{"vulnerability": "CVE-2025-3083", "sightings": [{"uuid": "a16e753d-fb36-4fce-96ba-1a4829e2eca7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3083", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lluiyzj2ms2x", "content": "", "creation_timestamp": "2025-04-02T23:09:18.173629Z"}, {"uuid": "3ff00fe5-526e-4d2e-a491-b1bd6e47f932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30835", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9600", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30835\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion. This issue affects Accounting for WooCommerce: from n/a through 1.6.8.\n\ud83d\udccf Published: 2025-03-31T06:07:10.469Z\n\ud83d\udccf Modified: 2025-03-31T06:07:10.469Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/accounting-for-woocommerce/vulnerability/wordpress-accounting-for-woocommerce-plugin-1-6-8-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-31T06:31:08.000000Z"}, {"uuid": "2550cdf0-1e11-405e-b601-8f3b6f96a63e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30836", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9067", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30836\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint allows Stored XSS. This issue affects LatePoint: from n/a through 5.1.6.\n\ud83d\udccf Published: 2025-03-27T10:55:21.911Z\n\ud83d\udccf Modified: 2025-03-27T13:22:55.895Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/latepoint/vulnerability/wordpress-latepoint-plugin-5-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T13:26:43.000000Z"}, {"uuid": "fe8f1901-1d76-4609-82fb-5905686b47dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30833", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9066", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30833\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.8.2.\n\ud83d\udccf Published: 2025-03-27T10:55:21.165Z\n\ud83d\udccf Modified: 2025-03-27T13:23:34.928Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/verge3d/vulnerability/wordpress-verge3d-publishing-and-e-commerce-plugin-4-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T13:26:42.000000Z"}, {"uuid": "c6db65bc-d195-4efb-9447-c92e890cc136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3083", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3083\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, \u00a0MongoDB v6.0 versions prior to\u00a06.0.20 and MongoDB v7.0 versions prior to 7.0.16\n\ud83d\udccf Published: 2025-04-01T11:12:31.268Z\n\ud83d\udccf Modified: 2025-04-01T11:12:31.268Z\n\ud83d\udd17 References:\n1. https://jira.mongodb.org/browse/SERVER-103152", "creation_timestamp": "2025-04-01T11:34:29.000000Z"}, {"uuid": "4d5379c9-84be-4b5d-9f10-80e6c6d6262c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30835", "type": "seen", "source": "https://t.me/cvedetector/21546", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30835 - Bastien Ho Accounting for WooCommerce PHP Remote File Inclusion\", \n  \"Content\": \"CVE ID : CVE-2025-30835 \nPublished : March 31, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion. This issue affects Accounting for WooCommerce: from n/a through 1.6.8. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:04.000000Z"}, {"uuid": "c377cd38-3b5a-4157-96b1-7d0fc4d1013d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30837", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9952", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30837\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristiano Zanca WooCommerce Fattureincloud allows Reflected XSS. This issue affects WooCommerce Fattureincloud: from n/a through 2.6.7.\n\ud83d\udccf Published: 2025-04-01T05:31:38.076Z\n\ud83d\udccf Modified: 2025-04-01T16:05:27.111Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/woo-fattureincloud/vulnerability/wordpress-woocommerce-fattureincloud-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T16:32:39.000000Z"}, {"uuid": "742c3b5b-a19f-49c7-9f3e-cd53c1e77c56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30834", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9947", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30834\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4.\n\ud83d\udccf Published: 2025-04-01T05:31:37.848Z\n\ud83d\udccf Modified: 2025-04-01T16:07:07.983Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/bit-assist/vulnerability/wordpress-bit-assist-plugin-1-5-4-path-traversal-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T16:32:32.000000Z"}, {"uuid": "a7a696f5-4c94-4879-86d4-84b34bf9b4fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3083", "type": "seen", "source": "https://t.me/cvedetector/21752", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3083 - MongoDB Mongos Protocol Crash Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3083 \nPublished : April 1, 2025, 12:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, \u00a0MongoDB v6.0 versions prior to\u00a06.0.20 and MongoDB v7.0 versions prior to 7.0.16 \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T16:23:20.000000Z"}]}