{"vulnerability": "cve-2025-3405", "sightings": [{"uuid": "2e0d35b2-7116-4239-a643-9f524c8e1d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-10)", "content": "", "creation_timestamp": "2026-01-10T00:00:00.000000Z"}, {"uuid": "1d577497-0e34-43fc-8bd8-092bacca2092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-10)", "content": "", "creation_timestamp": "2026-01-10T00:00:00.000000Z"}, {"uuid": "f93d4e59-2ded-40fe-a4b2-2afd95146e50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-10)", "content": "", "creation_timestamp": "2026-01-10T00:00:00.000000Z"}, {"uuid": "1af7d3d3-499f-4523-8d72-a92a0e32d6cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-30)", "content": "", "creation_timestamp": "2026-03-30T00:00:00.000000Z"}, {"uuid": "706e003c-e9ca-4c45-81b1-220e51fb756a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-30)", "content": "", "creation_timestamp": "2026-03-30T00:00:00.000000Z"}, {"uuid": "45cfe64c-f343-460a-94d2-5a2fde54c246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-03)", "content": "", "creation_timestamp": "2026-04-03T00:00:00.000000Z"}, {"uuid": "26ce8069-ea16-40d3-a737-2a27a514d793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-12)", "content": "", "creation_timestamp": "2026-02-12T00:00:00.000000Z"}, {"uuid": "56b61a61-3c00-446e-88a9-1b1a6338c0b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-18)", "content": "", "creation_timestamp": "2026-03-18T00:00:00.000000Z"}, {"uuid": "b1209375-da95-42f5-8032-50440193128b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-23)", "content": "", "creation_timestamp": "2026-03-23T00:00:00.000000Z"}, {"uuid": "c7345fda-2c37-4fb7-95af-400347315de9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-18)", "content": "", "creation_timestamp": "2026-03-18T00:00:00.000000Z"}, {"uuid": "63985e2e-bff9-45ed-b920-e7bba1e0d155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-21)", "content": "", "creation_timestamp": "2026-03-21T00:00:00.000000Z"}, {"uuid": "7c234f13-626e-4469-a125-10b2814d86e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-06)", "content": "", "creation_timestamp": "2026-04-06T00:00:00.000000Z"}, {"uuid": "061d26de-0fb3-4b62-9921-f694882b4b43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-15)", "content": "", "creation_timestamp": "2026-04-15T00:00:00.000000Z"}, {"uuid": "6bca3c60-79c5-4a4b-a65f-8a7ff18b81c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-15)", "content": "", "creation_timestamp": "2026-04-15T00:00:00.000000Z"}, {"uuid": "48ba67cb-fbf4-4654-9240-8ae185757156", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-22)", "content": "", "creation_timestamp": "2026-04-22T00:00:00.000000Z"}, {"uuid": "6cff46a5-b13d-4619-a9f4-78eb5ba63fff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34055", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20052", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34055\n\ud83d\udd25 CVSS Score: 9.4 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.\n\ud83d\udccf Published: 2025-07-01T14:46:38.848Z\n\ud83d\udccf Modified: 2025-07-01T14:46:38.848Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/40500\n2. https://avtech.com/\n3. https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\n4. https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\n5. https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "creation_timestamp": "2025-07-01T15:08:07.000000Z"}, {"uuid": "a37a8478-69e0-46b8-b2a7-e3d749c0a637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34056", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20051", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34056\n\ud83d\udd25 CVSS Score: 9.4 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.\n\ud83d\udccf Published: 2025-07-01T14:46:52.800Z\n\ud83d\udccf Modified: 2025-07-01T14:46:52.800Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/40500\n2. https://avtech.com/\n3. https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\n4. https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\n5. https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "creation_timestamp": "2025-07-01T15:08:06.000000Z"}, {"uuid": "c0afcf8d-a3b6-4ae5-8dfd-bad109839f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34051", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20039", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34051\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L)\n\ud83d\udd39 Description: A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.