{"vulnerability": "cve-2025-4561", "sightings": [{"uuid": "dc15fcd0-433b-4a17-b742-c36f4af26667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4561", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loxlijcoik2o", "content": "", "creation_timestamp": "2025-05-12T08:47:17.507081Z"}, {"uuid": "a2b91aab-1989-4e22-841c-f46d78b16b63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45617", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14959", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45617\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:14:08.047Z\n\ud83d\udd17 References:\n1. https://github.com/megagao/production_ssm/issues/33", "creation_timestamp": "2025-05-05T19:20:17.000000Z"}, {"uuid": "285e09e8-da10-45aa-81a5-f4b8d2983a95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45610", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14966", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45610\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:13:59.135Z\n\ud83d\udd17 References:\n1. https://github.com/Jackson0714/PassJava-Platform/issues/48", "creation_timestamp": "2025-05-05T19:20:25.000000Z"}, {"uuid": "ccfce939-f51d-4d36-aecd-d68965f871dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45611", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14965", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45611\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:14:03.609Z\n\ud83d\udd17 References:\n1. https://github.com/java-aodeng/hope-boot/issues/86", "creation_timestamp": "2025-05-05T19:20:24.000000Z"}, {"uuid": "4381b92b-320f-42e0-b7c4-b7b66423f41b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45612", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14964", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45612\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:14:04.321Z\n\ud83d\udd17 References:\n1. https://github.com/Exrick/xmall/issues/96", "creation_timestamp": "2025-05-05T19:20:23.000000Z"}, {"uuid": "5ff7ac62-47ef-4d54-a3a9-15d21bfc31dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45615", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14961", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45615\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:14:06.618Z\n\ud83d\udd17 References:\n1. https://github.com/user-xiangpeng/yaoqishan/issues/29", "creation_timestamp": "2025-05-05T19:20:20.000000Z"}, {"uuid": "173082a8-45ca-4aaf-b263-357de92a1c2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45613", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14963", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45613\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:14:05.423Z\n\ud83d\udd17 References:\n1. https://github.com/zhaojun1998/Shiro-Action/issues/24", "creation_timestamp": "2025-05-05T19:20:22.000000Z"}, {"uuid": "7727b288-ff53-4398-8da1-c0fdc701b508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45614", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14962", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45614\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:14:06.022Z\n\ud83d\udd17 References:\n1. https://github.com/lcw2004/one/issues/44", "creation_timestamp": "2025-05-05T19:20:21.000000Z"}, {"uuid": "798e6b0f-0376-4c6c-98dd-4480727fcb6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45616", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14960", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45616\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:14:07.221Z\n\ud83d\udd17 References:\n1. https://github.com/baidu/brcc/issues/194", "creation_timestamp": "2025-05-05T19:20:19.000000Z"}, {"uuid": "e0382cfe-41be-405e-a06b-2774f849cdab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45610", "type": "seen", "source": "https://t.me/cvedetector/24509", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-45610 - PassJava-Platform Blind File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-45610 \nPublished : May 5, 2025, 8:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T00:15:21.000000Z"}, {"uuid": "66fa83d0-1145-4e74-b432-076aab556861", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45618", "type": "seen", "source": "https://t.me/cvedetector/24508", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-45618 - Jeeweb Mybatis Springboot Unauthenticated Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-45618 \nPublished : May 5, 2025, 8:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T00:15:20.000000Z"}, {"uuid": "76520147-4415-4bcc-8d7a-e67aa7789d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45615", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loi2npw4fq2o", "content": "", "creation_timestamp": "2025-05-06T04:36:06.938051Z"}, {"uuid": "8c9d8793-9584-4ede-b694-87787bcce4b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45616", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loi2ntftjh2l", "content": "", "creation_timestamp": "2025-05-06T04:36:07.567000Z"}, {"uuid": "781be6cf-349c-42a7-a596-b020d763cc94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45615", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3loidsy3c722h", "content": "", "creation_timestamp": "2025-05-06T07:20:02.956173Z"}, {"uuid": "32d65240-7488-45c3-b368-11fb4f22ebf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45618", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14958", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-45618\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload.\n\ud83d\udccf Published: 2025-05-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T19:14:08.916Z\n\ud83d\udd17 References:\n1. https://github.com/huangjian888/jeeweb-mybatis-springboot/issues/31", "creation_timestamp": "2025-05-05T19:20:16.000000Z"}, {"uuid": "7dd9fcbc-4e2f-47c0-9cf7-06b78be4ca71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4561", "type": "seen", "source": "https://t.me/cvedetector/25066", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4561 - KingFor KFOX Arbitrary File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4561 \nPublished : May 12, 2025, 7:15 a.m. | 56\u00a0minutes ago \nDescription : The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T10:15:35.000000Z"}, {"uuid": "36acd4fa-0c00-4589-bd3d-1a230f890391", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4561", "type": "seen", "source": "Telegram/hf3DUPSAlOD-vjxtu76L1HF_0z3-XAn2qRcWTPjb16_eBRU", "content": "", "creation_timestamp": "2025-05-12T09:30:52.000000Z"}, {"uuid": "18c5dc29-69db-4852-badb-2ee3f9efe4f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45612", "type": "seen", "source": "https://t.me/cvedetector/24511", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-45612 - Xmall Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-45612 \nPublished : May 5, 2025, 8:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T00:15:25.000000Z"}, {"uuid": "cbb7d55d-65f7-47e4-9a2c-5ded644453e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45611", "type": "seen", "source": "https://t.me/cvedetector/24512", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-45611 - Hope-Boot Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-45611 \nPublished : May 5, 2025, 8:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T00:15:26.000000Z"}, {"uuid": "1483829d-3bfa-4e50-9cb0-694452b3f55f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45613", "type": "seen", "source": "https://t.me/cvedetector/24513", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-45613 - Shiro-Action Unsecured Data Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-45613 \nPublished : May 5, 2025, 8:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T00:15:27.000000Z"}, {"uuid": "8c8caac1-3dcf-4126-8cac-9aa74de831f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45614", "type": "seen", "source": "https://t.me/cvedetector/24514", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-45614 - One API User Manager Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-45614 \nPublished : May 5, 2025, 8:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T00:15:28.000000Z"}, {"uuid": "a9699898-9fb5-423c-ab42-83ef347ec84e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-45615", "type": "seen", "source": "https://t.me/cvedetector/24515", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-45615 - Yaoqishan Unauthenticated Administrative Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-45615 \nPublished : May 5, 2025, 8:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T00:15:29.000000Z"}]}