{"vulnerability": "CVE-2025-3242", "sightings": [{"uuid": "ccc6ae97-9136-4f3e-ae21-ad1744e824df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3242", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llyiciqnha26", "content": "", "creation_timestamp": "2025-04-04T13:07:25.524578Z"}, {"uuid": "e6cd030a-6df6-4ba9-aae2-a862bbaf6424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32426", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmkkp5uej62r", "content": "", "creation_timestamp": "2025-04-11T17:38:13.000251Z"}, {"uuid": "26834c72-a0ac-4d69-9374-75f9e6bce4bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32427", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmkkp6fxex2z", "content": "", "creation_timestamp": "2025-04-11T17:38:15.984658Z"}, {"uuid": "4fdac4eb-89ee-4f2c-8917-78077a8010a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32428", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmroqnmxf22n", "content": "", "creation_timestamp": "2025-04-14T13:39:12.988887Z"}, {"uuid": "bbae1420-793a-4e63-aea4-d367949cac02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32428", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114339189023793965", "content": "", "creation_timestamp": "2025-04-15T00:39:27.574216Z"}, {"uuid": "98e1a0f9-c00d-4875-922f-18c5e01a3a98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32428", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lmqn34s3is2y", "content": "", "creation_timestamp": "2025-04-14T03:36:34.893952Z"}, {"uuid": "7e5ab335-94b7-41e8-b5c8-308da8f3a6ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32428", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmt2bkinj72z", "content": "", "creation_timestamp": "2025-04-15T02:38:08.231475Z"}, {"uuid": "e9a299e4-a7be-4e33-b570-8b82c9f9539a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32428", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lmqwnz5igc2d", "content": "", "creation_timestamp": "2025-04-14T06:28:14.094904Z"}, {"uuid": "30d25fd0-8d15-4530-bb04-24557c7b51b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32428", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lmqxxncgku2t", "content": "", "creation_timestamp": "2025-04-14T06:51:28.741890Z"}, {"uuid": "f4297c3d-ba18-49ec-8853-32626e31d2fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp6jdwqmgk2h", "content": "", "creation_timestamp": "2025-05-15T02:57:34.451168Z"}, {"uuid": "7552ab99-da85-4363-89f0-bb0e00537172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32421", "type": "seen", "source": "https://bsky.app/profile/rss.y-u-e.workers.dev/post/3lp75m522gm2j", "content": "", "creation_timestamp": "2025-05-15T09:00:04.908084Z"}, {"uuid": "96668a13-3374-4d4f-a3cd-ff3d94fdf805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32422", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:39.000000Z"}, {"uuid": "580f76d1-9942-4aee-948e-1bd5328f244e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lv4ywrs25u2w", "content": "", "creation_timestamp": "2025-07-29T21:02:26.316908Z"}, {"uuid": "31890bc3-6862-4fd9-9b69-ef27ecda3d26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32422", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:56.000000Z"}, {"uuid": "8b223bcb-542f-49e6-87fc-fc1746509cf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-32429.yaml", "content": "", "creation_timestamp": "2025-11-03T06:51:18.000000Z"}, {"uuid": "5bd10c29-67c3-408c-bc53-7fb0c4dd46d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "seen", "source": "https://mastodon.social/users/leakix/statuses/115643252882270642", "content": "", "creation_timestamp": "2025-12-01T08:00:05.251064Z"}, {"uuid": "b3be03cd-01f4-4360-a4a7-f1e494e1fa38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbwlfhp2z", "content": "", "creation_timestamp": "2025-08-03T21:02:51.663140Z"}, {"uuid": "e3b2f6eb-0dde-4cac-b9fc-31aad960c5ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbwne3m2a", "content": "", "creation_timestamp": "2025-08-03T21:02:52.333321Z"}, {"uuid": "884420a3-500a-474a-81b2-6ab343273d0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m4tgncawa423", "content": "", "creation_timestamp": "2025-11-04T21:02:34.658805Z"}, {"uuid": "037d5232-5202-4a12-8f4c-1ed904d040ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "Telegram/C0EikeVGY605GXw1I5iTyWla58luFWPrSrA9WeVG8BlKYEE", "content": "", "creation_timestamp": "2025-11-26T09:00:05.000000Z"}, {"uuid": "410f2c85-980d-46fc-8952-6ec22b9c8b97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/60798", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC Lab for CVE-2025-32421 \u2013 Next.js Race Condition Cache Poisoning Simulation\nURL\uff1ahttps://github.com/Delfaster/CVE-2025-32421---Race-Condition-Vulnerability---Next.js\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-11-26T02:05:05.000000Z"}, {"uuid": "574ff50c-4fcc-46c8-9aa1-3b3dce216b96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "Telegram/YnrXjW7DDI_WEWlhao3IfxIXMJoRX7WZclhhkalIebmTXIk", "content": "", "creation_timestamp": "2025-10-11T15:00:06.000000Z"}, {"uuid": "373cdf9f-de9e-452f-b615-9ba12bc1e23e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32427", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11421", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32427\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who have themselves exported the form from one environment to another, and would require direct manipulation of the JSON export, this is marked as moderate. This vulnerability will not occur unless someone deliberately tampers with the export. This vulnerability is fixed in 2.1.44.