{"vulnerability": "CVE-2025-2810", "sightings": [{"uuid": "83590184-a82d-4440-a0bd-d202cf4a9afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28101", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmzrqzvpxp2y", "content": "", "creation_timestamp": "2025-04-17T18:54:30.171590Z"}, {"uuid": "56ef124a-0bc3-4772-964b-b1bf34ce2eb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28100", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmuqal4bdg2q", "content": "", "creation_timestamp": "2025-04-15T18:44:01.054764Z"}, {"uuid": "54bf84d1-0c4a-4a23-bcef-33032c086d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28104", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12717", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28104\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.\n\ud83d\udccf Published: 2025-04-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T17:18:42.239Z\n\ud83d\udd17 References:\n1. https://github.com/DogukanUrker/flaskBlog/issues/130\n2. https://gist.github.com/coleak2021/d5fea0f7d32a2de38130da089f4fb735", "creation_timestamp": "2025-04-21T18:02:37.000000Z"}, {"uuid": "afe07a8a-68c1-4f30-91c7-4f76ba9e2415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28102", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lne2lunfv72g", "content": "", "creation_timestamp": "2025-04-21T20:59:12.163130Z"}, {"uuid": "f7fab9cd-dc46-4773-ae13-11e3529517f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28104", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lne2luqwlp2b", "content": "", "creation_timestamp": "2025-04-21T20:59:12.825681Z"}, {"uuid": "f6709c9a-c7a8-4ab2-9800-28da717584fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28103", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lne2luutzx2l", "content": "", "creation_timestamp": "2025-04-21T20:59:13.506513Z"}, {"uuid": "8163cddb-07c1-40b5-b2f1-04c63fd81d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2810", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lvnltulmat2p", "content": "", "creation_timestamp": "2025-08-05T11:23:22.355574Z"}, {"uuid": "06fae8ba-eb7a-4b9a-b92b-d34244828bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2810", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/114976786415928187", "content": "", "creation_timestamp": "2025-08-05T15:08:51.574445Z"}, {"uuid": "11e02534-0638-4fcf-bbac-9dc7f2305424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2810", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3lvnyi4v5ojc2", "content": "", "creation_timestamp": "2025-08-05T15:11:50.780277Z"}, {"uuid": "3f1ad748-9b15-484a-8fb3-9252a524d996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28102", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12720", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28102\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.\n\ud83d\udccf Published: 2025-04-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T17:07:27.706Z\n\ud83d\udd17 References:\n1. https://github.com/DogukanUrker/flaskBlog/issues/130\n2. https://gist.github.com/coleak2021/edbd6e0766227ee96a7a4601e50773eb", "creation_timestamp": "2025-04-21T18:02:41.000000Z"}, {"uuid": "e34dae22-2084-412c-b28f-17fd6356b326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28100", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28100\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the \"operateOrder.php\" id parameter.\n\ud83d\udccf Published: 2025-04-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-15T17:46:31.802Z\n\ud83d\udd17 References:\n1. https://github.com/gh3-dk/vul/blob/main/sql%20injection/dingfanzu/dingfanzu-CMS%20operateOrder.php%20id%20SQL-inject.md", "creation_timestamp": "2025-04-15T17:55:34.000000Z"}, {"uuid": "3b1c4ab0-4734-43c0-95ee-30038192918f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28101", "type": "seen", "source": "https://t.me/cvedetector/23269", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28101 - FlaskBlog File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28101 \nPublished : April 17, 2025, 6:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T23:01:08.000000Z"}, {"uuid": "24f0adfb-8c0f-4c70-9f59-e624bb8f8330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28103", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12719", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28103\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.\n\ud83d\udccf Published: 2025-04-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T17:13:58.265Z\n\ud83d\udd17 References:\n1. https://github.com/DogukanUrker/flaskBlog/issues/130\n2. https://gist.github.com/coleak2021/77895b7a7b335ae17eb57390f4a94917", "creation_timestamp": "2025-04-21T18:02:40.000000Z"}, {"uuid": "d8542a14-8106-4373-b5c0-1905c30649f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28104", "type": "seen", "source": "https://t.me/cvedetector/23459", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28104 - LaskBlog Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-28104 \nPublished : April 21, 2025, 6:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T22:20:11.000000Z"}, {"uuid": "940fc741-73c0-464e-97d4-0e45cfd46aae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28103", "type": "seen", "source": "https://t.me/cvedetector/23458", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28103 - LaskBlog Arbitrary Account Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28103 \nPublished : April 21, 2025, 6:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T22:20:11.000000Z"}, {"uuid": "e49eab15-d44d-4648-9181-0d0e2850b929", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28102", "type": "seen", "source": "https://t.me/cvedetector/23449", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28102 - FlaskBlog XSS\", \n  \"Content\": \"CVE ID : CVE-2025-28102 \nPublished : April 21, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T19:49:34.000000Z"}, {"uuid": "0c07e778-8b15-4352-81d5-88b9fb31e305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28100", "type": "seen", "source": "https://t.me/cvedetector/22987", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28100 - DingfanzuCMS SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-28100 \nPublished : April 15, 2025, 6:15 p.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the \"operateOrder.php\" id parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T21:37:49.000000Z"}]}