\n\ud83d\udccf Published: 2025-07-01T14:44:22.913Z\n\ud83d\udccf Modified: 2025-07-01T14:59:04.311Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/40500\n2. https://avtech.com/\n3. https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\n4. https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\n5. https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "creation_timestamp": "2025-07-01T15:07:53.000000Z"}, {"uuid": "360e9277-eb06-4505-990b-ea43f39e7d7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34054", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20053", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34054\n\ud83d\udd25 CVSS Score: 10 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.\n\ud83d\udccf Published: 2025-07-01T14:46:00.832Z\n\ud83d\udccf Modified: 2025-07-01T14:46:00.832Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/40500\n2. https://avtech.com/\n3. https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\n4. https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\n5. https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "creation_timestamp": "2025-07-01T15:08:08.000000Z"}, {"uuid": "262cf21e-c855-46eb-b15b-5a1150468aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3405", "type": "seen", "source": "https://t.me/cvedetector/22386", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3405 - FCJ Venture Builder Appclientefiel HTTP GET Request Handler Unauthenticated Remote Resource Identification Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3405 \nPublished : April 8, 2025, 4:15 a.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDER_ID leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T08:08:03.000000Z"}, {"uuid": "1f85d0a1-6ee8-42bb-a116-4df2057a38c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34054", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lsz4dplb7x2s", "content": "", "creation_timestamp": "2025-07-02T21:02:16.484565Z"}, {"uuid": "4e67cea6-f8a8-4791-be1b-f7d5f24e28bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34058", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lsz4dpoedk2j", "content": "", "creation_timestamp": "2025-07-02T21:02:17.020528Z"}, {"uuid": "e224d40c-7a19-46e8-9daa-508eff5d86d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lsz4dprbqn2i", "content": "", "creation_timestamp": "2025-07-02T21:02:17.612073Z"}, {"uuid": "7c610831-66ff-47e8-ad7d-9e76256b1e66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-12)", "content": "", "creation_timestamp": "2026-01-12T00:00:00.000000Z"}, {"uuid": "174537f4-1762-411c-9bfe-28d48bb95dfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-12)", "content": "", "creation_timestamp": "2026-01-12T00:00:00.000000Z"}, {"uuid": "95171102-fbe5-4778-9930-cca4646e45dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-20)", "content": "", "creation_timestamp": "2026-01-20T00:00:00.000000Z"}, {"uuid": "02a50df2-700f-4587-8a28-56d694cb1a8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-29)", "content": "", "creation_timestamp": "2026-01-29T00:00:00.000000Z"}, {"uuid": "d1db3d90-09ea-4ab9-8290-59b160242ab4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-29)", "content": "", "creation_timestamp": "2026-01-29T00:00:00.000000Z"}, {"uuid": "83a4a069-7862-4fe9-af23-9fafa299cd95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-31)", "content": "", "creation_timestamp": "2026-03-31T00:00:00.000000Z"}, {"uuid": "9957523c-0c91-4578-9ed3-5b4a94d6b49e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-31)", "content": "", "creation_timestamp": "2026-03-31T00:00:00.000000Z"}, {"uuid": "f5322556-375f-411d-8e28-078d1ed22d36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-01)", "content": "", "creation_timestamp": "2026-04-01T00:00:00.000000Z"}, {"uuid": "dfbb61f2-c90c-45e6-b5bb-b9deefcf8d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-04)", "content": "", "creation_timestamp": "2026-04-04T00:00:00.000000Z"}, {"uuid": "12ccfa61-9d1f-4fc3-aac2-032b33f0de4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-29)", "content": "", "creation_timestamp": "2026-03-29T00:00:00.000000