{"vulnerability": "cve-2025-3799", "sightings": [{"uuid": "ef7d6776-a83c-466e-bc28-f8ec1a85908b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37990", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17026", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37990\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()\n\nThe function brcmf_usb_dl_writeimage() calls the function\nbrcmf_usb_dl_cmd() but dose not check its return value. The\n'state.state' and the 'state.bytes' are uninitialized if the\nfunction brcmf_usb_dl_cmd() fails. It is dangerous to use\nuninitialized variables in the conditions.\n\nAdd error handling for brcmf_usb_dl_cmd() to jump to error\nhandling path if the brcmf_usb_dl_cmd() fails and the\n'state.state' and the 'state.bytes' are uninitialized.\n\nImprove the error message to report more detailed error\ninformation.\n\ud83d\udccf Published: 2025-05-20T17:18:45.366Z\n\ud83d\udccf Modified: 2025-05-20T17:18:45.366Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/508be7c001437bacad7b9a43f08a723887bcd1ea\n2. https://git.kernel.org/stable/c/524b70441baba453b193c418e3142bd31059cc1f\n3. https://git.kernel.org/stable/c/08424a0922fb9e32a19b09d852ee87fb6c497538\n4. https://git.kernel.org/stable/c/bdb435ef9815b1ae28eefffa01c6959d0fcf1fa7\n5. https://git.kernel.org/stable/c/fa9b9f02212574ee1867fbefb0a675362a71b31d\n6. https://git.kernel.org/stable/c/8e089e7b585d95122c8122d732d1d5ef8f879396", "creation_timestamp": "2025-05-20T17:44:31.000000Z"}, {"uuid": "dccc9cf3-2bdd-49dd-98e7-071167bc63ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37993", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqcuoocksnn2", "content": "", "creation_timestamp": "2025-05-29T13:56:24.300935Z"}, {"uuid": "9f9b3f4d-8027-4654-b4e8-b513f666053b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37992", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq3i3ev3pjy2", "content": "", "creation_timestamp": "2025-05-26T15:23:16.121831Z"}, {"uuid": "a1c2067f-fd17-4947-b0b6-3b1ac27da60f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37992", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "1bae24a7-18a1-4ae6-a590-b2da97bf45f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3799", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12580", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3799\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.\n\ud83d\udccf Published: 2025-04-19T10:31:04.389Z\n\ud83d\udccf Modified: 2025-04-19T10:31:04.389Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.305652\n2. https://vuldb.com/?ctiid.305652\n3. https://vuldb.com/?submit.554697\n4. https://github.com/IceFoxH/VULN/issues/15", "creation_timestamp": "2025-04-19T11:02:05.000000Z"}, {"uuid": "9894d174-bf72-457c-b898-41ae78f90392", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37992", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17571", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37992\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Flush gso_skb list too during ->change()\n\nPreviously, when reducing a qdisc's limit via the ->change() operation, only\nthe main skb queue was trimmed, potentially leaving packets in the gso_skb\nlist. This could result in NULL pointer dereference when we only check\nsch->limit against sch->q.qlen.\n\nThis patch introduces a new helper, qdisc_dequeue_internal(), which ensures\nboth the gso_skb list and the main queue are properly flushed when trimming\nexcess packets. All relevant qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie)\nare updated to use this helper in their ->change() routines.\n\ud83d\udccf Published: 2025-05-26T14:54:15.796Z\n\ud83d\udccf Modified: 2025-05-26T14:54:15.796Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/d3336f746f196c6a53e0480923ae93939f047b6c\n2. https://git.kernel.org/stable/c/d38939ebe0d992d581acb6885c1723fa83c1fb2c\n3. https://git.kernel.org/stable/c/a7d6e0ac0a8861f6b1027488062251a8e28150fd\n4. https://git.kernel.org/stable/c/d1365ca80b012d8a7863e45949e413fb61fa4861\n5. https://git.kernel.org/stable/c/fe88c7e4fc2c1cd75a278a15ffbf1689efad4e76\n6. https://git.kernel.org/stable/c/2d3cbfd6d54a2c39ce3244f33f85c595844bd7b8", "creation_timestamp": "2025-05-26T15:47:09.000000Z"}, {"uuid": "1d768c5e-8dc5-44a8-b5ca-a87dfaca0c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37992", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq3qfvghnb2o", "content": "", "creation_timestamp": "2025-05-26T17:51:08.779871Z"}, {"uuid": "396e00e4-7da5-480b-9ccd-5b645a50bd4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37991", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lrbonca3vk2e", "content": "", "creation_timestamp": "2025-06-10T20:00:42.760097Z"}, {"uuid": "4f10de04-15f4-4c25-818c-908fe8e1f379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3799", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln65qefr2d2g", "content": "", "creation_timestamp": "2025-04-19T12:39:24.607359Z"}, {"uuid": "7a43409f-3a9f-4452-b94c-6e57a0c0b564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37999", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqcuf2yz4fn2", "content": "", "creation_timestamp": "2025-05-29T13:51:01.111779Z"}, {"uuid": "b71596f7-5939-453a-a0ec-67001b2c1504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37996", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lqcuf4h445n2", "content": "", "creation_timestamp": "2025-05-29T13:51:01.709521Z"}, {"uuid": "52bb3571-ba34-4a4e-993a-dfa77e9d7885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37994", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lqcuf73iwm22", "content": "", "creation_timestamp": "2025-05-29T13:51:02.518937Z"}, {"uuid": "dc225989-c129-4146-aa3b-2293d95d2f98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37998", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqcufagmdgn2", "content": "", "creation_timestamp": "2025-05-29T13:51:03.121458Z"}, {"uuid": "38ea7f87-99e0-412c-a077-38280e46a2cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37995", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqcufdfi52n2", "content": "", "creation_timestamp": "2025-05-29T13:51:12.329293Z"}, {"uuid": "b091921a-a881-4d29-8964-83e40f9fedfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37997", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqcufrxc6u32", "content": "", "creation_timestamp": "2025-05-29T13:51:54.582385Z"}, {"uuid": "da4805d4-eef6-4f82-96b4-f7485ab78f74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37992", "type": "seen", "source": "https://gist.github.com/Darkcrai86/7af208503f0b241893248339e3c341bc", "content": "", "creation_timestamp": "2025-08-28T17:44:02.000000Z"}, {"uuid": "3b693308-b80d-40bd-921b-40dd4e7c5d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3799", "type": "seen", "source": "https://t.me/cvedetector/23382", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3799 - WordPress CMS SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3799 \nPublished : April 19, 2025, 11:15 a.m. | 1\u00a0hour, 35\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T15:09:00.000000Z"}, {"uuid": "14cc25b3-fbd4-4617-b95d-0e9bc9d0a1a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3799", "type": "published-proof-of-concept", "source": "Telegram/aQjCu2eev9i-ft2FlOvbZKQLLyqFs5R9j7h3CcERvr2hOPQ", "content": "", "creation_timestamp": "2025-04-19T13:30:16.000000Z"}]}