{"vulnerability": "CVE-2025-3236", "sightings": [{"uuid": "4956352b-2aa3-46b4-9252-833e5977aa7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3236", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llyichoty62r", "content": "", "creation_timestamp": "2025-04-04T13:07:19.608336Z"}, {"uuid": "0d452d95-15b5-41bf-b156-48e347e428df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32365", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4ayjzb632h", "content": "", "creation_timestamp": "2025-04-06T01:07:10.955753Z"}, {"uuid": "05f4e677-f006-4af6-8b4c-951038b1a51c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32364", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4ayk4na32g", "content": "", "creation_timestamp": "2025-04-06T01:07:11.582130Z"}, {"uuid": "90f3d3a6-47f8-43a8-90f2-fbc616157f64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32366", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4aykahu22i", "content": "", "creation_timestamp": "2025-04-06T01:07:12.190418Z"}, {"uuid": "7ce313b7-0e68-4412-bf0a-fb581016bef9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32360", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm4aykmajh2u", "content": "", "creation_timestamp": "2025-04-06T01:07:14.096082Z"}, {"uuid": "f5e4a834-fcc0-475f-a7ca-547700d87f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32369", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm544l37sz2c", "content": "", "creation_timestamp": "2025-04-06T09:12:34.862836Z"}, {"uuid": "5b126c9e-af92-4cbc-95ed-9b66ec620ba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32366", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lqjubobkjj26", "content": "", "creation_timestamp": "2025-06-01T08:37:38.639505Z"}, {"uuid": "0961357e-bfd2-406e-8574-3e5c7ad2a9a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32366", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lq6dmdwntm2c", "content": "", "creation_timestamp": "2025-05-27T18:40:06.173278Z"}, {"uuid": "dc5aedba-e17c-419f-b19a-de1968a722f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32367", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114320580689943832", "content": "", "creation_timestamp": "2025-04-11T17:47:07.060458Z"}, {"uuid": "e843ae58-5be5-4034-b7e1-8912722dc57d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32367", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmkros3n6y2r", "content": "", "creation_timestamp": "2025-04-11T19:43:17.643416Z"}, {"uuid": "713af30a-6c1c-43ad-92d1-603242e6da06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32367", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114321059768438682", "content": "", "creation_timestamp": "2025-04-11T19:49:00.486747Z"}, {"uuid": "2c2b747a-7bb0-4088-aca4-772a5c38221e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32364", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10618", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32364\n\ud83d\udd25 CVSS Score: 4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.\n\ud83d\udccf Published: 2025-04-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-05T22:08:50.936Z\n\ud83d\udd17 References:\n1. https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574\n2. https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3", "creation_timestamp": "2025-04-05T22:37:32.000000Z"}, {"uuid": "0cf975d9-10bc-4899-b5cf-d8823786949a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp63wixj5z2r", "content": "", "creation_timestamp": "2025-05-14T22:57:34.537481Z"}, {"uuid": "847f41de-3f0f-4fd3-a24b-b98457f969af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3236", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10420", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3236\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-04T09:31:13.572Z\n\ud83d\udccf Modified: 2025-04-04T09:31:13.572Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303262\n2. https://vuldb.com/?ctiid.303262\n3. https://vuldb.com/?submit.546367\n4. https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-VirSerDMZ-1bc53a41781f809b9e6cdd60fe4e428c?pvs=4\n5. https://www.tenda.com.cn/", "creation_timestamp": "2025-04-04T09:35:52.000000Z"}, {"uuid": "5388c805-47e9-4bcd-8098-d9a7553a72fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32365", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10617", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32365\n\ud83d\udd25 CVSS Score: 4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.\n\ud83d\udccf Published: 2025-04-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-05T22:10:36.429Z\n\ud83d\udd17 References:\n1. https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577\n2. https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792", "creation_timestamp": "2025-04-05T22:37:31.000000Z"}, {"uuid": "b72340c6-d061-4786-95af-36f73a0095cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3236", "type": "seen", "source": "https://t.me/cvedetector/22113", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3236 - Tenda Web Management Interface Improper Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3236 \nPublished : April 4, 2025, 10:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T14:40:21.000000Z"}, {"uuid": "6569fc13-9337-4786-b41d-96a1f1131e23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32367", "type": "seen", "source": "https://t.me/cvedetector/22765", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32367 - Oz Forensics Face Recognition IDOR\", \n  \"Content\": \"CVE ID : CVE-2025-32367 \nPublished : April 11, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T20:38:11.000000Z"}, {"uuid": "3f4f1d84-15ac-4e5a-81db-fafc3ba0b0e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32360", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10611", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32360\n\ud83d\udd25 CVSS Score: 4.