{"vulnerability": "CVE-2025-2782", "sightings": [{"uuid": "b462f295-919b-4fb1-990d-d6a4eaafe4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27825", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljthjrmts62e", "content": "", "creation_timestamp": "2025-03-08T02:19:49.848984Z"}, {"uuid": "2ad6a4ed-db4b-4fcb-acb2-8121966e29f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27820", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lo7tiuqd6c23", "content": "", "creation_timestamp": "2025-05-02T22:06:46.609505Z"}, {"uuid": "86d688f9-9fe4-4463-bb01-d15090766e6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27820", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114393098223959645", "content": "", "creation_timestamp": "2025-04-24T13:09:16.525404Z"}, {"uuid": "59814dc2-72a8-4b31-add3-8d7ae15f2fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27820", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnkt4x6vwwb2", "content": "", "creation_timestamp": "2025-04-24T14:16:47.282976Z"}, {"uuid": "1d6a9781-fcfc-4153-aa5e-eee756e84e6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27820", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnl2ovjrua2d", "content": "", "creation_timestamp": "2025-04-24T15:49:29.577874Z"}, {"uuid": "718ed8b4-6331-4930-9169-21da877d3144", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27824", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljthjqx4eo2f", "content": "", "creation_timestamp": "2025-03-08T02:19:47.769426Z"}, {"uuid": "d3900930-2da5-4038-9301-7cb634d1c968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27826", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljthjrao4226", "content": "", "creation_timestamp": "2025-03-08T02:19:49.028663Z"}, {"uuid": "ecbebafa-e66a-4ead-95d3-d1eadd31b9d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27822", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljthjr2wi42h", "content": "", "creation_timestamp": "2025-03-08T02:19:48.377090Z"}, {"uuid": "96bfe785-9429-45c5-ab14-180de231a85c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27821", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mdanqdssgv2m", "content": "", "creation_timestamp": "2026-01-25T11:45:18.305367Z"}, {"uuid": "bcc372a5-0eff-43b2-999b-a1e4b9366ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27828", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsekbeanrx2m", "content": "", "creation_timestamp": "2025-06-24T16:45:35.126686Z"}, {"uuid": "7a796ac3-4f9b-419c-9641-ec85846444b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27823", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-16T01:45:14.000000Z"}, {"uuid": "1ba9ee84-0010-4951-87ed-469f723861e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27826", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-16T01:45:14.000000Z"}, {"uuid": "aaebfab5-3eb4-4536-b16d-6dd73ed09abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27826", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-19T04:06:35.000000Z"}, {"uuid": "fe69f2ad-50c8-40bb-b93d-7e35e3186640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27823", "type": "seen", "source": "MISP/4d9e0694-2872-4bfc-8eee-f1ab846c5ab0", "content": "", "creation_timestamp": "2025-08-19T04:06:35.000000Z"}, {"uuid": "003a7a6c-ce6c-4453-84e1-b18b36c8709c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27821", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mdvrtrbvic27", "content": "", "creation_timestamp": "2026-02-02T21:24:42.261664Z"}, {"uuid": "ddd70998-94fc-4fe7-af11-87422f094087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27821", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3md4k5e2rnj26", "content": "", "creation_timestamp": "2026-01-23T20:30:20.298891Z"}, {"uuid": "cbaedb47-4bcf-4082-a09a-bfbd82aac92d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27821", "type": "seen", "source": "https://seclists.org/oss-sec/2026/q1/110", "content": "", "creation_timestamp": "2026-01-23T18:57:36.000000Z"}, {"uuid": "2b3fdc5e-435b-4a95-bdb5-bcf6a6bcd344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27821", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mdd3sz4y4u2p", "content": "", "creation_timestamp": "2026-01-26T11:02:39.458136Z"}, {"uuid": "f33b49cd-de50-4bc2-8d1c-ec89e839a38e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27821", "type": "seen", "source": "https://bsky.app/profile/cyberdudebivash.bsky.social/post/3mddf7olrrk2h", "content": "", "creation_timestamp": "2026-01-26T13:50:53.244761Z"}, {"uuid": "e3b23c06-9b4d-499b-8e17-e91e2d52f2c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27821", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mdgcex3pc52w", "content": "", "creation_timestamp": "2026-01-27T17:38:04.120230Z"}, {"uuid": "62e7a083-a1c4-4ea4-8166-ae9f268db11b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27820", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13216", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27820\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release\n\ud83d\udccf