Z"}, {"uuid": "5a85db57-cca6-4fb9-831c-b51ddf6cf2a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-21)", "content": "", "creation_timestamp": "2026-02-21T00:00:00.000000Z"}, {"uuid": "652fa1a4-043b-402c-8f29-bee468fb9a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-22)", "content": "", "creation_timestamp": "2026-03-22T00:00:00.000000Z"}, {"uuid": "7f4fd1dd-75fd-4613-a87e-c65013a6fc63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-24)", "content": "", "creation_timestamp": "2026-03-24T00:00:00.000000Z"}, {"uuid": "5069d0d8-cf54-4f63-81e8-f77f8fa5db1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-28)", "content": "", "creation_timestamp": "2026-03-28T00:00:00.000000Z"}, {"uuid": "5ac0f2c1-9cb7-4e36-adfb-28bec3e19774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-28)", "content": "", "creation_timestamp": "2026-03-28T00:00:00.000000Z"}, {"uuid": "5cd2e8b3-7ae0-45fa-b581-890002294767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-06)", "content": "", "creation_timestamp": "2026-04-06T00:00:00.000000Z"}, {"uuid": "664e8aae-cf75-4db6-a99e-93726a938809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-06)", "content": "", "creation_timestamp": "2026-04-06T00:00:00.000000Z"}, {"uuid": "e8d850ba-4129-4fc8-8be8-0d4b83a61f90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-07)", "content": "", "creation_timestamp": "2026-04-07T00:00:00.000000Z"}, {"uuid": "45cfec07-8055-4396-be96-8091bcd9c755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-09)", "content": "", "creation_timestamp": "2026-04-09T00:00:00.000000Z"}, {"uuid": "2a41d0b3-e17f-48f1-bf64-3706ef5962c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-10)", "content": "", "creation_timestamp": "2026-04-10T00:00:00.000000Z"}, {"uuid": "fc59616f-ce9d-4f10-bf9c-3dd71d0739c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-15)", "content": "", "creation_timestamp": "2026-04-15T00:00:00.000000Z"}, {"uuid": "ad66e9fb-975b-4849-9903-acc7a95d40f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-16)", "content": "", "creation_timestamp": "2026-04-16T00:00:00.000000Z"}, {"uuid": "68e64a61-094f-410b-bea1-d6c90c99eb19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-16)", "content": "", "creation_timestamp": "2026-04-16T00:00:00.000000Z"}, {"uuid": "b356e87e-b71e-4c02-85f3-ab5f12a07537", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-16)", "content": "", "creation_timestamp": "2026-04-16T00:00:00.000000Z"}, {"uuid": "848f0ce2-4719-42a3-9954-a47e29b3751a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-19)", "content": "", "creation_timestamp": "2026-04-19T00:00:00.000000Z"}, {"uuid": "cae8a9e4-d37c-4c78-a8c2-1414064c81a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-20)", "content": "", "creation_timestamp": "2026-04-20T00:00:00.000000Z"}, {"uuid": "345ba81f-0756-4195-93a7-70ac049eb9fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ltanqjsszb2i", "content": "", "creation_timestamp": "2025-07-05T21:02:18.184829Z"}, {"uuid": "d0e5a49b-43d4-4d91-badf-d82b7df02172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3405", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmbpwobeqi2g", "content": "", "creation_timestamp": "2025-04-08T05:17:51.317090Z"}, {"uuid": "c390a764-401a-49df-bf99-63c5f10cbffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34051", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lygmjgyzyo2g", "content": "", "creation_timestamp": "2025-09-09T21:02:37.733846Z"}, {"uuid": "a80ce362-d6b5-4abe-99a8-ac27494610b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-08)", "content": "", "creation_timestamp": "2026-01-08T00:00:00.000000Z"}, {"uuid": "b4726f19-d67a-486b-82a6-bd6844d8f5fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-13)", "content": "", "creation_timestamp": "2026-01-13T00:00:00.000000Z"}, {"uuid": "779e42c6-28f3-4605-acf4-31bcf1e09922", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-19)", "content": "", "creation_timestamp": "2026-01-19T00:00:00.000000Z"}, {"uuid": "32d7b56d-ecc2-4d46-98c9-0bd51495a0af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-05)", "content": "", "creation_timestamp": "2026-02-05T00:00:00.000000Z"}, {"uuid": "8076a8d1-3512-4a91-b827-6790da185947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-04)", "content": "", "creation_timestamp