{"vulnerability": "cve-2025-3956", "sightings": [{"uuid": "1bc69407-7cdc-4f24-9502-fd601cb219e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39568", "type": "seen", "source": "https://t.me/cvedetector/23262", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-39568 - Arture B.V. StoreContrl Woocommerce Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-39568 \nPublished : April 17, 2025, 4:15 p.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T20:30:37.000000Z"}, {"uuid": "16795d0b-d690-4f63-97ec-afde1f7fa613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39569", "type": "seen", "source": "https://t.me/cvedetector/23261", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-39569 - Taskbuilder SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-39569 \nPublished : April 17, 2025, 4:15 p.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T20:30:36.000000Z"}, {"uuid": "f73dc023-7be0-41ca-8286-c8b281fcd672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39567", "type": "seen", "source": "https://t.me/cvedetector/23260", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-39567 - Shamalli Web Directory Free Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-39567 \nPublished : April 17, 2025, 4:15 p.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T20:30:35.000000Z"}, {"uuid": "726074d3-55e3-43d5-9ca5-fe3a706bac3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3956", "type": "seen", "source": "https://t.me/cvedetector/23828", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3956 - Novel-Cloud SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3956 \nPublished : April 27, 2025, 4:15 a.m. | 2\u00a0hours, 1\u00a0minute ago \nDescription : A vulnerability has been found in 201206030 novel-cloud 1.4.0 and classified as critical. This vulnerability affects the function RestResp of the file novel-cloud-master/novel-book/novel-book-service/src/main/resources/mapper/BookInfoMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-27T08:48:01.000000Z"}, {"uuid": "666feacc-28ae-40df-9365-0a9e60117dc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39569", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114354325535934214", "content": "", "creation_timestamp": "2025-04-17T16:48:53.975779Z"}, {"uuid": "66ce2f80-f9c8-496f-be92-e82e118f612b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39569", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmzq3cov3l2d", "content": "", "creation_timestamp": "2025-04-17T18:24:22.172857Z"}, {"uuid": "35567929-84d1-4e19-a3ac-3ce017ef8973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3956", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnrgaofmfzk2", "content": "", "creation_timestamp": "2025-04-27T04:40:03.382202Z"}, {"uuid": "021d3b53-f929-4684-8b75-25e15a9e4254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3956", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnrqikqn672a", "content": "", "creation_timestamp": "2025-04-27T07:35:38.895132Z"}, {"uuid": "fa886506-9c7f-42ed-b04e-90fcf2b723d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39561", "type": "published-proof-of-concept", "source": "Telegram/enKzt3bxSKd8zB2DxOAdSs1JHzkbkyRgEfAWm4z9IF02rbM", "content": "", "creation_timestamp": "2026-01-05T18:04:56.000000Z"}, {"uuid": "064b88f2-ec55-4ee3-8cc6-e5a051ad1e04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3956", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13603", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3956\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in 201206030 novel-cloud 1.4.0 and classified as critical. This vulnerability affects the function RestResp of the file novel-cloud-master/novel-book/novel-book-service/src/main/resources/mapper/BookInfoMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-04-27T03:00:05.886Z\n\ud83d\udccf Modified: 2025-04-27T03:00:05.886Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.306292\n2. https://vuldb.com/?ctiid.306292\n3. https://vuldb.com/?submit.557055\n4. https://github.com/Fc04dB/novel-cloud-vul/blob/main/navol-cloud-vul.md", "creation_timestamp": "2025-04-27T04:09:13.000000Z"}, {"uuid": "e27f94d1-6459-48df-a88f-56cfcb1d076c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39565", "type": "seen", "source": "Telegram/DpyuY30DJ1pr5lpZ1TsoyLIWT-1QQs66jLQv08yWDwU2R9I", "content": "", "creation_timestamp": "2026-04-01T21:29:56.000000Z"}, {"uuid": "4a79c320-c222-4eab-85cb-8872fa1a762e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39566", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12021", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39566\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Hostel allows Blind SQL Injection. This issue affects Hostel: from n/a through 1.1.5.6.\n\ud83d\udccf Published: 2025-04-16T12:44:31.129Z\n\ud83d\udccf Modified: 2025-04-16T12:44:31.129Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/hostel/vulnerability/wordpress-hostel-1-1-5-6-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-16T12:56:46.000000Z"}, {"uuid": "2bc954fb-eee3-44d8-9d39-f7f1b5057933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-39565", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12020", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-39565\n\ud83d\udd25 CVSS Score: 6.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security allows Object Injection. This issue affects MelaPress Login Security: from n/a through 2.1.0.\n\ud83d\udccf Published: 2025-04-16T12:44:31.718Z\n\ud83d\udccf Modified: 2025-04-16T12:44:31.718Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/melapress-login-security/vulnerability/wordpress-melapress-login-security-2-1-0-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-16T12:56:45.000000Z"}]}