{"vulnerability": "CVE-2025-3028", "sightings": [{"uuid": "40553292-299f-4e57-951e-51d13e24a36f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3028", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114262832435614839", "content": "", "creation_timestamp": "2025-04-01T13:00:58.529997Z"}, {"uuid": "cc793b8e-4200-4149-b108-72b937959c5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3028", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114262832435614839", "content": "", "creation_timestamp": "2025-04-01T13:00:58.531024Z"}, {"uuid": "7db5be0e-b438-4fc8-9aed-a7b168a865a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30288", "type": "seen", "source": "https://bsky.app/profile/hoyahaxa.bsky.social/post/3lsgjb6emgc25", "content": "", "creation_timestamp": "2025-06-25T11:32:57.975470Z"}, {"uuid": "df614590-30ca-4266-bed4-6696ec43ae95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3028", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-6be86f72-b02d21ab277e8163", "content": "", "creation_timestamp": "2025-04-03T10:35:56.160563Z"}, {"uuid": "3f26931b-85d9-4cfb-baaa-ac7ca2325369", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3028", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-6be86f72-b02d21ab277e8163", "content": "", "creation_timestamp": "2025-04-03T10:35:56.193206Z"}, {"uuid": "8bb334ed-a3d1-48a2-9fa8-df59ab60026f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30282", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmdftwjyg22z", "content": "", "creation_timestamp": "2025-04-08T21:22:43.802812Z"}, {"uuid": "9c34bceb-272b-40d8-a507-c7af15500c9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30284", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmdftwomg32q", "content": "", "creation_timestamp": "2025-04-08T21:22:44.421051Z"}, {"uuid": "130e47e9-4b14-4d33-8435-2c3d9b785c65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30286", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmdftwrvv32v", "content": "", "creation_timestamp": "2025-04-08T21:22:44.993369Z"}, {"uuid": "44b7ae9d-0cf0-40d4-9b78-20ec5b600ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30287", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmdftwvl4z2i", "content": "", "creation_timestamp": "2025-04-08T21:22:45.644586Z"}, {"uuid": "69679058-851f-4ac3-a03f-e886aa8e755e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30281", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmdftwypnt2q", "content": "", "creation_timestamp": "2025-04-08T21:22:46.236083Z"}, {"uuid": "bf2ed8dd-c1ae-41f2-aadd-74e69437d4f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30289", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmdftxnaue2f", "content": "", "creation_timestamp": "2025-04-08T21:22:47.788525Z"}, {"uuid": "d0bbf051-0407-4a58-b81c-f7834c28dad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30285", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmdfty33am2f", "content": "", "creation_timestamp": "2025-04-08T21:22:48.438001Z"}, {"uuid": "e744b4ef-0358-4b50-896c-147c67079f5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30288", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmdftycli42f", "content": "", "creation_timestamp": "2025-04-08T21:22:49.614339Z"}, {"uuid": "a55d7ca3-f39e-4cdf-bdb4-ea7f2b3612ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30281", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lmdgtjapsv2e", "content": "", "creation_timestamp": "2025-04-08T21:40:20.889860Z"}, {"uuid": "0908158a-82fd-4c26-b254-7c4da9196361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30282", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lmdgtka3gk2y", "content": "", "creation_timestamp": "2025-04-08T21:40:22.103194Z"}, {"uuid": "c2458f54-bcae-44f3-85a5-da61cd7e7e20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30281", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114304544173219612", "content": "", "creation_timestamp": "2025-04-08T21:48:50.121700Z"}, {"uuid": "ecb4b8bf-7bae-42b5-9b45-3768d74b1a07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30282", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114304544242545403", "content": "", "creation_timestamp": "2025-04-08T21:48:50.445663Z"}, {"uuid": "41a4e6b7-1a35-4cc1-ac08-0ef76df01597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30284", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114304544278012113", "content": "", "creation_timestamp": "2025-04-08T21:48:50.743368Z"}, {"uuid": "6a05f604-d381-4043-94dc-dd91c0807e1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30285", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114304544303831069", "content": "", "creation_timestamp": "2025-04-08T21:48:51.177208Z"}, {"uuid": "04eeb82e-d8c0-45e1-9260-85acb52bd47a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30286", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114304544332920742", "content": "", "creation_timestamp": "2025-04-08T21:48:51.588472Z"}, {"uuid