\n\ud83d\udccf Published: 2025-04-11T13:42:13.854Z\n\ud83d\udccf Modified: 2025-04-11T13:42:13.854Z\n\ud83d\udd17 References:\n1. https://github.com/verbb/formie/security/advisories/GHSA-p9hh-mh5x-wvx3", "creation_timestamp": "2025-04-11T13:51:13.000000Z"}, {"uuid": "5e6ced1f-282e-4e25-b89b-56f630e42ba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3242", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10431", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3242\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-04T11:00:14.598Z\n\ud83d\udccf Modified: 2025-04-04T11:00:14.598Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303268\n2. https://vuldb.com/?ctiid.303268\n3. https://vuldb.com/?submit.547719\n4. https://github.com/lkncdy/cve/issues/1\n5. https://phpgurukul.com/", "creation_timestamp": "2025-04-04T11:39:07.000000Z"}, {"uuid": "a27c2e8a-6687-461f-b271-6166ddc92b3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32428", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11731", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32428\n\ud83d\udd25 CVSS Score: 9 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1.\n\ud83d\udccf Published: 2025-04-14T23:29:40.494Z\n\ud83d\udccf Modified: 2025-04-14T23:29:40.494Z\n\ud83d\udd17 References:\n1. https://github.com/jupyterhub/jupyter-remote-desktop-proxy/security/advisories/GHSA-vrq4-9hc3-cgp7\n2. https://github.com/jupyterhub/jupyter-remote-desktop-proxy/commit/7dd54c25a4253badd8ea68895437e5a66a59090d", "creation_timestamp": "2025-04-14T23:53:46.000000Z"}, {"uuid": "72c61b91-d523-4750-9d19-4d2b70dbd7b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32426", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11420", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32426\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would require access to the form's email notification settings. This has been fixed in Formie 2.1.44.\n\ud83d\udccf Published: 2025-04-11T13:42:21.972Z\n\ud83d\udccf Modified: 2025-04-11T13:42:21.972Z\n\ud83d\udd17 References:\n1. https://github.com/verbb/formie/security/advisories/GHSA-2xm2-23ff-p8ww", "creation_timestamp": "2025-04-11T13:51:12.000000Z"}, {"uuid": "2660b5dc-5172-4924-99c3-ab225df49c10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32426", "type": "seen", "source": "https://t.me/cvedetector/22764", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32426 - Formie Craft CMS Email Notification HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32426 \nPublished : April 11, 2025, 2:15 p.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would require access to the form's email notification settings. This has been fixed in Formie 2.1.44. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T18:07:50.000000Z"}, {"uuid": "a9e5c0a5-a064-40c4-8812-476b543066a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "published-proof-of-concept", "source": "Telegram/7JHDzw-HLPT_JnUbBZs7JBy68Z843gQ-DmHjqOAMxLpbpZU", "content": "", "creation_timestamp": "2025-07-26T19:00:08.000000Z"}, {"uuid": "6e9d0c59-8bee-473f-8ba8-fdf6bdaf88b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "published-proof-of-concept", "source": "Telegram/aJSulEfzlvWzvTMBfPk51bbTeaXii0v458D9js_bSuDvORY", "content": "", "creation_timestamp": "2025-07-26T15:00:07.000000Z"}, {"uuid": "a9c98ed8-d27a-48b9-8e69-ce5fe130d03e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "published-proof-of-concept", "source": "Telegram/pWh9oXm1NWWZEdeLjOyDfp59yY5k-322VAVSQFlsbZDzP-c", "content": "", "creation_timestamp": "2025-07-25T21:00:04.000000Z"}, {"uuid": "c69cd835-158c-447f-8ac4-b8e44378cf93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32428", "type": "seen", "source": "https://t.me/cvedetector/22900", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32428 - Jupyter Remote Desktop Proxy Network Accessible VNC Server Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32428 \nPublished : April 15, 2025, 12:15 a.m. | 34\u00a0minutes ago \nDescription : Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T03:13:14.000000Z"}, {"uuid": "e9713409-0952-40a1-8419-19675d6f9f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16435", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32421\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel's platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers.