{"vulnerability": "cve-2025-4671", "sightings": [{"uuid": "a958fb27-480b-41ec-a0d7-6e726c80e512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46713", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprg5jeozv2y", "content": "", "creation_timestamp": "2025-05-22T15:20:52.848215Z"}, {"uuid": "9aef5e22-17a9-49bf-b206-19204f284dd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46714", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprgg554xs2e", "content": "", "creation_timestamp": "2025-05-22T15:25:42.012318Z"}, {"uuid": "d7643a81-1e14-4d6b-b772-b0188c881b49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4671", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqpbj44u5hy2", "content": "", "creation_timestamp": "2025-06-03T12:17:48.587305Z"}, {"uuid": "275107c5-07f5-47de-b578-1a022526eab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46719", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loh6qrlszb24", "content": "", "creation_timestamp": "2025-05-05T20:16:45.571101Z"}, {"uuid": "68874d38-bedf-4d2d-ba7c-8b16af985f43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4671", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqpnmnywcd2r", "content": "", "creation_timestamp": "2025-06-03T15:54:29.396684Z"}, {"uuid": "8517b37f-e43d-4cda-a8af-2fb39c30a5b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46712", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3looojsph26b2", "content": "", "creation_timestamp": "2025-05-08T19:48:27.688142Z"}, {"uuid": "7d94646b-8e82-428b-80bb-b3e4d3dd685a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46712", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3looxq2o4yr2h", "content": "", "creation_timestamp": "2025-05-08T22:32:20.275162Z"}, {"uuid": "7de9e6a8-030d-438f-a749-115539dc984f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46711", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lzgpzwyvw72o", "content": "", "creation_timestamp": "2025-09-22T15:30:29.508672Z"}, {"uuid": "3d35455b-d868-43f4-a658-a471c308a8f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46717", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16062", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46717\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list `. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability.\n\ud83d\udccf Published: 2025-05-12T14:52:55.408Z\n\ud83d\udccf Modified: 2025-05-12T22:06:55.312Z\n\ud83d\udd17 References:\n1. https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-98cv-wqjx-wx8f\n2. https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6", "creation_timestamp": "2025-05-12T22:29:13.000000Z"}, {"uuid": "4946272d-90ba-4142-b0e6-7d32e9448443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46714", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17293", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46714\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue.\n\ud83d\udccf Published: 2025-05-22T12:27:57.002Z\n\ud83d\udccf Modified: 2025-05-22T14:21:10.879Z\n\ud83d\udd17 References:\n1. https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-c5h5-54gp-xh4q", "creation_timestamp": "2025-05-22T14:44:21.000000Z"}, {"uuid": "bec352dc-3df7-4417-a0c6-11787dc5c0d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46719", "type": "seen", "source": "https://t.me/cvedetector/24477", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46719 - Open WebUI JavaScript Injection and Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46719 \nPublished : May 5, 2025, 7:15 p.m. | 20\u00a0minutes ago \nDescription : Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be executed in the user's browser every time that chat transcript is opened, allowing attackers to retrieve the user's access token and gain full control over their account. Chat transcripts can be shared with other users in the same server, or with the whole open-webui community if \"Enable Community Sharing\" is enabled in the admin panel. If this exploit is used against an admin user, it is possible to achieve Remote Code Execution on the server where the open-webui backend is hosted. This can be done by creating a new function which contains malicious python code. This vulnerability also affects chat transcripts uploaded to ``, allowing for wormable stored XSS in https[:]//openwebui[.]com. Version 0.6.6 contains a patch for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-05T21:44:13.000000Z"}, {"uuid": "c9d10b74-80a7-4830-8efd-330f9d336ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46718", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16063", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46718\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.\n\ud83d\udccf Published: 2025-05-12T14:54:24.925Z\n\ud83d\udccf Modified: 2025-05-12T22:06:49.474Z\n\ud83d\udd17 References:\n1. https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r\n2. https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6", "creation_timestamp": "2025-05-12T22:29:14.000000Z"}, {"uuid": "4664cb29-9c6b-47dc-98f1-90d42d2ded84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46712", "type": "seen", "source": "https://t.me/cvedetector/24867", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46712 - Erlang/OTP SSH Man-in-the-Middle Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46712 \nPublished : May 8, 2025, 8:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25). \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T00:19:03.000000Z"}, {"uuid": "c1ce604c-32c4-4835-a40b-d64d8ff9fc8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46712", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15613", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46712\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).\n\ud83d\udccf Published: 2025-05-08T19:26:27.563Z\n\ud83d\udccf Modified: 2025-05-08T20:03:27.225Z\n\ud83d\udd17 References:\n1. https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf\n2. https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21\n3. https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12\n4. https://github.com/erlang/otp/releases/tag/OTP-27.3.4", "creation_timestamp": "2025-05-08T20:23:54.000000Z"}, {"uuid": "0096d671-7bfd-4309-b09e-b784b78e6173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46710", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18438", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46710\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Possible kernel exceptions caused by reading and writing kernel heap data after free.\n\ud83d\udccf Published: 2025-06-16T11:13:19.232Z\n\ud83d\udccf Modified: 2025-06-16T11:13:19.232Z\n\ud83d\udd17 References:\n1. https://www.imaginationtech.com/gpu-driver-vulnerabilities/", "creation_timestamp": "2025-06-16T11:39:54.000000Z"}, {"uuid": "31316f05-bcd5-4f42-9441-54ea61bc9118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46718", "type": "seen", "source": "https://t.me/cvedetector/25082", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46718 - \"sudo-rs Sudo Privilege Listing Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-46718 \nPublished : May 12, 2025, 3:16 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability. \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T18:37:13.000000Z"}, {"uuid": "d9cba642-4194-4fd0-9121-1f11f1dd00b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46717", "type": "seen", "source": "https://t.me/cvedetector/25084", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46717 - \"Sudo-rs Path Traversal Information Disclosure\"\", \n  \"Content\": \"CVE ID : CVE-2025-46717 \nPublished : May 12, 2025, 3:16 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list `. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability. \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T18:37:15.000000Z"}]}