Published: 2025-04-24T11:44:25.986Z\n\ud83d\udccf Modified: 2025-04-24T11:44:25.986Z\n\ud83d\udd17 References:\n1. https://github.com/apache/httpcomponents-client/pull/574\n2. https://github.com/apache/httpcomponents-client/pull/621\n3. https://hc.apache.org/httpcomponents-client-5.4.x/index.html\n4. https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8", "creation_timestamp": "2025-04-24T12:06:25.000000Z"}, {"uuid": "fdefc272-0ce1-4180-96be-480280e9b569", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27822", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6895", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27822\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a \"Masquerade as admin\" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the \"Masquerade as user\" permission.\n\ud83d\udccf Published: 2025-03-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T22:29:21.287Z\n\ud83d\udd17 References:\n1. https://backdropcms.org/security/backdrop-sa-contrib-2025-006", "creation_timestamp": "2025-03-07T22:35:41.000000Z"}, {"uuid": "b0d16542-1e88-4e50-9b7c-0345ce3ea747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27826", "type": "seen", "source": "https://t.me/cvedetector/19865", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27826 - Backdrop CMS Bootstrap Lite XSS Injection\", \n  \"Content\": \"CVE ID : CVE-2025-27826 \nPublished : March 7, 2025, 10:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T00:58:46.000000Z"}, {"uuid": "11543512-6915-40ad-aa16-e8d3d411ec15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27825", "type": "seen", "source": "https://t.me/cvedetector/19864", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27825 - Backdrop CMS Bootstrap 5 Lite XSS Injection\", \n  \"Content\": \"CVE ID : CVE-2025-27825 \nPublished : March 7, 2025, 10:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T00:58:43.000000Z"}, {"uuid": "296a7190-3389-444c-9c02-338856e16c5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27824", "type": "seen", "source": "https://t.me/cvedetector/19863", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27824 - Backdrop CMS Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-27824 \nPublished : March 7, 2025, 10:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an iFrame field. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T00:58:42.000000Z"}, {"uuid": "9c165228-a564-46bb-987e-e505c1a8afe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27823", "type": "seen", "source": "https://t.me/cvedetector/19862", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27823 - Backdrop CMS Mail Disguise Module XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27823 \nPublished : March 7, 2025, 10:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Site Scripting (XSS) vulnerability. This is mitigated by the fact an attacker must be able to insert link () HTML elements containing data attributes into the page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T00:58:41.000000Z"}, {"uuid": "7927d30a-9e7d-46f0-a868-7c0f47dc4427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27822", "type": "seen", "source": "https://t.me/cvedetector/19868", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27822 - Backdrop CMS Masquerade Module Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27822 \nPublished : March 7, 2025, 10:15 p.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a \"Masquerade as admin\" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the \"Masquerade as user\" permission. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T00:58:49.000000Z"}, {"uuid": "814b2510-1ade-47b7-87a4-1dde3d67cef8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27824", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6892", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27824\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an iFrame field.\n\ud83d\udccf Published: 2025-03-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T22:30:26.688Z\n\ud83d\udd17 References:\n1. https://backdropcms.org/security/backdrop-sa-contrib-2025-003", "creation_timestamp": "2025-03-07T22:35:39.000000Z"}, {"uuid": "8309f660-c3b2-4cdc-8b97-4c59712b0211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27826", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6894", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27826\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.\n\ud83d\udccf Published: 2025-03-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T22:29:40.914Z\n\ud83d\udd17 References:\n1. https://backdropcms.org/security/backdrop-sa-core-2025-005", "creation_timestamp": "2025-03-07T22:35:41.000000Z"}, {"uuid": "6396bd84-39dc-477f-a4bf-d9a195f39b13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27829", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9961", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27829\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces. That could result in a denial of the multicast routing service on the firewall.