{"vulnerability": "CVE-2025-2915", "sightings": [{"uuid": "131a2177-5c04-472b-a24f-9dc3dcfa07b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29150", "type": "seen", "source": "https://gist.github.com/electroN1chahaha/054a1af22157aa3010e89b3103ad7b9a", "content": "", "creation_timestamp": "2025-04-10T14:02:19.000000Z"}, {"uuid": "09eda081-3b6c-48da-ace6-b588a7a23bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29150", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhta5d4oi2r", "content": "", "creation_timestamp": "2025-04-10T15:32:55.606758Z"}, {"uuid": "63c7cde6-cf05-4a39-bc00-7bab9ce40663", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29155", "type": "seen", "source": "https://gist.github.com/Darkcrai86/6ae68b66574742b1528fc0002a7b60fc", "content": "", "creation_timestamp": "2025-09-25T19:10:40.000000Z"}, {"uuid": "ced018f8-7720-4c12-a6d8-f0e2f2ffceac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2915", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9411", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2915\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-28T17:00:08.968Z\n\ud83d\udccf Modified: 2025-03-28T17:00:08.968Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.301888\n2. https://vuldb.com/?ctiid.301888\n3. https://vuldb.com/?submit.520899\n4. https://github.com/HDFGroup/hdf5/issues/5380", "creation_timestamp": "2025-03-28T17:28:52.000000Z"}, {"uuid": "05892d02-9990-40e3-9d36-488614244da5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2915", "type": "seen", "source": "https://t.me/cvedetector/21461", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2915 - HDF5 Heap-Based Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2915 \nPublished : March 28, 2025, 5:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T20:16:03.000000Z"}, {"uuid": "4b4aad59-938f-4970-88c9-6c6b2958702e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29150", "type": "seen", "source": "https://t.me/cvedetector/22674", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29150 - BlueCMS File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29150 \nPublished : April 10, 2025, 3:16 p.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T19:32:38.000000Z"}, {"uuid": "67e2d990-0223-4daf-a8a8-283541c855e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29153", "type": "seen", "source": "https://t.me/cvedetector/24710", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29153 - Lemeconsultoria HCM Galera.app SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-29153 \nPublished : May 7, 2025, 2:15 p.m. | 22\u00a0minutes ago \nDescription : SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the Data export, filters functions. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T17:20:10.000000Z"}, {"uuid": "cb970df7-974c-462a-bc88-a5a4285799ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29154", "type": "seen", "source": "https://t.me/cvedetector/24711", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29154 - Lemeconsultoria HCM HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29154 \nPublished : May 7, 2025, 2:15 p.m. | 22\u00a0minutes ago \nDescription : HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/, .galera.app/rh/metas/perspectiva_estrategica/edicao/, .galera.app/rh/cadastros/perspectivas/listagem/adc/, .galera.app/escolaridade/listagem/, .galera.app/estados_civis/cadastro/, .galera.app/nivel_hierarquico/listagem/, .galera.app/nivel_decisorio/cadastro/, .galera.app/escolaridade/cadastro/, .galera.app/nivel_decisorio/listagem/, .galera.app/rh/cadastros/perspectivas/listagem/, .galera.app/empresas_grupo/cadastro/, .galera.app/empresas/edicao/, .galera.app/liais/listagem/, .galera.app/noticias/listagem/, .galera.app/gerenciamento-de-ciclo/abertura/cadastrar, .galera.app/colaborador/cadastro/cursos/adc/edicao/, .galera.app/colaborador/cadastro/adc/, .galera.app/cads_aux/escalact/, .galera.app/ncf/tec/cadastro/ct/ .galera.app/rh/metas/painel/, .galera.app/rh/metas/equipe/edicao/, .galera.app/rh/pdi/tipo_recursos/edicao/, .galera.app/rh/pdi/familia_recursos/cadastro/, .galera.app/rh/pdi/fornecedores/edicao/, and .galera.app/rh/pdi/recursos/cadastro/ components. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T17:20:11.000000Z"}, {"uuid": "4ed0cab2-5434-4b80-ac0c-ebe4b07909f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29152", "type": "seen", "source": "https://t.me/cvedetector/24713", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29152 - Lemeconsultoria HCM Galera App Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29152 \nPublished : May 7, 2025, 2:15 p.m. | 22\u00a0minutes ago \nDescription : Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing, Education Registration, Hierarchical Level Registration, Decision Level Registration, Perspective Registration, Company Group Registration, Company Registration, News Registration, Employee Editing, Goal Team Registration, Learning Resource Type Registration, Learning Resource Family Registration, Learning Resource Supplier Registration, and Cycle Maintenance. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T17:20:13.000000Z"}]}