{"vulnerability": "CVE-2025-3082", "sightings": [{"uuid": "7c8bbb62-fb9a-452d-82fb-0d7ded2106ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3082", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lluiyzj2ms2x", "content": "", "creation_timestamp": "2025-04-02T23:09:18.353468Z"}, {"uuid": "9464d9e9-33e3-433c-8ce4-35564b3b6e07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30825", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114265378884771404", "content": "", "creation_timestamp": "2025-04-01T23:48:34.882628Z"}, {"uuid": "28b49cb6-7e8d-4e85-9078-090241bd968b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30825", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114265378884771404", "content": "", "creation_timestamp": "2025-04-01T23:48:34.895824Z"}, {"uuid": "9d067657-5c9d-41f7-8d36-faf52fd247bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3082", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9875", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3082\n\ud83d\udd25 CVSS Score: 3.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.\n\ud83d\udccf Published: 2025-04-01T11:08:06.589Z\n\ud83d\udccf Modified: 2025-04-01T11:08:06.589Z\n\ud83d\udd17 References:\n1. https://jira.mongodb.org/browse/SERVER-103151", "creation_timestamp": "2025-04-01T11:34:35.000000Z"}, {"uuid": "48eba619-1ad9-4806-b174-0aeec6c0c8c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30820", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9071", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30820\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins WishSuite allows PHP Local File Inclusion. This issue affects WishSuite: from n/a through 1.4.4.\n\ud83d\udccf Published: 2025-03-27T10:55:07.632Z\n\ud83d\udccf Modified: 2025-03-27T13:20:49.896Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wishsuite/vulnerability/wordpress-wishsuite-plugin-1-4-4-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T13:26:50.000000Z"}, {"uuid": "1a386532-7a62-4135-b7f1-6101e1c6ffbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30821", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9072", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30821\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through 0.4.14.\n\ud83d\udccf Published: 2025-03-27T10:55:08.280Z\n\ud83d\udccf Modified: 2025-03-27T13:20:15.366Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/h5pxapikatchu/vulnerability/wordpress-snordian-s-h5pxapikatchu-plugin-0-4-14-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T13:26:50.000000Z"}, {"uuid": "4d4bfbbf-3f39-431f-8bd4-05d27a6dc67d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30827", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9893", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30827\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team Tobias WP2LEADS allows Reflected XSS. This issue affects WP2LEADS: from n/a through 3.4.5.\n\ud83d\udccf Published: 2025-04-01T05:31:37.708Z\n\ud83d\udccf Modified: 2025-04-01T13:15:20.377Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp2leads/vulnerability/wordpress-wp2leads-plugin-3-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T13:32:41.000000Z"}, {"uuid": "cbb028c8-afc5-4cdf-8b91-9b08d9cee35c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30825", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10058", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30825\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through 1.3.5.\n\ud83d\udccf Published: 2025-04-01T20:58:07.036Z\n\ud83d\udccf Modified: 2025-04-02T13:28:34.565Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wpc-smart-linked-products/vulnerability/wordpress-wpc-smart-linked-products-plugin-1-3-5-privilege-escalation-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T13:33:23.000000Z"}, {"uuid": "00356ebc-cd84-4860-b610-1ff9d9bb5357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3082", "type": "seen", "source": "https://t.me/cvedetector/21754", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3082 - MongoDB Server Collation Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3082 \nPublished : April 1, 2025, 11:15 a.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T16:23:21.000000Z"}]}