": "7cbe377f-08bd-4d3d-9327-b3575482827d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30287", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114304544379128475", "content": "", "creation_timestamp": "2025-04-08T21:48:52.113291Z"}, {"uuid": "db2d84f7-5e96-44e7-a0d0-e7df1edf26ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30281", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmhnfgmpu22y", "content": "", "creation_timestamp": "2025-04-10T13:48:23.254494Z"}, {"uuid": "d81c4b17-8176-4f26-b532-53c0ec6a86ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30282", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmhnfgmpu22y", "content": "", "creation_timestamp": "2025-04-10T13:48:23.312529Z"}, {"uuid": "e36ceb85-fb33-4dbe-981b-2447c2906c6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30281", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:37.000000Z"}, {"uuid": "13568d18-54d0-48e5-8c06-46809d9306db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30288", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lsgkllxt232p", "content": "", "creation_timestamp": "2025-06-25T11:56:38.499546Z"}, {"uuid": "5632dfba-31d0-465a-a397-f22427c52c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30280", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-01", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "ad15c488-584a-41af-aabc-d7a84584c841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30281", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:39.000000Z"}, {"uuid": "fc208ea2-755e-4005-abaf-405091133b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30287", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12507", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30287\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.\n\ud83d\udccf Published: 2025-04-08T20:03:02.492Z\n\ud83d\udccf Modified: 2025-04-18T17:52:35.491Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html", "creation_timestamp": "2025-04-18T17:59:29.000000Z"}, {"uuid": "6ec405b2-2db5-4e57-84de-c343466c85b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30284", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12517", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30284\n\ud83d\udd25 CVSS Score: 8.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.\n\ud83d\udccf Published: 2025-04-08T20:02:58.049Z\n\ud83d\udccf Modified: 2025-04-18T17:35:07.424Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html", "creation_timestamp": "2025-04-18T17:59:45.000000Z"}, {"uuid": "ea44c02f-5328-4c6c-bfde-eced28217979", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30285", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12516", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30285\n\ud83d\udd25 CVSS Score: 8.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.\n\ud83d\udccf Published: 2025-04-08T20:02:50.212Z\n\ud83d\udccf Modified: 2025-04-18T17:35:35.238Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html", "creation_timestamp": "2025-04-18T17:59:44.000000Z"}, {"uuid": "1b7ce559-d15b-457e-a6ec-739a4825aafb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30289", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12533", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30289\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application.\n\ud83d\udccf Published: 2025-04-08T20:02:56.190Z\n\ud83d\udccf Modified: 2025-04-18T17:56:52.882Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html", "creation_timestamp": "2025-04-18T18:58:55.000000Z"}, {"uuid": "4899cf8c-695f-4456-ba1a-d94e06d9d7ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30286", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12508", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30286\n\ud83d\udd25 CVSS Score: 8.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.\n\ud83d\udccf Published: 2025-04-08T20:02:48.704Z\n\ud83d\udccf Modified: 2025-04-18T17:49:52.379Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html", "creation_timestamp": "2025-04-18T17:59:30.000000Z"}, {"uuid": "d7116c1b-48ce-4b20-98a5-34e23a3d8718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30288", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12506", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30288\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.\n\ud83d\udccf Published: 2025-04-08T20:02:55.419Z\n\ud83d\udccf Modified: 2025-04-18T17:53:39.909Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html", "creation_timestamp": "2025-04-18T17:59:29.000000Z"}, {"uuid": "7f8be21e-2d9b-4ecd-a1ff-22bebe874234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30282", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12518", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30282\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction.