{"vulnerability": "CVE-2025-12358", "sightings": [{"uuid": "a99c238b-ab40-4fe3-833f-13ddd80ab88c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12358", "type": "seen", "source": "https://gist.github.com/Darkcrai86/9826f9448c9eb1deb826741a5a90e5f2", "content": "", "creation_timestamp": "2025-12-03T14:25:59.000000Z"}, {"uuid": "b0404179-b205-402d-9a6f-2e374a32d78a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12358", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m73wfl2eod2k", "content": "", "creation_timestamp": "2025-12-03T16:56:14.841516Z"}, {"uuid": "c15e9269-0f92-44cf-9af3-185663e3eb3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12358", "type": "seen", "source": "https://t.me/NinjaSec/299", "content": "Code execution, and bypass vulnerabilities \u2014 for educational purposes only:\n\n\n1. CVE-2025-47241 \u2013 Whitelist bypass in Browser Use tool (CVSS 9.3)\n2. CVE-2025-25014 \u2013 Prototype pollution in Kibana (CVSS 9.1)\n3. CVE-2025-29927 \u2013 Next.js middleware authorization bypass (CVSS 9.1)\n4. CVE-2025-24813 \u2013 Apache Tomcat path traversal RCE (Critical)\n5. CVE-2025-2783 \u2013 Chrome Mojo use-after-free (High)\n6. CVE-2025-2636 \u2013 WordPress InstaWP plugin LFI (High)\n7. CVE-2025-2505 \u2013 WordPress Age Gate plugin LFI (High)\n8. CVE-2025-2746 \u2013 Kentico CMS auth bypass (CVSS 9.8)\n9. CVE-2025-2747 \u2013 Kentico CMS staging sync auth bypass (CVSS 9.8)\n10. CVE-2025-3066 \u2013 Chrome Site Isolation use-after-free (High)\n11. CVE-2025-46728 \u2013 cpp-httplib DoS vulnerability\n12. CVE-2025-12345 \u2013 Buffer overflow in XYZ app (CVSS 9.0)\n13. CVE-2025-12346 \u2013 SQL injection in ABC web app (CVSS 8.5)\n14. CVE-2025-12347 \u2013 XSS in DEF platform (CVSS 7.8)\n15. CVE-2025-12348 \u2013 Auth bypass in GHI system (CVSS 9.2)\n16. CVE-2025-12349 \u2013 RCE in JKL service via crafted packets (CVSS 9.5)\n17. CVE-2025-12350 \u2013 Privilege escalation in MNO app (CVSS 8.7)\n18. CVE-2025-12351 \u2013 Info disclosure in PQR system (CVSS 7.5)\n19. CVE-2025-12352 \u2013 DoS in STU server (CVSS 6.8)\n20. CVE-2025-12353 \u2013 Directory traversal in VWX app (CVSS 8.0)\n21. CVE-2025-12354 \u2013 Command injection in YZA tool (CVSS 9.1)\n22. CVE-2025-12355 \u2013 Insecure deserialization in BCD lib (CVSS 9.3)\n23. CVE-2025-12356 \u2013 CSRF in EFG portal (CVSS 7.2)\n24. CVE-2025-12357 \u2013 Memory corruption in HIJ driver (CVSS 8.9)\n25. CVE-2025-12358 \u2013 Improper auth in KLM API (CVSS 9.0)\n\n#HackersFactory", "creation_timestamp": "2025-05-07T15:48:27.000000Z"}]}