\n\ud83d\udccf Published: 2025-05-14T22:56:45.624Z\n\ud83d\udccf Modified: 2025-05-14T22:56:45.624Z\n\ud83d\udd17 References:\n1. https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4\n2. https://vercel.com/changelog/cve-2025-32421", "creation_timestamp": "2025-05-14T23:33:28.000000Z"}, {"uuid": "8b375d3b-0880-45d6-b0ee-013c38edf181", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/45351", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aExploit for CVE-2025-32429 \u2013 SQLi in XWiki REST API (getdeleteddocuments.vm).\nURL\uff1ahttps://github.com/byteReaper77/CVE-2025-32429\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-25T17:19:37.000000Z"}, {"uuid": "923318e6-6292-4254-a895-51411fe8037a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/45433", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aProof-of-Concept exploit for CVE-2025-32429 (SQL Injection in PHP PDO prepared statements) \u2013 for educational and security research purposes only\nURL\uff1ahttps://github.com/amir-othman/CVE-2025-32429\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-26T10:08:16.000000Z"}, {"uuid": "cdeb98df-bf45-4a7c-9a25-1fbe40e04b3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/274", "content": "\ud83d\udea8 Alert: CVE-2025-32429 \u2013 Blind SQL Injection in XWiki Platform\nA critical Blind SQL Injection vulnerability has been discovered in the XWiki Platform, exposing thousands of services to potential exploitation.\n\n\ud83d\udd25 PoC\n\ud83d\udcc2 GitHub: https://github.com/byteReaper77/CVE-2025-32429\n\n\ud83e\udde0 Impact\n\u2022 Vulnerability allows unauthenticated attackers to perform SQL injection\n\u2022 Can lead to data leakage, credential theft, and in some cases RCE\n\u2022 Affects core logic in query processing\n\n\ud83d\udcca Exposure Stats\n\ud83d\udd0d Hunter Query: product.name=\"XWiki\"\n\ud83c\udf10 Link: https://hunter.how/list?searchValue=product.name%3D%22XWiki%22\n\n\ud83d\udcda References\n\u2022 Advisory: GHSA-vr59-gm53-v7cq\n\u2022 JIRA Ticket: XWIKI-23093\n\n\ud83d\udd12 Mitigation\n\u2022 Apply official patches or upgrade to the latest secure version\n\u2022 Use a web application firewall (WAF) with SQLi detection\n\u2022 Monitor suspicious queries or traffic anomalies\n\n\ud83d\udcac Share to warn others \u2013 awareness saves infrastructure!\n\n#CVE2025 #XWiki #BlindSQLi #bugbountytips #infosec #vulnerability #hunterhow #cybersecurity\n\ud83d\udce1 Follow @cybersecplayground for daily CVEs, PoCs, and hacking insights.", "creation_timestamp": "2025-07-28T20:53:07.000000Z"}, {"uuid": "0e992ad4-e6dd-41aa-bdcd-15ee57d50193", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "published-proof-of-concept", "source": "Telegram/75Mb5uYpQosCyupAbaPXt3tVtlvlDXKkJ2DuCinTsyRQAIk", "content": "", "creation_timestamp": "2025-07-28T19:00:09.000000Z"}, {"uuid": "477c80bd-e93f-423e-be4b-8aca6b914a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32429", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2695", "content": "CVE-2025-32429 \n*\nXWiki SQL Injection\n\nPOC", "creation_timestamp": "2025-07-26T08:08:26.000000Z"}, {"uuid": "82b4050b-efe2-4a61-9a0f-2ba25e876b68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32427", "type": "seen", "source": "https://t.me/cvedetector/22763", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32427 - Formie Craft CMS JSON Import Unescaped HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32427 \nPublished : April 11, 2025, 2:15 p.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who have themselves exported the form from one environment to another, and would require direct manipulation of the JSON export, this is marked as moderate. This vulnerability will not occur unless someone deliberately tampers with the export. This vulnerability is fixed in 2.1.44. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T18:07:48.000000Z"}, {"uuid": "40f747f4-3417-459e-b08a-9a04b34e7c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3242", "type": "seen", "source": "https://t.me/cvedetector/22111", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3242 - PHPGurukul e-Diary Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3242 \nPublished : April 4, 2025, 11:15 a.m. | 40\u00a0minutes ago \nDescription : A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T14:40:16.000000Z"}, {"uuid": "a7abd3fd-dcb5-4bc3-ac43-afe8b1546716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32421", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/55013", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aComprehensive demonstration of CVE-2025-32421 Eclipse technique - a sophisticated race condition attack against Next.js 15.0.4 that bypasses the original CVE-2024-46982 patch.\nURL\uff1ahttps://github.com/hidesec/CVE-2025-32421\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-10-11T07:26:50.000000Z"}]}