{"vulnerability": "CVE-2025-3037", "sightings": [{"uuid": "a4409961-b1fb-483e-a5ff-efe6b4fb4668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30370", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114276478970363828", "content": "", "creation_timestamp": "2025-04-03T22:51:28.488143Z"}, {"uuid": "06225726-d2bb-4d28-89c5-5a9951529857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30370", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114276478970363828", "content": "", "creation_timestamp": "2025-04-03T22:51:28.479563Z"}, {"uuid": "87e39540-2e78-4236-ae39-e72148629e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30370", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llxactvxv22i", "content": "", "creation_timestamp": "2025-04-04T01:11:46.479403Z"}, {"uuid": "349c3d18-2cd6-4136-b8ce-1e6d0246d346", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3037", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9790", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3037\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.\n\ud83d\udccf Published: 2025-03-31T22:31:04.940Z\n\ud83d\udccf Modified: 2025-03-31T22:31:04.940Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302098\n2. https://vuldb.com/?ctiid.302098\n3. https://vuldb.com/?submit.524631\n4. https://github.com/yzk2356911358/StudentServlet-JSP/issues/3\n5. https://github.com/yzk2356911358/StudentServlet-JSP/issues/3#issue-2937762896", "creation_timestamp": "2025-03-31T23:31:24.000000Z"}, {"uuid": "cc2a7b0d-5b0e-407f-ba09-6d1fc8304b23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-303778", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0155", "content": "", "creation_timestamp": "2025-05-13T16:58:56.000000Z"}, {"uuid": "cb610b69-0026-4402-8ab1-d7e57c2dbf7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-303787", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0155", "content": "", "creation_timestamp": "2025-05-13T16:58:56.000000Z"}, {"uuid": "92f7d6a4-4231-4721-af14-a842d2d8d1b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-303757", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0155", "content": "", "creation_timestamp": "2025-05-13T16:58:56.000000Z"}, {"uuid": "5cea8bae-98ab-4e1f-a29d-523b97dc5ed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-303767", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0155", "content": "", "creation_timestamp": "2025-05-13T16:58:56.000000Z"}, {"uuid": "6ab58c6c-2867-4e45-8ebc-adde1b7dfc40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-303797", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0155", "content": "", "creation_timestamp": "2025-05-13T16:58:56.000000Z"}, {"uuid": "f2fce686-da0c-42c4-b5b6-7225609ff1b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30377", "type": "seen", "source": "https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review", "content": "", "creation_timestamp": "2025-05-13T16:27:02.000000Z"}, {"uuid": "eb0bb403-9cba-4db3-a71f-c7d9401822cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30375", "type": "seen", "source": "https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review", "content": "", "creation_timestamp": "2025-05-13T16:27:02.000000Z"}, {"uuid": "ef5c32a9-b83a-45fe-9f27-a77c0bd374fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30376", "type": "seen", "source": "https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review", "content": "", "creation_timestamp": "2025-05-13T16:27:02.000000Z"}, {"uuid": "552976d3-67c8-4086-9e59-2077c7570833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30379", "type": "seen", "source": "https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review", "content": "", "creation_timestamp": "2025-05-13T16:27:02.000000Z"}, {"uuid": "0e4fe03b-5a37-48a4-a9c0-0fbe78a126f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30378", "type": "seen", "source": "https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review", "content": "", "creation_timestamp": "2025-05-13T16:27:02.000000Z"}, {"uuid": "7018b477-fd90-43c1-98dd-8a42772f5f18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30377", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lp5we6qa522u", "content": "", "creation_timestamp": "2025-05-14T21:17:50.295957Z"}, {"uuid": "94c8f2ec-ca5b-47e8-9646-8b5d92976dd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30376", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16544", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30376\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.\n\ud83d\udccf Published: 2025-05-13T16:58:40.109Z\n\ud83d\udccf Modified: 2025-05-15T17:10:54.491Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30376", "creation_timestamp": "2025-05-15T17:34:35.000000Z"}, {"uuid": "b8d14ebf-e2d7-4f6d-bf55-b88a0b0adae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30375", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16286", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30375\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.\n\ud83d\udccf Published: 2025-05-13T16:58:39.168Z\n\ud83d\udccf Modified: 2025-05-14T04:00:47.088Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30375", "creation_timestamp": "2025-05-14T04:31:59.000000Z"}, {"uuid": "d0fe473c-bf6b-4f92-84bd-438d12877d56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30371", "type": "seen", "source": "https://t.me/cvedetector/21434", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30371 - Metabase GeoJson Endpoint Local Link Access Protection Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-30371 \nPublished : March 28, 2025, 3:15 p.