\n\ud83d\udccf Published: 2025-04-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-01T16:43:52.611Z\n\ud83d\udd17 References:\n1. https://advisories.stormshield.eu/2025-002/", "creation_timestamp": "2025-04-01T17:32:43.000000Z"}, {"uuid": "1d86602f-4078-41fb-8ce7-7f39cd3cd524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27825", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6893", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27825\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.\n\ud83d\udccf Published: 2025-03-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T22:30:03.942Z\n\ud83d\udd17 References:\n1. https://backdropcms.org/security/backdrop-sa-contrib-2025-004", "creation_timestamp": "2025-03-07T22:35:40.000000Z"}, {"uuid": "36b89d84-9988-4a09-9e56-8132a9f57332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2782", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9643", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2782\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.\n\n\n\nThis issue affects Terminal Services Agent: from 12.0 through 12.10.\n\ud83d\udccf Published: 2025-03-28T22:24:47.152Z\n\ud83d\udccf Modified: 2025-03-31T13:24:07.246Z\n\ud83d\udd17 References:\n1. https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005", "creation_timestamp": "2025-03-31T13:31:18.000000Z"}, {"uuid": "c2f48e26-9432-436a-a694-aea83d0a6b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27828", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19344", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27828\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts with a limited impact on the confidentiality and the integrity.\n\ud83d\udccf Published: 2025-06-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-24T14:41:18.480Z\n\ud83d\udd17 References:\n1. https://www.mitel.com/support/security-advisories\n2. https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0003", "creation_timestamp": "2025-06-24T14:46:31.000000Z"}, {"uuid": "7062a188-422d-4400-beed-73971975ce1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27827", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19352", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27827\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker to access sensitive information, leading to unauthorized access to active chat rooms, reading chat data, and sending messages during an active chat session.\n\ud83d\udccf Published: 2025-06-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-24T14:17:10.225Z\n\ud83d\udd17 References:\n1. https://www.mitel.com/support/security-advisories\n2. https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0002-0", "creation_timestamp": "2025-06-24T14:46:44.000000Z"}, {"uuid": "9ecbfa3d-fe57-4a51-86fa-deb2fe5f4aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2782", "type": "seen", "source": "https://t.me/cvedetector/21492", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2782 - WatchGuard Terminal Services Agent Directory Permissions Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-2782 \nPublished : March 28, 2025, 11:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.  \n  \n  \n  \nThis issue affects Terminal Services Agent: from 12.0 through 12.10. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T02:07:17.000000Z"}, {"uuid": "d1baa705-134a-4969-9dac-42b023f2e2d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27820", "type": "seen", "source": "https://t.me/cvedetector/23670", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27820 - Apache HttpClient Domain Check Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27820 \nPublished : April 24, 2025, 12:15 p.m. | 16\u00a0minutes ago \nDescription : A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T14:44:11.000000Z"}, {"uuid": "b169fdd3-fe3b-4c86-a31e-564229640db0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27822", "type": "published-proof-of-concept", "source": "Telegram/_eDpAQjaVwA17w3Y5sBYHVYQe-wtpCg0af3TYkfxAg1BL6c", "content": "", "creation_timestamp": "2025-03-08T00:00:48.000000Z"}, {"uuid": "3a2b328e-7355-48af-924e-e0bc3327a5fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27829", "type": "seen", "source": "https://t.me/cvedetector/21775", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27829 - Stormshield Network Security Multicast Traffic Interruption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27829 \nPublished : April 1, 2025, 5:15 p.m. | 15\u00a0minutes ago \nDescription : An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces. That could result in a denial of the multicast routing service on the firewall. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T19:44:17.000000Z"}]}