{"vulnerability": "cve-2025-3146", "sightings": [{"uuid": "1c581889-c3d9-4b21-89ba-412755714c45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3146", "type": "published-proof-of-concept", "source": "Telegram/LIdFABEsmgRONqCXACjX-IG53KiWfy5qVv_Cpf73l1KRWUI", "content": "", "creation_timestamp": "2025-04-03T09:30:50.000000Z"}, {"uuid": "b12a29ed-1b8d-40cd-a69d-9f6fd9494abd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3146", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10164", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3146\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T06:31:14.559Z\n\ud83d\udccf Modified: 2025-04-03T06:31:14.559Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303051\n2. https://vuldb.com/?ctiid.303051\n3. https://vuldb.com/?submit.525340\n4. https://github.com/nabiland/cve/issues/1\n5. https://phpgurukul.com/", "creation_timestamp": "2025-04-03T06:34:09.000000Z"}, {"uuid": "7adbe8d2-0be6-426c-a35b-fd7c8b19872f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31461", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11233", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31461\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound NanoSupport allows Reflected XSS. This issue affects NanoSupport: from n/a through 0.6.0.\n\ud83d\udccf Published: 2025-04-01T20:58:10.861Z\n\ud83d\udccf Modified: 2025-04-10T14:44:32.781Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/nanosupport/vulnerability/wordpress-nanosupport-plugin-0-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T14:50:13.000000Z"}, {"uuid": "54478451-235d-4d91-971a-e933ba93da45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31462", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11236", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31462\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rzfarrell CGM Event Calendar allows Reflected XSS. This issue affects CGM Event Calendar: from n/a through 0.8.5.\n\ud83d\udccf Published: 2025-04-01T20:58:11.039Z\n\ud83d\udccf Modified: 2025-04-10T14:42:17.545Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/cgm-event-calendar/vulnerability/wordpress-cgm-event-calendar-0-8-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T14:50:17.000000Z"}, {"uuid": "37be698a-1288-4794-831c-08c3b42c720f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31464", "type": "seen", "source": "https://t.me/cvedetector/21425", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31464 - Nazmur Rahman Text Selection Color Stored Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-31464 \nPublished : March 28, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color allows Stored XSS. This issue affects Text Selection Color: from n/a through 1.6. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:48.000000Z"}, {"uuid": "113d213a-48d7-4927-9993-e3bfa7c69c17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31469", "type": "seen", "source": "https://t.me/cvedetector/21421", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31469 - Webrangers Clear Sucuri Cache Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31469 \nPublished : March 28, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clear Sucuri Cache: from n/a through 1.4. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:43.000000Z"}, {"uuid": "6b3f86ad-513d-4970-b0f4-2d3f79981ec9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31465", "type": "seen", "source": "https://t.me/cvedetector/21420", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31465 - \"CornerShop Better Section Navigation Widget Stored XSS\"\", \n  \"Content\": \"CVE ID : CVE-2025-31465 \nPublished : March 28, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in cornershop Better Section Navigation Widget allows Stored XSS. This issue affects Better Section Navigation Widget: from n/a through 1.6.1. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:42.000000Z"}, {"uuid": "935a94c6-d6cd-4ff0-bba7-a4b0dbd9678d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31466", "type": "seen", "source": "https://t.me/cvedetector/21426", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31466 - Falcon Solutions Duplicate Page and Post SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31466 \nPublished : March 28, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Falcon Solutions Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 1.0. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:49.000000Z"}]}