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potentially impacted if their Metabase is colocated with other unsecured resources. This is fixed in v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. Migrating to Metabase Cloud or redeploying Metabase in a dedicated subnet with strict outbound port controls is an available workaround. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T17:45:11.000000Z"}, {"uuid": "1c9d8a6a-959d-4459-8189-239fe1bcd01a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30377", "type": "seen", "source": "https://t.me/kasperskyb2b/1734", "content": "\ud83d\udc40 \u0417\u0430 \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u043d\u0435 \u0443\u043f\u0440\u0430\u0432\u0438\u043c\u0441\u044f. \u041e\u0431\u044a\u044f\u0432\u043b\u044f\u0435\u043c Patch Week!\n\n\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u044b\u043c  \u043f\u0430\u0442\u0447\u0438\u043d\u0433\u043e\u043c \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft \u043f\u043e\u0441\u043b\u0435 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a\u0430 \u043c\u0435\u0441\u044f\u0446\u0430 \u043d\u0430\u043c \u043d\u0435 \u043e\u0431\u043e\u0439\u0442\u0438\u0441\u044c \u2014 \u0437\u0430\u043a\u0440\u044b\u0442\u044c \u0437\u0438\u0440\u043e\u0434\u0435\u0438 \u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u043f\u043e\u0441\u043f\u0435\u0448\u0438\u043b\u0438 \u043c\u043d\u043e\u0433\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0438 \u041f\u041e \u0434\u043b\u044f \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Microsoft, Fortinet, SAP, Adobe, \u0438 \u043a\u043e\u043d\u0435\u0447\u043d\u043e Ivanti. \n\n\ud83d\udcbb \u0420\u0435\u0434\u043c\u043e\u043d\u0434 \u0432\u044b\u043a\u0430\u0442\u0438\u043b 72 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f (\u0435\u0441\u043b\u0438 \u043d\u0435 \u0441\u0447\u0438\u0442\u0430\u0442\u044c Azure \u0438 Chromium), \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0432 5 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432 \u0438 2 \u0431\u0430\u0433\u0430, \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0451\u043d\u043d\u044b\u0445 \u0434\u043e \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 Microsoft.  \n\n\u0418\u0437 72 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432, 6 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 (\u0432 \u0442.\u0447. RCE \u0432 Office \u0438 Remote desktop client), \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u2014 \u0432\u0430\u0436\u043d\u044b\u043c\u0438. \u0412\u0441\u0435\u0433\u043e 28 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a RCE, 17 \u2014 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, 15 \u2014 \u043a \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 7 \u2014 \u043a DoS, 2 \u2014 \u043e\u0431\u0445\u043e\u0434\u0443 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0437\u0438\u0440\u043e\u0434\u0435\u0438:\nCVE-2025-30397 (CVSS3 7.5) \u2014 RCE \u0432 Scripting Engine \u0438\u0437-\u0437\u0430 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438, \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0438\u0437 \u0440\u0435\u0436\u0438\u043c\u0430 Internet Explorer  \u0432 Edge. \u0423\u043c\u0435\u0440, \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0435, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u043b\u0438, \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0435. \u0416\u0435\u0440\u0442\u0432\u0430 \u0434\u043e\u043b\u0436\u043d\u0430 \u043a\u043b\u0438\u043a\u043d\u0443\u0442\u044c \u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0441\u0441\u044b\u043b\u043a\u0443 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435.\n\nCVE-2025-32701 \u0438 -32706 (7.8) \u2014 \u043f\u0430\u0440\u0430 EoP \u0447\u0435\u0440\u0435\u0437 \u0440\u0435\u0448\u0435\u0442\u043e \u0434\u0440\u0430\u0439\u0432\u0435\u0440 CLFS. \u041f\u0440\u043e\u0448\u043b\u044b\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0442\u0430\u043a\u043e\u0433\u043e \u0440\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0431\u0430\u043d\u0434\u0430\u043c\u0438 ransomware.\n\nCVE-2025-32709 (7.8) \u2014 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 Windows Ancillary Function Driver for Winsock, \u043f\u043e\u0445\u043e\u0436\u0438\u0439 \u0434\u0435\u0444\u0435\u043a\u0442 \u043c\u044b \u0443\u0436\u0435 \u0432\u0438\u0434\u0435\u043b\u0438 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435.\n\nCVE-2025-30400 (7.8) \u2014 \u0442\u043e\u0436\u0435 EoP, \u043d\u043e \u0447\u0435\u0440\u0435\u0437 DWM Core Library.\n\n\u041e \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0431\u0430\u0433\u043e\u0432 Microsoft \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442.\n\n\u0421\u0440\u0435\u0434\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u0431\u0440\u0430\u0442\u0438\u043c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u043f\u0430\u0440\u0443 RCE \u0432 RDP Client (CVE-2025-29966 \u0438 -29967) \u0438 \u043f\u0430\u0440\u0443 RCE \u0432 Office (CVE-2025-30377 \u0438 -30386). \u0425\u043e\u0442\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u0435\u0442 \u0448\u0430\u043d\u0441\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u0432\u044b\u0441\u043e\u043a\u043e, \u0445\u043e\u0440\u043e\u0448\u043e \u0437\u043d\u0430\u043a\u043e\u043c\u044b\u0435 \u0438\u0437 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0438 \u0432\u0435\u043a\u0442\u043e\u0440\u044b \u0430\u0442\u0430\u043a (\u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442, \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u0434\u0430\u0436\u0435 \u0438\u0437 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430, \u0438 \u0442.