", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28094 - Shopxo SSRF and XSS Vulnerabilities\", \n  \"Content\": \"CVE ID : CVE-2025-28094 \nPublished : March 28, 2025, 10:15 p.m. | 31\u00a0minutes ago \nDescription : shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T00:26:44.000000Z"}, {"uuid": "762d477b-052b-43a5-8337-ed0b0580a180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28093", "type": "seen", "source": "https://t.me/cvedetector/21470", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28093 - ShopXO SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-28093 \nPublished : March 28, 2025, 10:15 p.m. | 31\u00a0minutes ago \nDescription : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T00:26:44.000000Z"}, {"uuid": "c40b44d2-931d-4147-8d92-72655238b2a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28092", "type": "seen", "source": "https://t.me/cvedetector/21469", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28092 - ShopXO SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-28092 \nPublished : March 28, 2025, 10:15 p.m. | 31\u00a0minutes ago \nDescription : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T00:26:43.000000Z"}, {"uuid": "f06d9b34-d947-4669-b1f9-7c83fe17f289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28091", "type": "seen", "source": "https://t.me/cvedetector/21468", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28091 - Maccms10 SSRF in Add Article\", \n  \"Content\": \"CVE ID : CVE-2025-28091 \nPublished : March 28, 2025, 10:15 p.m. | 31\u00a0minutes ago \nDescription : maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T00:26:42.000000Z"}, {"uuid": "aaa812f2-26b4-42ee-92ab-1889b947655b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28090", "type": "seen", "source": "https://t.me/cvedetector/21479", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28090 - Maccms Server-Side Request Forgery (SSRF)\", \n  \"Content\": \"CVE ID : CVE-2025-28090 \nPublished : March 28, 2025, 10:15 p.m. | 31\u00a0minutes ago \nDescription : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T00:26:56.000000Z"}, {"uuid": "b2df8571-5b1d-485e-9e7a-642bc20b4ca7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28097", "type": "seen", "source": "https://t.me/cvedetector/21473", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28097 - OneNav HTTP Header XSS\", \n  \"Content\": \"CVE ID : CVE-2025-28097 \nPublished : March 28, 2025, 10:15 p.m. | 31\u00a0minutes ago \nDescription : OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T00:26:49.000000Z"}, {"uuid": "ee2dadc4-bbfa-4685-846b-88b742e7ce1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28096", "type": "seen", "source": "https://t.me/cvedetector/21472", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28096 - OneNav SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28096 \nPublished : March 28, 2025, 10:15 p.m. | 31\u00a0minutes ago \nDescription : OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T00:26:45.000000Z"}, {"uuid": "153b3cfc-502f-4421-960a-74a36bfe96ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28091", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114259717545642363", "content": "", "creation_timestamp": "2025-03-31T23:48:49.043040Z"}, {"uuid": "54d789d6-0830-4dba-b049-d20ecca59dd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28099", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lne2ludney2u", "content": "", "creation_timestamp": "2025-04-21T20:59:10.328887Z"}, {"uuid": "a20573e1-a333-4a70-b6be-4efab153941e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28099", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12704", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28099\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,\n\ud83d\udccf Published: 2025-04-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T16:56:20.745Z\n\ud83d\udd17 References:\n1. https://gitee.com/fumiao/opencms/issues/IBLJLM\n2. https://gist.github.com/kaoniniang2/e159346725f50d6c44c82214970f02b8", "creation_timestamp": "2025-04-21T17:01:53.000000Z"}, {"uuid": "81e7c833-f878-473f-bd0b-440b5504a5e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28090", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114259246466248464", "content": "", "creation_timestamp": "2025-03-31T21:49:01.105378Z"}, {"uuid": "6a600a04-888f-4477-a393-1269d839a50a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28090", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114259246466248464", "content": "", "creation_timestamp": "2025-03-31T21:49:01.103749Z"}]}