\n\ud83d\udccf Published: 2025-04-08T20:02:59.068Z\n\ud83d\udccf Modified: 2025-04-18T17:20:50.879Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html", "creation_timestamp": "2025-04-18T17:59:46.000000Z"}, {"uuid": "d471f45a-773e-4b19-9cc3-5bec07fd9e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30280", "type": "seen", "source": "https://t.me/cvedetector/22444", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30280 - Mendix Entity Enumeration Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30280 \nPublished : April 8, 2025, 9:15 a.m. | 2\u00a0hours, 10\u00a0minutes ago \nDescription : A vulnerability has been identified in Mendix Runtime V10 (All versions &lt; V10.21.0), Mendix Runtime V10.12 (All versions), Mendix Runtime V10.18 (All versions), Mendix Runtime V10.6 (All versions), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions &lt; V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T13:59:54.000000Z"}, {"uuid": "b762fa17-c3ae-49cc-9167-3327c9d8878e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3028", "type": "seen", "source": "https://t.me/itsec_news/5712", "content": "\u200b\u26a1\ufe0fGoogle \u0438 Mozilla \u0441\u043f\u0435\u0448\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u0433\u0440\u043e\u0437\u044b \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u0445\n\n\ud83d\udcac Google \u0438 Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Chrome \u0438 Firefox, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0434\u0435\u0441\u044f\u0442\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u044c\u044e. \u041e\u0431\u043d\u043e\u0432\u043b\u0451\u043d\u043d\u044b\u0439 Chrome 135 \u043f\u043e\u043b\u0443\u0447\u0438\u043b 14 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u0435\u0432\u044f\u0442\u044c \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432\u043d\u0435\u0448\u043d\u0438\u043c\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438. \u0421\u0430\u043c\u0430\u044f \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0430\u044f \u0438\u0437 \u043d\u0438\u0445 \u2014 \u043e\u0448\u0438\u0431\u043a\u0430 CVE-2025-3066, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u0436\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0451\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u043d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u0438. \u0422\u0430\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u0431\u043e\u044f\u043c \u0438 \u0434\u0430\u0436\u0435 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Google \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0440\u0438\u0441\u043a\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0432 Custom Tabs, Intents \u0438 Extensions, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u0415\u0449\u0451 \u0447\u0435\u0442\u044b\u0440\u0435 \u0431\u0430\u0433\u0430 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u044b \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438 \u2014 \u043e\u043d\u0438 \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u043d\u0430\u0432\u0438\u0433\u0430\u0446\u0438\u0438, \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u0437\u0430\u0433\u0440\u0443\u0437\u043e\u043a \u0438 \u0432\u043a\u043b\u0430\u0434\u043e\u043a.\n\n\u0417\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c $18 000, \u043f\u0440\u0438\u0447\u0451\u043c \u043d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0441\u0443\u043c\u043c\u0443 \u2014 $10 000 \u2014 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0424\u0438\u043b\u0438\u043f\u043f \u0411\u0438\u0440 \u0438\u0437 \u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0412\u0435\u043d\u044b \u0437\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 Custom Tabs. \u0420\u0430\u0437\u043c\u0435\u0440 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u0442\u0430\u043a \u0447\u0442\u043e \u043e\u0431\u0449\u0430\u044f \u0441\u0443\u043c\u043c\u0430 \u0432\u044b\u043f\u043b\u0430\u0442 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u044b\u0448\u0435.\n\nChrome 135 \u0441\u0435\u0439\u0447\u0430\u0441 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0432\u0435\u0440\u0441\u0438\u044f 135.0.7049.52 \u0434\u043b\u044f Linux \u0438 \u043a\u0430\u043a 135.0.7049.41/42 \u0434\u043b\u044f Windows \u0438 macOS.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 Firefox 137, \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0432\u0448\u0438\u0439 \u0432\u043e\u0441\u0435\u043c\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0442\u0440\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445. \u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445 \u2014 \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u0432 XSLTProcessor (CVE-2025-3028), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043f\u0430\u043c\u044f\u0442\u044c\u044e, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u043b\u0438 \u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 (CVE-2025-3030 \u0438 CVE-2025-3034).