\u043f.) \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u043f\u043e\u0442\u043e\u0440\u043e\u043f\u0438\u0442\u044c\u0441\u044f \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438.\n\n\ud83d\udd0e Fortinet \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0437\u0438\u0440\u043e\u0434\u0435\u0439 CVE-2025-32756 \u0441\u043e \u0441\u043a\u0440\u043e\u043c\u043d\u044b\u043c CVSS 9.6. \u041a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u043b\u043e \u043a RCE, \u0438 \u0445\u043e\u0442\u044f \u0440\u0435\u0430\u043b\u044c\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0431\u044b\u043b\u0430 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 \u0432 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u044d\u043a\u0437\u043e\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u043c FortiVoice, \u0440\u043e\u0432\u043d\u043e \u0442\u043e\u0442 \u0436\u0435 \u0434\u0435\u0444\u0435\u043a\u0442 \u0435\u0441\u0442\u044c \u0432  FortiMail, FortiNDR, FortiRecorder \u0438 FortiCamera, \u0447\u0442\u043e \u0443\u0436\u0435 \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0435\u0435. \n\u0412 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0430\u0442\u0447\u0438, \u043d\u043e \u0438 IoC \u0438\u0437 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0441\u043c\u044f\u0433\u0447\u0430\u044e\u0449\u0435\u0439 \u043c\u0435\u0440\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u0435\u0431-\u043a\u043e\u043d\u0441\u043e\u043b\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\ud83c\udd70\ufe0f Adobe \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 13 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435\u0439 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 40 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f ColdFusion. Lightroom, InDesign, Photoshop. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0440\u043e\u0447\u043d\u044b\u043c\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f 8 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 ColdFusion, 6 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u043c\u0435\u044e\u0442 CVSS 9.1 \u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 (\u043f\u043e\u043a\u0430) \u043d\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043e.\n\n\u2699\ufe0f SAP \u0442\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0440\u043d\u044b\u0439 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0439 \u0432\u0442\u043e\u0440\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 NetWeaver, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u043e\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445. CVE-2025-42999 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u043e\u0434\u043d\u043e\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u0441 \u0440\u0430\u043d\u0435\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0451\u043d\u043d\u043e\u0439 CVE-2025-31324.\n\n\ud83d\udcac Ivanti \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0434\u0432\u0430 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u0430 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 EPMM (CVE-2025-4427 \u0438 -4428), \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0445 \u043a RCE \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u0414\u0440\u0443\u0433\u0438\u043c \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435\u043c \u0437\u0430\u043a\u0440\u044b\u0442\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-22462 \u0432 Ivanti Neurons for ITSM (on-prem)  \u0441 CVSS 9.8, \u043a\u043e\u0442\u043e\u0440\u0430\u044f (\u043f\u043e\u043a\u0430) \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f.\n\n\u0423\u0434\u0430\u0447\u043d\u043e\u0433\u043e \u0432\u0441\u0435\u043c \u043f\u0430\u0442\u0447\u0438\u043d\u0433\u0430!\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u043f\u0430\u0442\u0447\u0438 @\u041f2\u0422", "creation_timestamp": "2025-05-14T08:36:25.000000Z"}, {"uuid": "c3c4c398-814e-47ec-81e8-3db779d952d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30372", "type": "seen", "source": "https://t.me/cvedetector/21435", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30372 - Emlog Pro SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30372 \nPublished : March 28, 2025, 3:15 p.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T17:45:12.000000Z"}, {"uuid": "e4c983e0-f069-47f2-acd6-88fa09092fd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30370", "type": "seen", "source": "https://t.me/cvedetector/22035", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30370 - Jupyterlab-Git Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30370 \nPublished : April 3, 2025, 10:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks \"Git &gt; Open Git Repository in Terminal\" from the menu bar, then the injected command  is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd  through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T02:06:55.000000Z"}, {"uuid": "ad26cfa2-bb27-486b-9dc2-cda9b2e5266b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3037", "type": "seen", "source": "https://t.me/cvedetector/21686", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3037 - \"yzk2356911358 StudentServlet-JSP Cross-Site Request Forgery (CSRF)\"\", \n  \"Content\": \"CVE ID : CVE-2025-3037 \nPublished : March 31, 2025, 11:15 p.m. | 1\u00a0hour, 53\u00a0minutes ago \nDescription : A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T03:35:17.000000Z"}]}