": "2026-02-04T00:00:00.000000Z"}, {"uuid": "b959df00-38e1-4e2c-b595-2a91e0254bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-29)", "content": "", "creation_timestamp": "2026-03-29T00:00:00.000000Z"}, {"uuid": "5794ef75-ddcc-45c3-ae40-92cfa63cf98b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-01)", "content": "", "creation_timestamp": "2026-04-01T00:00:00.000000Z"}, {"uuid": "040b0cee-3e12-405e-b6d5-88ac361ab8ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-01)", "content": "", "creation_timestamp": "2026-04-01T00:00:00.000000Z"}, {"uuid": "45cf6f78-bcb8-4e79-a8f7-62d04bf915ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-02)", "content": "", "creation_timestamp": "2026-04-02T00:00:00.000000Z"}, {"uuid": "b6a3984c-0bc4-42ce-88d5-339201bd3278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-29)", "content": "", "creation_timestamp": "2026-03-29T00:00:00.000000Z"}, {"uuid": "8fbd1b20-5489-4dd0-8e53-9cd9e1cb4fe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-16)", "content": "", "creation_timestamp": "2026-03-16T00:00:00.000000Z"}, {"uuid": "db897760-ce44-41ee-8d4f-09c806b28ec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34054", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-23)", "content": "", "creation_timestamp": "2026-03-23T00:00:00.000000Z"}, {"uuid": "7eb3ab73-6770-4800-b10e-723b8849fa85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-19)", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "1941dc6e-5c9c-40fa-8d03-b6aa61057007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-28)", "content": "", "creation_timestamp": "2026-03-28T00:00:00.000000Z"}, {"uuid": "1123b75e-1fb2-451c-ac0e-dfe7d5d9aa30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-27)", "content": "", "creation_timestamp": "2026-03-27T00:00:00.000000Z"}, {"uuid": "9e471d34-793d-4fde-a677-ed4a299bcc71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-27)", "content": "", "creation_timestamp": "2026-03-27T00:00:00.000000Z"}, {"uuid": "3384ea8d-572d-4c88-ac99-68de2fd5d699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-27)", "content": "", "creation_timestamp": "2026-03-27T00:00:00.000000Z"}, {"uuid": "18a9eb6e-3d26-42c3-87fa-9de23f2fbd08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-07)", "content": "", "creation_timestamp": "2026-04-07T00:00:00.000000Z"}, {"uuid": "6196a04d-f3f9-4fe2-b52c-5dbcd5fab69a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-11)", "content": "", "creation_timestamp": "2026-04-11T00:00:00.000000Z"}, {"uuid": "474f0c7f-69a6-4acc-ab97-0ef2f7db539e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-11)", "content": "", "creation_timestamp": "2026-04-11T00:00:00.000000Z"}, {"uuid": "67f4423b-f359-4efd-8735-4026d9cc339a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-11)", "content": "", "creation_timestamp": "2026-04-11T00:00:00.000000Z"}, {"uuid": "58cba5d3-88c9-4f0e-988d-f50194c8d437", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-14)", "content": "", "creation_timestamp": "2026-04-14T00:00:00.000000Z"}, {"uuid": "c2e4736d-2881-4350-b9f4-ab9c5d8ca92f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-14)", "content": "", "creation_timestamp": "2026-04-14T00:00:00.000000Z"}, {"uuid": "0ac831e5-d00e-4b23-af16-bfa0ad208af4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34057", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-14)", "content": "", "creation_timestamp": "2026-04-14T00:00:00.000000Z"}, {"uuid": "7c991d57-187d-4cdc-a3e8-8767206b724a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-20)", "content": "", "creation_timestamp": "2026-04-20T00:00:00.000000Z"}, {"uuid": "d1f1d27c-fc62-4ada-8a5e-eeaf237abfe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3405", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10825", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3405\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDER_ID leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-04-08T03:31:10.514Z\n\ud83d\udccf Modified: 2025-04-08T03:31:10.514Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303649\n2. https://vuldb.com/?ctiid.303649\n3. https://vuldb.com/?submit.544136\n4. https://drive.google.com/file/d/1yhZiKFX0avpLDsYDlbnmmkTk4XTY8Y2h/view", "creation_timestamp": "2025-04-08T03:45:55.000000Z"}, {"uuid": "770c832a-bb2c-4727-98c5-90a83457bd1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34058", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20048", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34058\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files.