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information, and also to manipulate them via API.\n\ud83d\udccf Published: 2025-04-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-05T21:06:07.947Z\n\ud83d\udd17 References:\n1. https://zammad.com/en/advisories/zaa-2025-03", "creation_timestamp": "2025-04-05T21:37:51.000000Z"}, {"uuid": "35f0852e-7c18-486b-a8bf-11bcedcca1aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32369", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10628", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32369\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature.\n\ud83d\udccf Published: 2025-04-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-06T06:17:02.089Z\n\ud83d\udd17 References:\n1. https://devnet.kentico.com/download/hotfixes", "creation_timestamp": "2025-04-06T06:38:03.000000Z"}, {"uuid": "d231274f-2a72-4de3-a557-60162b4503cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32366", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10620", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32366\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen).\n\ud83d\udccf Published: 2025-04-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-05T23:07:43.358Z\n\ud83d\udd17 References:\n1. https://web.git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnsproxy.c?h=1.44#n1001\n2. https://web.git.kernel.org/pub/scm/network/connman/connman.git/tree/src/dnsproxy.c?h=1.44#n988", "creation_timestamp": "2025-04-05T23:42:08.000000Z"}, {"uuid": "49737195-9210-4b34-9515-f5c0ecf0c29d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32367", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11469", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32367\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions.\n\ud83d\udccf Published: 2025-04-11T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-11T17:40:00.539Z\n\ud83d\udd17 References:\n1. https://ozforensics.com/\n2. https://medium.com/@antonsimonyan7/idor-in-oz-forensics-face-recognition-application-cve-2025-32367-53684ee312ea", "creation_timestamp": "2025-04-11T17:51:05.000000Z"}, {"uuid": "77507bb6-6e51-43ce-9b01-57d7120be3ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32363", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16404", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32363\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data.\n\ud83d\udccf Published: 2025-05-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T19:55:38.591Z\n\ud83d\udd17 References:\n1. https://medidok.de/aktuelles-neuigkeiten/\n2. https://medidok.de/neueversionen/update-medidok-2-5-18-43-verfugbar/\n3. https://code-white.com/public-vulnerability-list/#unauthenticated-remote-code-execution-via-deserialization-of-untrusted-data-in-m", "creation_timestamp": "2025-05-14T20:32:34.000000Z"}, {"uuid": "77f0e300-8903-425e-9baf-874966b923fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32369", "type": "seen", "source": "https://t.me/cvedetector/22215", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32369 - Kentico Xperience Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32369 \nPublished : April 6, 2025, 6:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T10:07:53.000000Z"}, {"uuid": "be075116-50a7-4eb1-9ae3-fc63c838f909", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32364", "type": "seen", "source": "https://t.me/cvedetector/22206", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32364 - Poppler Floating-Point Exception\", \n  \"Content\": \"CVE ID : CVE-2025-32364 \nPublished : April 5, 2025, 10:15 p.m. | 3\u00a0hours, 4\u00a0minutes ago \nDescription : A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T03:27:03.000000Z"}, {"uuid": "7c5bd5dc-7efb-4bc0-860b-be49f2f5e644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32365", "type": "seen", "source": "https://t.me/cvedetector/22204", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32365 - Poppler JBIG2Stream Out-of-Bounds Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32365 \nPublished : April 5, 2025, 10:15 p.m. | 3\u00a0hours, 4\u00a0minutes ago \nDescription : Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T03:27:01.000000Z"}, {"uuid": "36c8d88b-bd9e-4769-bba1-0faffe1183a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32366", "type": "seen", "source": "https://t.me/cvedetector/22203", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32366 - ConnMan DNS Proxy Heap-Based Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2025-32366 \nPublished : April 5, 2025, 11:15 p.m. | 2\u00a0hours, 4\u00a0minutes ago \nDescription : In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen). \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T03:27:01.000000Z"}, {"uuid": "cc73f15f-d8f9-42a9-9262-506593c153e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32360", "type": "seen", "source": "https://t.me/cvedetector/22199", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32360 - Zammad Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32360 \nPublished : April 5, 2025, 9:15 p.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information, and also to manipulate them via API. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T01:46:45.000000Z"}]}