\n\n\u0422\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0438 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0434\u043c\u0435\u043d\u0435 \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u0438 \u043d\u0435\u0437\u0430\u043c\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u044f\u0440\u043b\u044b\u043a\u043e\u0432 .url \u0432 Windows.\n\n\u041f\u043e\u043c\u0438\u043c\u043e Firefox, Mozilla \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b: \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b Firefox ESR 128.9, Firefox ESR 115.22, Thunderbird 137 \u0438 Thunderbird ESR 128.9 \u2014 \u0432\u0441\u0435 \u043e\u043d\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0425\u043e\u0442\u044f \u043d\u0438 Google, \u043d\u0438 Mozilla \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-04-04T07:23:36.000000Z"}, {"uuid": "33d7d192-7135-45e0-b5ad-02bebd7656ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30284", "type": "seen", "source": "https://t.me/cvedetector/22529", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30284 - ColdFusion Deserialization of Untrusted Data Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30284 \nPublished : April 8, 2025, 8:15 p.m. | 1\u00a0hour, 20\u00a0minutes ago \nDescription : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T00:03:03.000000Z"}, {"uuid": "9a3ff18d-7a4c-4a3e-af8f-e8d8f760cd4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30282", "type": "seen", "source": "https://t.me/cvedetector/22528", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30282 - Adobe ColdFusion Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-30282 \nPublished : April 8, 2025, 8:15 p.m. | 1\u00a0hour, 20\u00a0minutes ago \nDescription : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T00:03:02.000000Z"}, {"uuid": "be425bae-5486-4dcc-94ac-26b4d3ff6ee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30281", "type": "seen", "source": "https://t.me/cvedetector/22527", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30281 - Adobe ColdFusion File System Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30281 \nPublished : April 8, 2025, 8:15 p.m. | 1\u00a0hour, 20\u00a0minutes ago \nDescription : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T00:03:02.000000Z"}, {"uuid": "5593479b-2a8b-4789-8c6d-d22df0c22d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30287", "type": "seen", "source": "https://t.me/cvedetector/22526", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30287 - ColdFusion Improper Authentication Arbitrary Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-30287 \nPublished : April 8, 2025, 8:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T00:02:58.000000Z"}, {"uuid": "2ab3e048-6864-4b9d-9694-a9f0990f7729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30285", "type": "seen", "source": "https://t.me/cvedetector/22525", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30285 - ColdFusion Deserialization of Untrusted Data Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30285 \nPublished : April 8, 2025, 8:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T00:02:57.000000Z"}, {"uuid": "bfdbdd90-5487-4c85-92fe-0602271270d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30289", "type": "seen", "source": "https://t.me/cvedetector/22523", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30289 - ColdFusion OS Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30289 \nPublished : April 8, 2025, 8:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T00:02:56.000000Z"}, {"uuid": "c12ff547-02fb-4868-af7c-a09a72b40ff9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30288", "type": "seen", "source": "https://t.me/cvedetector/22522", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30288 - ColdFusion Improper Access Control Security Feature Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-30288 \nPublished : April 8, 2025, 8:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T00:02:55.000000Z"}, {"uuid": "76d42aec-101a-4766-b32d-d30df701229f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30286", "type": "seen", "source": "https://t.me/cvedetector/22521", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30286 - ColdFusion OS Command Injection\", \n  \"Content\": \"CVE ID : CVE-2025-30286 \nPublished : April 8, 2025, 8:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T00:02:51.000000Z"}, {"uuid": "e7f384e1-bd0f-4b11-af14-9c42bff5a84b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30281", "type": "seen", "source": "https://t.me/thehackernews/6633", "content": "\ud83d\udea8 Critical alert: 30 new security flaws found in Adobe ColdFusion\u201411 rated Critical.\n\n\u26a1 Top threats: arbitrary code execution, file system read, security bypass.\n\nCVE-2025-24446 | CVSS 9.1\nCVE-2025-24447 | CVSS 9.1\nCVE-2025-30281 | CVSS 9.1\n(and more)\n\n No active exploits yet\u2014but don\u2019t wait.\n\n\ud83d\udd17 Update now or risk being the next headline: https://thehackernews.com/2025/04/adobe-patches-11-critical-coldfusion.html", "creation_timestamp": "2025-04-09T05:15:22.000000Z"}]}