{"vulnerability": "cve-2025-4729", "sightings": [{"uuid": "f7fdca35-b120-442f-b161-6587e3304baf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47292", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16302", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47292\n\ud83d\udd25 CVSS Score: 9.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.\n\ud83d\udccf Published: 2025-05-14T10:44:28.478Z\n\ud83d\udccf Modified: 2025-05-14T10:44:28.478Z\n\ud83d\udd17 References:\n1. https://github.com/cap-collectif/cap-collectif/security/advisories/GHSA-hf7r-rjh4-5fc8\n2. https://github.com/cap-collectif/cap-collectif/commit/812f2a7d271b76deab1175bdaf2be0b8102dd198", "creation_timestamp": "2025-05-14T11:31:27.000000Z"}, {"uuid": "1ab6d060-ae36-43e3-9271-0ab34e932453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47298", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15037", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47298\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: N/A\n\ud83d\udccf Modified: 2025-05-06T02:55:07.675Z\n\ud83d\udd17 References:\nNo references available.", "creation_timestamp": "2025-05-06T03:20:02.000000Z"}, {"uuid": "75f7638c-f9d3-4f8f-b610-5bae4846d0dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47297", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15036", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47297\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: N/A\n\ud83d\udccf Modified: 2025-05-06T02:55:08.181Z\n\ud83d\udd17 References:\nNo references available.", "creation_timestamp": "2025-05-06T03:20:01.000000Z"}, {"uuid": "ca7ed9c0-e1f7-423c-8f71-89ed60a0bae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47296", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15035", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47296\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: N/A\n\ud83d\udccf Modified: 2025-05-06T02:55:08.653Z\n\ud83d\udd17 References:\nNo references available.", "creation_timestamp": "2025-05-06T03:20:00.000000Z"}, {"uuid": "4baacfaa-df45-48ef-a44c-f000a2d9589c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47293", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18881", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47293\n\ud83d\udd25 CVSS Score: 2.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive files on the system. The vulnerable class is com.powsybl.commons.xml.XmlReader which is considered to be untrusted in use cases where untrusted users can submit their XML to the vulnerable methods. This can be a multi-tenant application that hosts many different users perhaps with different privilege levels. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.\n\ud83d\udccf Published: 2025-06-19T21:35:40.992Z\n\ud83d\udccf Modified: 2025-06-19T21:35:40.992Z\n\ud83d\udd17 References:\n1. https://github.com/powsybl/powsybl-core/security/advisories/GHSA-qpj9-qcwx-8jv2\n2. https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc\n3. https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2", "creation_timestamp": "2025-06-19T21:44:47.000000Z"}, {"uuid": "a7a6afe1-6da7-44ad-97d2-3721faeb0b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47293", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrypwr7obe2o", "content": "", "creation_timestamp": "2025-06-19T23:55:07.689740Z"}, {"uuid": "e16b6a5a-fac4-42fb-8098-477d12c57fba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47290", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114541619532659321", "content": "", "creation_timestamp": "2025-05-20T18:40:13.173399Z"}, {"uuid": "857936c3-3d95-461d-be91-a5eec457c7cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47296", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loiajnajsf2h", "content": "", "creation_timestamp": "2025-05-06T06:21:08.500114Z"}, {"uuid": "c5501a71-4e47-48e6-9410-f614d1878e43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47298", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loiajnvxz22e", "content": "", "creation_timestamp": "2025-05-06T06:21:11.822013Z"}, {"uuid": "f6f2b2dc-470a-49f0-b0e8-5784ad92caf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47299", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loiajolm6m2h", "content": "", "creation_timestamp": "2025-05-06T06:21:15.124522Z"}, {"uuid": "3eae91a2-18aa-4c89-889e-756ea384efc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47297", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loiajosack2e", "content": "", "creation_timestamp": "2025-05-06T06:21:16.247648Z"}, {"uuid": "a5e307db-4c53-4f34-b210-9366b61e7101", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47292", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp52pf37562o", "content": "", "creation_timestamp": "2025-05-14T13:02:52.696603Z"}, {"uuid": "4f98f7b4-05eb-410e-8267-6745a91253fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47295", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq7rdimvs2c2", "content": "", "creation_timestamp": "2025-05-28T08:19:12.131332Z"}, {"uuid": "4a082104-7c6c-4a46-aa7d-c6ad3b5137a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47290", "type": "seen", "source": "https://bsky.app/profile/bentheelder.bsky.social/post/3lpniot27bs2r", "content": "", "creation_timestamp": "2025-05-21T01:55:42.735644Z"}, {"uuid": "fd6f43bc-c371-4e76-9685-8c23dd1685a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47294", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq7xi3f7cw2q", "content": "", "creation_timestamp": "2025-05-28T10:08:17.343749Z"}, {"uuid": "725f02f1-97c4-46c7-a221-ff0304c5ee8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47292", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp4twxknlqp2", "content": "", "creation_timestamp": "2025-05-14T11:02:17.162829Z"}, {"uuid": "11d0689e-81a2-4b73-a860-f0a3f3ef8390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4729", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16590", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4729\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-15T23:31:06.917Z\n\ud83d\udccf Modified: 2025-05-15T23:31:06.917Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309031\n2. https://vuldb.com/?ctiid.309031\n3. https://vuldb.com/?submit.570686\n4. https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/2.md\n5. https://www.totolink.net/", "creation_timestamp": "2025-05-16T00:34:19.000000Z"}, {"uuid": "61e87883-eee2-487e-9eda-29d4c2a07836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47291", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17158", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47291\n\ud83d\udd25 CVSS Score: 4.6 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.\n\ud83d\udccf Published: 2025-05-21T17:26:31.141Z\n\ud83d\udccf Modified: 2025-05-21T17:26:31.141Z\n\ud83d\udd17 References:\n1. https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff", "creation_timestamp": "2025-05-21T17:43:13.000000Z"}, {"uuid": "4d5719fd-d3be-4d10-88ab-ded6c36b7a5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47296", "type": "seen", "source": "https://t.me/cvedetector/24555", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-47296 - Apache HTTP Server Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-47296 \nPublished : May 6, 2025, 4:16 a.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : Rejected reason: Not used \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T08:37:28.000000Z"}, {"uuid": "8e183ee8-593a-4a40-a295-459cf65da956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47291", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lppk5ldyeq2p", "content": "", "creation_timestamp": "2025-05-21T21:27:10.699648Z"}, {"uuid": "25847eee-ebf4-473e-96ee-17e7580e63e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47290", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lpq2g3g3uw2u", "content": "", "creation_timestamp": "2025-05-22T02:18:16.122328Z"}, {"uuid": "4d8af45b-9dd2-420a-9f48-82d2b994ca84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47294", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq7rdf5gfvc2", "content": "", "creation_timestamp": "2025-05-28T08:19:11.036829Z"}, {"uuid": "bd2964e6-baa6-42da-ab48-7265f30dae01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47295", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq7x74szie2m", "content": "", "creation_timestamp": "2025-05-28T10:03:16.753518Z"}]}