{"vulnerability": "CVE-2025-3036", "sightings": [{"uuid": "8c5a79a5-f030-4309-8334-cfa6744f35b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30360", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqpv7jzbovj2", "content": "", "creation_timestamp": "2025-06-03T18:11:11.142704Z"}, {"uuid": "8c45b92c-7098-409b-8439-8256586d4b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30361", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llettkhw7r2v", "content": "", "creation_timestamp": "2025-03-27T17:40:27.731032Z"}, {"uuid": "4a260bc2-4c39-4ed8-b2ac-30fae51f3297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30364", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llettlj43v2s", "content": "", "creation_timestamp": "2025-03-27T17:40:29.022236Z"}, {"uuid": "9da1a4ac-cef0-47ce-9d56-323fdb81d590", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30365", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llettmrgml2u", "content": "", "creation_timestamp": "2025-03-27T17:40:30.557977Z"}, {"uuid": "8eac3c88-5b26-4215-a5fc-09d3d36e1d4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30367", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llettnxpeq2u", "content": "", "creation_timestamp": "2025-03-27T17:40:31.638768Z"}, {"uuid": "7c1f81be-8654-4d1e-a701-3bb1e80c0639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30360", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqpxsy6iks2r", "content": "", "creation_timestamp": "2025-06-03T18:56:58.808756Z"}, {"uuid": "00e698f3-1563-49f0-bd0b-efdc91ee9665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30368", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:47:56.000000Z"}, {"uuid": "0c505876-f783-4c1d-ad39-aa9adf654173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3036", "type": "seen", "source": "https://t.me/cvedetector/21658", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3036 - \"yzk2356911358 StudentServlet-JSP Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-3036 \nPublished : March 31, 2025, 10:15 p.m. | 51\u00a0minutes ago \nDescription : A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T01:54:27.000000Z"}, {"uuid": "471a60bb-34d5-4a5e-aa50-75b87c272b4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30368", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:44.000000Z"}, {"uuid": "79ef12cb-31d5-4e0f-bfe7-070c9735e774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30369", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9719", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30369\n\ud83d\udd25 CVSS Score: 2.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1.\n\ud83d\udccf Published: 2025-03-31T16:32:54.301Z\n\ud83d\udccf Modified: 2025-03-31T16:32:54.301Z\n\ud83d\udd17 References:\n1. https://github.com/zulip/zulip/security/advisories/GHSA-fcgx-q63f-7gw4", "creation_timestamp": "2025-03-31T17:31:13.000000Z"}, {"uuid": "8385ab11-1c74-49bc-831d-89dcd37b6e34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30368", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9746", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30368\n\ud83d\udd25 CVSS Score: 2.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.\n\ud83d\udccf Published: 2025-03-31T16:26:48.673Z\n\ud83d\udccf Modified: 2025-03-31T18:59:32.854Z\n\ud83d\udd17 References:\n1. https://github.com/zulip/zulip/security/advisories/GHSA-rmhr-5ffq-qcrc\n2. https://github.com/zulip/zulip/commit/07dcee36b2a34d63429d7a706f880628cf3433df\n3. https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-10-1", "creation_timestamp": "2025-03-31T19:31:09.000000Z"}, {"uuid": "880ef4b0-4d6c-44e3-bfc1-84a894f33644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3036", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9781", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3036\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.\n\ud83d\udccf Published: 2025-03-31T22:00:10.200Z\n\ud83d\udccf Modified: 2025-03-31T22:00:10.200Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302097\n2. https://vuldb.com/?ctiid.302097\n3. https://vuldb.com/?submit.524630\n4. https://github.com/yzk2356911358/StudentServlet-JSP/issues/2\n5. https://github.com/yzk2356911358/StudentServlet-JSP/issues/2#issue-2937740237", "creation_timestamp": "2025-03-31T22:31:21.000000Z"}, {"uuid": "6ec90d4f-f8f0-4fbf-8cfc-0c562ab63452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30365", "type": "seen", "source": "https://t.me/cvedetector/21319", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30365 - WeGIA Web Manager SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-30365 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. Version 3.2.8 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:51.000000Z"}, {"uuid": "bd76848a-0038-4353-90c5-a8456481cc1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30364", "type": "seen", "source": "https://t.me/cvedetector/21318", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30364 - WeGIA SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30364 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the id_funcionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can compromise the confidentiality, integrity, and availability of stored data. Version 3.2.8 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:50.000000Z"}, {"uuid": "b6459aa3-2a03-4884-85bf-4cb3982abe35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30363", "type": "seen", "source": "https://t.me/cvedetector/21317", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30363 - WeGIA Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-30363 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.6 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:46.000000Z"}, {"uuid": "ebf89dcb-8c87-4b49-a5a9-1c1662ee2ed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30362", "type": "seen", "source": "https://t.me/cvedetector/21316", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30362 - WeGIA Web Manager Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-30362 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.8 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:45.000000Z"}, {"uuid": "3dc837c3-113b-435e-abd4-b6cd7ebaafc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30361", "type": "seen", "source": "https://t.me/cvedetector/21315", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30361 - WeGIA Unauthenticated Password Reset Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30361 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:44.000000Z"}, {"uuid": "d80c7687-f11f-41f7-b3d5-1db54f2c78a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30366", "type": "seen", "source": "https://t.me/cvedetector/21314", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30366 - WeGIA Web Manager Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30366 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.8 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:44.000000Z"}, {"uuid": "668cd1b2-481c-4a70-b979-04362f7eff8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30367", "type": "seen", "source": "https://t.me/cvedetector/21313", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30367 - WeGIA Web Manager SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30367 \nPublished : March 27, 2025, 5:15 p.m. | 27\u00a0minutes ago \nDescription : WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.2.6 contains a fix for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T19:09:43.000000Z"}, {"uuid": "806b2f23-fd9c-4e25-93c8-da4d07c21297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30369", "type": "seen", "source": "https://t.me/cvedetector/21639", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30369 - Zulip Server Organization Profile Field Deletion Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-30369 \nPublished : March 31, 2025, 5:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T21:43:21.000000Z"}, {"uuid": "03aa6999-6f2b-4782-85a7-35625fd8949f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30368", "type": "seen", "source": "https://t.me/cvedetector/21638", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30368 - Zulip Server Unauthorized Organization Export Deletion\", \n  \"Content\": \"CVE ID : CVE-2025-30368 \nPublished : March 31, 2025, 5:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T21:43:20.000000Z"}]}