\n\ud83d\udccf Published: 2025-07-01T14:48:40.033Z\n\ud83d\udccf Modified: 2025-07-01T14:48:40.033Z\n\ud83d\udd17 References:\n1. https://www.cnvd.org.cn/flaw/show/CNVD-2021-14544\n2. https://blog.csdn.net/qq_40684306/article/details/115278837\n3. https://www.hikvision.com/en/support/cybersecurity/security-advisory/\n4. https://vulncheck.com/advisories/hikvision-streaming-server-default-creds-file-read", "creation_timestamp": "2025-07-01T15:08:02.000000Z"}, {"uuid": "292cfe91-633e-4381-9942-1a2bb41da665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34059", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20047", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34059\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements and potentially disclose sensitive information.\n\ud83d\udccf Published: 2025-07-01T14:48:51.722Z\n\ud83d\udccf Modified: 2025-07-01T14:48:51.722Z\n\ud83d\udd17 References:\n1. https://www.cnvd.org.cn/flaw/show/CNVD-2024-38747\n2. https://www.cnblogs.com/LeouMaster/p/18509644\n3. https://www.dahuatech.com/\n4. https://pentest-tools.com/vulnerabilities-exploits/zhejiang-dahua-smart-cloud-gateway-registration-platform-sql-injection-cnvd-2024-38747_23762\n5. https://vulncheck.com/advisories/dahua-smart-cloud-gateway-sql-injection", "creation_timestamp": "2025-07-01T15:08:01.000000Z"}, {"uuid": "c3924085-5f78-42be-ab21-567ed98b294b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34050", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20056", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34050\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A\u00a0cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user\u2019s browser session, allow unauthorized changes to the device configuration without user interaction.\n\ud83d\udccf Published: 2025-07-01T14:42:57.143Z\n\ud83d\udccf Modified: 2025-07-01T14:42:57.143Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/40500\n2. https://avtech.com/\n3. https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\n4. https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\n5. https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "creation_timestamp": "2025-07-01T15:08:11.000000Z"}, {"uuid": "6d4089cb-35d3-47e3-82c2-50e6f7fc7185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34052", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20055", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34052\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: An unauthenticated information disclosure vulnerability exists in AVTECH IP cameras, DVRs, and NVRs via Machine.cgi?action=get_capability. Sensitive internal device information such as firmware version, MAC address, and codec support can be accessed without authentication.\n\ud83d\udccf Published: 2025-07-01T14:44:40.785Z\n\ud83d\udccf Modified: 2025-07-01T14:44:40.785Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/40500\n2. https://avtech.com/\n3. https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\n4. https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\n5. https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "creation_timestamp": "2025-07-01T15:08:10.000000Z"}, {"uuid": "954bb7e4-ad77-4b53-ad36-8adc7f4b47d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-34053", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20054", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34053\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function is used to identify \".cab\" requests, allowing any URL containing \".cab\" to bypass authentication and access protected endpoints.\n\ud83d\udccf Published: 2025-07-01T14:45:02.858Z\n\ud83d\udccf Modified: 2025-07-01T14:45:02.858Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/40500\n2. https://avtech.com/\n3. https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities\n4. https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH\n5. https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns", "creation_timestamp": "2025-07-01T15:08:09.000000Z"}]}